Subscribe
Share
Share
Embed
Techlore Surveillance Report is your weekly deep-dive into the privacy and security news that matters for your digital freedom. Hosted by Henry Fisher, founder of Techlore and long-time digital rights educator, each episode cuts through the noise with carefully selected stories, context, analysis, and historical perspective.
Topics include: privacy tool updates and vulnerabilities, data breaches, surveillance technology and government overreach, Big Tech privacy policies, encryption standards, digital rights legislation, and corporate data accountability.
Whether you're just starting to take privacy seriously or you're a seasoned expert tracking the ecosystem, Surveillance Report delivers the weekly news you need. New episodes every Wednesday. Subscribe and join the community at techlore.tech
If you are running a de-Googled phone or a custom ROM, you can literally fail Google's
Are You Human check because now there is a component of the check that can require you
to have to use Google Play services to actually pass it.
If you think this is an isolated thing, it's really not.
It's the latest in a pattern that's getting harder to brush off from Google.
And after watching this play out the last year, I don't think Google can claim innocence
anymore.
So I want to share what's going on, the pattern that has happened in the last year, and where
I think the future is headed for mobile operating systems.
So just a couple days ago on May 7th, there was this article that was written about Google's next generation reCAPTCHA.
And it's called Google Cloud Fraud Defense, which Google formally announced in April 23 of 2026.
So this is all quite recent stuff.
So what this does, for those of you who don't know, you access a website and they ask, oh, are you a human?
It's a way to verify you're not just trying to use bots.
But this new one now relies more on mobile verification.
So now it's going to scan to verify you're human and you need to get your phone and scan this and then verify through your phone.
The catch here is that you have to have Google Play Services version 25.41.30 or higher installed in order to actually do this on your phone.
So you can do this on iOS or Android, but it needs to be supported on your device.
This is already quite concerning, especially when you combine this with things that we've been discussing on the channel, like having to require age verification done on the operating system level, which means now your device is age verified, which now means that's what Google is going to help rely on to verify this kind of stuff on your computer.
It also puts more dependence on mobile devices that not everybody has access to.
And of course, if you're a custom ROM user, this is quite concerning.
But, you know, I could see someone here saying, if you only look at this story, it's pretty narrow.
You know, maybe they're going to figure out a workaround anyway.
but I think when we zoom out,
the story becomes a little harder to deny.
You see, August of last year,
Google came forward and said
that we want to announce this
developer verification process
for all apps on Android devices, right?
So what this actually requires
is developers who are developing your apps
have to upload their government ID,
pay a $25 fee,
have a verified device,
register package names,
and have proof of signing keys
and all of this stuff,
all to Google,
even if they want to publish their apps
Google wants full control of that process now. This would literally kill F-Droid. It would kill
things like Aurora Store, Optaneum, direct APK downloads, etc. Anything side-lidded would be
dramatically hit by this. KeepAndroidOpen.org has been doing amazing, amazing, amazing coverage.
We've been doing coverage for it here and pretty much just relaying stuff that they're doing.
They even put out an open letter that we signed back here as well. Google's heard some of that
feedback, and now they're doing this advanced flow, which is like this 10-step process for people to
just install whatever app they want to install on their device. Now, if you're on a custom ROM,
sure, you get to avoid these Google Play services. That is actually where this takes form. But how
many developers are going to want to just keep pushing out updates when a majority of Android
users can't access them? It's hard to know. This is a huge hit to the Android ecosystem. And there's
no denying that, even if individually you might be able to find a workaround for this stuff. But
is based on the Android open source project AOSP. And typically, it's an open source project
developed in the open, but they made the main branch of AOSP locked. And it's read only now.
So now public developers have to sync from Android latest release, which gets periodic
stable drops instead of real time visibility. What this means is that custom ROM teams that
used to track changes as they happen now have to wait for whatever Google decides to drop.
So Google decides things, they have more control over that, there's less accountability,
us transparency. And this is just more Google. To kind of reiterate this, we now have Google's
CAPTCHA service that is used all around the internet, potentially now require you to have
a, you know, in some ways, KYC device nowadays with age verification in that mix. But either way,
it's going to be much harder to do this on a Google device. We have this new verification
program that is trying to prevent sideloading and allow you to just install whatever app you
want to install on your phone. We have their whole AOSP thing that they're trying to do to make the
open source aspect of Android a little bit worse. And also, I didn't even reference how they are
kind of doing some really weird stuff with how they publish pixel code builds. And this could
really hurt open source projects and custom ROMs as well. Each of these seems like a small thing,
but when you stack these patterns together from the last year or so, the trajectory is impossible
to miss. And in my view, it just can't be denied anymore. This has to, in some way, either be
intentional or just no longer a lack of care for the open source community that made Android
possible in the first place. Now, I think Google's relationship with the open source community was
in some ways always destined to end like this. And I'll touch on that in a second. But I do have a
service that is sponsoring this portion of the video that is still friendly to de-gigled operating
systems. This part of the video is sponsored by Proton, and here's why it matters for what we're
covering. We keep talking about these legislative threats like chat control, VPN bans, age verification,
breaking encryption, and if you're still using Gmail, iCloud, or Microsoft for everything,
you're just one law away from having that access compromised or surveilled. Proton is here to give
you that alternative. It has encrypted email, encrypted cloud storage, an open source VPN that
respects your privacy, and they can't read your content because it's end-to-end encrypted.
Switching might feel overwhelming, but Proton even makes that straightforward. Their import tool
pulls your Gmail contacts and emails. Proton Drive works very similar to Google Drive in the web.
Proton Pass migrates your existing passwords, and you can do this all in an afternoon at this point.
We use ProtonMail and Proton Pass and many other Proton products back here to run Techlore and even
make some of these videos because the threats that we cover aren't just abstract threats. They're
real, and moving to services that can't be compromised anywhere near as easily is one of
the most effective actions that you can take. Links to Proton are in the description. Thank
And now let's continue to talk about these threads.
So here's the thing.
Android's roots are in open source.
So far on mobile, the only way to escape a company and actually have some kind of ownership
if you value open source, if you value independence, has been to go with some kind of de-Googled
version of Android.
But, you know, Android as the open source project was always kind of a Google thing.
And so for the last decade, I've been pointing people towards these because they've been the
best option.
And Linux devices, in my view, just aren't ready for most people.
I know because I have them and I've tried using them.
I have every major Linux phone that has ever been debuted back here,
and they're just not ready for most people.
Now, this is before my time, before I was following technology.
But in November 5th, 2007, Google announced the open handset alliance
between HTC, Motorola, T-Mobile, Qualcomm, and other 30 companies.
So you can read into this stuff.
And Android was supposed to be the first truly open and comprehensive platform for mobile devices.
The reason why I think they made this open and what I've heard from other people is that Apple had just launched the iPhone a few months earlier and Google didn't have anything.
They didn't have hardware.
They needed a coalition and they needed that kind of movement.
And openness was actually a recruiting pitch to help them catch up.
So openness wasn't even a principle.
It was a strategy so that they could eventually catch up with Apple.
But I think the community evangelized Android.
They fixed bugs and AOSP for free.
They built custom ROMs.
We had the Nexus devices back in the day that were very developer and ROM friendly.
And I think Google really did a good job catering to this audience.
And it made Android worth using.
But Google's alignments and their positions have shifted.
The alignment is breaking.
And I think we're getting our first real look at what Google actually wants out of Android.
Because they don't need the open source world anymore.
And that puts me in a really sad place because I don't know what the future looks like. At minimum, this is just plain disrespect. Like Google would have never gotten Android to the place it is today if it wasn't for the open source community, if it wasn't for the people.
These custom ROMs, many of these custom ROMs have contributed code upstream to AOSP to fix bugs, to fix security issues, to fix privacy concerns.
And so Google taking this approach is extremely disrespectful to the projects, but also to all the users and all the people who committed to Android to get away from Apple's ecosystem for one reason or another.
So this is plain disrespectful, I think.
But I think the more controversial, even cynical take is that I think this is, you know, Google is telling us very loud and very directly that they no longer want to serve this audience.
They don't want to serve the OEMs.
They don't want to serve the open source developers.
They don't want to serve the ROM maintainers.
They don't want to serve the people who patched AOSP for free for a decade.
They don't want to even serve the users who wanted the openness that Android originally promised them.
even basic things like being able to install apps away from the default app store.
On desktop, we have a solution to this, which is Linux.
It runs on whatever pretty much hardware you want it to run under.
There's no central company that decides what you can do with it that's steering its direction.
Mobile, though, never quite got there.
We have PostMarketOS.
We have Mobian or Mobian.
We have the PinePhone.
We have other Linux devices, and they've gotten better over the years,
but it's not anywhere near a prominent enough third option
to influence the rest of the space yet.
So what do I think?
You know, especially if you're on an Android device.
I think as of right now,
especially if you're on a custom ROM,
obviously that's fine for now.
But I'm looking at this for the next 10 years, right?
So I'm looking at this decades at a time.
I think in the next decade of this conversation
is not going to end with Google or Android.
And I think there's a real opportunity
to either maybe like have a new community run
Android open source project
that maybe forks AOSP,
but now makes it community maintained
or just something that's Linux-based from the get-go.
I don't know.
Obviously, I'm not a developer,
but these are just ideas that I'm grappling with.
I just don't think that it's ever going to be sustainable
to have a central company in charge
of what's supposed to be open for the community.
If you have an Android device right now,
I don't think the point of this video
is to make you throw it in a lake
and be scared or anything.
I think these are all still wonderful projects.
I still recommend them, right?
But I'm just looking at this
from a really long-term perspective
and I'm seeing this pattern.
And it is quite concerning.
I think it would be reckless to not be concerned about this.
So make sure you make yourself heard.
Check out keepandroidopen.org.
It is a phenomenal resource right now.
I want to give a huge thank you to Proton for sponsoring this video.
If this stuff matters to you, make sure to share it.
Make people know what's happening out there.
So it's not just us nerds who are following this.
Because if Google does this to Android, then there's no more open ecosystem to hold any company accountable, which impacts everybody's devices.
If you like what we're doing, you can become a Techlorian down in the description.
We have a fun little signal group that you can become a part of with some other perks.
Other than that, I'll see you all next time on Techlore and make sure to get involved in this somehow.