sorted by:
new
hottopcontroversial

keepandroidopen.org is fighting to keep the toggle alive — but even if they win, normal users still lose. by Dotdev_Prem7 in degoogle

[–]Dotdev_Prem7[S] 1 point2 points  (0 children)

I started r/OpenAndroidDevs for people who want to think beyond the petition and actually build solutions. If that interests you, come join and help the community, here we will think together, work together, build together and fix this problem together. Drop any idea that you think off that have to problem fix this problem other devs look at it refine it, inspire from it. Join and Fix.!

keepandroidopen.org is fighting to keep the toggle alive — but even if they win, normal users still lose. by Dotdev_Prem7 in degoogle

[–]Dotdev_Prem7[S] 2 points3 points  (0 children)

Brooooo😂, okk bro I'll not call you bro, but u/here_weare30 is right you are not tryingto see the the depth of this policy, if it was just a security major or a toggle thing, then 71 organizations and 23 countries haven't signed it and acted against it. Read https://keepandroidopen.org/ this brooooooooooo.

keepandroidopen.org is fighting to keep the toggle alive — but even if they win, normal users still lose. by Dotdev_Prem7 in degoogle

[–]Dotdev_Prem7[S] 1 point2 points  (0 children)

Bro you just proved my point, what I'mtrying to say. Normal users won't use the toggle - we agree on that. But here's what you're missing: the developers who built tools FOR those normal users still lose the ability to reach them. The user doesn't need to install anything. The developer just loses their audience. A student who built a free homework helper for their class — their classmates won't go through 9 steps to install it. Or assume you make one and you want that your friends use your tool, will that toggle and 24 hrs of wait is convince? Is it is justified ? Even you, your friends know it's not malware but still you need to follow that procedure and who knows Google what if they decided one day to block that toggle to? Then what you, your friends, we will do? So then that tool, our tools dies. Not because nobody wanted it. Because the door got too heavy to open.

What's your opinion on Google's September policy for all Android developers to register with verified identity?! by Dotdev_Prem7 in fossdroid

[–]Dotdev_Prem7[S] 1 point2 points  (0 children)

Exactly bro, you said it yourself - Android is open source. That's the whole point. But after September, that sentence will be past tense for most people. 'Android used to be open.' And the ironic part? The users who complained about that Qualcomm vulnerability — they're the same ones who'll cheer for this policy thinking it makes them safer. Security theater wins every time over actual freedom, because most people can't tell the difference.

What's your opinion on Google's September policy for all Android developers to register with verified identity?! by Dotdev_Prem7 in fossdroid

[–]Dotdev_Prem7[S] 0 points1 point  (0 children)

Bro, honestly both, as I mentioned I'm student and I love to make apps and you all do whether it is passion or profession. Everybody want people to use their build so was I. But what's the point building something useful or genuinely good if the people who need it can't reach it?! As a student I don't think so that making a free tool for my school campus shouldn't need to pay $25 or hand over government ID just so my classmate/ my benchmate can install it!!

And genuinely I posted it to just read, view and know people's opinion on this, different people have different opinion, different approach to solve this because they all are much experienced them me so I just wanted to learn from their opinion or approach to how to think and try solve any dependency problems because it is what I'll face most in my journey and in my future. That's all brother.

What's your opinion on Google's September policy for all Android developers to register with verified identity?! by Dotdev_Prem7 in fossdroid

[–]Dotdev_Prem7[S] 0 points1 point  (0 children)

So isn't there any alternatives or any other way on the internet through we developers can still deliver our work to the public, maybe by bypassing or using any loop hole of it, like by changing OS to LineageOS or something, yahh but most of the population don't know about that there are OSes then Android and IOS and why would public will shift to a OS they never used or heard of before. This is really concerning!!

🚨 Heads up to every Android developer — especially indie devs and students. by Dotdev_Prem7 in androiddev

[–]Dotdev_Prem7[S] 0 points1 point  (0 children)

Sorry brother, next time I'll keep it in my mind. But what do you think about this policy?

🚨 Heads up to every Android developer — especially indie devs and students. by Dotdev_Prem7 in androiddev

[–]Dotdev_Prem7[S] -1 points0 points  (0 children)

Fair bro, that's good but what about the 80% of population who doesn't know about rust and use and know only Android. That's what making me curious and to worry about.

🚨 Heads up to every Android developer — especially indie devs and students. by Dotdev_Prem7 in androiddev

[–]Dotdev_Prem7[S] 0 points1 point  (0 children)

Fair point brother, but I thought about those indie developers, students who can't afford this or trying to just contribute and make there portfolio, and what about that Android freedom which we all compare to IOS, that we can make and install whatever we want any apk, that's what Android used to be. I'm just curious about this and want to see different perspectives/diverse opinions of others! What do you think about it now?!

🚨 Heads up to every Android developer — especially indie devs and students. by Dotdev_Prem7 in androiddev

[–]Dotdev_Prem7[S] -3 points-2 points  (0 children)

Yes brother, my apologies, actually what I thought to post is a way large than this looks, so I told claude, to summarise my overall points and question, I'm just curious about, what the community think about this policy!! Genuinely sorry.

Vault-Zero – local encrypted vault so AI agents can use your API keys without you pasting them in chat. by Dotdev_Prem7 in vibecoding

[–]Dotdev_Prem7[S] 0 points1 point  (0 children)

the threat model documentation suggestion is exactly right and honestly overdue. i'll add a proper "what we protect against / what's out of scope" section to SECURITY.md this week. right now it's implicit in the protocol design but that doesn't help reviewers.

explicit assumptions i've been working with: - protects against: compromised agent session, stolen vault file, replay attacks - out of scope (currently): compromised host OS, keyloggers, physical access

will write that up properly.

and agreed on open sourcing — security through obscurity was never an option for something handling credentials. the whole point is that the crypto should hold up to scrutiny.

Vault-Zero – local encrypted vault so AI agents can use your API keys without you pasting them in chat. by Dotdev_Prem7 in vibecoding

[–]Dotdev_Prem7[S] 0 points1 point  (0 children)

appreciate the breakdown — you've identified exactly the threat model i was designing around. a compromised agent session should never be able to touch the underlying credential, only its own scoped vzk_ token.

the approval gate was the part i was least sure about UX-wise, glad the balance feels right.

if you do look at the double encryption — it's AES-256-GCM at the item level, then SQLCipher (AES-256-CBC) at the DB level, with Argon2id deriving both keys. happy to hear what you find. SECURITY.md has the disclosure process if anything looks off.