Slashdot Mirror
Google Starts Blocking 'Uncertified' Android Devices From Logging In (arstechnica.com)
Google logins on unlicensed devices will now fail at setup, and a warning message will pop up stating "Device is not certified by Google," reports Ars Technica. "This warning screen has appeared on and off in the past during a test phase, but XDA (and user reports) indicate it is now headed for a wider rollout." From the report: While the basic operating system code contained in the Android Open Source Project is free and open source, Google's apps that run on top of Android (like the Play Store, Gmail, Google Maps, etc.) and many others are not free. Google licenses these apps to device makers under a number of terms designed to give Google control over how the OS is used. Google's collection of default Android apps must all be bundled together, there are placement and default service requirements, and devices must pass an ever-growing list of compatibility requirements to ensure app compatibility. Android distributions that don't pass Google's compatibility requirements aren't allowed to be called "Android" (which is a registered trademark of Google), so they are Android forks. The most high-profile example of an Android fork is Amazon's Kindle Fire line of products, but most devices that ship in China (where Google doesn't do much business) fall under the umbrella of an "Android fork," too.
While Google's Android apps are only properly available as a pre-loaded app (or through the pre-loaded Play Store), they are openly distributed on forums, custom ROM sites, third-party app stores, and other places online. When a non-compatible device seller (or a user) loads these on a device, they can potentially trigger Google's new message at login. The message pops up when you try to log in to Google's services, which usually happens during the device setup. Users who purchased the device are warned that "the device manufacturer has preloaded Google apps and services without certification from Google," and users aren't given many options other than to complain to the manufacturer. At this point, logging in to Google services is blocked, and non-tech-savvy users will have to live without the Google apps. Users of custom Android ROMs -- which wipe out the stock software and load a modified version of Android -- will start seeing this message, too.
While Google's Android apps are only properly available as a pre-loaded app (or through the pre-loaded Play Store), they are openly distributed on forums, custom ROM sites, third-party app stores, and other places online. When a non-compatible device seller (or a user) loads these on a device, they can potentially trigger Google's new message at login. The message pops up when you try to log in to Google's services, which usually happens during the device setup. Users who purchased the device are warned that "the device manufacturer has preloaded Google apps and services without certification from Google," and users aren't given many options other than to complain to the manufacturer. At this point, logging in to Google services is blocked, and non-tech-savvy users will have to live without the Google apps. Users of custom Android ROMs -- which wipe out the stock software and load a modified version of Android -- will start seeing this message, too.
Geez they are really doing their absolute best to piss off and alienate their core fanbase.
Unless its us. Then fuck you.
As described in the XDA link, custom ROM users aren't shut out. Individual users can request whitelisting of up to 100 devices, and makers of custom ROMs can also contact Google to get their standard images approved by default.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
If /. had bothered to read through the entire article, they'd have gotten to the important bit:
We've actually been unknowing victims of illicit Google app distribution here at Ars before. We once imported a Xiaomi Redmi 3 smartphone from China to review, and, upon booting it up, we were very surprised to find it came with the Google apps pre-installed. As a device from China, this should not have happened. After we posted the review, Xiaomi contacted us with some very scary news: "The Redmi 3 should not come with Google Play pre-installed because it is a China-only product." Xiaomi told Ars. "It is very likely that the Play Store you saw was preinstalled by the importer/seller. This is a very common practice with the unauthorised importers."
This would mean the reseller opened our phone, unlocked the bootloader, flashed on a new ROM with Google Play, re-locked the bootloader, and stuck the phone back in the box. There was no obvious evidence that our device had been tampered with, and, while hopefully the seller only installed Google apps, they could have just as easily loaded malware onto the device. A message like this during setup would have been a big red flag that something was wrong.
This is what Google is trying to fight against here: man-in-the-middle attacks by people selling / re-selling Android devices with pre-loaded malware or spyware. Custom ROM installs are getting hit because they're basically middle-ware too; the difference is that this is stuff that the end-user is specifically authorizing, so there's a workaround to let you install it if you want to.