Mr. HCJ2d ago
Gina

🚨 Say that I were to give a talk to EU policy makers and OSS communities at a very big conference tomorrow..

and that I want to spend half of my talk on how Google is locking down #Android through:
1. Device attestation
2. Developer registration
3. Age/identity verification

What should I absolutely include? πŸ‘€

Input is welcome, sorry for the short notice. Plain language + realistic calls to action pls.

@fdroidorg @GrapheneOS @postmarketOS @Fairphone @appfair @fsfe @murena @volla @IzzyOnDroid

Jun 7 at 8:56amWeb
Show threadGina2d ago

Boosting and tagging is appreciated, DM's are welcome too.

I really want to get this right, so please only use verified information. And yes, I'll be mentioning https://keepandroidopen.org/ extensively.

(And yes I will also mention Apple and the role of the DMA, but only briefly. More info: https://mastodon.social/@kirschner/116440678455335985)

Keep Android Open

Your phone is about to stop being yours. In September 2026, Google will block every Android app whose developer hasn't registered with them.

Show threadGina2d ago

I'll start with the #opensource strategy and EU tech sovereignty package, and good things happening and alternatives being build etc.

Then mention how the mobile ecosystem is one of the last frontiers left critically assessed.

I'll share how Google is closing down Android (input welcome!). 

And that we need to promote, fund, regulate and perhaps even build open (EU) alternatives in the mobile ecosystem if we don't want to increasingly become captured by 2 US big tech companies.

Show threadGina2d ago

About age/identity verification through the new EU ID wallets, I'll mention something about the necessity of offering this through open apps / app stores. Google is all too eager to become a middleman for these services:

https://reclaimthenet.org/google-wants-to-be-the-id-checkpoint-for-europes-internet

Show threadGina1d ago
One of the final slides in my presentation:
Show threadRandom Sapiens1d ago
@Gina @GrapheneOS
Show threadHugo1d ago
@random_sapiens @Gina @GrapheneOS #sailfishos by @jolla 😊
Show threadGrapheneOS1d ago
@hlrx @random_sapiens @Gina SailfishOS isn't open source, has atrocious privacy/security and was developed in close partnership with Putin's regime from 2015 through 2023. They first partnered with the Russian government AFTER they invaded Ukraine and were sanctioned. Russia are the only ones able to have a fork of SailfishOS (Aurora OS) since most of the code specific to it is closed source. It's quite silly that they market themselves based on their geographic location considering the history.
Show threadHugo1d ago
@GrapheneOS SailfishOS is gradually opening its source code, let's be patient. Regarding their ties with Russia, @jolla said he had cut his economic relationship with Russia in 2021.
Show threadGrapheneOS1d ago

@hlrx They've barely open sourced any of the code specific to SailfishOS. The parts which are open source are nearly entirely the projects they use from elsewhere.

SailfishOS didn't fully cut their ties to Russia's government until 2023. The management who made the decision to work closely with Putin's regime in the first place are still the ones in charge and now own the company.

It's marketed as open and pro-European but their actions show the opposite. It's nowhere close to as open as AOSP.

Show threadAntti1d ago
@GrapheneOS @hlrx That is false claim. They announced leaving Russia already in 2021 and seized operations there. But in two years they couldn't find anyone to buy Russians out so 2023 they just run the company to bankruptcy to finally get them out.
Show threadAndreas 1d ago
@Gina yes we do. One that is supported by governments so I don’t have to pick one over the other
Show threadLaura1d ago

@Gina This comes to mind, showing that this whole sovereignty thing is not hypothetical, the USA is already attacking this way. Apologies if this was covered elsewhere, I didn't read through the entire thread.

https://www.theguardian.com/law/2026/feb/18/international-criminal-court-icc-judges-trump-sanctions

Credit cards cancelled, Google accounts closed: ICC judges on life under Trump sanctions

Kimberly Prost and Luz del Carmen IbÑñez Carranza vow US reprisals will not affect work of international criminal court

The Guardian
Show threadRobert Zondervan1d ago
@Gina 100% agreed, although I think there are challenges in getting an open ecosystem adopted. In regards to that a question: I seem to remember that few years ago there was a EU resolution to force Meta (and the rest) to open API's to their messaging apps so that other messaging apps could communicate with them. Have you got any idea what the status of that is?
Show threadRobert Zondervan1d ago
@Gina Because if we can use an open messaging app like Nextcloud Talk to communicate with those glued to their WhatsApp (I'm guessing there is no way that we get WA on such an ecosystem), the chances of success are way higher.
Show threadJoy_intl2d ago

@Gina honestly, for what concerns _required_ government interaction - like identity paperwork, taxes, or health, these functions should absolutely be priority for NOT working through Chrome or Google -

For example, I often have to use Chrome browser instead of Firefox or Librewolf, bc the government sites simply don't function unless it's Chrome.

Next priority = banks. I should not be required to have a phone at all to do banking, but if I do, I should be able to use GrapheneOS or other.

Show threadOpen Risk1d ago

@Joy_intl
@Gina

it might be kinda useful to policy types - and I don't think I've ever seen such a thing - to have a sort of catalog of what are established uses of mobile devices and which of those need to be ring-fenced, protected from the surveillance cartel

The list is quite long... from calls/messaging, to identity, location, camera/audio, health, payments, banking, any other sensitive commercial/personal interactions etc.

The techbros know exactly what they are after, but we dont

Show threadDavid Ginn2d ago
@Gina It's funny how these things start out innocently, and then one day you realise one company has a monopoly. Legislation needs to be able to quickly address that once it's happened, because it's cleverly dressed up as convenience, and the public sleepwalks into it every time.
Show threadWhatisgoingon1d ago

@david @Gina πŸ’―

I didn't saw it coming when it started but in hindsight we europeans were not ready for the VC funded Silicon Valley mindset.
Which is basically to steamroll everyone and their competition using obscene amounts of venture capital to force exponential growth. And once they own the ecosystem they transform from convenient and helpful to evil and extortionists.

And it seems we are still not ready but merely waking up.

Show threadDavid Ginn1d ago
@themipper @Gina I welcome the new European movement to develop alternatives, but we need to be mindful of what the large American tech firms did so we don't allow it to happen again. I'm hoping the diversity of viewpoints in the bloc helps to prevent that from happening. BUT, money makes people do strange things...
Show threadCarlos2d ago
@Gina is there any chance the talk is available for the public to watch online?
Show threadGina2d ago
@carloscabello Nope, Chatham rules, but I'll share the content here after the talk.
Show threadluca2d ago
@Gina Er... we already *are* hostages to 2 US companies.
Show threadJan Lehnardt 2d ago
@Gina I would appreciate the not-everything-needs-an-app angle and focussing more on the web as a true open platform. Good luck with it all πŸ«ΆπŸ™ŒπŸ€ž
Show threadGina2d ago
@janl I really like apps though. They just need to be open source and not reliant on Google's Play Integrity API.
Show threadElse, Someone2d ago
@Gina
They are too general-computey though, ie they're an extra attack surface and also will include a bunch of unnecessary telemetry stuff, while also failing to implement proper offline functioning, like the HSL app which discards the bus schedule on suspend and won't recover it without internet connection.. All because the API allows requesting stuff from the Cloud in the first place
@janl
Show threadDavid Ginn2d ago
@nobody @Gina @janl As someone who lives in the "countryside" with terrible mobile coverage I'm constantly shocked by how many apps need constant connection to the mobile network to function. I can only assume it is because their stated function is second to telemetry. When I'm out and about, 3/4 of my phone's functions are unusable without coverage.
Show threadDavid Ginn1d ago
@nobody @Gina @janl Just for clarification, "countryside" in my case is 10 miles from Oxford, and it's a flat area. I have no explanation for why it's so terrible. I have a lot of theories but no concrete proof.
Show thread🍡 holly2d ago
@Gina @janl I’m with you, Gina. Having everything be yet another open tab in my browser is a pain. I can automate interactions better with apps, blocking their notifications at different times, choosing which ones I do or don’t want appearing on my home screen at different times, etc. When it’s all in a browser it’s just all one big distracting mess.
Show threadA-wai 2d ago
@Gina @janl Or even, not reliant on *any* platform-specific API at all: as a user of @mobian I'm basically banned from using those digital ID/wallet thingies, and that won't be fixed by switching to a different (but still Android-only) API.
Show threadJan Lehnardt 2d ago
@Gina My angle is certain necessities of life requiring an app (banking, medical, parking, etc) all of that should be possible without an app. That’s not saying no-apps, just apps-not-mandatory.
Show threadJuliette1d ago

@Gina 100% agree with @janl.

I'm a prolific open source maintainer and I very deliberately don't have a smart phone (story for another day). Don't exclude me from society, just because you like apps...

Show threadJan Vlug1d ago

@jrf_nl @Gina @janl

I think all app functionality can also be achieved via Progressive Web Apps ( #PWA ). A PWA should be able to run on an open browser engine (beware of Chrome #lockin), and hence on open standards, independent of a specific platform like Android or iOS.

With GNOME Web, you can install a website as a Web App.

https://developer.mozilla.org/en-US/docs/Web/Progressive_web_apps/Guides/What_is_a_progressive_web_app

Show threadNick Chomey1d ago

@janvlug @jrf_nl @Gina @janl

You're missing the real story here: APPLE is the enemy of PWAs and an open, powerful web. Not Google.

So much more here:

https://open-web-advocacy.org/
https://infrequently.org/series/browser-choice-must-matter/

Open Web Advocacy

A group of software engineers from all over the world who have come together to advocate for the future of the open web

Open Web Advocacy
Show threadJan Vlug1d ago

@nickchomey @jrf_nl @Gina @janl

The point I tried to make is that there is a good alternative for apps: PWA's.

I was reacting on the phrase: "I really like apps though".

My statement about Chromium is because I sometimes see sites that do not work well with LibreWolf. PWA's should not use proprietary parts of browsers.

Show threadNick Chomey1d ago

@janvlug @jrf_nl @Gina @janl

Agreed. PWAs are the way forward. But your comment about librewolf compatibility is misguided - this is a discussion about policy, not individual developer decisions about which apis to build upon.

Also, Firefox has failed to implement some important pwa apis, so I have to figure librewolf suffers from that as well.

Show threadJan Vlug1d ago

@nickchomey

Thanks for the correction. I guessed that LibreWolf (Firefox) would be standards compliant. The key message should be: based on open standard api's (and do not let the open standards be hijacked by monopolists).

@jrf_nl @Gina @janl

Show threadJan Vlug1d ago

@nickchomey

To add to "do not let open standards be hijacked by monopolist", I just read a blog stating:

"Euro-Office defaults to the fully proprietary OOXML document format, developed and controlled solely by Microsoft. This makes it a de facto ally of Microsoft in its content lock-in strategy, with control remaining firmly in Redmond and far from Europe."

https://blog.documentfoundation.org/blog/2026/06/08/an-open-letter/

@jrf_nl @Gina @janl

An open letter to office suite users, just before the Euro-Office announcement - TDF Community Blog

Dear office suite users, In recent days you will have read various articles announcing the arrival of Euro-Office, which is being β€œmarketed” as the first open-source office suite developed in Europe. We feel compelled β€” reluctantly, since open source should rest on transparency, not deception β€” to correct this claim. The first open-source office suite developed in Europe was OpenOffice.org in 2001, based on StarOffice’s source code, followed by LibreOffice from 2010. These are two genuine open-source office suites, built from source code that originated in Europe. They are not a freeware clone of MS Office whose code provenance is undisclosed, nor a product that has rebranded itself out of pure opportunism to ride today’s wave of Digital Sovereignty. It is worth remembering that many of those who champion Digital Sovereignty today were silent back in 2006, when the open ISO/IEC ODF standard β€” the pillar of Digital Sovereignty β€” was announced: not only did they not listen to us during all these years, but in some cases they greeted us with a condescending smile. If we can speak of Digital Sovereignty in Europe today, it is thanks to The Document Foundation and LibreOffice community members at large, who kept

TDF Community Blog
Show threadLea17h ago

@jrf_nl @Gina @janl

Exactly! I *do not want* a smartphone and no one should be required to have one or install apps just to do normal things like park a car and other routine activities of daily life!

Show threadAlexandre Oliva1d ago
publishing apps as free software, and not making them mandatory by offering alternate access to services, would go a long way in weakening the dominance and lock-in of the mobile operating system duopoly

governments should go a step further and actively promote the adoption of a sovereign platform, instead of further entrenching the dependency on this duopoly

CC: @[email protected]
Show threadAlexandre Oliva1d ago
you may also argue that it is absolutely unreasonable for foreign companies to be entitled to decide who can or cannot get government services, by allowing or refusing accounts that enable the installation of the apps required to get those services, or even to get information about the services. promoting and favoring platforms that enable foreign companies to decide who gets to be a full citizen, and who gets marginalized, and to set the terms and conditions for the enjoyment of digital citizenship, is a disservice to the citizenship, and an unacceptable subjugation.

CC: @[email protected] @[email protected]
Show threadDiederick de Vries1d ago
@janl @Gina Agreed. But that would mean having to log into each webapp every single time, possibility using MFA, which requires another device. Not impossible, but we have to think about how.
Show threadDagnabbit, Pascaline ! πŸ’₯1d ago

@janl

I so feel this.
Users have less control over apps.

@Gina

Show threadJan Wildeboer 😷2d ago
@Gina Do make the point that true digital autonomy/sovereignty for citizens and organisations needs truly sovereign identity ownership and that outsourcing verification of that critical component to Apple and Google is the exact opposite. We cannot have digital sovereignty when we are locked in to a duopoly that sits outside of our jurisdiction as part of the design. Alternatives exist. We MUST base identity ownership and verification on stacks we own and operate. Build that. Now! :)
Show threadJeroen Wiert Pluimers2d ago

@Gina is their path to bind reCaptcha to phones via QR code, and the resulting privacy consequences, large enough for your talk?

https://tweakers.net/nieuws/247664/nieuwe-recaptcha-check-werkt-niet-op-android-telefoons-zonder-google-diensten.html

Nieuwe reCaptcha-check werkt niet op Android-telefoons zonder Google-diensten

Een nieuwe reCaptcha-verificatiecheck werkt niet op Android-telefoons zonder Google Play Services. Dit betekent dat de check niet zomaar zal werken op custom roms zoals GrapheneOS. Google kondigde de nieuwe reCaptcha-check vorige maand aan, die werkt met een QR-code en fraude met AI-bots tegen moet gaan.

Tweakers
Show threadGina2d ago
@wiert I'll see if I can include it as an example of how Google is weaponizing it's Play Integrity API, but it's small compared to the other topics.
Show threadSWAT2d ago

@Gina
Please at least mention it shortly. It is a real and concrete example of the previously "hypothesized" enshittification.

It is in quotes, because we saw stuff like this coming a mile away, it is was always downplayed.

Now it actually happened. Never waste a good crisis πŸ˜‰

@wiert

Show threadDagnabbit, Pascaline ! πŸ’₯1d ago

@swat

Agreed, mentioning it is great; this is something that directly affects consumers and may infringe on their consumer rights.

@Gina @wiert

Show threadPeter Bindels2d ago
@Gina @wiert I have had two stores fail on invisible recaptcha already. Right now they lose some customers, but soon I will lose all ability to buy anything or having to get a new Google tether. Seems relevant.
Show threadGina1d ago
@dascandy @wiert and there was no other option available, like audio and visual puzzles? I haven't seen any recaptcha's without them yet (not doubting your experience or Google's intentions btw)
Show threadPeter Bindels1d ago
@Gina @wiert There was no captcha shown at any time whatsoever, just a message "recaptcha failed". I did inform them they lost a customer.
Show threadhackeryarn1d ago

@Gina @dascandy @wiert I had the same experience. Tried to order online from a local restaurant and couldn’t get to the store page. Turns out, it was an invisible captcha because it worked just fine on a desktop.

Zero explanation or alternatives.

Show threadJeroen Wiert Pluimers1d ago

@hackeryarn @Gina @dascandy rendering to various media is still a pain for too many site.

I print anything to PDF that has to do with account sign up or with transactions. If I got one EURO for any page that renders incorrectly (hiding, clipping, overlaying, partial rendering of information, and refusing to print at all are the top problems but white on white and black on black are also annoying), I would be "rich".

Show threadHans-Cees πŸŒ³πŸŒ³πŸ€’πŸ¦‹πŸˆπŸˆπŸ‹πŸ‹πŸπŸœ2d ago

@Gina this article seems to be well informed. https://www.howtogeek.com/android-is-abandoning-the-open-source-roots-it-never-really-had/

If I read it right google makes it hard for other users of the code to make android forks by releasing only once a half year opensource code. Thats abuse of power of course. Als they take out parts of the system and put those into apps that are closed source.
Abuse of power to make life difficult for competitors should rings bells in the eu.
#android #google #eu #OpenSourceCommunity #opensource

Android's openness was always a mythβ€”and Google just admitted it

Google's mobile platform hasn't been as open as it sometimes claimed.

How-To Geek
Show threadDagnabbit, Pascaline ! πŸ’₯1d ago

@hanscees

Absolutely. It creates a golden palace in which only selected, cooperating businesses are allowed. It's abuse of power and it's exclusion. It creates a stream of income that is not for all but for just the select few.

@Gina