Related
I have no idea where this needs to be posted. There are a number of different threads regarding this topic, and I know at least one of them are locked. So mods, feel free to move, delete or merge this as you see fit.
Google, via the Android Developers Blog, issued a statement a short while back. Here it is ...
A Note on Google Apps for Android
Posted by Dan Morrill on 25 September 2009 at 2:31 PM
Lately we've been busy bees in Mountain View, as you can see from the recent release of Android 1.6 to the open-source tree, not to mention some devices we're working on with partners that we think you'll really like. Of course, the community isn't sitting around either, and we've been seeing some really cool and impressive things, such as the custom Android builds that are popular with many enthusiasts. Recently there's been some discussion about an exchange we had with the developer of one of those builds, and I've noticed some confusion around what is and isn't part of Android's open source code. I want to take a few moments to clear up some of those misconceptions, and explain how Google's apps for Android fit in.
Everyone knows that mobile is a big deal, but for a long time it was hard to be a mobile app developer. Competing interests and the slow pace of platform innovation made it hard to create innovative apps. For our part, Google offers a lot of services — such as Google Search, Google Maps, and so on — and we found delivering those services to users' phones to be a very frustrating experience. But we also found that we weren't alone, so we formed the Open Handset Alliance, a group of like-minded partners, and created Android to be the platform that we all wished we had. To encourage broad adoption, we arranged for Android to be open-source. Google also created and operates Android Market as a service for developers to distribute their apps to Android users. In other words, we created Android because the industry needed an injection of openness. Today, we're thrilled to see all the enthusiasm that developers, users, and others in the mobile industry have shown toward Android.
With a high-quality open platform in hand, we then returned to our goal of making our services available on users' phones. That's why we developed Android apps for many of our services like YouTube, Gmail, Google Voice, and so on. These apps are Google's way of benefiting from Android in the same way that any other developer can, but the apps are not part of the Android platform itself. We make some of these apps available to users of any Android-powered device via Android Market, and others are pre-installed on some phones through business deals. Either way, these apps aren't open source, and that's why they aren't included in the Android source code repository. Unauthorized distribution of this software harms us just like it would any other business, even if it's done with the best of intentions.
I hope that clears up some of the confusion around Google's apps for Android. We always love seeing novel uses of Android, including custom Android builds from developers who see a need. I look forward to seeing what comes next!
Click to expand...
Click to collapse
Source:
http://android-developers.blogspot.com/2009/09/note-on-google-apps-for-android.html
Yep, it's over.
We're still asking for community access to these applications that are almost essential to the current Android experience. I really doubt it's hurting their bottom line substantially enough to justify the killing of their distribution.
In other words, Mr. Morrill's post was pretty much a sugarcoated attempt to gain some of the PR they lost.
We always love seeing novel uses of Android, including custom Android builds from developers who see a need.
Click to expand...
Click to collapse
A "novel" use from a developer who "sees a need" is quite a way to describe a substantially improved version of your OS.
So what is the conclusion? A lot of the things could be replaced, but as mentioned before, the sync tools and so forth are tricky to get around. What is the next step from here?
cyanogen said:
Yep, it's over.
Click to expand...
Click to collapse
How so? What would be wrong with releasing the ROM without the google apps, but have a script or something that runs on first boot that installs the missing apps?
cyanogen said:
Yep, it's over.
Click to expand...
Click to collapse
So no more ROMs? Or no more ROMs with close-source apps?
AquaVita said:
How so? What would be wrong with releasing the ROM without the google apps, but have a script or something that runs on first boot that installs the missing apps?
Click to expand...
Click to collapse
It's still illegal. A clever trick to walk around the legal fine print. But in essence, it's illegal...
AquaVita said:
How so? What would be wrong with releasing the ROM without the google apps, but have a script or something that runs on first boot that installs the missing apps?
Click to expand...
Click to collapse
Without the basic function to sign into the device using your Google credentials, the ROM is useless. You can't just grab them from another build (as far as I know) because of the way they are tied in at compiling to the framework. So you would have to pull the ROM, grab the proprietary pieces from somewhere else, and compile the source yourself.
Right?
To touch on this in another way, what would it take for Cyanogen to become a licensed distributor of Google's Apps for Android? If there are really 30,000 users, couldn't legal fees be gathered from them? And, couldn't the business license be set up as a Not-For-Profit? Like the Association of Cyanogen Followers? If it were, wouldn't the required fees to license the distribution rights of the software be tax-free and operating expenses for the association? Meaning, any costs for running the business could be taken out of membership dues and donations? With the rest being tax write-offs?
Just a thought, as I would love to see this made legit, 4.0.4 is great, but I don't want this to stop here.... selfish I know, but it's the truth.
AquaVita said:
How so? What would be wrong with releasing the ROM without the google apps, but have a script or something that runs on first boot that installs the missing apps?
Click to expand...
Click to collapse
I guees thats no way. What if you have a wipe? No APNs or anything else? You cant dowmload "Market" als a single-app directly from google (as i know).
daveid said:
Without the basic function to sign into the device using your Google credentials, the ROM is useless. You can't just grab them from another build (as far as I know) because of the way they are tied in at compiling to the framework. So you would have to pull the ROM, grab the proprietary pieces from somewhere else, and compile the source yourself.
Right?
Click to expand...
Click to collapse
Then what the hell is google talking about "encouraging other ROM releases"? If that isn't possible without some pieces of Google software, then is it literally impossible to develop a custom ROM for android?
Thoughts, Cyanogen?
As soon as my contract is I am Too! I can predict a mass exit from android and google!
daveid said:
Without the basic function to sign into the device using your Google credentials, the ROM is useless. You can't just grab them from another build (as far as I know) because of the way they are tied in at compiling to the framework. So you would have to pull the ROM, grab the proprietary pieces from somewhere else, and compile the source yourself.
Right?
Click to expand...
Click to collapse
Is this true? If its proprietary how did CY compile them in the first place? In order to compile don't you need access to the source?
So just come up with replacements for those apps that are closed source and not available on the market...
Devs WILL find a way... I guarantee you
But yeah, Google SUCKS on this...They could have just given him limited licensing...
Without a doubt the most foolish decision I've seen Google make in terms of Android so far. This puts a major damper on a community that was helping make Android better in very real ways.
The only explanation I can come up with is that the closed apps use 3rd party licensed code that Google can't redistribute. Otherwise this is just completely boneheaded.
Google said:
With a high-quality open platform in hand, we then returned to our goal of making our services available on users' phones. That's why we developed Android apps for many of our services like YouTube, Gmail, Google Voice, and so on. These apps are Google's way of benefiting from Android in the same way that any other developer can, but the apps are not part of the Android platform itself. We make some of these apps available to users of any Android-powered device via Android Market, and others are pre-installed on some phones through business deals. Either way, these apps aren't open source, and that's why they aren't included in the Android source code repository. Unauthorized distribution of this software harms us just like it would any other business, even if it's done with the best of intentions.
Click to expand...
Click to collapse
They claim these apps (YouTube, Gmail, etc) are Googles way to benefiting from Android, but they are not distributed with all android phones? I understand that companies license these applications from Google, but how does it hurt them if they are installed on a device that would already have them?
Then they say "We make some of these apps available to users of any Android-powered device via Android Market", yet this entire thing came about because the Android Market is being distributed? How can any device get these if the market is one thing that can not be distributed?
I paid for the ADP1, which came with Gmail, YouTube and the other applications. The ADP1 feature was that I could flash any ROM I wanted to on the device, but now they are telling me that I can't put one on there if it contains their applications that my device had in the first place.
Hello Google, welcome to the the Dark side, so much for "Don't be evil"
I will help with anything I can on a project to replace the Google Products.
AquaVita said:
How so? What would be wrong with releasing the ROM without the google apps, but have a script or something that runs on first boot that installs the missing apps?
Click to expand...
Click to collapse
ya i was thinking the same .i mean if not ,how do we get gmail ,youtube,ect?do we have to download from market ? some are not in market like youtube.i use gmail all the time .
Do the current Roms have to pulled?
That shiny device with an Apple on it is looking mighty delicious
CyanogenMod officially done now:
http://twitter.com/cyanogen
"Sorry everyone, CyanogenMod in it's current state is done. I am violating Google's license by redistributing their applications."
dwang said:
Is this true? If its proprietary how did CY compile them in the first place? In order to compile don't you need access to the source?
Click to expand...
Click to collapse
I had assumed that they were "reverse-engineered" using something like baksmali, to gain access to the source.... I could be wrong.
Hi All,
Has anyone gotten any details of Android bug 8219321 being discussed in the media? That's the Android master key talk coming up at Black Hat. AOSP bugs reporter is not showing any information (http://code.google.com/p/android/issues/list).
I'm wondering if the platform builders are using the default keys. Marko Gargenta discusses the four default keys briefly in http://www.youtube.com/watch?v=NS46492qyJ8. (Excellent video, btw).
Are there any controls we can place to mitigate the possible threats (assuming they are threats)?
Jeff
noloader said:
Hi All,
Has anyone gotten any details of Android bug 8219321 being discussed in the media? That's the Android master key talk coming up at Black Hat. AOSP bugs reporter is not showing any information (http://code.google.com/p/android/issues/list).
I'm wondering if the platform builders are using the default keys. Marko Gargenta discusses the four default keys briefly in http://www.youtube.com/watch?v=NS46492qyJ8. (Excellent video, btw).
Are there any controls we can place to mitigate the possible threats (assuming they are threats)?
Jeff
Click to expand...
Click to collapse
From everything I have read, this 'bug' won't really affect anyone unless somebody manages to get malicious code onto your Android device. Therefore, the best way to limit the risk is to only install reputable apps from the Play Store - don't use other dubious sites or .apk copies, don't install brand new, unproven apps etc.
SimonTS said:
From everything I have read, this 'bug' won't really affect anyone unless somebody manages to get malicious code onto your Android device. Therefore, the best way to limit the risk is to only install reputable apps from the Play Store - don't use other dubious sites or .apk copies, don't install brand new, unproven apps etc.
Click to expand...
Click to collapse
Thanks, I've been reading that stuff too. From http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/:
Device owners should be extra cautious in identifying the publisher of the app they want to download.
Enterprises with BYOD implementations should use this news to prompt all users to update their devices, and to highlight the importance of keeping their devices updated.
IT should see this vulnerability as another driver to move beyond just device management to focus on deep device integrity checking and securing corporate data.
This advice is useless. For example, "device owners should be extra cautious in identifying the publishers [sic]." The code signing model using self signed certificates does not lend itself to identifying anyone. The relationship that exists is between Google and the publisher; and does not extend to the user. The only thing self-signed certificates ensures is that an app can only be updated by the same author. Even Apple or Microsoft's PKI and code signing model do not make those guarantees (read their CPS'es some time).
Below is from Nikolay Elenkov in an off-list reply. Nikolay does excellent work with Android security (http://nelenkov.blogspot.com/), and can be often found hanging out on Android Security Discussions (https://groups.google.com/forum/#!forum/android-security-discuss).
They are using the 'master key' phrase to hype this up, but this has nothing to do with keys. This is related to the way Android verifies APK (JAR) signatures. A specially crafted APK can be repackaged without invalidating the original signature....
Click to expand...
Click to collapse
Jeff
Okay, first, I do not know where I should put this thread, it is for the HD2 specifically, but might one day be useful for other devices.
So, I have an idea, I would like to create an app store for Windows Mobile, specifically Windows Mobile 6.5, NOT Windows Phone, NOT Windows Phone 8/10, NOT Android, NOT Ubuntu or Meego or Firefox OS.
This app store would be updated, it would contain apps that are compatible with WM6.5, also, you would be able to select your device resolution, and get apps that work with your resolution, it could have a tweaks section, so any tweaks could be installed with just a few clicks.
Also, developers would be able to submit their own apps, and people should be able to submit older apps that work on WM 6.5.
So, what do you guys think, would you support such a project.
P.S. What would you think about me trying to get a HTML5 render engine running on WM6.5, so it could use some new mobile-web apps?
P.P.S. Recently, someone with an Android phone, was able to de-solder the NAND chip(with some equipment), and upgrade the internal flash storage, does anyone think this would be possible with the HD2?, maybe we could get 4GB of internal flash instead of 1GB?
Not bad idea.
My company done more basic idea with a repository of apps with description for our WM6.5 users.
Was some quality software for WM, when compare to junk apps you get on android it really night & day, shame Microsoft didn't see potential & develop it more back in late 2000's as it was far better code than android & was the birth of the smart phone & many parts of it copied by iphone & android .
Mister B said:
Not bad idea.
My company done more basic idea with a repository of apps with description for our WM6.5 users.
Was some quality software for WM, when compare to junk apps you get on android it really night & day, shame Microsoft didn't see potential & develop it more back in late 2000's as it was far better code than android & was the birth of the smart phone & many parts of it copied by iphone & android .
Click to expand...
Click to collapse
So, do you think that it would be feasible to make an app store, like this? And what do you think would be a good name for an app store?
I could easily set up a website, however, I do not know how hard it would be to make an installable cab for it.
I could have a basic website, set-up in just a few minutes(without SQL server, which would be needed for an app store).
The main problem though, is getting permission from app developers to put their old apps on the app store, some of the companies don't even exist anymore. And we would need to get NEW developers to make apps and put them in the app store.
You not likely get much support for new apps as just such minority of WM6.x.x devices in use .
Problem 2 is like you say most old apps dropped by developers, many recent apps I got hold of are technically warez but that only way get them & activate them as devs dropped them & purchase option from websites. IM+ was example of this, I wanted purchase a licence but they dropped WM & wouldn't help me out so I had do work around making it a non expiring trial using mortscript to launch app .
If you do any sort of app store and want worthwhile apps then it not going be possible do it 100% legal unfortunately.
Our work web repository is not exactly legal but it keeps WM6 alive & we got about 30 WM6 users who happy
Personally I would do just a good designed web repository with app sections & details & downloads linked to account logins.
If you can build a software app to act as store it would be good, building cab is the easy part .
Mister B said:
You not likely get much support for new apps as just such minority of WM6.x.x devices in use .
Problem 2 is like you say most old apps dropped by developers, many recent apps I got hold of are technically warez but that only way get them & activate them as devs dropped them & purchase option from websites. IM+ was example of this, I wanted purchase a licence but they dropped WM & wouldn't help me out so I had do work around making it a non expiring trial using mortscript to launch app .
If you do any sort of app store and want worthwhile apps then it not going be possible do it 100% legal unfortunately.
Our work web repository is not exactly legal but it keeps WM6 alive & we got about 30 WM6 users who happy
Personally I would do just a good designed web repository with app sections & details & downloads linked to account logins.
If you can build a software app to act as store it would be good, building cab is the easy part .
Click to expand...
Click to collapse
So, it looks like, my website host will not work then, I just made a new account with them too(it is free tho ), my web host says ABSOLUTELY NO warez , however there is this site called "umnet", they have a lot of stuff for lots of devices, including Windows Mobile CAB's. It is not very easy to browse umnet, and there is a lot of garbage, and it is not very easy to sort out what you DO want from what you DONT want. Back on-topic, if I am to make a app-store, I will need to find another host, or something like that.
P.S Is your work app repository, publicly available, or no?
No it on our own server & requires account.
Mister B said:
No it on our own server & requires account.
Click to expand...
Click to collapse
Okay, too bad.
Now, about the app store, I have identified all of the main challenges:
1. Getting a server and/or host.
2. Getting all of the apps.
3. Getting permission from developers to put their paid/non-distributable apps on the server.
4. Setting up a search/description system(will probably be SQL based).
5. Getting the .CAB set up.
6. Getting people to use it.
I have an idea for, convincing developers to make new software for WM6.5, a development fund/bounty. Right now, many people who were once WM6.5 die-hards have stopped developing programs for WM6.5, maybe we can get some new developers, AND get some old developers back, by giving them an incentive to develop for WM6.5. This could be a bitcoin fund/bounty, when a developer wants to make an app, he/she can ask for some bitcoins from the bounty and that could help fund development if his/her app.
Also, ROM's, many ROM's are inactive, my next idea is to, create new ROM's with WEH builds, they will have ALL of the same features and apps and drivers, and versions(6.5.5, the best), but be based on WEH, because WEH has some new under-the-hood stuff like newer security standards, WiFi encryption standards, etc...
Possibly, we could even create new/improved drivers, via reverse engineering or something like that, AND possibly, dig up enough information to implement some of the features of Photon(what WM7 was supposed to be as of 2008), like an unofficial WM7(NOT WP7).
Hi everyone,
Here is a little history first. In 2014 I helped develop a traffic counting app for an engineering buddy. I designed the UI's, the flow charts and wrote the 275-page illustrated, developers manual. The developer had it working in less than 6 weeks, thanks to, as he said, "to the awesome documentation provided". The app has been in use since then and has worked flawlessly on the original 24 tablets I originally purchased for him.
Recently, we have been asked to bring the app to a wider audience so, my question is, "Is there a way to prepare an image of the Android OS containing only the setup we need, and then clone it to the new tablets?" The app is designed as engineering tool and is not listed through Google Play and as such, it does not require most of the bloatware found on the new tablets. The app does require the use of photos, some file management along with network connectivity to send and receive the various data files required and produced by the app.
I have limited experience in rooting, but I have been successful when I done it on my Samsung phones.
As a certified Graphics Designer/Windows and Mac tech/COVID-19 survivor (nearly killed me, literally...LOL), I am aware of the amount of work that goes into aiding people with their "little" projects. Any help or direction in this matter would be deeply appreciated.
This may be stupid, but I couldn't find any resources regarding this. We have custom recoveries for android devices but why isn't there custom bootloaders like there is for PCs ? Like in the PC space we have the likes of reFind and gnu grub.
Thanks
There are some instances of alternate bootloader projects. Just that they are not popular,
[Bootloader] LK for Xperia T
LK for Xperia T LT30p Only - Unlocked Bootloader Required WARNING 1: This modification makes changes to the devices partition table. I (lilstevie) am not responsible for any damage to your device or data loss that may occur. WARNING 2: ICS...
forum.xda-developers.com
EFIDroid
EFIDroid is a easy to use, powerful 2ndstage-bootloader based on EDKII(UEFI). It can be installed one-click with the EFIDroidManager app. You can add/remove/edit multiboot ROM's. There's no special support needed by ROM's or RecoveryTools(no...
forum.xda-developers.com
The developer of EFIdroid stopped developing in 2019.
efidroid on Android 9 and 10 devices ? · Issue #152 · efidroid/projectmanagement
Hi, I just want to know if efidroid supports devices with 6 GB RAM and 64/128 GB Storage devices running Android 9 and Android 10 ? thanks.
github.com
Not to mention you would need OEM's to cooperate....
Thanks @karandpr for that github comment a lot of info there. Thanks @galaxys too. So a quick summary would be that the reason is that for the bootloader to work smoothly there has to be support from the kernel too, which the OEMs should do and probably would not. But I didn't think about the support in the kernel was an issue. That does seem to be a lot of work and I see the reason now.
al_l_en said:
Thanks @karandpr for that github comment a lot of info there. Thanks @galaxys too. So a quick summary would be that the reason is that for the bootloader to work smoothly there has to be support from the kernel too, which the OEMs should do and probably would not. But I didn't think about the support in the kernel was an issue. That does seem to be a lot of work and I see the reason now.
Click to expand...
Click to collapse
I don't think Google intends to open up android anymore. They want restrictions like iOS but pretend to be open source for the "goodwill". What's the use of AOSP if you cant effectively install it on a device or your important apps don't work?
I believe PinePhones are the ones that can have truly open-source compatible hardware. The specs are underwhelming but the community is really good.
You can get spares easily and the battery is removable.
Only thing is they are mostly out of stock.
karandpr said:
I don't think Google intends to open up android anymore. They want restrictions like iOS but pretend to be open source for the "goodwill". What's the use of AOSP if you cant effectively install it on a device or your important apps don't work?
I believe PinePhones are the ones that can have truly open-source compatible hardware. The specs are underwhelming but the community is really good.
You can get spares easily and the battery is removable.
Only thing is they are mostly out of stock.
Click to expand...
Click to collapse
Yeah those are great but the problem is that they are not usable for "normies" which will prevent mass adoption and hence cannot have a sustainable business model.
But I think google is not the only one to blame, like couldn't the OEMs actually provide bootloaders that can boot signed os images. Or is there any technical or security difficuties in doing that.
al_l_en said:
Yeah those are great but the problem is that they are not usable for "normies" which will prevent mass adoption and hence cannot have a sustainable business model.
But I think google is not the only one to blame, like couldn't the OEMs actually provide bootloaders that can boot signed os images. Or is there any technical or security difficuties in doing that.
Click to expand...
Click to collapse
Normies are afraid to change the default browser, so bootloader is really out of their leagues.
Phone tinkering is a hobby, not a necessity. Phone tinkering itself is not a sustainable model.
Google is to blame primarily. Because they have a stringent list of requirements for devices to pass CTS. You can read the bootloader requirement and judge yourself.
Android 11 Compatibility Definition | Android Open Source Project
source.android.com
Without passing CTS, devices cannot use Google apps, they cannot get push notifications and they cannot pass SafetyNet checks used by most banking apps.
At the end of the day do I want to spend 100s of hours to bring a feature to an android phone which will probably be used by 10 users and deprecated by the time I finish doing it?
or do I want to buy a phone which will allow me to tinker freely in a community and ecosystem which allows modification?
For our tinkering pleasures, Pinephone is the way to go for now. They have support from Manjaro, Debian and KDE. Which is a big thing IMO.
Or else there you can roll your thing in RaspberryPi?
While going through related details I found an article about google probably switching to hardware based safetynet checks which could be ending google play compatibility on custom roms.
It really seems like google is using security as an excuse to make sure that there are no competitors in their business space.
Maybe this is because I have been only doing web development and only started learning app dev, but the reasons google use for CTS like for enforcing DRM, is also handled on websites while allowing openness and being neutral (or maybe the web is not as secure as something like this, so forgive me if I am wrong). Android could really take pages off the web ecosystem for being a neutral platform.
I really appreciate the patience for hearing out and also the references(and the rabbit holes that it was followed by) really taught me a lot about general android architecture.
al_l_en said:
While going through related details I found an article about google probably switching to hardware based safetynet checks which could be ending google play compatibility on custom roms.
It really seems like google is using security as an excuse to make sure that there are no competitors in their business space.
Maybe this is because I have been only doing web development and only started learning app dev, but the reasons google use for CTS like for enforcing DRM, is also handled on websites while allowing openness and being neutral (or maybe the web is not as secure as something like this, so forgive me if I am wrong). Android could really take pages off the web ecosystem for being a neutral platform.
I really appreciate the patience for hearing out and also the references(and the rabbit holes that it was followed by) really taught me a lot about general android architecture.
Click to expand...
Click to collapse
Theoretically, Google can end GPlay compatibility on Custom ROMs anytime they wish. It's just that lot of App Developers don't use SafetyNet the way it is intended and Google doesn't roll out its strict check. They do it once in a while.
They don't have any competitors in their business space. It's a very well-thought monopoly.
CTS restricts Google Play API access to vendor operating systems. So vendors like Samsung, OnePlus and others have to play by their rules. IIRC, the cost of Play API is around 15$ per device but it is subsidized for large quantities.
End users don't really care about Play API. But App Developers do.
Without Play services, there is no easy way to integrate push notifications, ads, maps, analytics, metrics, and so on. Rolling your own thing will take years to develop and won't work as seamlessly as the play service counterparts.
I don't think Google will ever cede their monetary interests for open collaboration.
karandpr said:
I don't think Google will ever cede their monetary interests for open collaboration.
Click to expand...
Click to collapse
Yeah that's for sure. The only way this monopoly can break is when an opensource alternative to google play services and other apis exist and while doing that it must be compatible with the existing google apis. And that is probably not going to happen in a long time. Although microg does solve this to some extent, but still it is a second citizen.
Some of the functionality is already there, like most of the google apps like docs and drive could replaced by nextcloud and then maps could be replaced by osmand. If some company, preferably an OEM, comes and integrates all of these into a package maybe there's hope. I think /e/ os tries to do this to some extent.
You might find this resource useful. As they have gone over a comprehensive set of bootloader software and tried to outline their primary features in detail. Hopefully, you’ll be able to determine the best one for your use case. https://www.ubuntupit.com/best-linux-bootloader-for-home-and-embedded-systems/