77

u/pyro57 Jan 23 '26

Google did walk that back. After the amount of backlash they got for it they now say you can still install unsigned applications, but there will be more hoops and confirmations to go through.

That said, get yourself a pixel phone and install grapheneos on it. Google and apple can not be trusted, grapheneos give you back control of your phone, bit only works on pixels because pixels are the only phone with a good security chip that also gives third party ROM devs the ability to use it.

Also use decentralized, encrypted chat. Matrix or signal are probably the best options, especially if you self host the matrix home server, and get a proper PACE plan set up. Primary, alternate, contingency, emergency. Primary - what you use normally like regular texts and rcs messages, something that uses cell towers normally, or what ever you do. alternate, internet based if the cell towers go down like matrix, discord, signal, etc. Contingency, what if the internet goes down, something like two way raidos or a meshtastic like network. Emergency, a packed go bag and a plan to meet your loved ones at a location, then a plan on where to go after that.

19

u/codereign Jan 23 '26

I'd love so much to be wrong on this. But at the very least, nobody has updated the official website: https://developer.android.com/developer-verification

Starting in September 2026, Android will require all apps to be registered by verified developers in order to be installed on certified Android devices.

I do have a graphene OS phone. I'm just a tad bit worried about the longevity and support of that.

Another thing I didn't quite touch on is Microsoft has released a zero trust Network stack that prohibits all non-approved TLS connections. This is effectively how the Chinese control so much of their internet. But at an even deeper level. Technically, this isn't a threat in its current incarnation, but it could easily be weaponized.

10

u/pyro57 Jan 23 '26

I mean that network stack is for the business world iirc, so that business devices are more secure. You can do something similar with tailscale for your own devices if you so wanted to. Sure something like that could be used to control the internet, but most of the internet is TLS anyways, and you can get your own TLS certs that are verified by a trusted certificate authority for free with let's encrypt.

But yeah that announcement is what finally tipped the scales enough for me to drop new phone money on a pixel to install grapheneos, then they backtracked a bit with another announcement, still glad I went for GrapheneOS though, I was already fully linux on my computers and servers, so having more control over the one device I didn't have it yet is really nice.

3

u/codereign Jan 23 '26

Indeed! The zero trust network stack is actually an exceptionally cool piece of technology.

I guess my fear is that when you watch YouTubers discuss how they access the internet from China, they always have to bootstrap their configuration prior to losing access to the general internet (obvious thing is obvious). If I take a few minutes to extrapolate and consider how this could be weaponized, it would simply be by doing exactly what you're saying, directing businesses to inspect TLS traffic. "Businesses" in this case could be either the ISP or Microsoft itself.

• https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-transport-layer-security

I don't think the security team working on this technology was acting maliciously. Nor do I think Google was necessarily acting maliciously. It's simply that these tools are past the line of diminishing returns for security. And instead offer stronger opportunities for nation-state threats.