A question about legality of AOSP derived phone with no Google services - Android Q&A, Help & Troubleshooting

Hi all,
One of my friends (an ardent iOS fan) claimed while arguing a few days back to me that "You can't make a phone with AOSP (pure Open source part of Android) which has Yahoo Mail as the default mail app, Bing as the default search engine and Google maps as the default maps app. That would be illegal! ". This was his exact condition. I want to know whether his claim was true. I know there is a full replacement suite of Google play services in active development (called Replicant) - but even if they wanted (including MS and Yahoo ready to provide necessary support), could they do it? What terms and conditions would prevent them from doing it if they had required money and time to implement - given the requirement above?

I believe Nokia has already done that with Nokia x
Sent from my Nexus 4 using Tapatalk

Related

Consolidate market purchases to 1 account?

I made various purchases with different “main gmail accounts", but always used the same Google checkout.
Now depending on what email I set as first after a new Tom install I can either download a part of what was purchased with that gmail as default or reset and use the other default for the other apps, impossible though to access all purchased, attempts restoring backed up apps result in copyright protection prompts.
Any idea how to solve that?
Sent from my Nexus One using XDA App
I'm wondering the same thing, when I was running android on my tp2 I was using a different account.now I use my gmail and I can't figure out how to transfer my old purchased apps
I got the answer.. but not very appealing...
husker91 said:
I'm wondering the same thing, when I was running android on my tp2 I was using a different account.now I use my gmail and I can't figure out how to transfer my old purchased apps
Click to expand...
Click to collapse
After reading true the Google FAQ I found the answer, anything else than satisfying though...:
- According to Google each purchase is associated with your main account - main account as per definition is the one that you've added first after installing a rom, regardless if your checkout account is associated with another gmail account. They state clearly that if one changes email, he has to buy the stuff again.
Usually not the approach that google takes, and without ending in a collective bash, I still gotta admit that this is quite a primitive way of handling customer relation - at least in my opinion.
[Edit:] I made an experiment with apprain.com, hoping they would be the solution for future purchases, but unfortunately the market app is the dominating part in the triangle between user - apprain - market syncing[/Edit:]

[Q] Do using CyanogenMod make it possible to not associate your phone to Google?

I was thinking about buying an Android smartphone since I have a >4yr old Nokia, but I would like to use a Phone without a 3rd party account that syncs with Apple/Google whatever and send everything I do on my cellphone to them. I would like to think as "like a Linux machine, but with a SIM card".
Meego is dead, iPhone I can't install what I want, so I'm stuck with Android. I've read somewhere that when installing CyanogenMod, it doesn't ask for a Google Account. Is it true? Can I use it without associating it with Google? (I know I won't have access to Marketplace, but I can live with that). I'll use the smartphone mainly for webbased mail, dont need facebook/twitter/gmail/maps, and will sync all contacts locally.
Even if I don't associate my phone with google, is it going to send "data for better experience" like app usage, gps location and such using an unique identifier from my cell phone to google?
(I tried to search 'cyanogen "google account" on search, but couldn't find an answer. Sorry if this is a duplicate :/)
Technically, you wouldn't need to asscoiate any rom with Google as long as you don't enter a gmail address. Also, some roms don't come with gapps, allowing you to utilize the phone without any Google apps installed. Cyanogenmod is one of those roms. I suggest checking out the developer page for the various phones you're considering and seeing the type of roms they offer.
Sent from my PC36100 using XDA App

[Q] BeanStalk no MS Live account

Over the last month or so I've jumped into the "Rooted" world and the benefits of customizing my phone with different ROMs!!! - So i'm an official NOOB
I've installed MeanBean on both my EVO 3D and my EVO LTE. I use my LTE as my daily and it worked great with the exception of text-to-type, which acted like it did when it was first introduced (useless). In an effort to find a good ROM with that working and a higher aesthetic appeal, I flashed BeanStalk. I really like it! One big frustration is the accounts and contacts. It doesn't allow me to store a contact on the phone only. It just allows creating one in my Google account. More importantly, I cannot initiate an account for Windows Live. It says, "This account type is no longer valid. Please go to Settings>Account to add a new Microsoft account." Of course that is where I am when I'm trying to add it so there seems to nothing I can do to correct it.
As a Noob, I'm desperately in need of your higher knowledge. Please help if you're able.
Thanks!
Answer plus Question.
Okay, it took me sleeping on it to realize the "duh." So the only contact manager that is installed in BeanStalk is the pure Google Contacts. Of course this will not allow me to store local (phone only), contacts; nor will it allow me to sync with MS or FB or any other contact repository without adding them to Google.
QUESTION: Do you know of a contact app that is similar to the HTC Sense People app (that would be ideal), that will do the above?
Thanks.
PQueS said:
Okay, it took me sleeping on it to realize the "duh." So the only contact manager that is installed in BeanStalk is the pure Google Contacts. Of course this will not allow me to store local (phone only), contacts; nor will it allow me to sync with MS or FB or any other contact repository without adding them to Google.
QUESTION: Do you know of a contact app that is similar to the HTC Sense People app (that would be ideal), that will do the above?
Thanks.
Click to expand...
Click to collapse
I think its contact+ in the market. It should help you out with the syncing problems. And thanks for trying my Rom
Sent from my EVO using XDA Premium 4 mobile app

Native CalDAV/CardDAV support?

Lately I have been wondering why Android still does not have native support for CalDAV & CardDAV, when both have been the de-facto open standard for contacts and calendar sync for years. Is there no native support because Google wants it to make it more difficult to use alternatives to their services? (In my case: NextCloud/ownCloud, which I can add right away even to an old Iphone, but still do not work with android out of the box without something like DAVDroid) Or are there plans to integrate it into future versions?
What's the problem with installing an app? Android has a native API for contacts and calendars, so I guess they can't be accused of making it "difficult". They probably just don't want to make it "too easy".
One could also ask why 99,9% of app developers don't support APK distribution but require users to use GApps & Play Store …
xv22gk said:
What's the problem with installing an app? …
Click to expand...
Click to collapse
Which is not answering my question whether it is planned to have native support for CalDAV/CardDAV.
CardDAV / CalDAV are open standards for data exchange just like IMAP, NTP, SMTP and so on. It would be only natural for android to support them

PSA: K-9 Mail is (AFAIK) the ONLY 3rd-party MUA on Android working after May 30th, 2022 by using OAuth2 over the web (& not 2FA/2SV or andOTP/FreeOTP)

Update on 3rd-party MUAs (e.g., K-9 Mail) using OAuth2 on Android after May30th, 2022... which we have been searching for since early March of this year when Google notified us of the demise of the venerable login/password credentials.
PSA: K-9 Mail is (AFAIK) the ONLY 3rd-party MUA on Android working after May 30th, 2022 by using OAuth2 over the web (and not andOTP/FreeOTP or app passwords, etc., all of which require 2FA/2SV/MFA/MSV which results in a loss of privacy!)​
1. I am a typical Android user who was badly affected on May 30th 2022, when Google unilaterally stopped supporting login/password authentication for 3rd party Android mail user agents (MUAs).
2. Since then, I've been desperately looking for a 3rd-party MUA which can log into a Google account WITHOUT 2FA/2SV/MFA/MSV and without creating a mothership tracking account on the phone.
3. Google (seemingly) allows MANY ways to authenticate a MUA onto the Google email servers; but all but one method (AFAIK) requires a "second something" (which is often referred to as 2FA/2SV/MFA/MSV) - which trades privacy for security.
4. The one method of authentication that doesn't require 2FA/2SV/MFA/MSV is OAUth2 (which itself is inherently insecure, but the problems with OAUth2 are not the point of this thread).
5. I have a Google email account, like many others... simply because it's the best free email account that I can find.
6. However, I am one of those Android users who cares a lot about privacy (where privacy is a thousand things, much like health and hygiene is a thousand little things - where people who care about privacy never just give up - just like people who care about hygiene never just give up - but they understand that many others do just give up, and that's OK.
7. One of those privacy little things is I don't have a Google Mothership Tracking Account on my unrooted Android phones, and I never will.
8. Hence, I could never use the Android Google GMail app to log into my Google email account because it CREATES that mothership tracking account.
9. Another of those privacy little things is I don't use 2FA (aka 2SV/MSV/MFA, etc.) which trades privacy for security since a "second something" is always needed in your hands (e.g., freeOTP, andOTP, etc.).
10. Some MUAs (such as Thunderbird on the PC) use OAuth2 over the web, but until this week (AFAIK), there were ZERO 3rd-party MUAs on Android which authorized Google email using OAuth2 over the web (mainly because Google apparently requires an annual security audit costing thousands of dollars for anyone who does).
11. Therefore, AFAIK, every third-party MUA stopped working with login/password on May 30th, 2022, where some of them (e.g., Fair Mail) were forced to switch to some other authentication mechanism, one of which was to authorize via OAuth2 using a Google Mothership Tracking Account (which the app would CREATE for you, whether you wanted it to do so or not). Just like the GMail app does.
12. Apparently, as of this week, the developers of K-9 Mail (teamed up with the resources of Thunderbird), are the first free 3rd-party MUAs on Android that allow OAUth2 authentication over the web with Google email accounts.
13. Last week OAuth2 was added to K-9 Mail for the first time (version 6.200), but it CREATED a Google Mothership Tracking Account in order to authenticate with the Google email servers.
14. This week, I was advised that the K-9 Mail version 6.201 was updated to perform that all important OAuth2 over the web. I tested it just now. It works. Note the K-9 team probably have resources that most Android developers lack now that they've teamed up with the Mozilla Thunderbird folks.
15. This is a PSA, and, a question of whether you know of any other 3rd-party Android MUA which can authorize OAUth2 with Google email servers over the web (WITHOUT creating a Google Mothership Tracking Account on Android).
Disclaimer: I am just a user; I am NOT affiliated in any way with anything.
Spoiler: Where to get the version 6.201 K-9 APK
*K-9 Home Page*
<https://k9mail.app/>
<https://k9mail.app/download>
*Google Play Store* (via the FOSS Aurora Store GPS client)
<https://play.google.com/store/apps/details?id=com.fsck.k9>
Name: com.fsck.k9.apk
Size: 8103422 bytes (7913 KiB)
SHA256: 46F071F989C6A138C2B8835D7FCDFA902AE1697B6B3C1C16581EE34B42E51CC3
*SourceForge*
<https://sourceforge.net/projects/k-9-mail.mirror/>
<https://sourceforge.net/projects/k-9-mail.mirror/files/latest/download>
<https://downloads.sourceforge.net/project/k-9-mail.mirror/6.200/k9-6.200.apk>
<https://master.dl.sourceforge.net/project/k-9-mail.mirror/6.200/k9-6.200.apk>
Name: k9-6.200.apk
Size: 8098357 bytes (7908 KiB)
SHA256: 3D8275705E00C159CD1AE473164B403EDF2A2D24E97D9F34D50FDA0677F8B398
*GitHub*
<https://github.com/thundernest/k-9>
<https://github.com/thundernest/k-9/releases>
<https://github.com/thundernest/k-9/releases/download/6.201/k9-6.201.apk>
Name: k9-6.201.apk
Size: 8103232 bytes (7913 KiB)
SHA256: 53F6678B9CF065B2413A53F70BFBF56E2C9C42454DA1A4F37AEC6AD60AB9D53A
*F-Droid*
<https://f-droid.org/packages/com.fsck.k9/>
<https://f-droid.org/en/packages/com.fsck.k9/>
<https://f-droid.org/repo/com.fsck.k9_32001.apk>
Name: com.fsck.k9_32001.apk
Size: 8102284 bytes (7912 KiB)
SHA256: 53637CC7DCF5B4F16EB167F91797DE06D07E00B30FDDBCAC0AA6CBC79122A42D
In summary, as far as I know, K-9 Mail is the ONLY 3rd-party Android MUA that can connect to Google mail servers after May 30th, 2022 without 2FA/2SV.
And what's your experience with the native Samsung E-Mail app?
Until recently, I assumed that account authorization was done by the Samsung server, not Google. However, last year I got a shock when it turned out that Samsung was being queried by Google about my age, because there was a mismatch between the settings in my Google account and my Samsung account.
Without explaining exactly what the issue was, Samsung sent me reminders that it would remove my access to its account if I didn't correct it. After my repeated interventions, Samsung finally realized its mistake, but did not apologize.
ze7zez said:
And what's your experience with the native Samsung E-Mail app?
Click to expand...
Click to collapse
Thanks for that question, but, unfortunately, I don't have a Samsung Mothership Tracking Account for the same reasons I don't have a Google Mothership Tracking Account on any of my phones (unfortunately, I also own iOS devices which not only REQUIRE Apple mothership tracking accounts just to download software but if you set up 2FA, it's PERMANENT (as in forever!)).
In addition, one of the first things I did when I got my phone was wipe out (or disable) every app I didn't want (e.g., I replaced Chrome with Ungoogled Chromium, and I replaced YouTube with NewPipe, and I replaced the Google Play Store with the Aurora Store & Aurora Droid, and I replaced Google Search with DuckDuckGo Search, and I replaced the default Samsung launcher with Nova free, etc.).
I just ran a search for "Samsung" in my app drawer app and there's nothing that isn't either deleted or disabled. (Of course, when I search for "samsung" in my MuntashirAkon App Manager, it finds a lot of apps with names such as "com.samsung.android.whatever", but I don't have the Samsung Mail app you are speaking about. However, if it accesses the Google Mail servers, I suspect it would be subject to the same rules that Google foisted upon all 3rd-party MUAs.
Spoiler: These are Google & Thundernest/K-9 references on this topic
*Less secure apps & your Google Account*
<https://support.google.com/accounts/answer/6010255?hl=en>
Here is the official Google announcement (afaik).
<https://support.google.com/accounts/answer/6010255>
Google says you can use app passwords here.
<https://support.google.com/accounts/answer/6010255>
And here is Google help on "signing in with app passwords".
<https://support.google.com/accounts/answer/185833>
*K-9 Mail (future Thunderbird for Android) adds OAuth 2.0 support*
<https://www.ghacks.net/2022/07/08/k-9-mail-future-thunderbird-for-android-adds-oauth-2-0-support/>
*Add OAuth 2.0 configuration for Office 365 / Outlook #6094*
<https://github.com/thundernest/k-9/pull/6094>
NOTE: AFAIK
Thundernest belongs to Thunderbird.
K9 moved their repo there I assume.
Thunderbird is not Mozilla any more.
Eran Hammer:
*OAuth 2.0 leader resigns, says OAuth2 standard is 'bad'*
<https://www.cnet.com/tech/services-and-software/oauth-2-0-leader-resigns-says-standard-is-bad/>
"The standard grew too far away from its roots as a simple Web
authentication technology, author Eran Hammer-Lahav says,
and now is insecure and overly broad."
*Eran Hammer's last conference on why OAUth2 is "Death by a million cuts"*
<https://hustoknow.blogspot.com/2012/12/oauth2-road-to-hell.html>
*Thunderbird & GMail*
<https://support.mozilla.org/en-US/kb/thunderbird-and-gmail>
Since some people may be confused, Google equates 2SV with 2FA:
<https://support.google.com/accounts/answer/185839>
"With 2-Step Verification (also known as two-factor authentication),
you add an extra layer of security to your account in case your
password is stolen. After you set up 2-Step Verification,
you'll sign in to your account in two steps using:
1. Something you know, like your password
2. Something you have, like your phone"
Note that Apple's 2FA/2SV is PERMANENT!
*Apple 2FA Case Dismissed by California Federal Court*
<https://securitycurrent.com/no-good-deed-apple-2fa-case-dismissed-by-california-federal-court/>
Here's a list I came up with searching for a list of what our choices might be.
1. OAuth2 (usually using an on-device Google Account), or
2. Autoforward Google mail to a non-Google account, or,
3. 2FA/2SV/MSV/MFA via a variety of authenticators, such as...
a. app passwords
b. Some kind of "2FA/2SV/MSV/MFA authenticator" app, such as...
FreeOTP Authenticator, Google Authenticator, Authy, FreeOTP+, etc.
c. USB tokens
d. Time-based one-time passwords (TOTP)
e. SMS 2FA
f. Use the phone's built-in security key
g. Use a physical "security key"
h. Get a one-time security code from another device
i. Enter one of your 8-digit backup codes
j. Sign in using QR codes
k. Set up a "trusted computer" for sign in
l. Sign in with "google prompts"
Any others?
*Email client K-9 Mail will become Thunderbird for Android*
<https://arstechnica.com/gadgets/2022/06/email-client-k-9-mail-will-become-thunderbird-for-android/>
*Frequently Asked Questions: Thunderbird Mobile and K-9 Mail*
<https://blog.thunderbird.net/2022/06/faq-thunderbird-mobile-and-k-9-mail/>
*Revealed: Our Plans For Thunderbird On Android*
<https://blog.thunderbird.net/2022/06/revealed-thunderbird-on-android-plans-k9/>
*K-9 Mail (future Thunderbird for Android) adds OAuth 2.0 support*
<https://www.ghacks.net/2022/07/08/k-9-mail-future-thunderbird-for-android-adds-oauth-2-0-support/>
*The OAuth 2.0 Authorization Framework*
<https://datatracker.ietf.org/doc/html/rfc6749>
App Manager blocks XDA App by default, even though logging into XDA calls up the web browser to log in through it. So it's not the best on the planet. Yes, I disconnected everything for it, then it stopped clinging to the XDA App.
ze7zez said:
App Manager blocks XDA App by default, even though logging into XDA calls up the web browser to log in through it.
Click to expand...
Click to collapse
We should take that issue up privately (or in another thread) as it's off topic here, but what I want to say for the topic is that, today, I just found out from the developer of the Fair Mail app that the K-9 development team worked with him to add the same web-OAuth2 libraries as they were using to enable Fair Mail to ALSO authenticate GMail via web-OAUth2.
This means for both Fair Mail and for K-9 Mail...
a. No mothership tracking account is necessary as of this week!
b. No app passwords (which requires 2FA/2SV) are needed!
c. That means we don't have to trade privacy for security!
This is great news for those of us whose 3rd-party MUA died on May 30th 2022 because Google prioritized security over privacy.
Spoiler: Where to get MUAs that use web OAUth2 with Google email accounts
Given trading privacy for security is a bad bargain for most of us., it's great to know this week there are now at least two 3rd-party MUAs to recover from Google May 30th 2022 unilateral loss of privacy (due to deprecation of login/passwords)...
1. Fair Mail
2. K-9 Mail
Today I was notified by the developer of Fair Mail that the developer of K-9 Mail worked with him so that _both_ of them now authorize OAuth2 over the web on Android (much like TB does on the PC).
Apparently Google loosened the annual audit requirement, but I'm not wholly sure what changed in the interim between last week & this week's changes.
To be sure, there are a huge number of issues still outstanding (e.g.,
Google is limiting their token counts to such a low number as to be anti competitive, which is affecting Fair Mail far more than K-9 Mail due to the huge number of Google email users on Fair Mail compared to K-9 Mail), but the PSA here is that Google "apparently" loosened the annual security audit requirements for MUA developers so that Android can again authorize Google email accounts WITHOUT creating a mothership tracking account on the device.
This means that you don't need a mothership tracking account for OAuth2.
And it means that you don't need "app passwords" (which requires 2SV/2FA).
Best to get the 3rd-party MUAs from GitHub due to F-droid lagging behind.
*K-9 Mail* by K-9 Dog Walkers
Free, ad free, rated 3.1 stars, 96.3K reviews, 5M+ Downloads
<https://play.google.com/store/apps/details?id=com.fsck.k9>
Name: com.fsck.k9.apk
Size: 8103422 bytes (7913 KiB)
SHA256: 46F071F989C6A138C2B8835D7FCDFA902AE1697B6B3C1C16581EE34B42E51CC3
*GitHub*
<https://github.com/thundernest/k-9>
<https://github.com/thundernest/k-9/releases>
<https://github.com/thundernest/k-9/releases/download/6.201/k9-6.201.apk>
Name: k9-6.201.apk
Size: 8103232 bytes (7913 KiB)
SHA256: 53F6678B9CF065B2413A53F70BFBF56E2C9C42454DA1A4F37AEC6AD60AB9D53A
*Fair Mail* by Faircode.eu
<https://email.faircode.eu/>
<https://github.com/M66B/FairEmail>
<https://github.com/M66B/FairEmail/releases>
<https://github.com/M66B/FairEmail/releases/download/1.1940/FairEmail-v1.1940a-github-release.apk>
Name: FairEmail-v1.1940a-github-release.apk
Size: 26750634 bytes (25 MiB)
SHA256: DF1B41DD912B90F8F3B57E014C1EDA436FF0D0C89232E007E6DCDBB8B6800E6D
See also:
<https://github.com/M66B/FairEmail/blob/master/FAQ.md#user-content-faq173>
<https://github.com/M66B/FairEmail/blob/master/FAQ.md#user-content-faq147>
<https://github.com/M66B/FairEmail/blob/master/FAQ.md#user-content-faq111>

Categories

Resources