Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Android Google Operating Systems Piracy Software Hardware Technology

Google Starts Blocking 'Uncertified' Android Devices From Logging In (arstechnica.com) 179

Google logins on unlicensed devices will now fail at setup, and a warning message will pop up stating "Device is not certified by Google," reports Ars Technica. "This warning screen has appeared on and off in the past during a test phase, but XDA (and user reports) indicate it is now headed for a wider rollout." From the report: While the basic operating system code contained in the Android Open Source Project is free and open source, Google's apps that run on top of Android (like the Play Store, Gmail, Google Maps, etc.) and many others are not free. Google licenses these apps to device makers under a number of terms designed to give Google control over how the OS is used. Google's collection of default Android apps must all be bundled together, there are placement and default service requirements, and devices must pass an ever-growing list of compatibility requirements to ensure app compatibility. Android distributions that don't pass Google's compatibility requirements aren't allowed to be called "Android" (which is a registered trademark of Google), so they are Android forks. The most high-profile example of an Android fork is Amazon's Kindle Fire line of products, but most devices that ship in China (where Google doesn't do much business) fall under the umbrella of an "Android fork," too.

While Google's Android apps are only properly available as a pre-loaded app (or through the pre-loaded Play Store), they are openly distributed on forums, custom ROM sites, third-party app stores, and other places online. When a non-compatible device seller (or a user) loads these on a device, they can potentially trigger Google's new message at login. The message pops up when you try to log in to Google's services, which usually happens during the device setup. Users who purchased the device are warned that "the device manufacturer has preloaded Google apps and services without certification from Google," and users aren't given many options other than to complain to the manufacturer. At this point, logging in to Google services is blocked, and non-tech-savvy users will have to live without the Google apps. Users of custom Android ROMs -- which wipe out the stock software and load a modified version of Android -- will start seeing this message, too.

This discussion has been archived. No new comments can be posted.

Google Starts Blocking 'Uncertified' Android Devices From Logging In

Comments Filter:
  • interesting (Score:4, Insightful)

    by gravewax ( 4772409 ) on Monday March 26, 2018 @06:04PM (#56330789)
    Geez they are really doing their absolute best to piss off and alienate their core fanbase.
    • Re:interesting (Score:4, Insightful)

      by CaptainDork ( 3678879 ) on Monday March 26, 2018 @06:14PM (#56330849)

      The core fanbase buys legitimate stuff.

      • Re:interesting (Score:4, Informative)

        by belg4mit ( 152620 ) on Monday March 26, 2018 @06:46PM (#56330983) Homepage

        Did you miss the part about custom ROMs? I have a legitimate Galaxy Tab 10.1 which Samsung no longer supports, am I supposed to stick with Honeycomb forever?

        • Re: (Score:3, Interesting)

          by SumDog ( 466607 )

          No you're suppose to run adb shell and get out the insanely long hex code and type it in by hand, cause Google says, "fuck you."

        • Did you miss the part about custom ROMs? I have a legitimate Galaxy Tab 10.1 which Samsung no longer supports, am I supposed to stick with Honeycomb forever?

          No, you're supposed to be a good little consumer and buy the latest Android, which will "buy" you one free OS Upgrade, often to the Current -1 Version of Android.

      • As does the non-core fanbase, obviously.
      • So? I don't think they even care what their "fanbase" does. Because their fanbase, core or otherwise, is not part of their business model.

        Their core business model sells the access to and data of the masses (in aggregate) to advertisers and market analysis types. (and possibly those trying to sway elections. They have the same business model as Facebook after all).

        Apple probably cares what their "core fanbase" thinks, and possibly what they do. But that's because Apple is essentially monetizing fashion in

        • Apple probably cares what their "core fanbase" thinks, and possibly what they do.

          That much is obvious to the most casual observer.

          But that's because Apple is essentially monetizing fashion in the tech industry. And keeping Apple products as the "hip new thing" year after year is an important business function so they can keep cranking out overpriced rounded corners.

          So, that's why Apple nearly universally supports their products with OS and Security Updates FAR longer than anyone else?

          Riiiiight.

      • Their core fanbase doesn't buy anything - the reasons I hear people "prefer" android are either pirate/"free" side-loading or because the device was what their carrier handed them for free.
    • Geez they are really doing their absolute best to piss off and alienate their core fanbase.

      They learned from Apple that it's a totally safe an profitable thing to do if you have a "golden parachute" in another market.

      • Apple did it to the educational customers in the 1980s and early 1990s.
      • Apple did it to the publishing/print customers in the 1990s and early 2000s.
      • Apple did it to the audio/video content creators in the late 2000 and early 2010s.
      • Apple did it to the nerds shortly thereafter.

      Now, with their not

    • Geez they are really doing their absolute best to piss off and alienate their core fanbase.

      By "core fanbase" do you mean the 0.001% of people that flash custom firmware and want to steal Google software and run it on devices that were never licensed to do so? I'll bet they are okay with that.

      • by Trogre ( 513942 )

        Or the much higher % of people who use affordable chinese no-big-brand-name tablets.

      • No he doesn't, because those people are able to run the apps just fine, they only need to submit their Android ID to Google and the warning note even provides a link for them to do it.

    • by TheEyes ( 1686556 ) on Monday March 26, 2018 @11:55PM (#56332005)

      If /. had bothered to read through the entire article, they'd have gotten to the important bit:

      We've actually been unknowing victims of illicit Google app distribution here at Ars before. We once imported a Xiaomi Redmi 3 smartphone from China to review, and, upon booting it up, we were very surprised to find it came with the Google apps pre-installed. As a device from China, this should not have happened. After we posted the review, Xiaomi contacted us with some very scary news: "The Redmi 3 should not come with Google Play pre-installed because it is a China-only product." Xiaomi told Ars. "It is very likely that the Play Store you saw was preinstalled by the importer/seller. This is a very common practice with the unauthorised importers."

      This would mean the reseller opened our phone, unlocked the bootloader, flashed on a new ROM with Google Play, re-locked the bootloader, and stuck the phone back in the box. There was no obvious evidence that our device had been tampered with, and, while hopefully the seller only installed Google apps, they could have just as easily loaded malware onto the device. A message like this during setup would have been a big red flag that something was wrong.

      This is what Google is trying to fight against here: man-in-the-middle attacks by people selling / re-selling Android devices with pre-loaded malware or spyware. Custom ROM installs are getting hit because they're basically middle-ware too; the difference is that this is stuff that the end-user is specifically authorizing, so there's a workaround to let you install it if you want to.

    • Which fanbase is that?

      The 99.9% of people in the west who just buy a normal phone off the shelf and arne't affected?
      The 0.1% of people who flash their custom ROM and simply need to register their android ID with Google to remain unaffected?

      Or maybe you think Google's core fanbase is the Chinese phone makers marketing Android devices for which they don't play by the rules every other Android manufacturer must follow?

    • by MikeFM ( 12491 )
      Amazon (and others) are doing their part to piss on customers. Amazon blocks Google, Google blocks Amazon, and on the pissing match goes while their customers are the ones getting drenched and angry. There is a lot of functionality in this devices and services but if enough things don't work then someone else will move in to fill that role. The technology is no longer bleeding edge. Even Apple has lost much of its edge. Microsoft found out the hard way that things change and it can happen to Amazon, Apple,
  • You can get .apks from 3rd party stores, and you're better off without Google's clown ... I mean cloud ... spyware. And you'll still be able to log into GMail using a real mail client (Outlook Mobile or K-9 mail) rather than Google's toylike GMail app.
    • Re: (Score:3, Informative)

      Yeah but to get the actual APK you can use stores that trick google into thinking it's a particular device to get the apk from google play store directly. For example, I want to play minecraft on the nvidia shield tv, but it isn't supported on play store, so I use a third party play store client to trick it into thinking it's a Nexus 9 or something compatible with the shield's processor. It's safer than trusting some dodgy apk site (I think?).
    • by msauve ( 701917 )
      Does that one force top-posting like the desktop one?

      ...a real mail client (Outlook Mobile...

    • by Chryana ( 708485 )

      Have you ever tried to run a cellphone without the Google set of applications? I have. That's what I got when I installed an AOSP Nougat build on my Nexus 5 (Nougat was never released/supported for the Nexus 5). I can tell you from experience that the phone becomes completely useless. You can make calls, and send and receive texts, and that's about it. I'm not sure it even had a browser. Installing new apps goes from difficult to nearly impossible. I haven't played too much with alternative markets to the G

      • apkmirror.com... who needs the Play Store? Not me.
      • Have you ever tried to run a cellphone without the Google set of applications? I have. That's what I got when I installed an AOSP Nougat build on my Nexus 5 (Nougat was never released/supported for the Nexus 5). I can tell you from experience that the phone becomes completely useless. You can make calls, and send and receive texts, and that's about it. I'm not sure it even had a browser. Installing new apps goes from difficult to nearly impossible. I haven't played too much with alternative markets to the Google Play Store, but my experience with F-Droid was negative. This specific market feels pretty empty, and the few choices available aren't too good. At least Lineage OS has created a few copycats of some of the most popular Android apps, but it's far from a full replacement. Losing access the the Play Store would leave my phone greatly diminished. If I could not have access to the Google Play Store, I don't think I would want to use an Android phone at all.

        So, what you're saying is that Android is EFFECTIVELY and FOR ALL INTENTS a WALLED GARDEN....

        Fascinating!

  • by Anonymous Coward on Monday March 26, 2018 @06:08PM (#56330803)

    Unless its us. Then fuck you.

    • Roooiiiight. Google has always been more evil than pre-Nadella M$. M$ just made mediocre software. Google has always aimed to know more about its products ... I mean customers ... than they know about themselves and sell this info to the highest bidders.
      • Re: (Score:2, Interesting)

        by Anonymous Coward

        M$ just made mediocre software.

        Obviously your knowledge of Microsoft's past behavior is very limited.

        Microsoft for years bought competitors and then killed the company they had bought. Microsoft's behavior should have been much more closely scrutinized than it was, by the Antitrust section of the Justice Department. Of course, Microsoft's money most likely enabled it to buy "cooperation"
        from legislators, such that Microsoft was not examined more closely by the authorities.

        NB : getting away with bad conduct does NOT mean that conduct was

        • Nah, the DoJ was far too heavy-handed with Microsoft and forced them to fuck up windows 95 by making Explorer and Internet Explorer different things so that Netscape could continue to compete with Internet Explorer for some reason that was never really explained. Imagine if we had actually got seamless local and distant URLs in one Explorer in Windows 95, instead of the garbage that Microsoft was forced to ship.
          • by cas2000 ( 148703 )

            That's a powerful and very moving imagination you have there. You should write to the heirs of John Lennon and see if you can get it added to the song.

          • Windows 95 was insecure enough as it was -- blurring the line between online and local files would have been a disaster.
          • by dryeo ( 100693 )

            Windows 95 didn't even ship with a web browser. Some of the OEM versions did ship with IE, but if it was too broken to load a URL that started with file:// then it is good the DoJ tried to stop it.

          • Please, that was a softball to Microsoft to get out of breaking up Office and Windows, which was the DOJ's original goal.

    • by jonwil ( 467024 )

      This isn't Google being evil. This is Google deciding to stop people who are violating its copyright by copying its apps without permission from doing so.

      The question I have is, why isn't Google hitting these entities for copyright violation (take them to court and force them to stop selling devices with Google copyrighted binaries on there)

      • This is Google deciding to stop people

        This isn't even Google stopping people. It's google stopping companies and pirates. Individual people can happily register their Android ID with Google and all the Play Apps work just fine.

        • by jonwil ( 467024 )

          This is about stopping all the device makers in China who are illegally copying the Google blobs and getting away with it because enforcing western IP laws in China is nearly impossible.

  • by SuperKendall ( 25149 ) on Monday March 26, 2018 @06:11PM (#56330833)

    Delightful to find that people have finally started to realize that all mobile ecosystems are a walled garden, if you thought it didn't have a wall you just didn't look.

    • All cloud or cloudish ecosystems, whether mobile or not, are padded cells. Chromebooks are just as bad or worse than Android or Apple devices.
    • ALL corporate controlled ecosystems have walls. Including your precious Apple.
    • A walled garden is designed to keep you in. In a walled garden, the user has no choice - they cannot leave. Prohibiting access to other app stores makes for a walled garden. So does prohibiting certain apps which compete with yours.

      This move is designed to keep people using non-approved Android installations out. You still have the option of choosing if you want to be on the inside or outside. In that respect it's fence with a gate in it, not a wall. And FWIW the common Google Apps (Gmail, Maps, Ca
    • by rsilvergun ( 571051 ) on Monday March 26, 2018 @08:12PM (#56331373)
      I can side load all I want on my Android. What I can't do is use google's apps without their permission. Moreover vendors don't get to sell a phone with google apps without their permission; which so far seems to be meeting minimum standards for compatibility to prevent fragmentation.

      Hell, if you RTFA google left a back door in. It's a pain in the ass to use (You have to get your Android Id) but it's there. And if you're an enthusiast running your own roms it's not a big deal. It's just not something that a company selling an Android phone can expect their customers to do.

      This has nothing to do with walling the garden. This has to do with protecting the Android brand.
      • by AmiMoJo ( 196126 )

        Google is actually responding to customer demand. They get attacked for not providing updates to Android, so they make Google Play Services able to apply updates and keep them flowing. But that means also specifying some minimum requirements for Play Services, to prevent patches bricking weird devices with strange custom OSs.

        Of course, if you are an enthusiast who installed Lineage or whatever, you can self-certify and take on that risk yourself. If it goes wrong, you complain on xdadevelopers, not to Googl

    • Yeah, it would be better if we could run a "real" OS (meaning one in which the user is allowed to do whatever they want and have administrator privileges) but still Android's limitation are much better than iOS'.
    • Delightful to find that people have finally started to realize that all mobile ecosystems are a walled garden, if you thought it didn't have a wall you just didn't look.

      Exactly!

  • Seriously, this should take about a second. Simply have it always return 'Pixel 2' (or something similar).

  • by 110010001000 ( 697113 ) on Monday March 26, 2018 @06:19PM (#56330881) Homepage Journal
    It is only a matter of time before ISP's and mobile phone carriers start doing this too. Eventually you will only be able to connect to networks using "approved" devices manufactured by the handful of megacorporations that control the Internet. Of course, no one here thinks this can happen, but think of the children! And the terrorists, and the terrorist children...
    • Re: (Score:2, Troll)

      by farble1670 ( 803356 )

      Ah yes the proverbial "it's only a matter of time" post.

      Software vendor goes way too far and wants their software to be licensed. Why would Google think have have a right to put any conditions on the use of the software they write? Don't they know they are *required* to just give it away? It's only a matter of time before they have wires into our brains causing us to eat babies and puppies.

  • by Anonymous Coward

    Maybe this will stem the proliferation of shit android devices.

    Google has no obligation to let anyone who can slap together an SoC with memory and a screen use their branded services.

    Next maybe they'll clean some of the shit and malware off of the play store.

    • by SumDog ( 466607 )

      But they already allow that. HTC, Samsung, etc. are just SoCs and memory slapped together with random chips connected to random pins. There are no standards for Google devices. They don't give a shit because it forces you to buy a new Google device ever two years in order to get upgrades.

      At least Microsoft forced all their phones to support UEFI+ARM. Too bad their boot loaders are locked.

  • They can do as they please...BUT...piss off enough customers, advertisers, app creators and someone else WILL come along with a competing system.
  • Almost everything in Android is open source or was. The barrier to entry for is not that large that another company can't fork what is already out there and create a smart phone. Google is just asserting
    1) that if you want to call something Android you have to pass their tests
    2) if you want to run some of their apps, those apps expect to run in an environment that passed the Android certification

    At this point it is more about quality control and user experience than it is creating a walled garden. I'm sure you can create a fork that is even better than Android but unless Google has tested that it's at least as good as some minimum standard you can't call it Android. I don't see how this is a big deal.
    • Gotta make sure the devices spy on you correctly. Maybe this was a condition imposed by fedgov or the Chicoms, if duh Goog wants to continue drinking that sweet sweet black budget money.

      • Gotta make sure the devices spy on you correctly

        It's quite ironic that this mostly effects phones from Chinese vendors.

        • How is it ironic to ensure proper snooping of the population of a major economic power? Sounds like a reasonable thing to do, if you're enthusiastic about the whole panoptic surveillance thing.

    • 2) if you want to run some of their apps, those apps expect to run in an environment that passed the Android certification

      The problem is that a lot of 3rd party apps end up calling API from the Google Services,
      so you end up needing Google's code even if you don't want to run Google's App.

      (i.e.: I don't want to run Youtube or Gmail apps, but an app I rely on needs the map displaying library from Google Services [jolla.com]).

  • by swillden ( 191260 ) <shawn-ds@willden.org> on Monday March 26, 2018 @07:00PM (#56331047) Journal

    As described in the XDA link, custom ROM users aren't shut out. Individual users can request whitelisting [google.com] of up to 100 devices, and makers of custom ROMs can also contact Google to get their standard images approved by default.

    • by Da w00t ( 1789 )

      Every time I've tried using the whitelisting link, I get an error message that pops up, and disappears at the bottom of the webpage: "Uh oh, something went wrong. Please try again later."

      Since it's been difficut to track down how to get your android device ID, here's how over ADB:

      $ adb shell settings get secure android_id
      214d54464e505921

      The sequence of hex digits above is your android device ID.

      • Every time I've tried using the whitelisting link, I get an error message that pops up, and disappears at the bottom of the webpage: "Uh oh, something went wrong. Please try again later."

        Email me details and I'll file a bug.

        • by Da w00t ( 1789 )

          I'll just give you the details here:

          From my browser's console, I see google's server throws 400 Bad Request, when the browser hits hxxps:/ /www. google. com/_ /AndroidPartnerUncertifiedRegistrationUi/mutate

          Heavy redaction below, so that hopefully nobody can abuse this to mess with my google account.

          Query string params:
          at AN????????????????????????YM:15?????????03
          f.req ["af.maf",[["af.add",14?????94,[{"14?????94":["MyAndroidDeviceIDHere"]}]]]]

          Post params:
          _reqid 15???60
          ds.extension 14?????94
          f.sid

          • Please email me as well so I can follow up with you directly, to get any other required information, or to give you status updates.
      • Put in your IMEI instead.
  • Wrong solution (Score:2, Informative)

    by Anonymous Coward

    adb shell content query --uri content://settings/secure --where "name=\'android_id\'"

    adb shell content delete --uri content://settings/secure --where "name=\'android_id\'"
    adb shell content insert --uri content://settings/secure --bind name:s:android_id --bind value:s:

    So there's going to be tons of apps to set your android_id. It's not going to stop many people from getting gapps, but it may well result in people having borked android_id's on previously "certified" phones.

    IMO opinion would have been bette

  • Comment removed based on user account deletion
  • Looks like consumers who unwittingly buy non-Hooli, sorry, I mean non-Google phones and tablets are going to find out the advantages and disadvantages of F-Droid https://f-droid.org/ [f-droid.org] sooner or later. No, you can't get the Facebook or Twitter apps, which you might regard as a good thing or a bad thing, depending on what you want to do with your phone/tablet and how much you value your privacy.
  • Are they going to screw with Cyanogen Mod users?

    Just wondering.

    • No, they aren't screwing any modders. Users can whitelist their device with Google and the warning notice that comes up even has a link directing you to instructions for doing so.

      They aren't screwing ANY users. You can buy a Chinese pirate phone too which would never get certification to run Play apps, and white list that one too if you hate yourself that much.

  • Independent devs like at XDA Developers have been sideloading gapps against the terms of its license for just about forever. The Google Services framework is Google's magic handcuffs, without which the users have no meaningful experience (because apps depend on it). So Google's desire to abandon AOSP by making it meaningless (because of insufficiency) will no longer be thwarted. (Without clever hacks. But let's face it, it's getting harder and harder to find clever hacks. Safetynet has been out there for a

  • How many times have Fandroids defended Android, and Google's supposed "Inability" to Control things like Security Updates, because it is SUPPOSEDLY "Open Source" and "Google has NO CONTROL over OEMs and Carriers because Android is OPEN SOURCE"???

    Riiiiiight. Seems they can shut off the spigot from EITHER end. IOW, they actually have ULTIMATE Control!

    Enjoy your PSEUDO Open-Source OS, AND the built-in FaceBook spyware, while you're at it...

  • Hrm, been thinking it's time to start weaning myself of the free stuff online anyways.

    This might the real catalyst I need.

  • After YouTube announcing they'll be disallowing certain types of videos, I gotta hand it to Google. They're becoming quite proficient at shooting themselves in the foot. This time with a shotgun. Nice work. Piss everyone off, make jail-broke phones useless on your services. Good job. Are you trying to give up market share to a new competitor to the field, or are you just pulling a Microsoft and not giving a flying f what people think, you got them trapped?

    Either way, you're playing with fire here, Goo

Technology is dominated by those who manage what they do not understand.

Working...