RIP #Obtanium on "certified Android devices."
"Non-certified OSes, like GrapheneOS, should be unaffected by this for as long as they are allowed to continue to exist."
Freedom tech exists on iOS—after developers KYC themselves, even where Apple now allows sideloading under its rules. Android matters because it's open source and allows sideloading without Google's permission. That's why Nostr apps, FOSS tools, and freedom tech took root here.
#GrapheneOS works because it preserves that ecosystem without breaking continuity. But now Google's forcing developer KYC for the Play Store on certified devices. The choice becomes: KYC to Google or start over.
This is what breaks mobile in a way desktop never broke. On Linux, you can run open-source and closed-source software on the same primary system. On mobile, once the app ecosystem is gated, custom AOSP ROMs don’t get that role.
The result is a split by design. As I predicted—for the foreseeable future—stock Android becomes the primary device for most. Privacy ROMs get relegated to secondary use, not because of capability—but because of access.
For those whose threat model demands it, privacy ROMs remain the primary device. For everyone else, they become secondary—appealing to those willing to sacrifice convenience for privacy and security, but not the masses.
Obtainium dying on stock Android is the warning. After this, the rest is just enforcement.
The catch now, however, is that with custom ROMs you’re rebuilding the entire app ecosystem from scratch.
On Linux, you can still install closed-source software. On mobile, once you step outside the Google/Apple ecosystem, you’re not just losing a store—you’re losing the distribution, licensing, and services stack a lot of the apps people actually use are built around.
That’s Linux on mobile, but without an easy way to carry over the apps people already paid for, depend on for productivity, and use every day.
That’s the challenge in front of us right now.
Keep Android Open
Advocating for Android as a free, open platform for everyone to build apps on.
#IKITAO
Replies (79)
The real problem is, how many independent FOSS dev will quit and stop their project if the usage of their app drop by 90% due to more restrictions to access them ?
It's a loss for everyone, only Google as to win from it by applying more control, more censorship for apps they don't like and more forced revenue from their only official and approved store that is working without the user to go through 25 warnings and challenges.
I am feeling boxed in by Google. From my terrible Pixel6a battery issue and now to this 😫
Its totally fucked google built an amazing park.. Then raised walls and turned it into a prison..
It's clear that they're either pushing to mass surveillance or complete anarchy, depending on how the people will react.
Either we comply or burn the whole thing into the ground.
What is a certified device?
Twas the plan all along lol
The one with all the government backdoors built in
Time for a new Foss operating system to take over
They're saying stock android won't let you use alternative app stores?
🛰️Off-Grid Relayed via satellite🛰️
--------------------------------
↩️ REPLY to
@Ava
Re:
View quoted note →
@Yojimble said:
They're saying stock android won't let you use alternative app stores?
--------------------------------
📡 BitSatRelay - Terminal-HQ
Yojimble
They're saying stock android won't let you use alternative app stores?
View quoted note →
Let's burn it then
Keep building open source apps no matter what people..
Keep using Fdriod & zap store ..
Keep trying to get unaware aware before we all get trapped ..
#foss #nostr #opensource #keepandroidopen
View quoted note →Agree that this is is not great, but it's not nearly as bad as you make it seem.
Google is not limiting the apps available on alternative OSs. They are limiting what apps are available on stock OSs.
If anything, this makes an alternative OS more useful relative to stock, not less.
The negative here is that some devs may stop developing given the alternatives of KYCing or losing the distribution the Play Store offers.
Even that is probably exaggerated. Most will KYC. Ride or dies will abandon the Play Store.
Correct
It means that Google is going fullon Apple
"There is no spoon"
I was able to set up a new GrapheneOS for a family member without ever touching droidify or obtanium.
First step, download
@Zapstore APK directly from their github repo (use Vanadium for this).
Once zapstore is installed you literally never ever have the need for Obtanium again.
Yeah, I’ll stay with iOS.😝
Devices that pass safetynet, which only happens on a locked device. Magisk used to spoof this, not sure it does anymore since the developer joined team Google.
🛰️Off-Grid Relayed via satellite🛰️
--------------------------------
↩️ REPLY to
@Ava
Re:
View quoted note →
@Yojimble said:
@ChanceOfDizzySpells 😶🌫️
--------------------------------
📡 BitSatRelay - Terminal-HQ
And coming soon, add any open source repo directly to the indexer. No need to go through Obtainium any longer
When export/import?
I've forced myself into the habit of using mobile website versions and PWAs as much as possible. I've found multiple apps that seem to just be web views anyway.
I've said for years that Google would eventually rug us FOSS people. They already did with the standard apps like gallery, messages, etc.
I think we're approaching the time when we either fork off or give in. But as you said, even that won't solve for the proprietary services most apps are using now. Even some of our beloved apps (see Phoenix) still push Google Play Services for full functionality. That's a big reason I left Proton for Tuta.
I want a Linux phone that will seemingly never work out. I'm tired of all the bullshit and these once productive devices are increasingly cage-like.
My main issue with Zapstore is the number of apps that are signed by Zapstore rather than the developer. It seems to me that you're relying on a single person and key to sign a lot of critical apps (Bitwarden, etc). Where Obtainium at least spreads the risk out (or it seems to anyway). Maybe it has the same problems and I'm mistaken somewhere.
@Zapstore
Either way, I tried Zapstore and just used it for apps like Amber that are signed by the Dev to make myself feel better. I ultimately gave up because Zapstore kept trying to update every app with no way of excluding the ones I didn't want it touching.
Challenge accepted
Just stick with Android. Nothing wrong with that. We just need the hardware where we can install Graphene or other AOSPs at scale cause if our niche is too small, we won't get heard.
Is all this drama just because these devs don’t want to submit some ID to google to publish their app?
The bigger issue seems to be that people are forced more into picking one or the other. Some people have a mixed setup. I think
@Ava is in that camp. I'm all the way into the GrapheneOS end with no Google services and that's fine for me, but not for most people. So they either have stock Google and none of the cool shit (assuming you may be wrong about the KYC part) or have to completely dive into the deep end like me and give up some of the stuff they used. And even though Graphene has sandboxed Play store and services, I can confirm that some applications have never functioned properly on my wife's phone after switching, even though they worked fine on stock.
I'm sure there are other issues I'm missing. I think I've had banking apps refuse to work even with google services (some integrity check, I can't remember, switched banks). I don't use the NFC payment stuff, so not sure how it works, but it would be a problem for many people if it didn't.
@Matt - Just mute me, bro. I don't see an issue with it because they clearly display SHA256.
Let's take Bitwarden latest release for example. This is a sha for the apk from their GitHub repo (copy/paste)
sha256:fc8c8124650665270925648e0ec35bf7336f26058e3bd72eabf41d859727d220
You will see this same sha displayed in zapstore. Makes no huge difference who signs the release if keys match.
Accrescent is also good. Zapstore is best.
There is no second best.
Also 🖕to Saylor :D
Please explain
This is a misconception and conflation of concepts, but it's my fault for not explaining better (although it has been addressed in the latest Zapstore).
Define signing? Indexed apps on Zapstore are simply caching what is on Github -for discoverability which is nil in Obtainium- and signing a Nostr event with that. They are NOT signing the APK. So in this sense it has the exact same level of risk than Obtainium. I would say less, because on Zapstore you can tell what you are about to install, in Obtainium it's not that clear because of lacking metadata.
By default Zapstore will install from the external/original source, and only fall back if it 404'd:
They are so fucked with their software wall. Ai is going to rip it down
Import/export of installed apps via Zapstore to make restoring your apps on a new device easier.
That would definitely make it easier to use it the way I'm trying to. The app is otherwise quite nice. Just a maintenance headache for me right now. I appreciate the update.
I assumed you were building the apps from source as a middle man, then signing that binary and storing it somewhere for Zapstore users to download. "Signed by Zapstore" was vague without understanding what was going on in the background. Signing is even more confusing given that it's over Nostr, where we also sign things.
I didn't realize you were just pulling it from the official repo and "signing" it in whatever sense you mean the term.
Or I didn't realize this change was made, if the process has changed. I think the issue is that I felt forced to make assumptions in place of actual understanding. I have concerns about Obtainium too, I just didn't have the whole signing confusion since it's clear that it's being pulled from the link I gave it (with some trust for the software).
A crescent or zapstore
Please explain to me: what's bad with Obtanium?
You're so amazing.
That’s the surface-level version, yeah.
But it’s not “just some ID.” It’s the start of identity gating by default for app distribution on certified Android devices—ala Apple. That changes who can publish, how apps get distributed, and what kinds of tools are even allowed to exist.
Obtainium isn’t “dying.” It’s being pushed out of the Play-services-backed distribution path on certified Android devices. It still works on non-certified OSes like GrapheneOS running on the same hardware. That’s the point—it’s a clear, concrete example of the shift from permissionless sideloading to attested, identity-linked distribution.
The Pixel driver thing is a separate issue. With Android 16, Google stopped publishing the full Pixel device trees and driver binaries in AOSP, which forces custom ROM devs to reverse-engineer hardware support or rely on old binaries. That’s hostile and annoying, but it’s ultimately a hardware choice problem—projects can move off Pixels or work around it.
This one isn’t. This one changes the model.
Nothing if you (1) can and (2) want to use it. I merely suggested an alternative path.
Maybe we should just throw away our fucking phones. This is a grand bait and switch.
Nerd! 🚬🥃😏🤣💜
Yes.
Looking more like Ayyva now 😆
Tarkov vibes. 🤫
If I thought there was a market for them, I could substantially automate installing it. But most normies are afraid of freedom...
Yup.
And those that don't trust Apple & Google, don't want to trust anything, and refuse to read.
Tits
Why do they do it? What is the source of this? It looks to me like Google and the manufacturers jumped on the EU regulations (European Union's Radio Equipment Directive RED) and went completely banshee with it. They claim that they have to do all kinds of things like close bootloaders and prevent sideloading, while in reality RED is pretty vague and does not explicitly require it: "(d) radio equipment does not harm the network or its functioning nor misuse network resources, thereby causing an unacceptable degradation of service;
(e) radio equipment incorporates safeguards to ensure that the personal data and privacy of the user and of the subscriber are protected;
(f) radio equipment supports certain features ensuring protection from fraud." I really don't understand the motivation to go full throttle instead of doing the minimum to comply. It will not cut their costs or bring them more customers...
The bootloader "scare" message doing its job, keeping frightened normies on the plantation :/
Firmware not free until the bootloader is, sadly...
Checks out
🔴 What Is Islam?
🔴 Islam is not just another religion.
🔵 It is the same message preached by Moses, Jesus and Abraham.
🔴 Islam literally means ‘submission to God’ and it teaches us to have a direct relationship with God.
🔵 It reminds us that since God created us, no one should be worshipped except God alone.
🔴 It also teaches that God is nothing like a human being or like anything that we can imagine.
🌍 The concept of God is summarized in the Quran as:
📖 { “Say, He is God, the One. God, the Absolute. He does not give birth, nor was He born, and there is nothing like Him.”} (Quran 112:1-4) 📚
🔴 Becoming a Muslim is not turning your back to Jesus.
🔵 Rather it’s going back to the original teachings of Jesus and obeying him.
More .....👇
🔴 THE RETURN OF JESUS
What Is Islam?
بسم الله الرحمن الرحيم 🔴 ATHEISM EXPLAINED IN 45 SECONDS https://youtu.be/uwqPdWZvjAY 🔴 "ATHEIST VS MUSLIM (PLAN...
Gangsta Chick
I'm glad I've been migrating everything digital too open source stuff for like a year and a half
Thanks, Matt. You helped me better understand where
@Ava 's post was coming from.
Y’all are getting your panties in a twist over nothing. Developers have to do this, not the user. Maybe you’re alright with using software from someone who may or may not know WTF they’re doing, but most aren’t.
Put another way, it’s called accountability and y’all are trying to make it sound like a bad thing.
As far as Apple and that bullshit EU DMA, developers have to KYC themselves there too, get a grip..🤦🏻♂️
Ironically, you don’t have the freedom to install it on any device you choose, only pixels and that’s because they are the only device that will allow you to relock the bootloader with a modified Os, as long as you have the custom AVB key from graphene.
This also has nothing to do with freedom, it’s about accountability.
Only works on pixels and I don’t think Google would appreciate that..🤦🏻♂️
Exactly..
You will lose.
This has nothing to do with foss. 🤦🏻♂️
I was referring to the idea that Google would eventually stop contributing to AOSP entirely. That's speculation based on how they did exactly that with some of the components already, and their obvious recent hostility toward FOSS developers using AOSP to build alternatives to their proprietary Android releases.
You can go on thinking whatever you want. All the little moves they've made make me think they want a walled garden like Apple has. Whether this particular move is strictly related to FOSS is irrelevant. It still impacts FOSS software that doesn't qualify for their stupid app store either because some feature is forbidden or they don't want to KYC to distribute a particular type of software. They can run their store however they want. Forcing it device wide seems intentionally heavy fisted toward people who step outside their desired walled garden.
🤦♂️🤦♂️🤦♂️🤦♂️🤦♂️🤦♂️🤦♂️🤦♂️🤦♂️🤦♂️🤦♂️
Now that's my kinda rifle!🚬🥃👏👏👏
Agree. I don’t understand the original post tbh. What stops Graphene users from installing proprietary apps if the OS just ignores Google’s APK signature enforcement? There is still Aurora to download signed apps from KYCed devs?
Devs that decide to not KYC can still continue to release unsigned APKs that work on Graphene (and AOSP devices that don’t enforce signatures).
Also call me naiv but user will still demand devices that allow them to install any APK. So there is a financial incentive for device vendors to ignore Google’s policy (or make opt-out very easy by showing a warning like macOS).
Thanks, I'd bumped into this while updating an app on my unpleb phone using ZapStore. It's one more reason to be glad that I've already started migrating to GrapheneOS.
Bad trigger discipline 🤓
Good catch. I was waiting on someone to say that.
Hold er together
Awesome sauce
