There is a risk Google could tamper with the app for specific users if they’re installing it from Google Play. I think it’s likely security researchers would discover that if it was widespread, but there’s a chance Google could do it undetected if they targeted it selectively enough.

People who are concerned about this can download the APK directly from Signal and check its signature before installation.

Signal uses reproducible builds for its Android client, and I think for desktop as well. That means it’s possible to verify that a particular Signal package is built from the open source Signal codebase. I don’t have to trust Signal because I can check or build it myself.

If I don’t have extreme security needs, I don’t even have to check. Signal has a high enough profile that I can be confident other people have checked, likely many other people who are more skilled at auditing cryptographic code than I am.

Trusting the server isn’t necessary because the encryption is applied by the sender’s client and removed by the recipient’s client.

I’m still using a phone from 2020. It’s fine. If I got something new, it would probably be bigger and lack a headphone jack.

A new phone would have a better camera than my old one, but it would not be as good a camera as my Olympus, which I use when I care about the result.

The airline probably owes you money under the EU 261 passenger rights regulation.

Thus, a seatless bus. A what?!

That’s pretty common at European airports. It’s rare in the USA, but I’ve seen it.

I had four overnight delays in three round trip transatlantic flights in 2025. The airline was at fault for three of them.

When the airline is at fault for a delay of four hours or more on a long flight that starts or ends in the EU, they owe the passenger 600 Euros, a hotel room, and meals, so those were long delays but not exactly terrible experiences.

Getting stuck for 20 hours in the Newark airport due to weather wasn’t as pleasant. The airline did not owe me anything because weather is not their fault. There were hundreds of other delayed travelers sleeping on cots in the halls of the airport. They did not have a cot for me.

Here are some more options:

• Individualism vs collectivism
• Essentialism vs constructivism (are important traits of people fixed, or mutable?)
• Belief in conspiracy theories vs skepticism (people who believe one conspiracy theory usually believe many, also predicts mistrust in institutions like traditional media and scientists)

It’s worth thinking about whether dimensions like these are cause or effect, and political or personality traits. zlatiah points out that there are techniques for identifying which ones cause political behavior.

• Reasonable: prevent downgrades when the bootloader is locked
• Sketchy: prevent downgrades when the bootloader is unlocked
• Unhinged: hard-brick the device when a downgrade is attempted

Let’s clarify some terminology.

Android is an operating system, not hardware. Android uses the Linux kernel, but differs greatly from desktop-oriented Linux distributions. Most phones are designed for Android, a bit like most PCs are designed with Windows in mind.

Desktop-oriented Linux distributions have a semi-standardized software stack with Linux, GNU libraries and utilities, a shell, X11 or Wayland, some sort of window manager or desktop environment, etc…

Other comments have explained how the hardware makes it difficult to have generic operating systems that install easily on any phone like we do for PCs, but they do exist. Ubuntu Touch and PostmarketOS are examples of desktop-like Linux distributions for phone hardware. It’s possible to install and use these on certain phones, but there’s usually a feature or two without a working hardware driver. Desktop Linux on laptop computers used to be that way too, but far fewer laptops have missing drivers now than a decade or two ago.

I have PostmarketOS installed on an older phone. I don’t think the user experience is quite ready for most people to use as their primary phone, even for me, and I’ve been running Linux on laptops for most of my adult life.

I have a .com for like $19.99 but pay to have my info redacted from whois stuff, an email address, all cones to like $42.99

Porkbun charges $11.08 for a .com with whois privacy. $30/year for email hosting might be worth it if you’re getting very good service, but I think you’re overpaying.

$11.08 for a .com. Source: just renewed.

A different Wallet/Pay implementation is a possible outcome, but I’m thinking of a bigger picture where Android phones are more like PCs: no non-unlockable bootloaders, no remote attestation anywhere, barriers to root detection at the OS level, third-party ROMs encouraged.

The early days of Android were like that. I wonder if things had developed along that path, would we have a paradise for power users? A security nightmare for mainstream users? Both? Neither?

I wonder what an alternate history where Google chose not to become evil would look like.

What if they had looked at Microsoft’s Palladium proposal and thought, as pretty much everyone outside institutional IT departments did that locked devices with remote attestation was a nightmare scenario best forgotten, refused to build it, and made an effort to prevent anyone else from doing so on top of Android? Safetynet didn’t appear until 5-6 years after Android launched to the public. What if it never did? Android already had enough momentum by that point I don’t think the financial sector could refuse to be on it no matter what risk management said.

I had that in mind, but it’s been a while since I read it and skimming it today, it seems a little dated. The tone may also be a bit harsh to offer to OP in this thread.

I hadn’t heard of Pixels doing that, but I’m guessing the attempt does not hard-brick the device.

Without seeing the entirety of the interaction, it’s hard to be sure.

Some people are assholes, and because nobody wants to interact with assholes, they usually end up congregating on whatever forum doesn’t ban them. Moderation is hard and ban evasion is often easy, so there end up being a lot of places like that.

The other side is that people in general ask a lot of bad questions, and a forum flooded with bad questions becomes useless because people who could answer good questions either get tired of it and leave, or spend so much time on the bad questions they don’t have time for the good ones. People get frustrated when they think that’s happening to a forum they enjoy, and programmers are famously better at communicating with machines than with people.

Here’s are some tips to ask good questions about programming:

• First, try to find the answer without asking other people. This is especially important when it comes to programming because the whole job is problem-solving. That means figuring out how a search result, LLM output, or published documentation relates to whatever it is you’re trying to do.
• Once you’re sure you need help from other people, clearly articulate what it is you want to happen, what you tried in order to achieve it, and what actually happened. Use more detail than you think you need here, especially regarding your expectations. Sometimes the mere act of composing a question this way leads you to the answer, which is effective enough there’s a popular technique of explaining problems to inanimate objects.
• Include the troubleshooting steps you tried from the first step above in your question. By typing it out, you may discover an error or omission in your process, but you also communicate to other people that you’re not just being lazy, wasting their time, and reducing the signal to noise ratio of their forum.

Pixels have a pretty strong warning on boot for unlocked bootloaders and an easily-typed URL with a detailed explanation.

That seems like enough to me from the manufacturer side. Of course I can imagine someone ignoring the warning; people sometimes climb into tiger enclosures with predictable results, but it shouldn’t be on device manufacturers (or zoo management) to prevent all possible negative outcomes.

A design that results in a hard brick on “tampering” is unusually destructive.

Samsung, Huawei, Microsoft, and LG tried similar ideas and none got much traction.

I’m not sure it’s actually a good idea even now that phones have enough CPU and RAM for an adequate desktop experience. It’s certainly not a good idea running Android as we know it, where apps are data silos and have UIs that don’t cleanly transition from the palmtop experience to the desktop experience.

You can do that today with a Linux tablet and Waydroid. It’s more like running the Android apps in a VM than something really well integrated with the Linux environment, but perfect is the enemy of good.