[Scene_Cast2]

Google Trends is telling me that "peak modding" for android was around 2014, and has steadily been decreasing since. [0]

What happened since then? Are people more satisfied with stock ROMs and see less use for them? FWIW, my own phone is on LineageOS, and love the freedom it provides.

[0] https://trends.google.com/trends/explore?date=2009-11-01%202...

[arsome]

A lot happened - many more recent phones, especially from big brands like Samsung heavily restrict unlocking of their bootloaders. Google implemented SafetyNet, meaning anyone who wants to use things like Google Pay, Netflix, even Pokemon Go and others now has to jump through hoops. Additionally, things like Netflix are still restricted from HD playback on unlocked devices due to hardware DRM.

Android has also gotten a lot better - many of the modifications people were doing just aren't as necessary anymore, most of the features I used from GravityBox back in the day are now part of the OS. The difference between major versions has dwindled. Back in 2014 we had some of the most hackable devices just starting to age out when new Android releases with major changes were hitting and manufacturers refusing to support them.

Personally I still root and stick to Pixel and OnePlus devices where it's easy to do so. Magisk makes it relatively easy to achieve a safetynet bypass and having things like Advanced Charging Controller around means my device is going to last for years longer, but it's no longer as simple as it once was. With the Android improvements though it's hard for even me to rationalize the need to load custom ROMs until my manufacturer has abandoned my device though.

[tumblewit]

DRM is a problem everywhere including linux and running ChromiumOS. There is a protected path from the stream to the display that needs to be "certified" in order to support something like 1080p. I guess for payments it's similar. Its really unnecessary and waste of resources imo. But creators probably want some kind of assurances and so we are stuck with it.

[skynet-9000]

You are forgetting that DRM stopped all that piracy that bankrupted the movie industry. That's also why there were so few movies released in the last 15 months or so.

It really debunks that myth that open source software could ever handle the strong encryption that's so desperately needed to protect new movies and TV shows from showing up on The Pirate Bay.

I for one welcome this cogent and secure technological response to a market issue.

[vorpalhex]

You're going to get so many responses missing your sarcasm.

[skynet-9000]

True. :) but adding /s is not as much fun, especially on April 1st.

[Qwertious]

Pretending to be an idiot is not a prank. Idiots are normal, nobody is a fool for thinking the person saying idiotic things on the internet genuinely is an idiot.

[skynet-9000]

I'd like to take a moment and refute these silly arguments that I made.

> You are forgetting that DRM stopped all that piracy that bankrupted the movie industry. That's also why there were so few movies released in the last 15 months or so.

DRM didn't stop anything, and the movie industry is not bankrupt.

One could easily argue that there might be other reasons why few movies were released since the start of 2019.

> It really debunks that myth that open source software could ever handle the strong encryption that's so desperately needed to protect new movies and TV shows from showing up on The Pirate Bay.

The myth? Do you realize that literally every single web browser is built on an open source foundation? And how is decryption in the browser going to keep a determined person from grabbing the screen output or even grabbing the keys?

Remember, not your keys, not your lock.

> I for one welcome this cogent and secure technological response to a market issue.

Why would a technological response be appropriate for a market issue?

[oooooooooooow]

I call nonsense on this one. Anything that's on current streaming services (especially the popular stuff, aka the money makers) can be easily found on p2p networks. DRM has never won a single battle that I know of.

These services are not successful because of exclusivity, but because of convenience, feature richness, legality, speed of access... in other words they are worth the price.

It's important to be aware of this: the media streaming landscape becoming more and more fragmented directly impacts the most important reason why people are paying for these (convenience), which could lead to a harsh reality check for production companies.

[yyyk]

>DRM has never won a single battle that I know of.

You need to define 'victory' in a proper manner.

Businesspeople don't really care if some lone hacker in some forsaken internet forum broke their DRM. They don't need to fulfill the perfect technical victory condition. So long as they've limited the use of the devices for nearly all users for the commercial lifespan of the device*, and (most importantly) so long they think they make more money than without, they've won as far as they're concerned.

Their criteria is far more realistic and relevant to the world at large than the technical 'never ever get hacked' criteria. There's a good argument that perfect protection (if it were possible) would actually be counterproductive to the bottom line.

* Just look at how general computing has been getting more and more restricted.

[tumblewit]

More like ISP StreamingService partnership did this since it is far cheaper for them to streaming from edge boxes at their own CDNs than p2p which hurt the ISPs because they have to pay for peering bandwidth. Also streaming services are just too mature these days and easy to use compared to p2p. There are plenty of free licence movies and tv shows but even those prefer streaming platform over p2p. It has almost nothing to do with DRM.

[argon0]

I don't know what you're talking about. As long as you can videotape a screen in a dark room and get audio out a 3.5mm jack, piracy will continue. The only way to prevent piracy is either:

A) only allow movies to be played in theaters

B) watermark all content, and vigorously track down freeloaders based on the watermarks

You can still find most movies/TV/books/music for free on the open web as long as you use a search engine other than google.

[eptcyka]

Bankrupting? When has a Hollywood movie not been a massive success in viewership but a massive loss on the balance sheet? I wouldn't trust Hollywood accountants.

[sumtechguy]

Even star wars was a failure.

[ddalex]

> payments it's similar

Without the protected path, how do you know that a malicious program doesn't use a low-level API to start a payment from your account without you noticing ?

[berdario]

1- You don't, but it's not a real problem since non-cryptocurrency payments are reversible and trackable, so scammers won't use them. They'll rather exploit analog ways to get money out of you, recent example: https://www.youtube.com/watch?v=VrKW58MS12g#t=7m18s

2- You don't, but sandboxing should be enough to isolate untrustworthy apps from OS-level APIs that could do what you're afraid of.

[anoncake]

The problem is that people have to run untrustworthy software to begin with.

[colordrops]

Android is still horrible until you can control background activity or at least background network traffic. There is no way to shut those off completely. I assume this is an intentional decision by google as it would severely limit the platform for analytics and marketing.

[NotPavlovsDog]

A simple approach without root is using a fake VPN blocker such as Blokada (FOSS) https://blokada.org/

Scary to see all the hits. For complete - requires a lot of work and the custom ROM builders do not appear to be so interested.

[colordrops]

I do use a fake VPN blocker, and that's how I found out that you can't do it. You can either block completely, or you have to allow background network. There needs to be a "only allow data while in foreground" but google is a sociopathic company (as are most public companies) and wouldn't do something like this that is user friendly but revenue unfriendly.

[NotPavlovsDog]

As you outline, only a partial blocking is possible when google services and applications are on the phone (today this includes most apps from the g-store).

A "pure" analytics service may be blocked when reaching to a known spyware server. Bundled spyware and telemetry (is that "google core") are unfortunately not blocked.

[birksherty]

I still root for fine tuned privacy (through xprivacyLua) and app backups (through titanium backup). These 2 apps provide features that are not available in any other os.

[arsome]

Interesting, looks like there's an Xposed solution that passes safetynet easily these days. Might have to give XPrivacyLua a proper go.

[_e]

I have used XPrivacyLua for years. It is great but not perfect.

Daniel Micay,author of GrapheneOS (an Android fork), pointed out some shortcomings of XPrivacyLua on reddit[0]:

You do probably want the ability to force apps to see fake data, but this doesn't do that. It's a client-side check inserted into the app that the app can bypass (even unintentionally, by using a different client-side implementation) or disable.

It does not provide any isolation and cannot fundamentally improve privacy / security because it's based on client side checks, which is not a working approach. It relies on apps not accessing the data via other approaches or alternate implementations of the client-side code, which isn't uncommon. Apps can also detect it and simply work around it directly. This will only give you a false sense of privacy / security. Apps will likely use the fake data for their user-facing functionality, making you think that it works, but a tracking SDK bundled with the app can easily bypass this and harvest your data if you allow the permissions via the OS. This is harmful approach...

[0] https://www.reddit.com/r/GrapheneOS/comments/ch5kv8/is_magis...

[birksherty]

Why does he say client side only, yes it provides fake data to apps and doesn't isolate, that's not what xprivacy says it does anyway. How is that bad? What are those ways client can easily bypass? It definitely improves privacy for me. Looks like he was promoting graphene os without giving any proper information.

[Mediterraneo10]

Plus, several countries have announced that their COVID vaccination passports will exist mainly in app form, since paper certificates are supposedly too easy to forge. Since only a tiny minority of techies like us around here run alternative Android images and app developers have come to expect Google Play Services everywhere, it is almost certain that those COVID passport apps will require Play Services (or even Safety Net, which means MicroG wouldn't be a workaround).

[eikenberry]

A lot of people still use flip/feature phones as well and other people just don't have cell phones. I guess these people are just forbidden to travel.

[dartharva]

Google and OEMs gradually kept adding mechanisms that discouraged ROM tampering by locking features, etc.

Many apps nowadays refuse to run on phones that aren't using authentic OEM software. With every new version, the tradeoff kept getting steeper for rooting or customizing Android phones. Also, Android has huge fragmentation with a large diversity of devices one has to cater to if someone wants to release a customized ROM.

[JeremyNT]

Personally, the Pixel line has greatly reduced the need for third party distributions, which I used primarily to get rid of vendor garbage. Pixels are the only phones I will buy now.

Pixels still have junk - but it's only Google's junk. There's value in getting rid of the base image and switching to LineageOS (or another distribution) but the situation isn't so dire as it is with other vendors.

I love that LineageOS is still going strong and it fills a huge gap once official software updates cease. I just no longer view it as a hard requirement.

[sigmar]

I have a unique perspective as someone that has maintained unofficial builds for LineageOS, and used both CM and LineageOS as daily drivers. I stick with stock pixel these days for various reasons, mostly security. I think many users of aftermarket firmware were trying to get rid of the awful stock apps (browsers, keyboards, mem hogs) that manufacturers and cell service providers forced onto users. As Android has matured, Google has been enforcing stricter rules for what vendors put on phones. Also newer android versions allow you to uninstall much of the preinstalled apps. That could explain part of the decrease.

[johnnycerberus]

My 2 cents, I've abandoned custom ROMs (circa 2015) because many financial apps that I was using were very anxious when it came to my OS and they stopped working. Even multiplayer games stopped running and required me to use a stock version, without root. The majority of games on mobile are masked casinos, a pure microtransaction fest so they behave like actual financial apps.

[BugsJustFindMe]

The decay and death of CyanogenMod.

Lineage never achieved the same level of accessibility. It always felt like you had to dig through a wasteland of forum posts for random "unofficial" builds where the camera wouldn't work or LTE wouldn't work or bluetooth wouldn't work or Snapchat wouldn't work.

[jlkuester7]

Hmm, that has not been my experience with Lineage at all. Over the last couple of years I have flashed several devices with Lineage and it has always worked almost seamlessly. Maybe the difference is that these devices have mostly just been popular Nexus/Pixel with official builds. (Except for my Nexus 7 where I flashed an unofficial build since Lineage no longer official supports the greatest tablet ever made shakes fist angrily)

[LanternLight83]

From the article posted: >>> Build roster >>> Added 18.1 devices >>> Google Nexus 7 2013 (Wi-Fi, Repartitioned)

Sure soujd like official support for 18.1 on the Nexus 7 is available! Commentors below note that the repartitioning process required for these newly supported versions can be tricky, but that doesn't scare me off, and I'll be taking to updating mine this weekend c:

[jlkuester7]

Woah! Back by popular demand! That is awesome!

[rcxdude]

Stock ROMs have gotten better, modding had gotten less convenient. Safetynet is a huge problem there, especially for fully custom ROMs (there's workarounds which allow you to root an OEM ROM and still pass safetynet most of the time but for a custom ROM you're SOL and they often aren't even trying due to fearing google's wrath). Safetynet especially is really bad: it's not good enough to actually give a meaningful level of protection against malware or modifications, but it is good enough to basically make it not worth the while of running a custom ROM.

[techrat]

For me it was because more devices were coming with unlockable bootloaders and stock roms that didn't suck. Motorola is a good example: Very minimal bloatware and all of their devices come with unlocked bootloaders off-carrier now. This means the most I need to do is install Magisk. No need for a third party rom when stock is nearly as clean.

[nfriedly]

Yea, I'd say stock ROMs are definitely improving. I used to mod phones they day I got them. Then I got a Pixel 2 and since then I've just left it on stock firmware.

I'm probably going to have to go back to a custom ROM sometime soon, now that Google has stopped supporting it... but it was perfectly fine to use as-is for the past 3 years.

[therealmarv]

For me it was fintech apps. They all stop working on Android mods.

[azalemeth]

I just left one of my financial services providers over this. I could use Magisk and get around the check. I wrote them a detailed email highlighting how using LineageOS meant that I got updates for my post-EOL device and it was more secure. The 1st level tech support guy agreed with me and forwarded it to his boss. His boss closed the ticket without a response. I moved my account.

[arbitrage]

> Google Trends is telling me that "peak modding" for android was around 2014

Netcraft confirms it.

[astrod]

I personally lost the appeal once Android One devices became more available.