Not at all. Root access would be a way over safety rails.

Also the context of this post is that Google is attempting to make “side loading” harder.

I meant, what things do you do on your phone that wouldn’t be possible on a website if you were on another platform?

This is still begging the question: your question contains the assertion that the current smart phone model must continue. If you only think about the things you currently do with it, then of course you can do a lot of the same things with a browser model: they’re both restrictive sandboxes in similar ways. Interestingly though, I can name a few things already that are currently easy on an Android phone but not in a browser, the most obvious being running any sort of network server. You can’t take advantage of Linux’s configfs and functionfs APIs on a device that is ironically the best device made to use them. I mean, browsers were never even designed to allow filesystem access so an API would need to be added for that even, something so trivial. There are an almost infinite number of things you can do with direct access to an OS compared to through browsers; browsers are required to treat every single thing they do on behalf of the server they’re talking to as malicious. That’s the whole threat model, and it’s completely correct, but I don’t want that threat model applied to my entire device.

I think we’re just thinking of different things. You seem to be thinking about how to remake the current smart phone experience, and that’s pretty easy to do with a browser model. I think the current smart phone experience is pretty bad and incredibly limiting, so I see a move to the browser model pretty much… no different. I wouldn’t be particularly excited. I never understood the Boot2Gecko excitement anyway.

I’d like to see a smart phone that is just a small computer that happens to also have phone functionality. Where you actually have an entire Linux system available to you, and you’re allowed unconfined root access. You simply can’t get that if you’re being sandboxed by anything. To be honest if Android just stopped all the insanity around full, meaningful root access and unmodifiable hardware roots of trust, I wouldn’t need anything else. I like the availability of the tightly controlled application sandboxes. I love the use of SELinux throughout.

With respect to the development ecosystem… we can agree to disagree I guess. I’d rather leave the industry than deal with modern web development, but that’s just my personal opinion.

Google does at least maintain fairly solid web standards

I have to strongly disagree with this though. Google wants to bring it’s attestation APIs to browsers. What a nightmare. They also try to move browser addon development in user hostile ways, like trying to kill ad blocking. I don’t trust Google to have the user’s best interest in mind for a single second.

Anyway, I asked where you’re coming from so thanks for sharing.

Yes there is a general ignorance to this problem among law makers, in my country at least, as well as a bit of regulatory capture with respect to tech in general. The boogie man of “security” is also a very persuasive concept for a lot of people. This is not a problem that will be solved easily.

I sometimes have to go to Miami and I’m legit scared of the highways there.

Yea… Like some of those parking applications. Ugh.

We’ll always need safety rails, I think the thing you’re missing in most of the arguments you’re seeing here is that people want ways over or around those safety rails, and that those safety rails do not need to be as strict as they’re becoming. That is not the case currently and that is definitely not the direction AOSP or iOS are interested in going.

Also, just for the record, comparing the modern era of computing to the limewire era is bananas.

Sure, but imagine a world where you could run a JVM (just as an example please don’t focus on that lol) on your phone (and yes I know Android is JVM-esque, but you aren’t just running JVM code on there willy nilly due to the way it’s designed). There is no longer an Android vs iOS in that case with respect to JVM and even desktop or laptop applications. Of course there would need to be work done on the development side to deal with screen size and all that fun stuff, but these are all solvable problems and things you already have to deal with. QT has very easy to use Python bindings if you want an easy entry to that so that’s no big deal. I don’t write a lot of GUI code so I don’t know the landscape that well, but I’ve had success with PyQt6 and Kotlin + JavaFX.

Anyway that’s all kinda besides the point. We know how to build VMs; we’ve done it plenty of times. There is nothing magic about JavaScript; it’s just a VM. Are browsers incredibly complex and well designed programs? Yes, but they’re not special and their role as the backbone of everything doesn’t seem inevitable or wise to me.

I think they’re both pretty big problems. An open OS and hardware that supports it seems to be a huge hurdle, but at least there is a clear vision of how to solve it. The problem you bring up though… It seems like we’ve almost gone too far at this point and it’s gonna be really hard to put the cat back in the bag. It seems like something we need to solve with legislation potentially?

https://developer.android.com/developer-verification not for long

I don’t see why it’s inevitable at all. Browsers are incredibly useful and will always have their place, but they don’t have to be everything. Why would you say it’s inevitable? There are plenty of other OS agnostic frameworks on which to build programs, and not everything actually has to be OS agnostic imo. I don’t write anything with Windows in mind :)

Let me answer your question with a question: How many things do you do with your phone that aren’t also able to be accomplished with a website already?

This is kinda begging the question imo. Phones are terrible anti-user devices, so I can’t do the things I’d like to do with it that I can’t also accomplish on a website. Wasn’t that kinda the problem that was initially stated in the OP?

Delivering application-like experiences via the web allows users to make accessibility changes to that experience without the developer needing to support it explicitly. It also allows users to implement plugins that extend and improve their experience, by removing undesirable content or adding functionality that you haven’t provided. And because browsers are built on open standards, there’s no longer any device ecosystem lock-in; I should be able to access all of the websites I want to from any browser on any device. Users could even build their own bespoke applications, without the need to enable a developer mode on their phone or get a certification from a megacorp.

Almost all of this would be equally possible if the phone wasn’t just a platform for a browser. I actually think a browser model limits a lot of what you say here, and browsers definitely have ecosystem lock-in problems: what Google says essentially goes these days. The browser isn’t the great liberator of phones imo.

I don’t hate browsers; a lot of what you said is true and great for users with respect to browsers. I do however think it’s a weird way to try to fix the phone ecosystem by replacing a restrictive sandbox with a restrictive sandbox that also ties you to a really terrible development ecosystem.

I’m not sure what the original vision was, but KaiOS is just a fork of Boot2Gecko.

And yet on Linux the advice seems to be never ever download directly from the developer

Are people really giving this advice that often and that strongly? I find myself building more and more things from source these days. Especially with modern languages that OS maintainers are actually having a difficult time packaging in the way they’re used to.

Boot2Gecko is a thing: it’s called KaiOS. It targets lower tech devices though and is just as locked down as Android, potentially even more actually.

I’m interested: why do you want it? I’m not a big fan of the idea of web development being the standard