> 8. If you haven’t used an app that you installed on your device in a while, you may not want it to keep accessing your data. Android will now “auto-reset” permissions for your unused apps and notify you accordingly. You can always decide to re-grant the app permissions the next time you use the app.
> 9. With additional Google Play system update modules, even more security and privacy fixes can be sent to your phone from Google Play, in the same way your apps update. So you’ll get these fixes as soon as they’re available, without having to wait for a full OS update.
8 seems like a rather wise and user friendly privacy concern (which might be annoying to power-users who set things up proactively and don't want their configurations messed with, yet overall a great improvement).
9 has me worried about variants of android like Lineage or ParanoidAndroid where the play store isn't included automatically. This forced reliance upon the play store for security sensitive updates is devastating for de-googled device feasibility. It will make more sense for developers to not support devices without Google Play, effectively shoehorning alternatives out of the usable, secure devices realm.
It becomes a problem when Google decides to keep those security fixes to themselves. I can very much see microG (a GMS reimplementation) provide the same service using their own compiled patches, kind of like Linux distributions provide packages and kernel updates developed by Intel, Microsoft, Red Hat, etc, which end up publicly available.
9 is part of google's attempt to deal with carriers and manufacturers who don't send out updates in a timely fashion. It may have side effects that make it harder for others to build de-googled android but that isn't the publicly stated main goal.
While increased control of the platform is one motivation, I don't think it's the main one.
Google's been forced to go in this direction by vendors who put out Android devices and never update them, even for the most serious issues. The only way to get security updates deployed is via Google Play.
Aye, I didn't say it was the sole reason and I agree.
Flagship devices with 18mths-24mths of support when Apple routinely does 5 years was damaging as well.
I typically buy mid/low-range android devices and AndroidOne has been great, I'm still getting monthly security updates on a must be 2 year old-ish Nokia 6.1 that is still a perfectly fine phone for my needs and it cost me 150 quid sim-unlocked.
It looks like the user disable the automatic permissions rest on an app-by-app basis. If you navigate to the permissions page for a single app, there is a toggle at the bottom to disable this.
And yet their messaging strategy is to push a carrier standard with what I consider an egregious oversight: end to end encryption. You know, that thing Apple and Signal have had since the beginning of time.
Even worse, Google decided to auto-enroll millions of devices into their RCS hub meaning it's receiving device text messages in cleartext. How do you like dem apples? And you thought the metadata collecting was bad.
Even more egregious IMHO, is that they set up shadow APNs on android devices, at the behest of the carriers, and route all tethered traffic via them.
This is so the carriers can measure and limit tethering separately.
The security issue here is that if you have a VPN client running on your phone, tethered traffic still goes in plaintext to the public internet via the hidden APN.
Mostly correct. Most major phone OS has had this situation. iOS, Android, and BB10. It's a billing/terms of service issue.
That being said, the most straightforward non-root way around it is to install LineageOS on a supported device. There's an option in hotspot settings to share VPN connection. There may be other (non-Google) manufacturers that carry a similar feature.
If you want to talk real nasty shit: Lets say you do the above and unlock device bootloader to install LineageOS. However, you decide not to root because you'd like to maintain security on the device. Additionally, you're on the latest monthly patch level while your vendor's latest build is 8+ months back...
Guess what? Now you can't use Netflix or your banking app!
Why? Because Google play services uses your device's 'hardware-backed attestation' to know bootloader is unlocked and app developers can block install of their apps based on this certification status. See: https://www.lineageos.org/Google-Play-Certification/
Your post is very confused. Android doesn't send tethered traffic through VpnService whether or not tethered traffic goes to the same APN. Tethering just sets up a dumb router.
What are you talking about? GNU/Linux has a much more healthy app ecosystem than any mobile OS.
I own one of these (the pinephone) and it's really very much like a laptop running alpine. All of my desktop apps just work (although I have to use fluxbox because CWM isn't nice on a touchscreen.)
GNU/Linux has thousands of apps. They do not all fit the screen, but it's much easier to fix than create new ones. Purism created libhandy library for that.
It should be noted that the libhandy features are now part of the stock gtk3+ framework, so every app following standard UI guidelines benefits from the new "responsive" look.
I’ve had phones with card expansion. Never worked seamlessly to the point where I gave up on them. Does anyone have experience with using cards on these phones? Can you for example store all images and media there as if it was the main storage without ever needing to think about it again?
They're first-generation devices, so the focus is on getting the device experience right, not on having flagship specifications. If they get the experience right, they'll likely come out with higher-spec devices in the future.
I have a Pinebook Pro and love it, but the Pinephone's camera is woefully underspec'd. Put a better camera on it and let me pre-order ffs and I'll buy one in a heart beat.
Preorders for Pinephone will open in about a week. You can preorder Librem 5 with a better camera now (but you won't get it very soon due to a large queue).
I've been using PdaNet+ to get around the hidden APN hotspot traffic routing. It makes AT&T think I am using 100GB on my phone when most is from my PC.
One major thing to note: Don't expect support from LineageOS devs for MicroG stuff. They explicitly do not support it and are slightly rustled at people using unofficial builds with MicroG and then complaining in their support channels.
their messaging strategy is to support any messaging app you want to use as a first-class experience.
SMS or RCS notifications aren't treated as any special case that gets priority over any other messaging app. If you want to use signal as your primary messaging app, android is happy to support that.
It is much more special, because afaik it is the only one that can hook into SMS coming from the carrier. Other messenger apps can be downloaded and installed, but they can only do digital messaging.
If you are on Android and you use Signal, but text some random other android user's phone number that uses a pure sms messaging app, is any part of that conversation encrypted?
If the other phone is associated with a Signal account at all (regardless of operating system), it will use the Signal transport, otherwise SMS. The Signal UI makes it clear when you're sending unencrypted text messages.
Yes, there's a default app to handle SMS. And Google would like you to use Google Messages for that, which is inherently non-private because SMS (and RCS) aren't private.
but there's nothing about SMS that makes it a default other than it's what most people use. You have to open an app to send a message, there's no default way of sending a message where you aren't choosing an app first, and if you want something private and secure, you can choose something other than SMS.
I think by 'default' I meant on the home screen of apps on a factory-new Android phone, presumably one messenger app is pre-installed and on that list. Perhaps, even configured as part of a phone onboarding experience.
This must be the disconnect. As an Android user, it wouldn't occur to me that the "default" messaging app (usually something barebones and ugly) would influence how I send my messages. I just use whatever app I want, SMS or not. But unlike Android, Apple managed to popularize its own all-in-one messaging solution and in so doing brought encryption to more conversations. Google could try to do something like that with Android, but thus far they've simply remained agnostic.
It is usually a SMS-based app but it is not the same one for all factory-new Android phones. Some manufacturers will ship with Google Messages and some such as Samsung have their own messaging apps which will be the default in most but not all cases. If purchased through a carrier sometimes the default app will be the carrier's messaging app even if the phone manufacturer has their own.
As the other commenter points out, Apple's hands are just as dirty as Google's in this matter. iMessage is only end-to-end encrypted if you turn off cloud backups, and most people have them on so in practice it's not so. And turning them off on your end doesn't help either if even one participant in the conversation has them on.
WhatsApp has the exact same problem with unencrypted backups.
End-to-end encryption at large scale is not really something American mega-corporations can provide, unfortunately.
You mean like on-by-default plain text backups on iCloud? The difference is that on Android, you can change to an app that is actually secure (without a MITM key server vulnerability like iMessage) and have it be used by everything.
RCS is only used if you otherwise would have used SMS, which is also not end-to-end encrypted. I certainly think they should have added encryption, but RCS doesn't make things any worse than it already is, or make anything plaintext that would have been encrypted.
They can't, it makes no sense to add such encryption to SMS. The end user would have to manually manage keys. It didn't make sense on WhatsApp or iMessage either of course but for different reasons - there the problem is the apps are a monopoly for that service. They can update at any time and alter the encryption as they see fit. They already did this to stop people forwarding messages on WhatsApp, which makes a mockery of the concept of e2e encryption.
Sounds like clear text with extra steps. Given that iCloud data is stored on third-party services, using crypto is a necessary implementation step, but from the user's point of view it seems mostly irrelevant and isn't really different from storing it in clear-text at Apples servers directly. It's disappointing.
Security is not an area where you want to be sloppy with your choice of words.
It is not clear text. It is encrypted and Apple has the key.
The reason the distinction is important is that if it were clear text NSA/FBI etc could gain physical access to the servers and read the backups without Apple's knowledge or approval.
> The reason the distinction is important is that if it were clear text NSA/FBI etc could gain physical access to the servers and read the backups without Apple's knowledge or approval.
Where does Apple store the keys? On the very same machines?
It's like having a bulletproof lock, and storing the key under the potted plant.
Google's always said e2ee is on the RCS roadmap, and evidence of it is already in some Google Messages builds. [1]
It seems they decided the main hurdle is just to get all the carriers on board, and a basic version of RCS up and running on all the Android phones, and encryption didn't make it into the MVP.
It is this, so called "end to end encryption" which is actually not "end to end", but "end to end plus NSA", but they are not allowed to say "plus NSA" so they say only "end to end" - without "plus NSA"...
Sorry; I must have missed something, what are you referring to? Is Google (or Apple?) pushing something that isn't end to end but claiming that it is? I seem to recall that Zoom did something like that, but not Google or Apple.
This x100. Friendly reminder for everyone once again that Google was "all in" on "allo". Their main engineer (I believe) was absolutely hyped to talk up all the things they had done to secure messaging - then all the features magically got walked back.
I feel like a broken record but: Apple for the love of god stop pulling a RIM/Blackberry and make Messenger available on Windows and Android and charge a fee if you have to.
Apple probably won’t make iMessage available outside of its own devices because it’s a major lock-in and network effect for iOS. Some people switch to iPhones simply because their friends won’t include them in an iMessage group chat or something similar. MMS is a truly terrible messaging experience by comparison.
As the OP, it's like the others say, Apple is bigger in the US. But also, you can still message Android users because it seamlessly switches over to SMS.
This of course makes it usually more expensive for the Android user to respond. But due to the level of iMessage use they don't have an alternatives. And most plans are now quite generous with SMS bundles anyway.
the blue bubble is iMessage the green one that always slowly receive messages and no typing indicator, images, videos , gifs, payments thats your rare android friend :)
Because I already have a perfectly serviceable message app that comes with the phone by default. Do the three in your list interoperate with each other, is that why you're suggesting them?
Because it’s a lowest common denominator, of sorts. Also, none of those apps are able to handle SMS on iOS. Also, why not use iMessage vs all the other ones you mentioned? Different strokes for different folks.
What's interesting here is that it's only the US where Apple has the dominance. Everywhere else in the world it's mostly Android in the mobile phones.
Edit: What I mean with this comment is that HN has lots of readers outside of the US. Here using only iMessage would be a bit weird, and for that reason everybody uses either Signal or WhatsApp.
Huh, i replaced europe with usa in the url and it gave me different figures than when you click the united states link. Still 50% isn't enough to warrant using iMessage. Especially the way we use chat apps these days.
Does everyone want or need end to end encryption ? Like, majority of my SMS messages are alerts from various services I'm responsible for; I can't care less if they are encrypted
1. E2E is a nice to have, not a strict need for me.
2. SMS is miserably useless on some carriers (notably when I had T-Mobile and for my friends still on T-Mobile).
3. MMS is miserably useless, period.
4. International SMS/MMS can be expensive, is more unreliable than domestic, and often unavailable.
Given 2-4, I avoid SMS/MMS as much as possible. Given that E2E is available (WhatsApp, Signal, others), and those services are reliable, available, and useful, I may as well use an E2E system.
The privacy aspects are a great additional feature that they offer.
This is a kind of faulty reasoning that I've been seeing a lot lately, reasoning by majority case. If you receive 999 trivial text messages and then 1 with critical private information then it is still really bad for the defaults to not be private.
Thanks to XDA devs I'm able to run my 10ish year old tab (galaxy n8000) with the very latest Android and almost all apps.
Yes some apps are a bit sluggish but most useful apps are good as running on any latest hardware. This is definitely one advantage of owning an Android device over other companies that deliberately slow down hardware to force people to upgrade hardware.
Having used Android and iOS devices, old and new, on average my experience is that the iOS devices perform well for years longer. Although installing custom versions on XDA can sometimes get more life out of abandoned hardware (I’m not sure if the jailbreak scene for iOS is similar, because I never felt the stock OS was missing anything).
> Having used Android and iOS devices, old and new, on average my experience is that the iOS devices perform well for years longer.
The main reason for this is hardware though - there's always plenty of conspiracy theories around that, but the biggest issues we've seen across Android ecosystem are due to flash.
Cheap eMMC flash with lowend controllers degrades pretty quickly (within 3-4 years) and you suddenly start seeing like 20-3000ms read times of a single settings file. Since a lot of apps just read those files on UI thread, this results in a lot of stuttering because developers expect < 16ms response times for those reads. Writes get even worse - it's not rare to see 500ms+ times for writes to configuration files of < 1KB in size, especially if there are multiple parallel writes queued (common in browsers when they cache webpages for example).
Apple and higher end Android devices tend to use better SSD quality flash which tends to last years longer than eMMC one and thus the devices don't slow down that much.
This is very interesting and the first time I’ve heard anyone discuss this. Do you have data / benchmarks you could point to? It would certainly address a lot of “planned obsolescence” criticisms by making it more plain the cause of the slowdown.
Unfortunately this mostly comes from my professional projects as Android developer and large-scale profiling data. It was confirmed by many devices I got to debug and "fix" when slowed down, but that's more anectodal.
I don't really have links to actual research on phones though - although eMMC degradation is a pretty researched topic itself.
If Apple wanted to use software updates to force people to upgrade their hardware, the original iPhone SE wouldn't be starting it's sixth year of OS and security updates.
Also, it's more problematic to me that when faced with customers reporting the same "this phone randomly dies while showing that it has a good charge" issue on the Nexus 6p, Google never fixed the issue.
>If you're among those affected, your phone will randomly shut down and completely die, even though your battery indicator might have said you had plenty of juice left. It's not a simple system crash, because your phone will stay dead until you connect it to a charger.
> Android device over other companies that deliberately slow down hardware to force people to upgrade hardware.
I think there is a good faith way to interpret Apple's aging battery policy, of course, it would be a lot easier to interpret it that way if they handled repairs in a way that wasn't hostile to users.
BTW if you like your tablet a lot, that's cool; if you're just holding on to it because you don't want to get a new one, and you live in a big city, there's a good chance somebody is literally throwing away higher spec tablets within a couple km of you.
I think Apple was shady with the silent slowdown for old batteries, but these days they will replace an old iPhone battery for $50, which seems reasonable to me.
I think it was poorly handled but I’m not sure I’d call it shady. I used to have an iPhone 5 that would shut off when I stepped outside in the winter because the battery was shot. Knowing the battery was the reason would have been nice.
The reason apple lost a lawsuit is that they didn't tell people they had a bad battery. They quietly slowed the battery and then when people asked for help they said it was a bad phone that needed replacement. words in italics were the shady parts.
Yeah, I think the slowdown was the right engineering choice, but not telling the user was a UX failure.
You could imagine this happening because some engineering team was tasked with fixing crashes from reduced battery capacity, and some product people who would have been responsible with informing the user weren’t in the loop or dropped the ball. Alternatively, you could suspect those product people saw a good opportunity for planned obsolescence with plausible deniability and took it.
Either way, the eventual outcome (an outcry from customers and bad PR, followed by a more transparent software solution from Apple plus a subsidized repair program) seems fair.
As opposed to Google losing their lawsuit with Nexus owners because they refused to fix the issue of the Nexus 6P shutting down unexpectedly in the same way?
>In the months and years following the launch, many Nexus 6P owners noticed their phones would bootloop or simply shut down without warning. The law firm Chimicles & Tikellis filed a class action lawsuit in 2017, and it looks like a resolution is on the horizon. Nexus 6P owners may be eligible for as much as $400 in restitution from Google and Huawei.
According to the Reuters article: “Apple denied wrongdoing and settled the nationwide case to avoid the burdens and costs of litigation, court papers show.” [1]
It’s entirely possible the lack of clarity of what was happening violated consumer protection laws (I’m guessing, I don’t know what specifically the lawsuit was based on) without malice intended. The Apple way is to try and have design be silent and in the background. In this case it was a way to solve degrading batteries that would cause a phone to reboot, so slowing down to compensate is a slick way of preventing random reboots without involving the user. Since it doesn’t seem to be the case that this happened without battery degradation, I don’t think you can point to evidence that this was done to cause new phone sales. Am I mistaken?
> “Apple denied wrongdoing and settled the nationwide case to avoid the burdens and costs of litigation, court papers show.”
That's literally the text used by everyone that settles. Apple employs enough lawyers to populate a small country. Nobody with that kind of legal firepower gives up a lawsuit by settling for a million of $300 million and up to $500 million for no good reason.
They settled for the same reasons everyone settles:
1. Because they can afford to pay.
2. Because they know they're going to lose (and they would probably have to pay more and may even be punished in some other ways, on top of that).
It's obvious I can't prove this myself, but they didn't disclose it and only did so when their hand was forced by third parties investigating and after this settlement.
I mean, what would they have to do to be assumed malicious, in this case? If basically losing a class action lawsuit is not enough, what is? Tim Cook coming up on stage and admitting it?
It's not even their first example of thinly veiled for-profit malicious moves, such as the removal of the headphone jack (presented at the time as due to space reasons, reason immediately debunked by many people disassembling phones).
Looks like the pmOS folks are working on mainline support for this device, so it might be able to run non-Android OS's in the future, as well. That's quite nice. Though I'm not sure how the latest mobile stack (phosh, and the like) would run on a 2GB RAM device. (I do know that 2GB is a bit tight for the usual gnome-shell environment, so there's that.)
slow down hardware to force people to upgrade hardware.
According to what I read here on HN, iOS devices have a longer usable lifespan than Android devices, and are officially supported much longer. Is that no longer the case?
It's impossible to know since Apple users are extremely subjective.
It's better to just avoid them IMO. It's well documented the anti-consumer policies done by Apple. It's easy to see them poor money into massive advertising campaigns.
Consider the highly likely situation where someone bought a multi hundred dollar device, is disappointed, and need to justify it to themselves.
That really depends on the hardware. If there isn't someone willing to maintain the project then your device won't get community updates. My last phone stopped getting manufacturer updates and progress on community made roms was slow so I went with an pixel 4a.
I'm impressed that you're still managing to use 10 year old mobile hardware, but were it me, I'd spend at least $100 on some much more recent used hardware for the substantial performance boost.
There is an iPad 2 on the bench here that is used most days. It’s just fine. Whatever Apple has done to it seems to have helped it, particularly it’s battery life which is ok, but worse than when new.
I wonder if you are used to animations hiding the loading time for you. I've never noticed a slow android outside 100$ crap, but I did notice how slow the iphone animations are
Someone can explain why it feels that Android / IOS updates feel less "important" than 6-7 years ago? I remember it was big, everyone was exited and waiting for new features.
Because everything major has already been implemented, and what they should implement are not being implemented because they go against their incentives, such as actual privacy features. I think.
Or take for example: they broke call recording. Third party applications do not work above Android 9 (?). There is a Google feature that allows you to record calls, but only incoming calls. How is that for a feature? Why does it have to be tied to Google? Why cannot we just simply record the call, whether it is an outgoing call or an incoming call, without it being tied to any Google-related bullshit? It should be relatively simple to implement, but nope, they do not seem to be wanting to do that.
> Because everything major has already been implemented, and what they should implement are not being implemented because they go against their incentives, such as actual privacy features. I think.
That's a strange statement considering the main features of both Android 10 and 11 are extensive new privacy features and related changes.
Exactly, every new release of android and iOS these days feels like one step forward, two steps back. It’s less excitement about new features and more dread about what use cases they’re going to break this time.
a) You are recording someone else, often without their permission, which in many countries is a serious crime.
b) You open up the attack vector for apps to surreptitiously record your conversations and make them available to governments or criminals to do all sorts of nefarious things e.g. blackmail you.
a) You can look at photos of someone else, including naked children, often without their permission, which in many countries is a serious crime.
b) You open up the attack vector for apps to surreptitiously record your browsing activity and make them available to governments or criminals to do all sorts of nefarious things e.g. blackmail you.
a) The internet and chat applications can be used for illegal purposes. Should web browsers and chat apps be restricted?
b) same with GPS, web browsing, email on the device, etc.
Call recording is a very useful function to many people. Entirely breaking it is unnecessary.
iPod was mature in that it had reached a small video capability but was maxing out what was possible in how you could interact with the product.
Back then Apple's products felt boring. Zune was about to debut and compete with them by offering a brown color!
6-7 years ago we didn't have Apple Watch yet. There was still a sense of "what's next?"
Today, touch based interfaces in iPhone and iPad are so broadly understood that product interactions are routine:
- TikTok uses no new interaction concepts, rising instead on content and content format.
- Fortnite uses the same user interactions that have been adopted by shooters rising instead on gameplay.
Despite progress on ARKit, using AR experience on iPhone / iPad feels as wrong as watching videos on iPod Video did in 2005.
The good news is that iPod Video in 2006 was not even remotely representative of the experience what Apple was developing with iPhone / iPod Touch.
I'm hopeful that Apple will debut something as groundbreaking as the interaction iPhone offers between people and the world around them.
But until we see a level up like that, its going to feel a little boring on iOS at least.
I like this quote by Steve Jobs, which I think is applicable here:
“Things happen fairly slowly, you know. They do. These waves of technology, you can see them way before they happen, and you just have to choose wisely which ones you’re going to surf. If you choose unwisely, then you can waste a lot of energy, but if you choose wisely it actually unfolds fairly slowly. It takes years.”
Outside mobile devices though, I think this is a very exciting time in open source and software technology. So if you're feeling board, it might be a good time to expand your horizons.
People realize these devices are just extensions of a limited subset of human actions.
Call, text, look stuff up, watch a video, listen to music, navigate, track, take a picture or video...
What else is there that these smartphones need to do?
Prob the next thing, since the processing power of the latest A14 and snapdragon is insanely good... just have one device be ubiquitous for everything besides poweruser stuff. Come in from a run and do work on your phone, etc. Seamlessly connects to monitor and keyboard. Do any heavy compiling on the cloud, etc.
That's pretty much it. They accomplished their goal.
The only features I care about is that they finally improved Java support beyond version 8, and NDK is finally getting AAR package support for C++ libraries.
However none of that is relevant for end users, in that regard there is hardly any reason to get Android 11.
I wish Google cared more about the experience of photographers in Android. There's no way to pick images from Google Photos, so if you want to post 4 images taken at different times to Twitter or Instagram and you didn't take them just today, you have to first find them, then put them in a temp album (or else find them again later), then delete them from your phone, (here's where you re-find them if you didn't put them in an album first!) then re-download them. Then you can select them from the device folder "Recovered". Why is choosing images so bare-metal? Or why can't we have a virtual folder called Quick Collection or something, like there is in Lightroom?
I have of other gripes as a photographer but they're mostly about Google Photos and not Android itself.
I feel like I must be missing something regarding what you are trying to do because Google Photos does allow you to select multiple photos taken at different times and share them together to Twitter or Instagram.
Oh wow, you're right re: Twitter. You still can't to Instagram feed, though (but you can to Instagram stories, and you can to feed when only selecting one image). So to make a gallery post, you have to do it from within Instagram, which uses device folders.
Probably OP complains about the basic "file picker". So if they visit twitter.com and start the UX flow from there and somehow they end up in Google Photos instead of some more useful Media viewer.
I'm not entirely sure that I'm following, because my upload flow from Google Photos puts me into the "Select photos" mode where I can tap multiple photos to select them.
I'm assuming that you're been sent to a photo picker screen and can only choose one at a time. Have you tried holding a tap to enter multi-select mode?
The biggest downside of owning a good Android device (like a powerful Motorola that is a few years old); Is Moto abandons updates after 2 years (so if you buy a 1 year old phone ...), and then the phone might get one additional major AOSP update from an awesome developer on XDA. Later that developer burns out. No more security updates. And definitely no more major updates. :(
The "a" series Pixels (or other phones in that same feature/performance/price bracket) are increasingly seeming like the best value for money for this reason. I too just can't find the value in buying a $1k phone that's not gonna last any longer than a $350 phone, maybe even less time.
The next phrase in the sentence you quote from seems important: "in the notifications section".
That sounds like the notifications will be grouped, not the conversations (so like, messaging at the top instead of mixed with everything or something like that).
yeah, it just splits your notifications into two sections, one for conversations and one for other notifications. i think any notification that supports replying from the notification is counted as a conversation.
It sounds like that social hub windows phone had. I hated it because it worked by pretending all apps had the same features, so it was like the lowest common denominator
I loved the hubs features. It felt like I can get an overview of all my data instead of bits and pieces buried in isolated silos. The individual apps were still available if it was one's preference. Too bad the hubs were neglected and eventually neutered by WP8 and WP8.1.
If they had gone the other direction we may have had a completely different mobile paradigm than just a bunch of apps. I suspect the major services would have been even more opposed to that, if that's even possible.
I think you could actually go full-on Google at this point, sort of like the classic interview question:
Type, on a Google-made Pixel Chromebook running Chrome OS into the Chrome browser web browser (pretty sure it doesn't qualify as a 'user agent' any longer,) the word 'google' into the omnibox in order to get to Google to make a search, and your machine communicates over Wi-Fi to your Google Wifi AP, through your Google Fiber connection, to the Google-run 8.8.8.8 DNS resolver, where Google then goes and looks itself up in the DNS.
The Google search results page has 'Google' as the first result (AdWords, naturally [resulting in Google paying itself for first placement?]) Clicking on this ad, you finally arrive on the Google Search home page.
...
Finally, after all that, you can type in 'Bing' to search for Bing's website, click on their top AdWord result instead of the organic result, just so you can enjoy the "diversity of search engines" there exist today. Or whatever Pichai said to Congress.
Unfortunately not allowed per ICANN's contract for new gTLDs. Though even if it were, it probably wouldn't be a good idea to actually use it because support for first level globally resolving strings is quite limited across a variety of applications and OS stacks. Oftentimes you have to append the trailing canonical dot to get it to even try to make the correct globally resolving DNS request, and that's just not good/consistent UX.
... but that's not even a good joke, and wouldn't be worth the operational costs of launching it. com.google was a joke worthy of launching: https://www.businessinsider.com/search-google-backwards-secr... (though not worthy of maintaining once April Fools was over)
Since I am not familiar with the costs involved, can you say how much would it cost to just redirect google.google to https://www.google.com/search?q=google ?
Independent of the costs (which are higher than you might expect), it's just not good practice to create a whole slew of random redirects "just because". There's not a lot of random inbound traffic to "google.google" that plausibly needs redirecting. Indeed, you'd be causing the opposite problem, which is that by creating the redirect, you're now encouraging people to use it, and now you have an additional thing to support that you never really wanted in the first place. Remember that *.google isn't "just" a redirect or a subdomain -- it's a bona fide domain name, requiring registration, ongoing management thereof, an SSL certificate, configuration of automatic renewal thereof, DNS configuration, uptime monitoring, etc. And that's before you even get into any potential concerns re: the public suffix list, HSTS configuration/preloading, and other more esoteric concerns. It ends up not being worth it unless you have a real site that you actually want to launch, or at the minimum, a redirect that you really want to exist that you plan on using widely.
What's the harm though? You're stating this as if it's a priori a bad thing, but it's not. So you need to provide a reason as to why it's actually bad.
I can give you some benefits of brand TLDs, though. For starters, the entire .google TLD is HSTS preloaded, so every new site launched on that TLD is instantly HTTPS-only from its very first moments, rather than waiting for potentially many months for users to upgrade their browsers to incorporate new additions of individual domains to the list (which would be your only recourse if you launched a new domain on e.g. .com). And secondly, the .google TLD is closed, meaning no external registrations, so if you see an unfamiliar product.google domain then you immediately know that it's actually Google running it, whereas if you saw an unfamiliar googleproduct.com domain then you'd want to do some due diligence to ensure that you aren't being phished.
(I should probably at this point disclose that I run .google, but had no involvement in the larger process at ICANN that resulted in the creation of brand TLDs in the first place. But, given that brand TLDs exist, of course companies would defensively secure the TLDs for their largest brands, and once you have said TLDs, why not use them?)
1. More phishing opportunities. Aunt Barbara can barely tell the difference between chase.com and chase-secure-login.com. Allowing baddies to register chase-login.security is only going to make things worse.
2. I can't tell what's a domain anymore. In the past I can reasonably use the heuristic that any string matching the pattern[1] was a domain name. Now I have no idea. Is foobar.technology an actual website or just a brand name? Who knows! Come to think of it, I couldn't remember whether it was foobar.tech or foobar.technology. Or maybe they hit it big and now they're just blog.foobar?
>I can give you some benefits of brand TLDs, though. [...]
Every benefit you've listed can be had by having all your websites run off your main domain (eg. blog.google.com vs blog.google).
> More phishing opportunities. Aunt Barbara can barely tell the difference between chase.com and chase-secure-login.com. Allowing baddies to register chase-login.security is only going to make things worse.
There's already an effectively infinite number of phishing opportunities just on .com alone; having more available TLDs doesn't make it appreciably worse. Indeed, Chase having .chase and .jpmorgan (which they do) makes things better, because if you see a .chase domain name then you know for sure that it's actually Chase. Any random .com could just be any random .com.
> I can't tell what's a domain anymore.
Try resolving it? You never could tell conclusively what was a domain name without resolving it anyway. Is asdfhjasdflkghasdgf.com a real domain name? Hell if I know. I sure can't tell just from looking at it. Is asdfhjasdflkghasdgf.technology a real domain name? Again, try resolving it.
> Every benefit you've listed can be had by having all your websites run off your main domain (eg. blog.google.com vs blog.google).
There's lots of downsides to running everything off one domain name. For example, big potential security vulnerabilities from cookie leaks between your more secure sites and your less secure sites. Google's blogs for example used to be hosted on googleblog.com, blogspot.com, and blogger.com. They already never shared the same domain as google.com for security reasons that long pre-date the existence of .google.
And as for your heuristic regex:
[a-z0-9-]{3,}\.([a-z]{2}|com|org|net)
You should like the new gTLDs then, because the state of things now is even simpler and can be expressed as:
[a-z0-9-]{3,}\.[a-z]{2,}
Also, your previous heuristic was already incorrect because it excludes a variety of common legacy gTLDs such as .gov, .edu, .mil, .info, .biz, etc. that all pre-date the most recent gTLD expansion. It also already included TLDs that don't exist anyway (not all 2-letter combinations are valid ccTLDs), so in that sense it's not any different from the simpler one.
>There's already an effectively infinite number of phishing opportunities just on .com alone; having more available TLDs doesn't make it appreciably worse.
There's an infinite amount, yes, but in the past the amount that plausibly looked liked your domain was small. You also don't have the ambiguity of chase.com or chase.bank, although this is a bigger issue with smaller companies than it is with bigger ones.
>Indeed, Chase having .chase and .jpmorgan (which they do) makes things better, because if you see a .chase domain name then you know for sure that it's actually Chase. Any random .com could just be any random .com.
Is this significantly better than trusting that jpmorgan.com or chase.com is the "legit" address (basically, treating .com as the "root" domain)? There are some instances where this heuristic is wrong (nissan.com), but at worst you land on the wrong website. Phishers probably won't bother spending tens of thousands of dollars on a .com domain just to phish some credentials. It's probably cheaper for the company as well: buying a .com from a squatter is probably cheaper than paying ICANN the $200k application fee + $25k annual fee of a gTLD.
>Try resolving it? You never could tell conclusively what was a domain name without resolving it anyway.
This isn't in the context of "checking whether a domain is valid", it's in the context of "is this string referencing a website or not?". If I see a billboard with "foobar.com" at the bottom, there's very little doubt that it's a website. If it's foobar.technology, I'm not so sure.
> There's lots of downsides to running everything off one domain name. For example, big potential security vulnerabilities from cookie leaks between your more secure sites and your less secure sites.
While that's true, getting a whole new TLD seems like overkill, not to mention that you can get the same amount of isolation by enrolling in the public suffix list.
Every big tech company got at a minimum their biggest brands as TLDs (e.g. Microsoft has .microsoft, .windows, .xbox, etc.). Some got many more besides.
I've been following this issue across several filed issues now (the first one in the Chrome repo), waiting for them to fix this frustration, but still nothing.
"Update to media controls and smart home devices" - section.
Google's track record on home integration is laughably terrible and I'll bet this functionality comes to market duct-taped together and they'll break it as soon as it's convenient for them.
Last fall Google essentially bricked third party smart home integrations within their own NEST ecosystem by forcing a migration to rely on their terrible Google Assistant umbrella, removing IFTTT support, etc.(1)
As a result third party controller support broke, useful integrations like "flash my lights if there's a fire" broke, etc.
I appreciate Android's desire to own the UX and relegate all third parties to beyond their "bubbles" etc but it is scary to hand this level of control to Google if they disagree with your personal product choices.
> One-time permissions will allow you to grant single use access to your most sensitive permissions: microphone, camera and location.
What I'd like to see is permission requests for apps to use audio on the device, and the ability to allow or deny on a per-use basis. I don't want my phone making any noises unless I explicitly allow it.
I've been waiting for the final release to test out the Android Flash Tool website at https://flash.android.com and it worked perfectly with a Pixel 2 XL.
Pretty slick and much nicer than messing around with adb and zip files.
As for 11 in general nothing really exciting. Looks the same. Amusingly the first thing to happen after completing setup was an error message that 'Google keeps stopping'[0] :) Not the best thing to see on a fully wiped and fresh install of the OS!
> Android 11 will begin rolling out today on select Pixel, OnePlus, Xiaomi, OPPO and realme phones, with more partners launching and upgrading devices over the coming months.
Apart from Pixel all other brands receiving the update immediately are Chinese brands. This really shows how much the Chinese manufacturers software has improved and how much the heavy customizations brands like Samsung do to Android blocks them from providing easy OS updates.
Samsung just doesn't care. OnePlus does a lot (they have their own fork, OxygenOS) and their own apps, etc. Samsung has the resources to keep up with Android. The Android Betas were available for months, AOSP commits are open, etc. They simply don't prioritize this for some reason.
I'm on my second oneplus phone and I am surprised with their update cycle, full OS updates and security patches coming well after other OEMs abandon their devices. Their android flavor doesn't deviate a lot from stock android of course which makes it easier and a lot of their features are done via stand alone apps rather than being baked into the OS.
If you update and Settings crashes every time you open it even after a reboot, don't launch it from the pulldown. Scroll through your app list and long press Settings. Click the Info icon. Select Terminate. That should get it working again.
So, basically the summary of Android 11 is: People + Controls (at 1:37). Funny like it would sound completely different, if it were presented as: Controls + People.
Seriously though, it looks like a step towards how People and Message hub worked in Windows Phone. From the video I can't understand if what they propose is a way to consolidate communication channels (I wish it were), or just more levels of distractions / notifications. And I hope bubbles are nothing like Facebook Messenger.
> If you're using a Pixel 2 or above you'll get additional features to organize and manage your phone, like app suggestions on the home screen based on your daily routines
Ads. On the homescreen of a phone you paid money for.
This is madness. A lot of folks I know are livid that Xiaomi, Oppo and other Chinese OEMs do this...and won't you know it, the world's largest ad-network wants a slice of the pie, too.
Edit: Looks like these are suggestions for already installed apps unlike on Xiaomi / Oppo phones.
> With additional Google Play system update modules, even more security and privacy fixes can be sent to your phone from Google Play
This is huge [0]. Even though Project Treble [1] makes it easier to run latest AOSP and other forks on Androids, this is a much needed update for billions who couldn't be bothered.
My assumption is this is suggesting apps you already open at a specific time of day. This is already a feature in the phone in the apps switcher, but isn't as prominent as displaying the icons on your home screen.
Yeah, I thought it would use ML to suggest opening your "maps" app before work because - what do you know - you have opened the maps app to get to work every day at that time for a year.
I do not believe you'd ever be able to target a user by their routine to offer ads in this manner. Ads were not even something I thought of when I read this.
Other OEMs show you app suggestions based on apps you use. Those suggestions are typically prompts to install them. I thought Google was bringing that to all devices.
True but that was a lot more fair. The ads are only on the lock screen so really unobtrusive, and you have the ability to remove them for a fair price (and replace them with super boring standard ones you can't change )
Right now there's only BMWs that support wireless Android Auto, so your Subaru unfortunately almost certanly doesn't have the required wireless capability in infotainment.
Completely off-topic, but having heard a "youngster" (relatively speaking) use the phrase "nuke the site from orbit" and then turn right around and ask, "BTW, where is that from?" [0], I wonder if this title hasn't suffered the same fate? Considering that the reference was released about 35 years ago, I imagine many folks saying "it goes to 11!" weren't even born when This is Spinal Tap came out.
[0] Aliens, the sequel to the first one: Alien. I'm old enough to have gone to the cinema to see all movies mentioned.
It happens. I make Casablanca references and that's a movie my grandparents would have seen in the theater when they were young adults. Not to mention how many English phrases come from Shakespeare or the King James Bible.
I’ve definitely nuked a thing or two from orbit and never really thought about where the phrase comes from. I wonder what else I say is actually some pop culture reference I’ve never heard of
Neat release, but the amount of stuff Google adds to Android every year simply pales in comparison to what Apple is doing. Nevermind the fact that 80% of Android users won't see this stuff for another 3 years.
In fairness, a lot of the things Apple added to the iPhone is things which have been on Android for a while.
That said, I do kind of agree with Gruber, it kind of feels like the passion for Android has burned out at Google and they are just dialing in a lot of this.
The Pixel specific updates seem particularly weird to me too.
What does Gruber, an Apple defender, really know about what Google's attitude towards Android is? He's measuring everything against the Apple stick and is always criticising moves that aren't the same as Apple's.
That doesn't seem like a good strategy for a competing product.
Oh I wasn't aware of that. I don't really use many of them. Just the play store really, I did notice that one didn't support it right away. I don't even use Google Maps, nor Gmail, Chrome or Youtube etc :)
With third-party apps there was a bit of a lag in support but the same goes for dark mode on iOS. Even now some apps don't support that.
But right now the main apps I use on Android all support it. Samsung Mail, OSMAnd for maps, Firefox (with dark reader extension that automatically matches the system dark mode!), most chat apps I use, password store, MS apps I use for work, etc. It's really amazing to have this. I'm sensitive to too-bright displays and most displays these days are tuned for maximum output, not minimum.
I can understand if your using a Samsung device. I have a Pixel and Pixel 3a XL, and the pure Android experience has not been great regarding dark mode. That said, I am not a fan of dark mode in general because of the eye strain. I use it on the Pixels because they have OLED screens and I am trying to maximize battery life.
> I do kind of agree with Gruber, it kind of feels like the passion for Android has burned out at Google
This is just speculation... but maybe it's because they are getting ready to finally kill Android and switch to Fuchsia.
Android has been getting better over the last 4-5 years and the KitKat days are very far away, but it wouldn't surprise me if Google was ready to start fresh with everything they've learned.
Not just that. This is the calm before the storm. Huawei has employed an army of reportedly 80.000 developers after Trump cut them off play services. A big part of that army is working on their networking gear but I expect a new OS to drop soonish even though we haven't heard much about it. It just makes sense for them to reduce dependency. The mobile duopoly is on its last legs and they might as well start competing with themselves.
Also I'm sure Google want stricter control on customisation which would be a good thing (easier updates). It'll be hard to take that back from Android vendors but I bet Fuchsia won't have it.
Apple usually isn't the first one to get a tech demonstrator out or the first to integrate the latest and greatest CPUs / panels / etc, but they are often the first to get a new feature in front of a large number of consumers with viable polish as a default option. This kind of news often fails to propagate out of the apple bubble.
Random example: filesystem journaling so that you don't have to wait minutes to hours for fsck every time your computer hard resets. It showed up in Windows first -- but only in Windows Server. It was very intentionally excluded from consumer Windows. Then it showed up in Mac OS X. For a decade, hard restarts were painful on Windows and smooth on Mac. Finally, in Windows 8, just in time for SSDs to make it moot, it showed up in consumer Windows.
This story repeats over and over. Cameras and video chat out-of-the-box, backlit keyboards, desktop search, retained and GPU composited GUIs, Webkit, and so on. Apple wasn't first, but they were the first to do it well and get it in front of lots of people. People complain about apple users being sheep inside a bubble, but it goes both ways.
I'd answer your question more specifically, but I'm currently on the wrong side of the bubble in Android land. When I buy my next phone, I'll do my research, which will include swinging by an apple store to experience qualitative things like stylus/AR latency first-hand. You should too :)
re: filesystem journaling: Unless you were one of those crazy people that used fat32 in spite of Microsoft's defaults, filesystem journaling has been the default in Windows mainstream consumer OSes since the release of Windows XP using NTFS, which was journalled since day 1. (I am not counting Windows 2000 and before since they were not the default for consumer boxes).
Then why did Windows take hours to fsck after a hard reset until Windows 8? That's the actual problem, even though I admittedly might have made a mistake in attributing it to a lack of journaling.
I was using Windows on a daily basis across multiple computers and this wasn't a subtle thing. In fact, I still regularly use Windows 7 (oscilloscope, can't update) and occasionally get "reminded" about this, even though I also remember a number of gnarly examples from my everyday computer use.
Most people just skipped it, and I did too, until one time it got into a state where no programs would run...
As sibling commenter wrote, journaled NTFS was part of the Windows XP, which was released before first release of OSX (10.0).
Not only that, journaled HFS+ was introduced in OSX 10.2, not in 10.0. It was enabled by default in 10.3. Way later than NTFS.
However, there's a reason for all that, and why Windows 9X used FAT filesystem: it was much faster. Computers in '90s didn't have any spare perfomance, and journaling was not needed by most users. It was introduced into consumer releases only when they were fast enough for users not no notice.
So... I'll repeat what I said to sibling: why did Windows take minutes to hours to fsck after a hard reset when Mac OS didn't between 2003 and 2012 (Windows 8)?
I'm even being generous by using past tense here because I still have to live with Win 7 and this particular problem (no, I can't just upgrade, it's a $40k industrial tool). I'd be ecstatic to learn that the ungodly slow fscks are redundant or easily disabled and the whole thing is just a matter of extremely poor defaults.
If windows took hours to chkdsk (that's the term used under Windows, not fsck), it means it was (is?) something seriously wrong with your hardware and/or filesystem.
Normally, it took few minutes. The only way to avoid slow chkdsks in the future is to fix the underlying issue.
Also note that I'm not telling you to upgrade. I know that it is impossible with systems that have lab equipment attached. If you want support from the vendor, that is. So the question is, why don't you ask the vendor for support? This is in their scope.
Also, it was very easy to have damaged HFS+ and not know about it. There was a thriving market of third party utilities (Disk Warrior & co) that would gladly tell you and fix it, but most users didn't use them.
The oscilloscope doesn't take hours to chkdisk, it takes ~5 minutes, which is bad but completely typical of my other experiences with Windows 7, so what should I expect the vendor to do about it? Other than try to sell me a new one that runs Windows 10 for another $40k, I mean? :]
The computer that used to take hours to chkdisk was a home computer with a couple 1TB (IIRC) 5200RPM drives containing a lot of files. Chkdisk didn't typically find errors and Windows small-file-access is notoriously slow. I don't think this is a "me" problem or a "my hard drive" problem, I think it's a "chkdisk is slow and obnoxious" problem. Windows users just put up with it and didn't resent it as much as I did because they didn't know there was a better way.
Apple cited journaling as the feature that let them drop the slow checks. Maybe that was puffery. Maybe it was uninformed risk tolerance (the NTFS ecosystem has an ecosystem of recovery tools too, so that's hardly an indication of anything). Or maybe it was informed risk tolerance, or better journaling, or better defaults.
In any case, the point holds: Windows was first across the "technological accomplishment" finish line while Apple was first across the "relevant to me" finish line, and that seems to happen a lot, even though I have feet firmly planted in both ecosystems.
Something to keep in mind is most core apps (Maps, Gmail, Messages, etc) aren't baked into the Android OS and are updated with new features regularly throughout the year. Apple often mentions core app updates as new OS features.
>Something to keep in mind is most core apps (Maps, Gmail, Messages, etc) aren't baked into the Android OS and are updated with new features regularly throughout the year.
Which is Google's weakness. Not only are the core apps not developed by the Android team, but each app is done by a separate team and there is a lack of consistency across the board with different colors, placement of icons, and dark mode support. It took Gmail six months after the release of Android 10 to get dark mode. And dark mode has existed (in limited form) since Android 9. Dark mode for Maps followed Gmail.
Oh, and let us not forget Maps had white navigation buttons on a white background, with light grey shadows for a few months with the release of Android 10. When I first upgraded my Pixel, I thought they had removed the bottom navigation because of this regression. Supposedly these are the best and brightest programmers on the planet.
Switched from Android to iOS 2 years ago. I'll try to keep this limited to where iOS features is specifically ahead of Android.
Password API works with third-party password managers. Not perfect, but LastPass works pretty well this way. Security Code autofill is also great for 2FA SMS things.
Device performance/reliability, mostly related to launching the camera, although this probably applies all-round. There's nothing worse than trying to take pictures for a group and your camera app just... won't work.
Feature polish (although limited). There are a lot of features that I wish existed, and features that I wish I had more control over, but the overall polish on a feature's functionality and feel is great.
Airdrop. Supposedly Android has a good competitor coming?
Share Wi-Fi password with contacts.
Sign in with Apple + Auto-hide your email.
:( Shortcuts. This is great, except writing them sucks for anyone even slightly code-proficient. Next to impossible to set up on phones. But again, polished but limited vs Android.
Facetime. I really wish Duo was better integrated into Android and marketed.
I'm sure I'm missing some, and I'm purposely not listing the things I miss from Android. There are other Apple-specific reasons that I've decided to stick with iOS for the time being that are also good to consider.
- I always had trouble with the Autofill API and LastPass. I wonder if it was a LastPass specific issue, but I'm not too willing to change password managers at the moment.
- Nearby Share looks great! Looks like its only Android -> Android or Android -> Chromebook right now. Hopefully we get Windows/MacOS/iOS support.
- What is the workflow for sharing a Wi-Fi password as a QR code? I looked in to this a while ago, and Android doesn't even let you access saved Wi-Fi passwords without root, and the stock camera app didn't have a QR reader built in.
- Tasker was pretty powerful, but the polish and user experience was lacking. Haven't kept up with Tasker's development, but I hope they take some inspiration from Shortcuts/Workflows and streamline their interface for general cases. There was a lot of additional features that were separated out into separate apps, which also made it more difficult to manage.
> Google released the "Nearby Share" feature a couple weeks ago
...and insisted to bring it to the top of the share menu without a way to disable it.
I don't even think it was malicious intent, like growth hacking or something. It's just a sloppy implementation.
... like Googles camera and photos apps that stopped respecting the accessibility setting not to use haptic feedback and enabled it for some rare and random ui elements, like tilting an image or changing camera modes.
Or how Android 11 new (and random?) background animations during notification bar pull down does not honor disabled animations, another accessibility feature.
... or the new button right next to the screenshot button in the app switcher that just does not appear to do anything? It just makes the app switcher unresponsive until you press the "x"-button. They probably just forgot to add a feature there.
What device are you using? I'm using a OnePlus on Android 11 and it's just one item in the share sheet, nothing special about it. This is likely device-specific
- Duo is integrated into default dialer on non-Skinned and Samsung OneUI phones so I'm not sure what better integration could be possible. It's on par with FaceTime already.
- Nearby Sharing has already started rollout across even older Android devices as a feature equivalent to Airdrop.
Yet every Google app gets all permissions (even non-essential ones) on by default? Because users never turn them off, and you give a misleading prompt urging them to turn it back on.
```11. If you're using a Pixel 2 or above you'll get additional features to organize and manage your phone, like app suggestions on the home screen based on your daily routines, and new overview actions that allow you to take a screenshot of an app and select text and images, and more.```
Is this supposed to be a feature? The last thing I want is app suggestions based on my usage pattern.
> 8. If you haven’t used an app that you installed on your device in a while, you may not want it to keep accessing your data. Android will now “auto-reset” permissions for your unused apps and notify you accordingly. You can always decide to re-grant the app permissions the next time you use the app.
> 9. With additional Google Play system update modules, even more security and privacy fixes can be sent to your phone from Google Play, in the same way your apps update. So you’ll get these fixes as soon as they’re available, without having to wait for a full OS update.
8 seems like a rather wise and user friendly privacy concern (which might be annoying to power-users who set things up proactively and don't want their configurations messed with, yet overall a great improvement).
9 has me worried about variants of android like Lineage or ParanoidAndroid where the play store isn't included automatically. This forced reliance upon the play store for security sensitive updates is devastating for de-googled device feasibility. It will make more sense for developers to not support devices without Google Play, effectively shoehorning alternatives out of the usable, secure devices realm.