Uncomfortable Questions About Android Developer Verification

This shouldn't just be "questions"; this should be a full-on opposition. Do not give them even an inch, or they'll take a mile.

"debugger vendors in 2047 distributed numbered copies only, and only to officially licensed and bonded programmers." - Richard Stallman, The Right to Read, 1997

Why is it so complex to have a foss mobile OS.

I only have Linux PCs (laptops) and servers, 100% of my work and personal stuff is done there (though for work I do need to hop into MS365, Google Workspace, Zoom, etc, hooray for browsers, my final firewall between me and the walled gardens, though we can have a whole discussion on that).

For mobile, we have PostmarketOS, Phosh, Ubuntu Touch. I really must try living in them, is it on me? IDK, our government even has an identity app for iOS and Android. I should not be using it, I should stick to web. But its so much more convenient. I'm just weak, aren't I?

Maybe I should go for Ubuntu touch, with an iPad on the side or something. At least my most personal device is something I control then. Or just keep my Linux laptop handy (or make a cyberdeck!). But I want a computing platform that does not require carrying a bag. It's kinda sad. Even GrapheneOS (one of the most personal and secure mobile computing experiences out there)'s future is in the hands of its greatest adversary, the one that does not want you to have a personal computing experience.

I could be one of the people running an ungoogled phone, but my bank refuses to have an app that runs on an ungoogled OS for "security"

My bank blocks my mobile with Lineage OS, and it's not even possible to login to the web site without the mobile app. Absolutely pathetic.

Now I have to keep my 4 year old phone with 2 year outdated Android to access the bank application. Which deemed more safe then my mobile with latest security updates. Haha

last time I walked into the bank to do something, they tried to peddle their app. I giggled and said no, their developers don't understand security.

my phone is rooted and their app won't work.

> I giggled and said no, their developers don't understand security.

Their developers usually understand security well enough.

The problem, especially for banks, is that they're zero-risk driven, their ideal world is the one where risk doesn't exist. So instead of mitigating it they chase risk elimination (!= reduction) at any cost, while middle management needs to report that they improved something for the quarter. This results in all these kinds of stupid policies, where a 6 year old mobile, unmaintained for 4, is considered more secure than the weekly build of the community-based custom ROM running with locked bootloader signed with user-managed keys with strong protection (these days it's almost infeasible).

EDIT: to be clear, it's normally not the developers thinking up these policies, I have worked in a bank.