Hans-Christoph Steiner @eighthave@librem.one

@debacle @rene_mobile @mobian This makes me think of how I used to be excited about working with #Android, now the only exciting thing about it is its market share. As a #hacker, I find #PinePhone a lot more exciting these days, despite all its limitations.

@rene_mobile Aspects of the technical structure of #Android magnify this because developers cross-compile and run in emulators/devices. Basically no one is doing Android dev on Android. #macOS and #iOS at least were very close to the same OS. I switched to #Debian #GNOME and #Android at the same time, around 2009. Back then, #Android was hackable and flexible. We took full advantage of that. Now my feeling is that #Android is focused on #security for #BigTech and no longer empowering users 2/2

@rene_mobile #Google is a #cloud company, and its users expect to have everything tied into the cloud. Fine if you want that. Before, #Android offered much more developer freedom and flexibility. Now, it feels like it is being locked into the cloud and pushed to prioritize consuming over creating. Same thing with #macOS, I used #NeXTSTEP since 1994, and stuck with it unbroken as it became MacOSX and even #iOS. #iTunes and iOS pushed #Apple to shift their focus from creating to consuming. 1/

@rene_mobile I haven't touched SAF code in a while now, so I can't remember details. I do clearly remember feeling that this API made it drastically harder to do what I was doing before. And in order to give any kind of consistent UX across the supported #Android versions, I had to have 3 parallel implementations with a number of per-version quirks. Plus it is biased towards pushing to the cloud. For many use cases, local storage still has advantages, including #privacy and resilience.

@j2bryson @spikebike @1br0wn if so, that's a laughable policy. One of the most basic rules of defense is "don't put all your eggs in one basket". Ahem #Pegasus 0-click https://www.amnesty.org/en/latest/news/2021/07/pegasus-project-apple-iphones-compromised-by-nso-spyware/

@rene_mobile And also, I think the right solution is to keep the bad apps out, that's what we work to do in #FDroid. Then users have the freedom to use apps that require flexible access to the external storage to provide their features. The SAF changes felt to me to be a way to cut out apps that do media/app sharing device-to-device, instead of via cloud services. Device-to-device data exchange is very important in places where data plans are expensive and measured in the 100s of MB per month

@rene_mobile I understand why they were created, and I think the core idea is good. But the way it has been rolled out has been painful to a lot of developers, especially if the app isn't just doing a simple tie-in to a cloud service. My experience is that every other OS release introduced new and often conflicting APIs and requirements making it very difficult to make a UX that worked across the currently supported releases.

@spikebike @j2bryson @1br0wn That could play an role in the pricing, but I'm guessing it is a pretty small role. These exploits are generally sold priced per-target. The governments using them care about getting access to the target, not all the users of a platform.

That totally clicked for me, that's how I have been feeling about working with the Storage Access Framework APIs in Android. On top of that, Android APIs prefer cloud services. Guess what: #Google #cloud services are built-in defaults for those APIs on all the Google devices.

And that concludes my reporting on the #DMAWorkshop, thanks to the Filecoin Foundation for the Decentralized Web #FFDW and their grant to @guardianproject for paying my way. https://www.ffdweb.org/guardian-project-annoucement/ - https://f-droid.org/en/2022/02/05/decentralizing-distribution.html

Congrats to #matrix co-founder @matthew for rocking the last #DMAWorkshop, there was still quite a bit of buzz about how the live bridging demo carried a ton of weight, despite the lobbying efforts from #Meta, you can see it at around 14:00 in the live stream recording https://webcast.ec.europa.eu/dma-workshop-2023-02-27

@j2bryson @1br0wn given that #Android exploits are currently selling for more than #iOS exploits, I'd say that's one key piece of evidence pointing to Android as the more secure option https://www.zerodium.com/images/zerodium_prices_mobiles.png

Very exciting to hear the #EuropeanCommision say it is clear that the #gatekeepers are not the only ones who are providing secure and trustworthy app stores. I think that comment alone has made my trip worthwhile #DMAWorkshop

Rupprect Podszun said it is clear after today that there will be changes to the fee structures of app stores. #Google disagrees that there will be changes in the fee structure, and instead offers: "there will be more workshops". So is this a "kill the design by putting it to endless committee discussions"? #DMAWorkshop

Interesting comparison between #Google vs #Apple approaches at #DMAWorkshop. They have very different methods of gatekeeping, and #Android has been typically quite a lot more open #iOS. And Google has already added some improvements for other app stores. Google says, "hey, we're already trying to find ways to comply" while Apple seems to stick to its guns: "our way is the only way to trusted app stores."

The Open Web group is quite passionately advocating for putting web apps and #PWA on equal footing. While I do agree to some extent, I think there are key technical details that mean web apps will always be more dangerous for privacy and user control than native apps. Web apps are harder to review because their source can change per-user, per-visit, etc. #DMAWorkshop

@webmink @ilumium I hope I did your question justice. Perhaps not surprising, but there was pretty much a non-answer from the panel. #DMAWorkshop