Quick note: Google's Advanced Protection program disallows sideloading apps, so you can't install F-droid.<p>Edit: Note that the Advanced Protection program is opt-in for users that require the highest degree of security Google can offer. Regular users won't be impacted by this.<p>Edit: proof <a href="https://imgur.com/a/yktPNIc" rel="nofollow">https://imgur.com/a/yktPNIc</a><p>Edit 2: see @haunter's comment for a link to the change announcement
The GitHub discussion is significantly more informative and carries a lot of thinking behind the changes: <a href="https://github.com/termux/termux-app/issues/1072" rel="nofollow">https://github.com/termux/termux-app/issues/1072</a><p>IMO a better link than a short paragraph on Wiki.
TL;DR: Android is trying to enforce all data being either writable, or executable, never both. iOS already does this. There are big security benefits (it becomes much harder to exploit an app).<p>A disadvantage is it becomes much harder to make things like terminal emulators and things that <i>want</i> to download random code and run it.<p>But those are by far the minority of apps, and it seems crazy to make a pretty massive security tradeoff for something that 99% of apps don't need to do.<p>One solution might be a special permission to be allowed to do that, but it seems unlikely a user could really make an informed decision.<p>Another solution could be to interpret rather than execute the code - you lose a lot of performance, but for people running bash scripts, that might not matter. Using WebAssembly might be a good middle ground.
While I really, really want a GNU/Linux Android-alternative to succeed, at the moment a good solution for those of us who can't go without Termux is LineageOS [1], an Android fork, comes with a terminal emulator WITH root access (of course you can install Termux if you prefer how it handles packages.) You can also install Play Store apps on it, should you feel so inclined.<p>[1] <a href="https://lineageos.org/" rel="nofollow">https://lineageos.org/</a>
We have to replicate somehow the PC ecosystem into mobile phones. I'd like PostmarketOS / Manjaro to take off, hope it becomes ready as everyday driver one day.
> Everyone should move to F-Droid version, if possible<p>Instructions from the Termux wiki here: <a href="https://wiki.termux.com/wiki/Installing_from_F-Droid" rel="nofollow">https://wiki.termux.com/wiki/Installing_from_F-Droid</a>
Termux is such a great piece of software. I've been using it as my primary server[1] for half a year now with no issues and very minimal maintenance.<p>That said, it always kinda felt like a kludge when compared to (ideally) using a full-blown Linux distro like PostmarketOS.<p>[1] <a href="https://lbrito1.github.io/blog/2020/07/replacing_google_analytics_android.html" rel="nofollow">https://lbrito1.github.io/blog/2020/07/replacing_google_anal...</a>
That seems hard to enforce.<p>I mean, you can block the kernel level execve, but perhaps user space can be hacked to do a user-level execve. Just unmap and re-map the right pieces of memory, close the right file descriptors, do the right stuff with signal handlers and whatever not. No?<p>Look, Cygwin is able to simulate fork and exec on Windows, both of which are completely missing.<p>One thing that would put a damper on things would be disallowing executable mapping at all. But you can't just do that since it breaks shared libs. A mechanism that allows shared libs to be mapped executable and then drops the map-execute privilege wouldn't be secure. It would be annoying, but possible to bypass.<p>The only way it would work is if the entire process setup logic shared libs were moved into the kernel, so that the very first instruction that runs in a process is in a context that can no longer map any pages executable. Or else, it's still in user space, but the dynamic loader is specially privileged, and before dispatching the very first instruction in the loaded executable, it drops that privilege. Either way, so much for trampolines, JIT and other techniques). dlopen could not work either, unless it's moved into the kernel, and allows only "blessed" plugins.
I wish Google took the high road when it comes to Android and let users create legit root accounts on their phones. Instead they seem to be emulating the worst parts of Iphone OS.<p>And no, root account does not violate any security principles. If your app is leaking secrets due to root accounts, your app is broken.
BTW: I just now have read an announcement that Retroarch is affected by the same policy, and they solve that by offering a limited number of Libretro ‘cores’ that are downloaded from Google's servers on request from the app: <a href="https://www.libretro.com/index.php/retroarch-android-new-versions-for-play-store-please-read/" rel="nofollow">https://www.libretro.com/index.php/retroarch-android-new-ver...</a><p>I now invoked the ‘convert cores to the Play Store versions’ functionality, and not seeing any new separate apps installed, nor was I asked to install anything (and Retroarch doesn't have permissions for that). It seems like Termux could use the same approach.
I just installed this app 2 days ago for running croc [0]<p>Works great. Will use Termux till/if it breaks.<p>[0] - <a href="https://github.com/schollz/croc" rel="nofollow">https://github.com/schollz/croc</a>
The Google play version was crippled beyond being practical anyway. Can't SMS, can't GPS, no access to address book.<p>The usable version is from F-Droid. And I had to install that one just to install Termux. No need to root your phone. Simply install F-Droid app store, and install from there.
This is annoying, but I am not quite convinced that this requires pulling Termux from the Play Store. I mean, to be honest, Android is literally "easy mode" compared to iOS even after this change, and just having access to execmem would be enough for any iOS app to write a very capable Termux–and that's even without proot involved. I'm seeing claims of execmem possibly going away as a reason to not write their own loader (which is basically the only component they need) but that would require banning all alternative web browser engines from the store, which would be a much larger change in policy than banning exec from certain directories.
I'm vaguely titillated by the prospect of Google Play receiving hundreds or thousands of separate apps with Termux packages. Alas this feeling is chilled by the knowledge that publishing them is not in Google's priorities.
slightly offtopic: I am surprised by how much patience thestinger has on the thread replying to people who clearly have no context about the issue - enough to repeatedly explain the tradeoffs and reasons behind the decisions taken.
<a href="https://f-droid.org/packages/com.termux/" rel="nofollow">https://f-droid.org/packages/com.termux/</a><p>Note that you can download the apk and sideload, without installing fdroid.<p>You can, for example, install termux on a device that is never online... a standalone phone.
Check out Termius. I've never used Termux so I'm not sure if Termius has the same feature set but it was enough to occasionally ssh in to my machine to attach/detach a gnu screen session to do what i needed.<p>Also see Admin Hands.
For those not following. the TL;DR; is basically termux doesn't want to accept that Linux on Android is only an implementation detail and re-implement the necessary shell like functionality using the Java Frameworks.