Android behavior change: no more W^X violations

[abik]

Yes. From Peter Osterlund's Droidfish repo referring to that problem.

Ah, thank you kindly for this data point. It is good to see this confirmed by others too.

Should we completely review the UCI model of pipe communication between processes, and instead have engines be compiled as dynamic libraries ? Or will that also be banned for security reasons ?

For the time being it seems that pre-packaged engines work, even with pipe communication, both inter- and intra-app. But I agree that the ways things are going, it is not unlikely exec() may go away too. In that case it will be natively called engines packaged in one app only.

[abik]

Okay, after some more research and asking around my old Android friends, I convinced myself there is no way to install binaries from SD card into Chess for Android anymore. The same restrictions will apply to any chess app that *targets* API 29 (note, apps targeting API 28 will still work, even when running on API 29, but since Google Play requires the API 29 target from now on, artificially keeping the target low is only a solution for alternative distribution channels).

I internally proposed adding an explicit W^X permission to Android so that users can opt-in for apps that they trust (like Chess for Android ). Let's see how that goes, but I am not sure how serious such a proposal will be taken, or if that even addresses all security concerns.

For now, the silver lining behind the dark cloud is that engine packages still work, as do GUI's that package their own engines.

[IanKennedy]

I've got a Huawei P40 Pro so I don't take stuff off the PlayStore. Don't use it much for games (or development) but do have DroidFish and a couple of Go programs.

[Ras]

I internally proposed adding an explicit W^X permission to Android so that users can opt-in for apps that they trust (like Chess for Android ).

Maybe they could put in a store requirement so that this option will only be available for apps where the author states a technical reason why the app needs that feature.

[Pi4Chess]

Is the OEX standard the way to go or even this is impacted ?

[twobeer]

It's sad the path Google has chosen to more and more sacrifice openness, on the altar of "control/security". It's also sad how evil Google behaves when it comes to Huawei and its Google play licensing policies (I expect these boycotts to spread to many more brands).. It will take some time before authorities stamp down on Googles evil ways, in the meantime I try to use Android versions that are mostly AOSP based and do without Google Services, which I feel is abusing the users trust more and more these days.

To me it's baffling that Google treats iOS more generous than AOSP and unlicensed versions of Android with it's free apps and services.

Can we hope for Sailfish, Tizen, Harmony or other Linux flavors for mobile devices?? I really think Google/IOS duopoly needs competion.

[abik]

Is the OEX standard the way to go or even this is impacted ?

When done right (viz. don't violate W^X), both OEX and the chessbase compatible format will work, even targeting API 29 on Android 10. For example, both Chess for Android and the BikJump engine package target API 29, and you can still import the engine without problem.

[abik]

I had not touched this webpage in a long time, but this change demands an explanatory note on the UCI and XBoard Protocols for Android page.

[parrish]

Okay, after some more research and asking around my old Android friends, I convinced myself there is no way to install binaries from SD card into Chess for Android anymore. The same restrictions will apply to any chess app that *targets* API 29 (note, apps targeting API 28 will still work, even when running on API 29, but since Google Play requires the API 29 target from now on, artificially keeping the target low is only a solution for alternative distribution channels).

I internally proposed adding an explicit W^X permission to Android so that users can opt-in for apps that they trust (like Chess for Android ). Let's see how that goes, but I am not sure how serious such a proposal will be taken, or if that even addresses all security concerns.

For now, the silver lining behind the dark cloud is that engine packages still work, as do GUI's that package their own engines.

Then please pre-package the latest Stockfish and Komodo, in an update.

[abik]

Then please pre-package the latest Stockfish, and Komodo, in an update.

Yes, I saw your one star rating on Google Play. Thank you for that...

For many reasons, I prefer not to ship engine binaries in Chess for Android. However, luckily several engine packages are available on Google Play, which work really well with Chess for Android. See, for example, Karl's stockfish collection.