There is a risk Google could tamper with the app for specific users if they’re installing it from Google Play. I think it’s likely security researchers would discover that if it was widespread, but there’s a chance Google could do it undetected if they targeted it selectively enough.

People who are concerned about this can download the APK directly from Signal and check its signature before installation.

Signal uses reproducible builds for its Android client, and I think for desktop as well. That means it’s possible to verify that a particular Signal package is built from the open source Signal codebase. I don’t have to trust Signal because I can check or build it myself.

If I don’t have extreme security needs, I don’t even have to check. Signal has a high enough profile that I can be confident other people have checked, likely many other people who are more skilled at auditing cryptographic code than I am.

Trusting the server isn’t necessary because the encryption is applied by the sender’s client and removed by the recipient’s client.

• Reasonable: prevent downgrades when the bootloader is locked
• Sketchy: prevent downgrades when the bootloader is unlocked
• Unhinged: hard-brick the device when a downgrade is attempted

Let’s clarify some terminology.

Android is an operating system, not hardware. Android uses the Linux kernel, but differs greatly from desktop-oriented Linux distributions. Most phones are designed for Android, a bit like most PCs are designed with Windows in mind.

Desktop-oriented Linux distributions have a semi-standardized software stack with Linux, GNU libraries and utilities, a shell, X11 or Wayland, some sort of window manager or desktop environment, etc…

Other comments have explained how the hardware makes it difficult to have generic operating systems that install easily on any phone like we do for PCs, but they do exist. Ubuntu Touch and PostmarketOS are examples of desktop-like Linux distributions for phone hardware. It’s possible to install and use these on certain phones, but there’s usually a feature or two without a working hardware driver. Desktop Linux on laptop computers used to be that way too, but far fewer laptops have missing drivers now than a decade or two ago.

I have PostmarketOS installed on an older phone. I don’t think the user experience is quite ready for most people to use as their primary phone, even for me, and I’ve been running Linux on laptops for most of my adult life.

I have a .com for like $19.99 but pay to have my info redacted from whois stuff, an email address, all cones to like $42.99

Porkbun charges $11.08 for a .com with whois privacy. $30/year for email hosting might be worth it if you’re getting very good service, but I think you’re overpaying.

$11.08 for a .com. Source: just renewed.

A different Wallet/Pay implementation is a possible outcome, but I’m thinking of a bigger picture where Android phones are more like PCs: no non-unlockable bootloaders, no remote attestation anywhere, barriers to root detection at the OS level, third-party ROMs encouraged.

The early days of Android were like that. I wonder if things had developed along that path, would we have a paradise for power users? A security nightmare for mainstream users? Both? Neither?

I wonder what an alternate history where Google chose not to become evil would look like.

What if they had looked at Microsoft’s Palladium proposal and thought, as pretty much everyone outside institutional IT departments did that locked devices with remote attestation was a nightmare scenario best forgotten, refused to build it, and made an effort to prevent anyone else from doing so on top of Android? Safetynet didn’t appear until 5-6 years after Android launched to the public. What if it never did? Android already had enough momentum by that point I don’t think the financial sector could refuse to be on it no matter what risk management said.

I hadn’t heard of Pixels doing that, but I’m guessing the attempt does not hard-brick the device.

Pixels have a pretty strong warning on boot for unlocked bootloaders and an easily-typed URL with a detailed explanation.

That seems like enough to me from the manufacturer side. Of course I can imagine someone ignoring the warning; people sometimes climb into tiger enclosures with predictable results, but it shouldn’t be on device manufacturers (or zoo management) to prevent all possible negative outcomes.

A design that results in a hard brick on “tampering” is unusually destructive.

Samsung, Huawei, Microsoft, and LG tried similar ideas and none got much traction.

I’m not sure it’s actually a good idea even now that phones have enough CPU and RAM for an adequate desktop experience. It’s certainly not a good idea running Android as we know it, where apps are data silos and have UIs that don’t cleanly transition from the palmtop experience to the desktop experience.

You can do that today with a Linux tablet and Waydroid. It’s more like running the Android apps in a VM than something really well integrated with the Linux environment, but perfect is the enemy of good.

I got my first tablet this year after a long time as a skeptic. It runs Arch, BTW.

Most of the time it has a keyboard attached and I use it like a laptop, but it’s nice to be able to watch movies on flights during taxi, takeoff, and landing because tablets and phones are allowed, not laptops.

Gnome is really nice on a touchscreen aside from the terrible onscreen keyboard. KDE is a little rougher, but its onscreen keyboard is decent.

I remember making a note to look into it several times, and thinking I should buy one (exactly one) when it was about $600. If I had, I imagine I would have sold at 10x rather than holding until 100x or its peak at 200x.

I actually did think it or a successor would become important as a consumer payment method. I was wrong there.

I remember playing with a Motorola Atrix in a store. It seemed like a really cool idea.

I thought people would learn how to use computers.

It seemed as if most of the millennial generation in wealthy countries did learn to some degree and I expected it to be even more true for younger generations. Those more sophisticated users would enable more sophisticated and flexible applications. Technology would empower individuals while weakening corporations and governments.

Instead, the most reliable recipe for popularizing tech is to dumb it down. Millennials represent a peak of digital literacy (in wealthy countries) and those younger tend to have weaker technical skills.

“If you put money in a vending machine and got two items instead of one, would you put additional money in for the second item?”

No, I fucking wouldn’t, and I wouldn’t like to work for anyone who wouldn’t hire me because of that fact.

If 99% of applications that run on *nix desktops didn’t want to accept middle-click to paste text where that’s an operation that makes sense, I would agree with you. I do not believe that to be the case.

KDE and Gnome already have toggles for it, though Gnome’s is in gnome-tweaks because Gnome hates exposed settings.

I’d support unifying behavior between toolkits and apps to provide users with a single point to set their preference, but I use this feature a hundred times a day. I’d also like it to remain the default; *nix desktops should have their own flavor instead of just copying Mac OS or Windows, and middle-click paste has been a part of that flavor for 40 years.