The part in the flow where you select between allowing app installs for 7 days or forever is a glimpse into the future. That toggle shows the thought process that's going on at Google.
I can bet that a few versions down the line, the "Not recommended" option of allowing installs indefinitely will become so not recommended that they'll remove it outright. Then shrink the 7 day window to 3 days or less. Or only give users one allowed attempt at installing an app, after which it's another 24 hour waiting period for you. Then ask the user to verify themselves as a developer if they want to install whatever they want. Whatever helps them turn people away from alternatives and shrink the odds of someone dislodging their monopoly, they will do. Anything to drive people to Google Play only.
They removed the option for Safari some time in the last two years; here's how it looked in 2024: https://imgur.com/1iBVFfc
And the cherry on top of dark UX patterns: an unchecked toggle rests at the bottom. "Ask me which app to use every time." You cannot stop getting these.
The darkest UX pattern I have ever hit is trying to cancel Google Workspace; whereby they disable the scrollbar on the page so you cannot actually get to the cancel button.
I was so mad when they removed the fourth option. I can't remember which one was which, but one meant "open in a webview inside this app" and the other was "open in a new tab in your default browser". It was still terrible UX but I liked at least having that choice.
An annoying extension of this is opening a Google maps link on mobile. It always prompts to open Google Maps (the app) no matter what. If you click no, its bugs the fuck out and opens an App Store link. If you click yes, even if you have Google Maps installed, it bugs the fuck out and opens an app store link. In neither case will it properly show the location on a first attempt. It's been like this for years. I'd ask what they're thinking when they came up with this, but I remain unconvinced that any such activity happens inside any Google offices today.
I’ve seen it with non-Google apps too. I’m not sure what causes it, but I believe sometimes you can long tap the link and select the correct option.
I believe the behavior where you say no and it still tries to open the app is because the default behavior on Google Maps links is to open Google Maps.
I hate this pop-up so much. I don’t even have Chrome installed on my phone. How about open up on the only browser I have installed…
This kind of thing should be illegal. The default browser is the default for a reason, to avoid this kind of stuff.
I think I’ve reported this as a bug to Google a couple times, in a couple different apps… as they do it in their other apps too.
The only thing that bothers me more are the, “sign-in with Google”, prompts on 90% of websites now. How about just giving the option to login with Google if so choose to login, and not spam it on every website just for visiting?
Google really has made the internet and worse place in so many ways.
> I think I’ve reported this as a bug to Google a couple times, in a couple different apps… as they do it in their other apps too.
Alas, I don't think it's a bug. A PM or VP probably got a bonus for this.
> How about just giving the option to login with Google if so choose to login, and not spam it on every website just for visiting?
Yeah this is kinda weird. I don't know if it's browser specific though. I use Firefox on my main computer and I think I still see it. Which means that the website owner opted into this weird pattern. No other auth providers do this. Just Google.
It's OK. This is the dying, last gasp effort that a company makes when it has no way to innovate, no way to add any real value, no capacity to drive change internally, and has become completely non-user focused.
In short, it's what companies like IBM and Broadcom are now.
Shallow husks of their former self, mere holding companies for patents, with a complete lack of care and concern about any end-user retention.
Google search has turned completely into junk over the last two weeks. You may think "two weeks only?!", and you're right there, but this is a whole new level of stupid.
You may not be getting this where you are, but here searches are constantly prepended with human checks, searches can take up to 5+ seconds, you name it. They literally spend so little on maintaining and working on their search engine, that it's effectively unusable much of the time now. I don't care whether it's bot traffic, or what, and no it's not just me, or my ISP. This is wide-scale.
It takes so long I just click on an alternate search engine and search there. I don't have time to waste in their inanity.
Any sane and sensible company wouldn't entirely trash and destroy their mainline product, which is key to drive users to experience Google products. But this degree of sheer, unbridled arrogance is what topples empires. The thought that it really doesn't matter, flows off of google as a foul stench.
Look at Microsoft of old, the god of arrogance. Once the most dominant, powerful tech company in the world. They were king. Browser king. OS king. Everything king. Now they are barely noticed by large swaths of the market.
The problem is that these companies can remain on life support for decades, phoning it in and making things continuously worse as their desperation grows.
If they follow the path of IBM and Broadcom, they will move away from the consumer market and focus more on the enterprise. If Google fully realized that vision it would be extremely disruptive. Them shutting down Google Reader practically killed RSS for quite a while. Imagine that level of disruption with products that have mainstream appeal… mail, maps, docs, search, etc. It would be pandemonium.
I'm not sure where you are but at least here Microslop is still ruling more or less everywhere besides the online ad market.
They are big in everything that is mass scale developer oriented with things like GitHub, VSCode, or all their libs, tools, and integrations (they "own" in large parts for example Python, TS, and Rust). Governments and public services are all running on Azure. So do a lot of companies; more or less all small and mid sized. They are still dominant in the gaming market, and get stronger there with every year.
Microslop was always, and still is the same Microslop. They are very successful with what they do since decades. Whether one likes that or not.
They haven't been dominant in the gaming market for a long time now. Since the beginning of the last generation (Xbox One, PS4, Nintendo Switch), Microsoft has had the worst selling game consoles. And they are getting weaker with every year: the Xbox director was fired just a few weeks ago.
>Look at Microsoft of old, the god of arrogance. Once the most dominant, powerful tech company in the world. They were king. Browser king. OS king. Everything king. Now they are barely noticed by large swaths of the market.
I think it’s more about how they are perceived. They’re making a lot of money somehow, but they have been losing desktop OS marketshare for at least 15 years, they completely missed mobile, Xbox seems to be failing, they completely gave up on the browser and just threw a skin on Chrome. They have O365 in the enterprise, sure, but that was a market they once owned… now they share it with Google Docs and a host of others. They had to shove Linux into Windows just to get developers to stick around. They had the PC gaming market on lockdown, but Valve is coming for them with all their Linux based efforts… we have PewDiePie as an Arch user now. How bad does Microsoft need to screw up to push someone all the way to Arch? All their consumer facing products seem to be trending down.
Everyone loves to talk about FAANG… there is no M, why not? One would think Microsoft would belong more in that collection than Netflix, yet here we are.
In terms of technology and looking forward, what is Microsoft doing really right? Even their investment in AI seems questionable and they pushed it into their products so hard that everyone hates it. They have GitHub and VS Code, but that was an acquisition and people are always nervous, because they don’t really trust Microsoft based on their track record. Azure is fairly popular, but AWS is still the benchmark everyone talks about. There is their enterprise management software… that helped take Styker completely down last week (maybe not totally Microsoft’s fault and more the admin, but that’s still some really bad press). Did I forget something big?
TBH, you could change a few terms and that text wouldn't look much different in the 90's. Microslop never gave a shit on end-users and what they think. Nobody ever "liked" Microslop. People were always complaining that Windows is shit, Office is shit, MS Servers are a joke, etc. Nobody at Microslop ever cared. They always cared only about having all the companies and governments in ransom, which was always their golden egg goose. The only other thing they care about, to make the first thing happen, are developers. They put a lot money into keeping people developing using their tech, and this actually works. Even on Linux it's hard to avoid Miroslop tech. (I've got just today a Pipewire update which pulled in some MS libs for ML; and there is for sure more as they have even code in the Kernel.) Microslop's EEE strategy is a long game, which is actually pretty hard to beat.
I think if, 10 years ago, you spun Microsoft into several different companies with everything playing out exactly as it has today in the product management side, the most direct consumer-facing sections like Windows Desktop and Xbox would have cratered and most analysts would say that they have bleak futures, while Azure and 365 would have grossly overperformed and would have been titans.
MS has been successful despite fucking up the monolithic position they held in desktop and gaming, because they managed to find a particularly valuable golden goose. It's just that in doing so they allowed the other golden geese they have to become quite sick.
If you took out cloud rev MS would have been much more motivated to not let the rest of the company's products turn in to the sorry state they're in.
Most client PC are still running on Microslop Windows.
They are, as always, using Windows to sell all their other crap, especially Azure and 365. Things like their AD or office tools are tightly integrated into the cloud so you realistically can't even use the one without using the other.
At work, we needed a PC for a Linux-based Webkiosk the other day. The computer proposed by the colleague who actually orders stuff comes with a Windows license. I said we don't need that. A fruitless, lame effort was made to locate a substitute w/o a Windows license. I renewed my protest, but the feeling that the problem is me was already floating in the air. I gave up. We purchased a Windows license to run Linux. For the umpteenth time.
It's like a Microsoft tax on PCs.
There is no way this many sites did it organically without Google pushing it in some way, not to mention they built the thing in the first place (as you mentioned). There also doesn’t seem to be any way to disable it (other than maybe an extension that I saw recently, but at $15 I needed to think about how much I want to spend just because Google is obnoxious).
I’m sure the real goal of this “feature” is to get people to sign-up for the site without them actually realizing they are signing up. They click OK just so the modal goes away and now the site has their email address. They can use that growing email list to seek higher prices from sponsors when they put an add in their newsletter the user will now be spammed with.
Imagine if the other auth providers followed suit. Open a news article and you need to close the Google auth, Apple auth, Facebook auth, Microsoft auth, GutHub auth, X auth… I’m sure I’m forgetting some. After closing those 6 modals, reject the cookie prompt, close the newsletter modal, and maybe now we can start reading the article if there is an auto-playing video ad covering some of the content.
All of this is really pushing me away from the internet in general and souring me on the tech industry as a whole. I’m at that point where I find myself casually browsing for jobs that won’t require I ever touch a computer again.
Trouble is we cognoscenti know it but the great unwashed do not and or don't give a damn about the fact.
Google and all of Big Tech well know of our objections but unfortunately we are only hardly perceptible noise to be ignored on their way to even greater profits.
the YouTube app does the same. Infuriating. I don't have Chrome installed and it doesn't list the only third party browser I _do_ have installed: Orion
The switching cost on a 20+ year old email address is high. It’s basically impossible to totally migrate away from. On top of that, since Google does their own thing, it doesn’t fit well into standard IMAP that most clients use.
Sparrow made Gmail a great experience, but Google bought it and shut it down. I’m still rather bitter about that. It’s the only email client that actually made me enjoy email.
This doesn’t solve the root of the problem. Google is still the backbone of a significant amount of the email and no meaningful progress would be made toward the day when I could delete the Google account.
It would require systematically changing my email at the 300+ sites I’m aware of, assuming they allow that, or deleting the account if they allow that. I’ve been making efforts here and it’s painful. Many companies don’t have good systems for that, if any at all. Even big companies like Amazon and Sony, I was told to just abandon old accounts and let them hang out there forever… I had duplicate Audible and PlayStation accounts. No way to delete them. I found this particularly upsetting with Sony, considering how many times they’ve been hacked. On some sites I also ended up in captcha purgatory.
Then there are the hundreds more who have my email somewhere. I tied to change my email 13 years ago. My own mother still sends to my old gmail account. I think she used the new one a few times, but do I really want to nag my 70 year old mother about using the wrong address? My dad is the only one who reliably uses it, because he uses his contacts app properly. Over a decade and the progress has been almost non-existent. All this effort did was make email and logins harder to manage by spreading it out.
The pragmatic approach is to go back to Gmail, since most stuff is still there. I don’t want to be in bed with Google, but at least it’s only one thing to think about.
Thinking about it, my Gmail account is also my Apple ID. I think Apple only recently made an option available to change that, but it feels risky.
I changed my Amazon sign in a few weeks back, no real issue. I just popped over to Audible and there seems to be a pretty straight forward flow to changing your email, although I didn’t actually try it out. What issue did you have? Was it awhile back? Not trying to be contentious but curious / you may have some luck now if you struggled with it in the past. It’s certainly not trivial to just abandon one email for another, especially if you have been using the same for two decades.
I had 2 accounts. A legacy Audible account and my main Amazon account. The Audible account was created before Amazon bought them, and I think after the acquisition I just started using my Amazon account.
My main Amazon account has all the Audible stuff I actually care about, as well as copies of the stuff on my legacy account, so I wouldn’t lose anything that mattered if they deleted it.
My goal was to delete the legacy account and all my personal data related to it (which I believe is required by law in some places).
I ended up on the phone with support and talked to them for quite a while. They said there was nothing that could be done. This was probably a year ago, Best I could do I guess is delete as much as I can, if they allow it, change the email to a 10 minute email, and then let it go. This is what I had to do for Papa John’s last week and a couple other places, but I’d rather my account actually be deleted so I don’t have to worry about a future data breach on an account I would no longer be able to get into. I don’t know how their database is setup, if I change something I can see, is it actually gone or does the DB keep a history? There are a lot of unknowns that make me uncomfortable with just abandoning an account.
With Sony it was worse. At least Amazon talked to me. Similar situation with 2 accounts. Their website said to call to have your account deleted. I called, waited on hold for 40 minutes, then was told they couldn’t do it. They hung up on me while I was trying to tell them their website said to call the number.
This past weekend I migrated out of 1Password, which I had been using for 18 years. That was a fairly big job. The export/import did OK, but I still had to go one-by-one through 600+ entires to sure things up and fix little things. The main job is done, but I have a little more I’d like to do. The email job is bigger and has lots of other people involved, which is where the real challenge is, as they’re all different.
I just checked out a video. I don’t think it’ll do it for me. What I liked about Sparrow is it made email feel more like Messages or Twitter. Going back and forth in email didn’t feel so formal. I didn’t see that in Spark. They also seem to be leaning really hard into AI, which is a bit of a turn off.
The issues I had (granted this was probably a decade ago), was that Gmail uses tags and IMAP uses folders. The translation there always felt messy and cumbersome. To me, this is why I felt Gmail wasn’t good in generic mail clients and really needed one built for Gmail.
Maybe all those apps have since updated to natively support all Gmail’s features, but that is also a cat and mouse game with all the stuff they try that doesn’t fit neatly into established mail protocols.
Merely regulating them isn't enough. The world needs to start enforcing antitrust laws. If we don't break up all these big tech companies, our future will be a technofeudalist cyberpunk dystopia.
I'm probably out of the loop, but last I checked, to put an app somewhere that's not the official App Store, they required you to pay their hefty fee for putting it in the App Store (even if you weren't going to do that), _and_ an additional Core Technology Fee.
(And if that's still accurate, one thing I don't get is how that isn't also anti-competitive.)
Apple was clear that they were offering the safety of a walled garden from the start.
Apple didn't lie about supporting a user's freedom to run anything they like, only to execute a rug pull after they successfully drove the other open options out of the marketplace.
> Apple didn't lie about supporting a user's freedom to run anything they like, only to execute a rug pull after they successfully drove the other open options out of the marketplace.
They did execute a rugpull, and they aren't offering safety anymore.
The rug pull is ads in the app store. If I go to the app store now and search for my bank's name, the first result is a different bank. If I search for 'anki', the first 3 results are spam ad-ware tracking-cookie trash.
If I search "password store" I get 4 results before the "password store" app.
I had a family member try to install one of the google-docs suite of apps, and the first result was some spamware that opened a full-screen ad, which on click resulted in a phishing site.
My family can't safely use the app store anymore because they click the first result, and the first result for most searches is now adware infested crap because of apple's "sponsored results".
What's the point of charging huge overhead on the hardware, and then an astounding 30% tax, and also a $100/year developer fee, if you then double-dip and screw over the users who want your app by selling user's clicks to the highest bidder?
Don't forget that Apple is spying on their users even more then Google does (which is gross in its own). Apple controls much more user data then Google does.
At the same time Apple keeps telling their users some fairy-tales about "privacy".
> Apple was clear that they were offering the safety of a walled garden from the start.
This is a red herring. Is Google a hypocrite for lying about it first? Sure. But suppose Android dies and gets replaced by something that never claimed to be open. Or gets replaced by nothing so there is only iOS. Is that fine then?
Of course not, because the problem is the lack of alternatives, and having your choice glued to an entire ecosystem full of other choices so that everything is all or nothing and the choices you would make the other way are coerced by them all being tied together into something with a network effect.
> If Google actually takes away the ability to run unsigned code, my next phone will be an iPhone. And I rarely even run unsigned code.
Same here. If I must be in a walled garden, then I will choose the better kept garden and it sure as hell isn't one of Google's crappy platforms.
The only reason to put up with the shittiness of Android is freedom. The same freedom they keep eroding with their constant, never ending attempts to force remote attestation and sideloading limits.
GrapheneOS is the last hope for Android as far as I'm concerned. Hopefully Google won't find ways to screw that up.
> it might finally result in me fully exiting the Google ecosystem
Don't wait for them to push you away. Start exiting now. Setting up mail on my own domain and distancing myself from gmail is one of the best things I've ever done. Highly recommended.
I've noticed with GrapheneOS, that more recent builds are exhibiting weird issues. This isn't their fault, it's upstream ASOP issues. For example, just in the last few weeks:
* The date has now gone missing from my lockscreen, only showing the time.
* I can no longer see signal strength on my phone for mobile, if wiki is off. I turn wifi on, and now I can. I use a larger font, but it used to be just fine.
There are all sorts of little changes like this I've noticed recently.
It makes me wonder if Google is slowly mangling default ASOP so projects like GrapheneOS will have a crappier daily build experience.
And GrapheneOS doesn't have time to manage features changes like this, they focus on their key security improvements and fixes. If Google is doing this on purpose, it has real potential to seriously degrade ASOP as usable without lots of fixes and changes.
They already rug-pulled security updates or whatever it was a few months back.
And it really seems like the sort of sneaky, underhanded way Google would handle things.
Odd, I don't have those issues (date is on the lock screen, network signal strength when wifi is off is there). Played around with font settings but that changed nothing. Up to date stable version of Graphene on an 8a. Are these beta versions? Or maybe it's phone dependent.
Do you have 'Receive security preview updates' on?
Google stopped publishing any info about security updates until (I think) quarterlies come out. GrapheneOS had to sign some sort of non-disclosure for them, in order to roll them into updates.
If you don't have that on, then you're not fully up to date with security updates. This could be the difference.
> GrapheneOS had to sign some sort of non-disclosure for them, in order to roll them into updates.
So doesn't this mean GrapheneOS is effectively controlled by Google now?
Also, how is keeping anything secret under NDA possible at all if you want to know what's in a security update and be actually able to build that update yourself from source?
Just to switch to an even more aggressively monitored and tightly controlled walled garden?
People sometimes act as if the one would be an viable alternative to the other. Even both are effectively the exact same shit for the exact same reasons.
Buy a cheap unlocked smartphone and run GrapheneOS[0]. I want my smartphone to be like my linux computers where I run them for as long as the hardware works and is still relevant. My iPhone 12 is getting close to its end of life support, yet it is still working well. We should expect better from trillion dollar companies. So I'm not supporting them with dollars wherever I can afford not to. That and I think it's more enjoyable to run something off the beaten path. I like to explore the space a little.
I swapped out my MBP for an Asus Pro Art running linux last year and that's been working out pretty well. Hopefully my cheap motorola phone will be supported by GrapheneOS soon and that will work out too.
GrapheneOS will support future Morotola phones that meet a subset of their requirements, rather than existing phones. Less likely to be budget lines for now.
Which increases the limit to whatever time is left on your current payment period. After which the app will stop working and need to be reinstalled by an authenticated developer who has a current Apple Developer Subscription.
EDIT: Edited the above which previously said 90 days incorrectly. Not sure where my brain pulled that from but I posted the correct details here prior: https://news.ycombinator.com/item?id=45743615
Notably if you install a month before your subscription expires you need to reinstall the app in 1 month.
Fiften Million Merits. The one where advertisers literally torture a man with loud high pitched noises because he refused to view ads and didn't have enough money to skip them.
Common People is utterly terrifying. Woman falls into a coma, so startup uploads her mind to the cloud so it can stream her mind back to her. Then they start to enshittify the poor woman's life. Can't even sleep because they're using her brain as a CPU. She gets mercy killed while blurting out ads for antidepressants to the person doing it.
Metalhead is also among my favorites. Those kill bots put Skynet to shame.
Let's say I'm sitting outside of your office with a bazooka and boxes of high explosives. You ask my why, and I say, "someone might try to rob this office." You say, "somehow, that does not persuade me that a stranger should loiter outside of my workplace with a massive stockpile of ordinance." I reply, "what's your solution to combat robberies?"
it already has a lock, by default you're not allowed to install apps in android you have to accepts a bunch of prompts and configurations (the key) and now you won't even have the key
Is it a lock? I buy a building and the builder put an id verification lock on the doors and I am not allowed to remove it. And they also require a separate one time fee of 2 to 5 percent of the purchase price.
In physical world, there’s only so many people who can rob you if you do something stupid (like constantly give away copies of your keys to strangers), they will be very noticeable when they are doing so, and if you feel like something’s off you can always change the lock.
On the Internet, an you are fair game to anyone and everyone in the entire world (where in some jurisdictions even if it’s known precisely who is the figurative robber they wouldn’t face any consequences), you could get pwned as a result of an undirected mass attack, and if you do get pwned you get pwned invisibly and persistently.
Some might say in these circumstances the management company installing a (figurative) biometric lock is warranted, and the most reliable way to stop unsuspecting residents from figuratively giving access to random masked strangers (in exchange for often very minor promised convenience) is to require money to change hands. Of course, that is predicated on that figurative management company 1) constantly upping their defences against tenacious, well-funded adversaries across the globe and 2) themselves being careful about their roster of approved trusted parties, whom they make it easy to grant access to your premises to.
The trouble with your analogy is that physical reality works the same way. People have been committing mail fraud since the advent of post offices. Spies have been planting bugs on delivered goods since the invention of bugs. The thing that causes this isn't digital devices, it's long-distance delivery of goods and messages.
Meanwhile installing software on your own device is the thing that isn't that. They're preventing it even when you're the owner of the device and have physical access to it. They're not installing a lock so that only you can get in, they're locking you out of your own building so they can install a toll booth on the door.
totally my point here. The actual shape of the thing starts mattering so much that at one point your metaphor is just completely useless for judging the actual tradeoffs
Do you think regular desktop computer should be locked down like this too? Scammers can also tell people to run Windows programs. Should that be banned too?
I'm fine with an opt-in lock-down feature so people can do it for their parents/grandparents/children.
Also, just let people get used to it. People will get burned, then tell their friends and they will then know not to simply follow what a stranger guides them to do over the phone. Maybe they will actually have second thoughts about what personal data they enter on their phone and when and where and who it may be sent to.
Same as with emails telling you to buy gift cards at the gas station. Should the clerk tell people to come back tomorrow if they want to buy a gift card, just in case they are being "guided" by a Nigerian prince scammer?
Keep in mind that Android has like a billion users who have never touched a Windows computer. (And unmanaged Windows was/is also a disaster zone.) Coming at this from a internet forum perspective is missing the scope of the problem.
> I'm fine with an opt-in lock-down feature
Me too, but it's really just some UI semantics whether this is 'opt-in' or 'opt-out'. Essentially it would be an option to set up the phone in "developer mode".
There is a big difference between opt-in and opt-out that isn't semantics. You can't slowly discourage, deprecate and delete the default the way you can an opt-in, because too many people keep using it.
Yeah, I predict that "developer mode" will eventually be a setup option in the trust store, so you'd have reset the phone to get to it.
With billions of Android users, there's only millions of people who need or really want this. So like 1%. My point is stop thinking about your mom's windows box and consider the scale.
Maybe? Let people form CAs, and if a CA gives out certs for malicious apps remove them. (Old apps continue to work, to publish new one get new cert.)
Yes, sad, but works.
People will learn about scams, but scammers are unfortunately a few steps ahead. (Lots of scammers, good techniques spread faster among them than among the general public.)
I have to completely concur that it's probably one step toward an increasingly restrictive final state. Add a few "Are you sure?? You'll brick your phone!!!" warnings, then ID and age-verification mandatory (think of the children!!)
And when you do that, you lose access to your bank, because bank apps routinely refuse to run on devices that leave the user in control (e.g. unlocked bootloader, rooted phone). Graphene and similar would be a much more acceptable solution if remote attestation of a locked bootloader were banned.
The choice is not between "individuals are on their own against scammers" and "users are locked into Google vetting their phone". Users should be able to choose another organisation to do the vetting. They bought a phone, they didn't sell their life to Google.
Would you support Microsoft doing the same thing to Windows?
These are general purpose computing devices. It's sure taking a long time, but Cory Doctorow's talk on the war on general purpose computing is sure starting to become a depressing reality: https://www.youtube.com/watch?v=HUEvRyemKSg
Microsoft is doing the same thing, they call it S-mode. A surprisingly large amount of computers are sold with Windows S. Thankfully S-Mode can usually be disabled even if your computer shipped with it enabled.
Windows S mode is a streamlined version of Windows designed for enhanced security and performance, allowing only apps from the Microsoft Store and requiring Microsoft Edge for safe browsing.
All apps should be open source and subject to verification by nonprofit repositories like F-Droid which have scary warnings on software that does undesirable things. For-profit appstores like Google and Apple that allow closed source software are too friendly to scams and malware.
I don't think that's a realistic suggestion as as the quantity of applications are huge who are going to spend time reviewing them one by one. And and even then it's not realistic to expect that that undesirable things can be detected as these things can be hidden externally for instance or obfuscated
F-Droid exists and they have a much better track record than Google. I'm not actually serious, I just think if there's a single app repo that should be allowed to install apps without a scary 24h verification cooldown, it's Google's proprietary closed-source app store that needs the scary process, not F-Droid.
Users don't have to wait 24 hours because Google Play store already has registered developers. Scammers can be held liable when Google knows who the developer of the malicious app is.
Really though? Who is in jail right now for Play Store malware offenses? Or are we just talking about some random person in China or Russia who signed up with a prepaid card and fake information had their Google account shut off eventually.
I think compared to the alternatives, this is the best answer.
Even if you are a bank or whatever, you shouldn't store global secrets on the app itself, obfuscated or not. And once you have good engineering practices to not store global secrets (user specific secrets is ok), then there is no reason why the source code couldn't be public.
It's also true, the best way to audit software is source-code and behavior analysis. Google and Apple do surprisingly minimal amounts of auditing of the software they allow on the Play Store and App Store, mostly because they can't, by design. It should shock absolutely nobody then that those distribution methods are much more at risk of malware.
Not the parent or agreeing/disagreeing with them, but to your question: if you get creative, there are a lot of things you could do, some more unorthodox than others.
Tongue-in-cheek example, just to get the point across: instead of calling it Developer Mode, call it "Scam mode (dangerous)". Require pressing a button that says "Someone might be scamming me right now." Then require the user to type (not paste) in a long sentence like "STOP! DO NOT CONTINUE IF SOMEONE IS TELLING YOU TO DO THIS! THIS IS A SCAM!"... you get the idea. Maybe ask them to type in some Linux command with special symbols to find the contents of some file with a random name. Then require a reboot for good measure and maybe require typing in another bit of text like "If a stranger told me to do this, it's a scam." Basically, make it as ridiculous and obnoxious as possible so that the message gets across loud and clear to anybody who doesn't know what they're doing.
The people falling for social engineering now won't be protected by this either. You could gate the functionality behind verification of an anti-scam awareness and education training and certification course, scammers would coach people through the entire course and the verification step, and people would still be victimized.
> You could gate the functionality behind verification of an anti-scam awareness and education training and certification course, scammers would coach people through the entire course and the verification step, and people would still be victimized.
The problem with this line of reasoning is that it proves too much, which really gets to the heart of the issue.
If people are willing to be led to the slaughterhouse in a blindfold then it's not just installing third party code which is a problem. You can't allow them to use the official bank app on an approved device to transfer money because a scammer could convince them to do it (and then string them along until the dispute window is closed). You can't allow them to read their own email or SMS or they'll give the scammer the code. If the user is willing to follow malicious instructions then the attacker doesn't need the device to be running malicious code. Those users can't be saved by the thing that purportedly exists only to save them.
Whereas if you can expect them to think for two seconds before doing something, what's wrong with letting them make their own choices about what to install?
That's unfortunate if true but it isn't a convincing argument to force the rest of society to live in proverbial padded cells. There's a minimum bar here. Some people probably shouldn't have online accounts and aren't responsible enough to manage their own finances. The rest of us are (hopefully at least marginally) functional adults.
This is actually a really interesting problem. Some portion of the public (nerds) are competent to understand what running software even means and the rest (let's call them "sheep") are naive and helpless. A portion of the nerds (Evil Hackers) are easily able to coach any sheep to do any action. Obviously everyone should default to being a Sheep, and obviously it would be ideal if Nerds could have root on their own damn hardware. But how can one ever self-certify that they're actually a Nerd in a way that an Evil Hacker can't coach a Sheep through? "Yes, now at the prompt that says 'Do not use this feature unless you are a software engineer. Especially don't click this button if someone contacts you and asks you to go through this process.'... type 'I am sure I know what I am doing' and click 'Enable dangerous mode.'"
> Obviously everyone should default to being a Sheep
This isn't actually that obvious, for a number of reasons.
The first is that it causes there to be more sheep. If you add friction to running your own software then fewer people start learning about it to begin with. Cynical cliches about the government wanting a stupid population aside, as a matter of policy that's bad. You don't want a default that erodes the inherent defenses of people to being victimized and forces them to rely on a corporate bureaucracy that doesn't always work. And it's not just bad because it makes people easier to scam. You don't want to be eroding your industrial base of nerds. They tend to be pretty important if you ever want anything new to be invented, or have to fight a war, or even just want to continue building bridges that don't fall down and planes that don't fall out of the sky.
Another major one is that it's massively anti-competitive. If the incumbents get a veto, guess what they're going to veto. This is, of course, the thing the incumbents are using the scams as an excuse to do on purpose. But destroying competition is also bad, even for sheep. Nobody benefits from an oligopoly except the incumbents.
And it's not just competition between platforms. Think about how "scratch that itch" apps get created: Some nerd writes the app and it has only one feature and is full of bugs, but they post it on the internet for other people to try. If trying it is easy, other people do, and then they get bug reports, other people contribute code, etc. Eventually it gets good enough that everyone, including the sheep, will want to use it, and by that point it might even be in the big app store. But if trying it is hard when it's still a pile of bugs and the original author isn't sure anybody else even wants to use it, then nobody else tries it and it never gets developed to the point that ordinary people can use it.
So maybe the scam we should most be worried about here is the one where scams are used as an excuse to justify making it hard for people to try new apps and competing app stores, and deal with the other scams in a different way. Like putting the people who commit fraud in prison.
No. This assumption is the core fault with the entire line of reasoning. The typical sheep will not do arbitrary things for a stranger such as sending you his entire bank account because you told him he needed to pay an IRS penalty in crypto to avoid being picked up by the state police who are already en route in 15 minutes.
It's a continuum. The question is how much of the low end needs to be protected by the system.
Binning into discreet blocks to match your example, the question is where to place the dividers between the three categories - nerd, sheep, and incompetent. We don't care to accommodate the third.
Compared the current paradigm, where you already need to enable developer options, allow installation from untrusted sources, and tap through a warning screen for each apk to be installed?
Maybe 10-20%, generously. The people who are falling for it under current protections clearly are not reading anything they're looking at or thinking about security at all, they've fallen for social engineering scams and sincerely believe they're at imminent risk of being arrested by the FBI or that their adult child is about to be killed. They're in fight or flight mode already, not critical thinking and careful deliberation mode.
If you were to rank everyone by gullibility, these people would largely be clustered in the top 1-2% of most gullible people. There is very little you can do to protect these people, realistically.
> They're in fight or flight mode already, not critical thinking and careful deliberation mode.
That actually sounds like an argument is favor of this restriction. If someone is in a position of deep trust with the scammer then waiting a day is nothing. But if they're in a panic, not thinking things through or calling anyone for advice, that state probably won't last 24 hours.
That's fair, reasonable minds can disagree on the numbers and even magnitude here.
What I would challenge you to consider is this: where do we draw the "good enough" line, where we finally stop sacrificing freedom over the devices we purchased under terms that originally included freedom, control, and ownership at the altar of protecting the vulnerable?
Do scam victims need to be 0.1% of all Android users? 0.01%? 0.0001%? Should this extend to computers too - should local admin become completely unavailable to all Windows users? Should root become unavailable to all Mac users? To all Linux users? Should you be allowed to own technology at all, or merely rent it as a managed service, to protect those who cannot be trusted to own devices without getting scammed?
It really feels like you're replying to a completely different comment than mine? Absolutely nothing you're responding to here is consistent with what I wrote (except your very first sentence)...
> What I would challenge you to consider is this: where do we draw the "good enough" line, where we finally stop sacrificing freedom over the devices we purchased under terms that originally included freedom, control, and ownership at the altar of protecting the vulnerable?
There's nothing to challenge here. The method I proposed keeps you fully in control and owning your device. Anybody can follow that process if they want. It's not like I said each person has to get approval from Google before enabling developer mode on their phone.
> Do scam victims need to be 0.1% of all Android users? 0.01%? 0.0001%?
This is not some kind of paradox like you're making it out to be. A very reasonable starting point would be "get this scam rate down to match {that of another less-common scam}". Iterate until/unless new data comes along suggesting otherwise.
> Should this extend to computers too - should local admin become completely unavailable to all Windows users? Should root become unavailable to all Mac users? To all Linux users?
"Too"?! Where did I ever suggest root should be "completely unavailable" to all Android users?
> Should you be allowed to own technology at all, or merely rent it as a managed service, to protect those who cannot be trusted to own devices without getting scammed?
Like the ones constantly advertising across Google's plethora of platforms without any repercussions or possibility of recourse with Google? For my safety, of course.
I suppose you could make the cooldown apply to the actual installed app. Like... when it's first installed it won't work for 24 hours and the clock doesn't start until you reboot. And then on boot it scares you again before starting the clock. And then "scares" you again after the cooldown.
Force the phones to be open so I can install my own OS on them.
Then Google can do whatever they want with their OS and I can do what I need with mine. You might actually get phone OS competition. This is what the walled garden is actually meant to prevent.
China just executed couple of them that operated in Myanmar. Since we are hurling towards the bad parts in their dystopia anyway, why not also get the good ones?
But this has nothing to do with combating scammers in the first place, have you never used the play store before? It's overwhelmingly scam apps with the most intrusive ad/tracking shit imaginable. There are scammers openly buying sponsored search results for names of popular apps so their malicious app with similar name appears as the first result.
You didn't even slightly research the topic of phone malware, browse /r/isthisascam for starters.
I don't say the problem is an "epidemic" and it doesn't have to be an epidemic to be addressed.
It's very obviously not irrelevant. Google is not going to let their main phone app product become associated with Grandma losing her savings! That's not going to help the free software folks... it's going to send everyone over to iOS.
> Google is not going to let their main phone app product become associated with Grandma losing her savings!
How did they manage to survive as the grandma-account-draining brand for over 15 years, though? They're still the market leader.
One of the best arguing tactics the pro-control side has come up with is "The way it works right now is JUST not good enough". And then you don't need to argue any further or substantiate that. You just force your opponent into coming up with new measures because obviously right now we have an emergency that must be dealt with immediately. So far, this reasoning has worked for program install restrictions, de-anonymizing internet users, all sorts of other random attestation and verification measures, and it will be used for so much more.
My question to all that is - what has happened NOW that changed the situation from how it was just a couple years back?. Google hasn't been sitting idle for all these years, they've been adding measures to Android to detect malicious software and prevent app installs by clueless users - measures that were striking a balance between safety and freedom. Why is everything safety-related in the last few years suddenly an emergency that must be rectified by our corporate overlords immediately and in the most radical ways? How did we even survive the 2010s if people are less secure and more prone to being scammed with the new restrictions right now than they were back then?
I'm not saying there's not an issue, but without hard stats, these issues will always be magnified by companies as much as possible as the wedge to put in measures that benefit them in ways other than the good-natured safeguarding of the consumer. In an open society, there's always a point where you balance the ability to act freely with ensuring that the worst actors can't prosper in the environment. Only one of these things is bad, but you can't have both. You need a middle ground.
Insufficient answer. "The past 15 years" is asking about that entire period. If you want to compare a specific point in time, they asked what changed since "a couple years ago". A fair point-in-time comparison might stretch "couple" as far back as 2020 because of how they talked about surviving the 10s, but no further.
So, 2020 or 2023 or so. Plenty of ransomware, plenty of phone banking. What changed since then?
It's for the same reason governments all over started to implement "age verification" laws all of a sudden, they never tell us their real motivation. That we can only speculate on, but for many people it seems they just go along with it and believe them all on face value, that's what all the media does anyway. The overarching goal they all work towards seems to be total control and surveillance of people's information sources and communication.
I see a bull charging full-sprint at me, I'm not going to sit here and consider whether he's merely reacting to a loud noise or if he's actively trying to gore me to death. Incidentally limiting user freedom is indistinguishable from purposefully limiting user freedom.
Google has a fetish for controlling what I can install because they earn money by sitting on the brdige between me and the app developer. That is not a conspiracy theory like you try to portray it. That is basic economics.
They're an amoral monopolistic megacorp that should have been broken up a year ago.
They are performing the ritual of maximalist offensive position -> half-hearted walk back to a worse status quo.
Is the problem they claim to want to solve real? Maybe. I haven't seen a convincing breakdown that doesn't lump a lot of unrelated fraud in the unvetted APK bucket.
That's beside the point though. No one should applaud this utterly predictable and disgusting behavior.
I don't accept it when Unity does it. I don't accept it when Hasbro does it. I won't accept it here either.
> "That's just FURTHER PROOF that you're secretly trying to destroy my phone."
What a ridiculous strawman. I outlined a specific issue with what they introduced. To make it even more clear - the new flow Google created would work just the same with just the 24 hour delay, but the way how they introduced the "For how long should you be able to install apps?" question comes out of left field and suddenly makes you think about timing. Why would they ask you that? After all, you jumped through a sufficient number of hoops for Google, they probably estimated that anyone who has gone that far out of their way should know what they're doing. So why ask a developer or power user about the duration when this feature works? The very unsubtle hint here is that the question is asked because soon enough, 'Forever' will not be an option anymore. It's a very common tactic - restrictions start light, and then are ratcheted up into a nagging reminder that works to dissuade everyone but the most dedicated.
> You understand there's a real goal being pursued here, right? Suppose Google is dealing in good faith.
I do. But why are you so implicitly adamant that the only goals here are good, noble, moral goals? Google will do everything in its interests, regardless of how good or bad it is for people. Decreasing the vectors of attack on their platform is profitable for them, and it also coincides with the public interest of not getting hacked. But ensuring that other brands, OEMs or developers can't interfere with them building an app distribution monopoly is also good for them. Being the sole arbiters of what goes on the devices that have now become mandatory for participating in society is extremely good for them. Do you think they're only pursuing the first one of the three?
> How should they solve it differently?
You're not going to like the answer, but there's no clean, perfect solution that balances everyone's interests. Companies are pushing the safety angle in pursuit of the three interests I listed above. You can see just how much it ramped up in the last few years, even though we've been living under this status quo for decades. But it's not as simple as turning devices into grandma-phones with approved functionality only, because both extremes have big drawbacks. If you have 90s-style insecure fully-privileged computing for everyone, that's a path towards extremely unsafe and vulnerable systems, worked on by people who don't know what they're doing. If you have full lock-down, you're awarding current market leaders with an endless reign of power by insulating them from competition and giving them more control over users. The way we were doing things before this crackdown was striking a good balance of keeping most grandmas out while not choking the abilities of the hobbyists or third-party app distributors too much. If you want an alternative, an ADB flag that you have to change once through a command prompt would've been good too.
At this point I'm convinced that there's something deeply wrong with how our society treats technology.
Ruining Android for everyone to try to maybe help some rather technologically-hopeless groups of people is the wrong solution. It's unsustainable in the long run. Also, the last thing this world needs right now is even more centralization of power. Especially around yet another US company.
People who are unwilling to figure out the risks just should not use smartphones and the internet. They should not use internet banking. They should probably not have a bank account at all and just stick to cash. And the society should be able to accommodate such people — which is not that hard, really. Just roll back some of the so-called innovations that happened over the last 15 years. Whether someone uses technology, and how much they do, should be a choice, not a burden.
> People who are unwilling to figure out the risks just should not use smartphones and the internet.
Sounds great in theory, but just today I was reminded how impossible this is when walking back from lunch, I noticed all the parking meters covered with a hood, labelled with instructions on how to pay with the app.
What do you mean by impossible in this case? Can't you just have the coin-operated parking meters back? Where I live, in EU, parking meters even take cards.
EDIT: I guess "just" is doing some heavy-lifting, so I won't argue this further, but "impossible" isn't the word I would use either. The city could revert this decision, definitely if enough people wanted them to (that's... I know, the hardest part). I just agree with the OP that we technically could go back to slightly less-digital society.
> Where I live, in EU, parking meters even take cards.
Unfortunately, a more accurate way of putting it is: stuff takes cards in lieu of coins. Like, where I live (also EU), ticket machines in buses and trams have gradually been upgraded over the past decade to accept cards, and then to accept only cards.
It's a ratchet. Hidden inflation striking again. Cashless is cheaper to maintain than cash-enabled, so it pretends to be a value-add at first, but quickly displaces the more expensive option. Same with apps, which again, are cheaper to maintain than actual payment-safe hardware.
It's near impossible to reverse this, because to do that, you have to successfully argue for increasing costs - especially that inflation quickly eats all the savings from the original change, so you'd be essentially arguing to make things more expensive than the baseline.
a few years ago the vending machines in my office building started accepting credit and debit cards for an extra fee of $0.35 per transaction. just recently they stopped accepting bills and coins leaving cards as the only option, but are still charging the extra fee.
Place where I park my car for work (Gosford, Australia) just got rid of cash payment, they now take card payment only (apparently there is also going to be an app, but they haven’t launched it yet). I think the number one reason is they are upgrading to a new system, and the parking technology vendor doesn’t provide cash payments as a standard option-probably they could implement a custom integration to enable it if they thought it was essential, but cash payments are so rare, it would be a difficult decision to justify. The carpark is owned and operated by the local government, so they need to justify their decisions, either as commercially viable, or else as producing substantial public benefit, but I think both arguments would be difficult to sustain in this case.
It’s kinda easy to justify though from a financial standpoint. If the parking meters take cash, you need all the hardware to accept and secure the cash. Then you need somebody to go around at some point and actually physically collect the cash. Then someone has to reconcile the cash, etc.
So at least from that angle I see it as an easy “government is actually trying to be more efficient” argument.
As a user cash is a pain in the ass. I have to count it out, keep it in my pockets, etc. So much easier to just tap my phone or my card. But yeah that’s a tradeoff in the classic “You’re trading X for convenience”.
The next level of parking enshittification is pay-by-license-plate, which is starting to become widespread here in Perth, Australia, even for locations that are free parking, and locations that have parking machines. Surveillance just ratchets upwards.
The other problem, in the US at least, is that cash is very low value (inflation), and dollar coins never caught on. I'm not trying to carry around $6 in quarters to park for 2 hours. And that's a pretty inexpensive parking spot.
No, they're implying that you need a lot of coins to pay for parking.
If you need $6 to pay for parking, and the largest commonly available coin is a quarter, that means you need 24 coins to pay. If the value of currency was such that the parking only costed $3, or if dollar coins were more common, you'd need less coins to pay.
And maintain them, which I suspect costs even more. Parking meters do fiddly work, out in all weather, where people hate them and do all kinds of vandalism.
It doesn't surprise me that they want to make hardware maintenance your problem.
There are places in EU too where parking meters have disappeared and payments are only done through apps. And I am talking about public space in the street, not private parkings.
I do believe that. Pointing out that I live in the EU was completely unnecessary, I meant that I live somewhere in the EU, I didn't really mean to compare it to the US.
I parked in a garage in downtown Tacoma, Washington. The only option to pay was via an app. So I downloaded the app (by walking outside to where there was cell service, because I was, you know, underground in a garage) at which point it threw an internal server error when adding my card. There was no attendant on duty, and no way to pay with a credit card. So I left - just drove out of the garage. Then a few months later I got a fine for $75 for not paying. Then I called them to dispute it, and they offered to waive most of it, but it was still more than if I had been able to pay the fee initially.
I'm sure it was sold to the garage as a way to "maximize revenue and unlock operational efficiency". And sure enough, look, the revenue number is up and to the right. Working as designed.
Seriously, I don't understand why these stories have to so often end with someone just giving in and paying. Our society is so disenfranchised. I understand that doing it the right way by sending them written notice that it's an invalid debt takes time and effort, but there are options between that and just giving in and validating their nonsense.
I found one parking lot in the EU where there were only signs, and the signs not only pointed to an Android+iOS only, attestation-protected app, rather than a website, but an app that, at least on Android, was region-locked to only allow installations from people with the local country set correctly in Play Store (something completely different than the country Google sets for your account, for some reason).
It was a public lot, and the only lot in the town, as far as we could tell.
>Regina city council made the decision to remove the coin option at downtown meters as part of the budget deliberation process, said Faisal Kalim, the City of Regina's director of community standards.
Yes, I read the linked article. Yes, the city made this decision. The decision could be reverted. I understand that this is a type of thing the OP (top-comment in the thread) is wishing for.
I don't see the "impossible" in my understanding of the linked article.
Coin-operated meters means someone have to come around checking the meter, collect coins, check the parking tickets. One person can only cover so many devices per day.
Then you have mechanical maintenance, with that comes disputes with "it was broken, it didn't accept the money" and so forth.
I've probably forgotten a number of other related things, but compare the above to digital solution.
Parking app, where the customer pays only for the parked time, no fiddling with money or keeping track of time. The parking attendant checks much quicker by just scanning the license plate while walking the rounds (could be done via car and a mounted camera even).
Analog just costs more, and citizens doesn't want taxes to go to things that are not strictly necessary.
It was possible for many decades already, budget and maintenance-wise. You can at least accept a credit card as an alternative. Yes, it's not perfect, but the fully digital alternatives also have drawbacks, as pointed by OP.
Things that were possible become impossible. Once Britain ruled the seas with wooden sailboats. Those boats are not perfect but could they win today’s naval battles? Also no.
"The decision could be reverted." Do you often buy a new car and revert that purchase to purchase a different new car? I guess you don't often use your own money so no big deal.
Why the snark? Did I misread? I don't often buy a new car, do you? I really don't understand what your last sentence means.
I don't even think this a fair comparison, it's more like keeping the old car just in case or for other family members. But I think I specified enough what I'm arguing already, yes this is unlikely, just not impossible.
They are saying that things that have already been dumbed down can't go back. Obviously that's just their opinion, but I would guess that most people agree with them.
I'm reading this discussion, and allow me to give you my two cents. It's not a matter of being impossible, but rather how much the rest of society is willing to pay to maintain such infrastructure (either through higher taxes when dealing with the government, or through more expensive goods/services when dealing with corporations, since companies need to maintain old infrastructure that most people don't use).
For example, I read that Switzerland voted to guarantee the use of physical cash, even enshrining it in the constitution, which clearly points toward preserving older infrastructure. However, if you have cash but no one accepts it, it becomes useless. So it would probably require more—something like requiring businesses and the government to accept that form of payment.
As many things in life, not impossible: but is society willing to pay for that?
This cuts both ways. Since smartphones are becoming such an essential necessity, we should neverever remove the possibility to adjust these devices for our own requirements
This has nothing to do with keeping people safe. If it did then power users could continue to install their own software by being given that ability as a developer setting. The fact that some people are gullible enough to go into a hidden setting on their phone and enable that in order to install an app from a random Chinese website is not a good reason to take away everyone's freedom. Consolidation of power is all this is about.
There is immense pressure to stop online scams which are draining old people of their life savings. The whole flow from the article seems entirely based around letting power users install what they want while being able to break the flow of a scammer guiding a clueless person in to installing malware.
It is promising that Google has avoided just turning off sideloading but still put measures in place to protect people.
I've never seen any news about such scams with actual malware that can break through Android's sandbox system - as we're still assuming a rootless systems. In most cases it's pig butchering, phishing, cold calls that make the person use the official app to transfer money to an account they're told to.
What can Bank X do to stop phone malware from scraping the user's session token from the Bank X app or website?
Yes, banks should (and sometimes do) double- and triple-check with you before allowing large transfers/withdrawals, but scammers know how to coach their victims past this. Speaking from experience.
(I also don't fully agree this is Google's responsibility, and I am not happy about this development. But there are legitimate points in favor of outsourcing the question of "will this software do nefarious things" to some kind of trusted signing authority.)
Don't do instant non-reversible transfers. Specially for a transaction that is highly likely to be fraud. I.e. person transfers to someone you haven't done business with before or foreign accounts. Also the fraud detection needs to go both ways.
Because they want to shake the image that the iPhone is for the average person while Android is for technical people who take the risk of malware and scams.
There are more grandmas who just want their banking secure than there are FOSS advocates wanting full system access.
>There is immense pressure to stop online scams which are draining old people of their life savings.
From who? I'd rather have this done by a regulated service like a bank than a private corporation with a perverse incentive. Frauds and scams are already illegal.
That't the similar narrative to "think of the children". They want to act as this middleman and secure their place, all while having unfettered access to people's data.
It also only solves that very specific problem. You don't need to side-load an app to scam someone. There's plenty of malware on the play store you can use. And, you don't need malware. There's plenty of legitimate apps you can use for scamming.
And, you don't need an app, I would imagine most scamming is done without an app.
So, really, we're solving a subset of a subset of a subset of a subset of the problem.
yes. Hence, "this isn't about keeping people safe".
The most effective means of hacking is social engineering. You can't solve that with any number of "security measures". If you require all the DNA sources in the world, a scammer will still charm a target into opening it up for them.
> Ruining Android for everyone to try to maybe help some rather technologically-hopeless groups of people is the wrong solution.
This isn't about how skilled a person is, it is about tackling social engineering. The article gave the example of someone posing as a relative, it could also be a blackmail scheme, but it could also be the carefully planned takeover of a respected open source project (ahem, xz).
What I am saying is this sort of crime affect anyone. We simply see more of it among the vulnerable because they are the low hanging fruit. Raising the bar will only change who is vulnerable. Society is simply too invested in technology to dissuade criminals. Which is why I don't think this will work, and why I think going nuclear on truly independent developers is going to do more damage than good.
There's quite a gap between this sort of opportunistic scamming that's happening all over the world and targeted multi-year campaigns that probably require the resources of a nation state.
One way to look at it: there are many open source projects targeting Android, projects that gain some sense of legitimacy over being open source yet have few (if any) eyes vetting them. Or, perhaps, the project is legitimate but people are getting third-party builds. That is what F-Droid does. That is what the developer of a third-party ROM does. It would not require the resources of a nation state to compromise them. I am not trying to cast a shadow on open source projects or F-Droid here. I am simply using them as an example because I use said software and am familiar with that ecosystem. The same goes for any software obtained outside of the Play Store, and it's likely worse since there is no transparency in those cases. Heck, the same goes for software obtained through the Play Store (but we're probably talking about nation state resources on that front).
Another way to look at it: we are only considering a specific avenue for exploitation here. If you close it off, the criminals will look for others. I would be surprised if they weren't looking for ways to bypass Google's checks. I would be surprised if they weren't looking for weaknesses in popular apps. Then there is social engineering. While convincing someone to install software is likely desirable, it certainly isn't the only approach.
Either way, I don't think Google's approach is solving the problem and I think it is going to do a huge amount of damage. Let's face it: major corporations aren't a paragon of goodness, yet Google's shift is handing them the market.
> targeted multi-year campaigns that probably require the resources of a nation state
Ha ha ha, "resources of a nation state"! One could run phishing campaigns at scale over many years without breaking the bank. This was true before LLMs, it's probably even cheaper now.
Sorry, I keep forgetting that LLMs are a thing. But I disagree because many people, especially tech-savvy people, can't possibly trust any communication that has the hallmarks of slop.
At this point it’s naive and perhaps a bit dangerous to assume that any of us can differentiate LLM from non-LLM text. I see less and less recognizable “slop” as time goes on, but I doubt the amount of content being generated has gone down.
I was always under the impression security was a red herring and the real reason was control. Google wants to own the device and rent it to users with revocable terms the same way SaaS subscription software works. Locking down what can run is a key step in that process
I worked at a bank on the backend for architecture and security.. and I've posted this attestation here before, but the sheer volume of fraud and fraud attempts in the whole network is astonishing. Our device fingerprinting and no-jailbreak-rules weren't even close to an attempt at control. It was defense, based on network volume and hard losses.
Should we ever suffer a significant loss of customer identity data and/or funds, that risk was considered an existential threat for our customers and our institution.
I'm not coming to Google's defense, but fraud is a big, heavy, violent force in critical infrastructure.
And our phones are a compelling surface area for attacks and identity thefts.
I wish we had technical solutions that offered both. For example, a kernel like SeL4, which could directly run sandboxed applications, like banking apps. Apps run in this way could prove they are running in a sandbox.
Then also allow the kernel to run linux as a process, and run whatever you like there, however you want.
Its technically possible at the device level. The hard part seems to be UX. Do you show trusted and untrusted apps alongside one another? How do you teach users the difference?
My piano teacher was recently scammed. The attackers took all the money in her bank account. As far as I could tell, they did it by convincing her to install some android app on her phone and then grant that app accessibility permissions. That let the app remotely control other apps. They they simply swapped over to her banking app and transferred all the money out. Its tricky, because obviously we want 3rd party accessibility applications. But if those permissions allow applications to escape their sandbox, and its trouble.
(She contacted the bank and the police, and they managed to reverse the transactions and get her her money back. But she was a mess for a few days.)
> (She contacted the bank and the police, and they managed to reverse the transactions and get her her money back. But she was a mess for a few days.)
And this almost certainly means that the bank took a fraud-related monetary loss, because the regulatory framework that governs banks makes it difficult for them to refuse to return their customer's money on the grounds that it was actually your piano teacher's fault for being stupid with her bank app on her smartphone (also, even if it were legal to do so, doing this regularly would create a lot of bad press for the bank). And they're unlikely to recover the losses from the actual scammers.
Fraud losses are something that banks track internally and attempt to minimize when possible and when it doesn't trade-off against other goals they have, such as maintaining regulatory compliance or costing more money than the fraud does. This means that banks - really, any regulated financial institution at all that has a smartphone app - have a financial incentive to encourage Apple and Google to build functionality into their mass-market smartphone OSs that locks them down and makes it harder for attackers to scam ordinary, unsophisticated customers in this way. They have zero incentive to lobby to make smartphone platforms more open. And there's a lot more technically-unsophisticated users like your piano teacher than there are free-software-enthusiasts who care about their smartphone OS provider not locking down the OS.
I think this is a bad thing, but then I'm personally a free-software-enthusiast, not a technically-unsophisticated smartphone user.
> And this almost certainly means that the bank took a fraud-related monetary loss, because the regulatory framework that governs banks makes it difficult for them to refuse to return their customer's money on the grounds that it was actually your piano teacher's fault for being stupid with her bank app on her smartphone
In which country? This happened in Australia. The rules are almost certainly different from the US.
For me the answer is separate devices. I have an iphone which is locked down and secure. I have my banking and ID apps on it but I can't mod it however I want. Then I have a steam deck and raspberry pi I have entertainment and whatever I want on. I can customise anything. And if it gets hacked, nothing of importance is exposed.
> . For example, a kernel like SeL4, which could directly run sandboxed applications, like banking apps. Apps run in this way could prove they are running in a sandbox. ... Then also allow the kernel to run linux as a process, and run whatever you like there, however you want.
This won't work. It's turtles all the way down and it will just end up back where we are now.
More software will demand installation in the sandboxed enclave. Outside the enclave the owner of the device would be able to exert control over the software. The software makers don't want the device owners exerting control of the software (for 'security', or anti-copyright infringement, or preventing advertising avoidance). The end user is the adversary as much as the scammer, if not more.
The problem at the root of this is the "right" some (entitled) developers / companies believe they have to control how end users run "their" software on devices that belongs to the end users. If a developer wants that kind of control of the "experience" the software should run on a computer they own, simply using the end user's device as "dumb terminal".
Those economics aren't as good, though. They'd have to pay for all their compute / storage / bandwidth, versus just using the end user's. So much cheaper to treat other people's devices like they're your own.
It's the same "privatize gains, socialize losses" story that's at the root of so many problems.
It may still be an improvement over the situation now though. At least something like this would let you run arbitrary software on the device. That software just wouldn't have "root", since whatever you run would be running in a separate container from the OS and banking apps and things.
It would also allow 3rd party app stores, since a 3rd party app store app could be a sandboxed application itself, and then it could in turn pass privileges to any applications it launches.
I can run an emulator in the browser my phone and run whatever software I want. The software inside that emulator doesn't get access to cool physical hardware features. It runs at a performance loss. It doesn't have direct network access. Second class software.
Its not what we have now, for the reasons you list. Web software runs slowly and doesn't have access to the hardware.
SeL4 and similar sandboxing mechanisms run programs at full, native speed. In a scheme like I'm proposing, all software would be sandboxed using the same mechanism, including banking apps and 3rd party software. Everything can run fast and take full advantage of the hardware and all exposed APIs. Apps just can't mess with one another. So random programs can't mess with the banking app.
Some people in this thread have proposed using separate devices for secure computing (eg banking) and "hacking". That's probably the right thing in practice. But you could - at least technically - build a device that let you do both on top of SeL4. Just have different sandboxed contexts for each type of software. (And the root kernel would have to be trusted).
I'm not familiar with SeL4 other than in the abstract sense that I know it's a verified kernel.
I interpreted your statement "Then also allow the kernel to run linux as a process, and run whatever you like there, however you want." as the Linux process being analogous to a VM. Invoking an emulator wasn't really the right analogy. Sorry about that.
For me it comes down to this:
As long as the root-of-trust in the device is controlled by the device owner the copyright cartels, control-freak developers, companies who profit end users viewing ads, and interests who would create "security" by removing user freedom (to get out of fraud liability) won't be satisfied.
Likewise, if that root-of-trust in the device isn't controlled by the device owner then they're not really the device owner.
Yes; I think that's the real impasse here. As I say, I think there is a middle ground where the device owners keep the keys, but programmers can run whatever software they want within sandboxes - including linux. And sandboxes aren't just "an app". They could also nest, and contain 3rd party app stores and whatever wild stuff people want to make.
But a design like this might please nobody. Apple doesn't want 3rd party app stores. Or really hackers to do anything they don't approve of. And hackers want actual root.
Yes, sandboxing is a technological protection, but once you have important data flowing we often don't have technological protections to prevent exfiltration and abuse. The global nature of the internet means that someone who publishes an app which abuses user expectations (e.g. uses accessibility to provide command and control to attackers) is often out of legal reach.
You also have so much grey area where things aren't actual illegal, such as gathering a massive amount of information on adults in the US via third party cookies and ubiquitous third party javascript.
Thats why platforms created in the internet age are much more opinionated on what API they provide to apps, much more stringent on sandboxing, and try to push software installation onto app stores which can restrict apps based on business policy, to go beyond technological and legal limitations.
The problem is it's quite easy to poke holes in a sandbox when you're outside the sandbox looking in, especially when the user is granting you special permissions they don't understand. These apps aren't doing things like manipulating the heap of the banking app, they are instead just taking advantage of useful but powerful features like screen mirroring to read what the app is rendering.
Don't know why this was downvoted. Some people prefer to access online services from the safety of a web browser sandbox than through an always-installed wrapper app.
You can even use the chip on the card together with some cheap HW device to authorize the transactions made with the app.
This actually exists [1] for quite some time but seems to be mostly limited to Germany. But this and the use of other HW tokens systems is on decline. Banks increasingly use apps now, increasingly without any meaningful second factor, not even offering better options. They want this and are fully to blame.
This 100%. I don't understand why everything needs to be an app nowadays. Some things are best done in person and without to technology. No, I won't install some shitty app that requests location and network access to order lunch. If a venue does not provide a paper menu and accept cash, they have just lost my custom.
Yeah, I worked at a bank once. I was told following policy and using dependencies with known vulnerabilities so my ass was covered was more important than actually making sure things were secure (it was someone else's problem to get that update through the layers of approval!). Needless to say, I didn't last long
What would happen to a normal person's phone when Google decided to revoke their Google account? Will the phone still function? Or is it "just" a matter of creating another Google account?
> People who are unwilling to figure out the risks just should not use smartphones and the internet.
That train has left the station decades ago. The internet has become an essential part of modern societies. People can't not use the internet (or smartphones), at least if they don't live in the woods.
No, why should I? I'm not proposing to "change society to 15 years ago", my idea is more selective. It's more like "do a thorough review and restore all the mechanisms that made the use of smartphones and internet optional".
It seems pretty optional in the US at least. My phone has been broken for extended periods of time before. But different story trying to use budget European airlines like Wizz that require an app to get a boarding pass.
It's also very much optional in Russia as well. Everywhere still takes cash, everything can be done on paper. And speaking of air travel, most airports actually require a printed boarding pass. IIRC you can use an electronic boarding pass in SVO since relatively recently, but I've never done that myself.
>"do a thorough review and restore all the mechanisms that made the use of smartphones and internet optional".
we should probably workshop ideas that are within reality.
downvoters are welcome to tell me how they would approach a worlwide review of everything that requires internet and un-internet it. i will wait.
some primer questions to get your brain turning: who organizes and conducts the review? who pays for the review? who pays for the implementations? whats the messaging and how do you convince people to go along with rethinking/re-implementing their entire already-working infrastructure that they have potentially spent millions to billions of dollars on? do you just dissolve all of the internet-only services, and tell the founders to suck it? who enforces it and how?
Consumer protection legislation would be a way to solve this:
If a business has more than X employees / does more than X amount of business per year / has more than X physical locations (pick one or more, make up some new criteria, tune to suit the needs of society) it must offer the same capabilities to interact with the business to those without smart phones as those with.
Small businesses wouldn't be radically impacted because they generally aren't "Internet only" anyway. The large business that are impacted have plenty of resources to handle compliance. If anything I'd argue it levels the playing field to an extent.
1) if you make it only applicable to smart phones, i just stop offering an uber smartphone app and now uber is website-only. if you apply it to "internet", as the original poster did, then:
2) companies like uber would be forced to shut down. you can say "cool, if they cant do it, their problem", which is fine, but a dozen of major issues pop up if something like 1/4 of the businesses currently propping up the stock market have to close doors or otherwise invest billions of dollars in phone centers or whatever they need.
it also raises questions about all sorts of businesses. another off the top of my head example: should 1password setup a call center where i can tell the operator what my new hackernews password is? is 1password exempt even if they have hundreds of employees and do millions per year? if yes, we have to come up with a bunch of murky criteria and definitions of what companies are exempt (across every industry, no less). which will, of course, cost a lot of time and money, just to surely be gamed. can we convince tax payers to foot that bill?
(this is also ignoring the approximately 0% chance that some sort of regulation of this sort gets pushed into law, against all of the extremely powerful tech lobbies. we dont even have ubiquitous right-to-repair!)
I'll fully admit that I'm "vibe commenting" here out of frustration with the direction society is going.
There won't ever be any consumer protection legislation like I suggested. I know that. It would make things better, but it'll never happen.
Things aren't going to get better for people who don't want to be forced to use new technology. (Eventually it'll be you being forced, too.)
I'm arguing, much in the way some techies bemoan removing malware from their parents' computer as an argument for why we shouldn't be allowed to use our mobile computers for what we want, for businesses to be required to offer ways of interacting to people who don't want to own smartphones. My argument isn't in the interests of powerful lobbies.
My wife and I have been helping her elderly aunt deal with a bank recently. I was shocked at the assumption her aunt would be able to receive SMS, use a smartphone with a camera to do "identity verification", etc. This lady has a flip phone, a land line, and no personal computer. Sure-- she could meet with someone at a branch to help her. Their first available meeting was a month away.
It's not going to get fixed. Nobody with the power to do anything about it cares.
>out of frustration with the direction society is going.
i am 100% with you.
>My wife and I have been helping her elderly aunt deal with a bank recently. I was shocked at the assumption her aunt would be able to receive SMS, use a smartphone with a camera to do "identity verification", etc. This lady has a flip phone, a land line, and no personal computer. Sure-- she could meet with someone at a branch to help her. Their first available meeting was a month away.
i have been there too, and it drives me mental.
i would love to work on realistic ways of addressing it, because it is a real issue. i am not denying that at all. my whole point, in my original comment, was that a plan of "un-internet the world" is, in my opinion, a complete waste of time and energy to seriously work on. the internet is here -- okay, lets figure it out from there. the genie isnt going back into the bottle. so lets spend our energy on ideas that acknowledge that fact, instead of trying to shove the genie back in.
Of course businesses that wouldn't make sense without technology, like Uber, food delivery, or anything else that is an app anyway, would be exempt.
I'm talking more about things that used to work without the internet for decades just fine but suddenly started requiring the use of the internet. Banks, government agencies, parking, event tickets, etc.
Oh, God... don't even get me started about fucking Ticketmaster and their goddamn app.
I've had multiple venues just straight-up tell me "no app, no entry" when I've contacted them pushing-back on installing Ticketmaster's drek.
For one I was able to play "confused old man" and get printed tickets, at least.
For another I just gave up, swallowed my morals, and loaded their app on my wife's iPhone.
There was one that I just didn't buy tickets for. The performer didn't really need my support, and I wasn't super broken up to not see them, but they lost a sale because of the stupid app requirement.
okay, well i appreciate the clarity. lets flesh it out some more.
how are you determining which businesses are affected? would you apply these regulations to entire industries (e.g. the entire finance industry) or would each business have to be reviewed independently?
if we run with the finance/bank example, what do you do about online-only banks (e.g. WealthSimple)? should they be forced to shut down?
My intuition is that it should only apply to businesses that have a physical presence, or need it to do their job. So, for banks, that would be only those with branches. We also have one of those online-only banks (T-Bank, ex Tinkoff), it's overwhelmingly popular among us millennials, but older people use something else.
that leaves a pretty big loophole, though. if i am a smaller bank that has 5-20 branches, it might just be in my best interest (profit) to just go online-only instead of implement whatever the regulations deem necessary.
(keeping in mind that this regulation applies to all industries, so the above example of closing all physical operations because the regulations make it more profitable to now be online-only, so that the regulations dont apply, repeats in all industries)
And that's fine I guess? It's important that there are banks that are too huge to go online-only.
It will be easier to comply for other industries. From my initial example, for event tickets, they wouldn't care much whether they scan a screen or a piece of paper when you enter, and they could let already-existing box offices sell the tickets. For government agencies, those already have offices, so nothing changes. For parking, just bring back the kiosks.
I had some thoughts on dynamic tax rates depending on how desirable a product or service is.
Then can do standard formulas like, will operations continue if the power is out, internet, smart phones, running water, phone lines, payment processing, etc, how long will service be down 1-3 days, weeks, months etc
If your store can't immediately switch to cash apply some modest tax increase. If people can't buy food for more than a week the extra tax is high. You might want to buy gas lamps and a "home" battery.
If we, the tech-savvy people, start pushing for it, it may have a chance of succeeding. On the other hand, if we take your defeatist approach, it's an absolute certainty that nothing will change.
I “get” technology so I understand how you got here.
But this is the wrong take. I expect to go to a restaurant and not die from the food… and I want nothing to do with the inner workings of the kitchen. I just want to know any restaurant I go into will be safe. Society has made restaurants safe, either because of government pressure or it’s good for business.
How is that not a fair ask for technology, too? We all have things we know well, and then there’s reasons we’re alive that we don’t even know exist because someone took care of it.
It’s unreasonable to only allow people to participate in society once they understand every nuance.
You could torture the analogy more and say that this is more like saying "it is possible to make bad food and kill yourself at home, so we require everyone to go to a restaurant."
Well, I mean, do you know many houses burn down because someone fell asleep while frying a pork chop? We should just get rid of kitchens at home because it's just not safe.
Oil fires cause immense damage to property and life! I don’t know why stoves are allowed in homes at all. Worse yet, they don’t implement any age verification, so a child can just turn on the burner! It’s crazy!
Your analogy doesn't work here. Going to a restaurant is like using an app store. Installing apks is like cooking at home. Nothing stops you from cooking a meal that will get you sick.
Now imagine that every restaurant in your city is owned by one of two megacorporations and they really don't want you to have a microwave at home, let alone a stove. They expect that you will get all your food from them. This is where it's going with apps right now.
Because no amount of safeguards put up by the restaurant is going to protect you from getting sick of you decide to empty a bottle of bleach into your meal.
If you want to cook at home, there's no waiting list. There's no popup you have to confirm three times. You buy a stove, which likely lasts you half your life, a fridge, some dishes, pots, pans and so on.
I think it's fine to give people an easy mode. Not everyone cares about cooking (or tech). I just wish companies weren't trying to take the advanced features from the rest of us who do care.
I think it is different for some people because they are passionate and interested in tech.
I'd imagine someone who is passionate about cooking wouldn't be delighted if you cloudn't buy any ingredients in a store.
I see the value in precooked food and black-box working technology. But for me myself, as an enthusiast: I like being able to tinker and control my technology.
you expect a restaurant to be safe but there is no guarantee that it is. Many people have had food poisoning and I am sure some have died. It is obvious you don't "get" technology at all. You don't even "get" restaurants.
And I expect to be able to open a restauraunt without surrendering my identity and private information to a huge monopolistic company.
And I expect to buy food without that food being sanctioned by a huge, monopolistic company. Especially if said company has shown itself to be completely subservient to an overbearing, increasingly fascist government.
Are they really though? does the average person really care about side loading? I think we are in an echo chamber. I can't picture any of the people in my life installing things from outside of an app store on their phone. However I realize that's purely anecdotal, it would be nice to see actual statistics on this to have a more informed decision.
When I point out that Apple listened to the Chinese government and removed apps that protestors were using to communicate during the Hong Kong protests, they seem to get it.
They removed VPNs at the request of the Russian government too (they have no operations in Russia). They are actively participating in government censorship.
If you phrase it as "sideloading" then probably not, since it doesn't sound like something they might want to do, it also sounds difficult and technical. If you phrase it as installing your own software then it might garner some interest from the general populace, as who wouldn't want the option to install their desired software.
A lot of people won't even understand the question, because they can install their apps from the app store, because that's where the apps come from, the app store has what phones crave.
Some of them will even be frightened by the question because they consider their devices scary and dangerous enough already.
I don't think it follows that the entire population of each of those countries automatically cares about this just because it's, ostensibly, being done to enforce sanctions against them.
Normies in sanctioned countries install banking apps by "sideloading" APK's downloaded from an official site. They all know exactly what "sideloading" is and why Google is banning it.
You said "hundreds of millions." If that's not "entire," it's pretty damn close.
> They all know [...] why Google is banning it.
Do they? I don't think most "normies" would come to the same conclusion you have. By definition, a "normie" seems much more likely to trust that this is being done for security rather than persecution. Especially when they learn that Americans can't easily sideload bank apps either.
> a "normie" seems much more likely to trust that this is being done for security rather than persecution
When USGov sanctions a NormieBank in a sanctioned country and its apps disappear from the Play Store and then Google announces that APK's cannot be installed anymore then even the dumbest sheeple can put two and two together.
Also, this isn't a Google issue, this is a USGov issue.
What is Google to do when people in suits ask why they provide a sanctions avoidance technology with a scary name like "sideloading"? (Sounds like something that terrorists and Iranians do, tbh.)
It sounds like you're not grasping the meaning of the linguistic construction being used by the person you're quoting. (Or you're being deliberately deceptive about your understanding of their intent. But it's probably just the former. I'm guessing you're ESL.)
"Ruining Android for everyone" ("to try to maybe help some") does not mean, "Android is now ruined for X, for all X." It means, perhaps confusingly, pretty much the opposite.
It means: "There exists some X for which Android is now ruined (because Google is trying to protect Y, for all Y)." (Yes, really. The way the other person phrased it is the right way way to phrase it—or, at least, it's a valid way to phrase it.)
> People who are unwilling to figure out the risks just should not use smartphones and the internet
People who aren't technically sophisticated should choose the smartphone ecosystem that was designed to offer the safety of a walled garden from the start.
Google sold Android as the ecosystem that gave users the freedom to do anything they like, including shooting themselves in the foot.
Google should not be allowed to fraudulently go back on their promise now that they have driven the other open ecosystems out of the marketplace.
Choosing an iPhone is not sufficient to avoid the risks of technology. The majority of online scams require nothing more than two pre-installed apps: Safari and Phone.
Before downvoting, consider providing evidence that sideloading comes anywhere close to being the root cause of most online scams.
Just yesterday I discovered that my grandmother had been receiving calls from "Google business support" on her iPhone. The fact that they can't get her to sideload some app doesn't seem to stop them.
People themselves will decide. Same way they decided whether they wanted to buy a computer in the 00s. It's just that those who decide to not have internet banking should not be disadvantaged by the society compared to those who have it.
Agreed. Businesses should not be permitted to follow a "technology only" business model (which usually means lower costs for the business) to discriminate against potential Customers who might not want to use that technology.
Could the technophobes please just buy different smartphones? If certain people want to opt in to locked down devices, I think that's okay. But please give me a device that lets me do whatever I want. (And still lets me participate in modern society—I can't live with a Linux phone).
Apple's argument for locking down the iPhone but not the Mac has always been some variation of "Mac users are professionals and iPhones are for everyone." Fine! Where can I buy the unrestricted iPhone? As far as I'm concerned, basically every problem could be solved if Apple would put the Security Research Device on an unlisted page of their online store for the general public. Normies won't buy it, and I will.
You can do that, there are custom roms and open source phones. The problem is banks are legally obligated a lot of the time to pay out for fraud and scams. So in response they won't allow you to run their software unless they can verify the compute environment.
So why can I access my bank account just fine via the website on my phone, but shouldn't be able to do the same via the app? Can't they offer at least a PWA version of the website for custom ROM users?
People tend to distrust websites. URLs are also an immutable ledger that guarantees you’re in the right spot. The web is surprisingly robust for security.
What guarantees your banking app is the right one? A PNG and an app name with no security whatsoever.
But that doesn't guarantee anything? Even if the official banking app requires tons of verification, that doesn't prevent me from modding their banking app and redistributing the modded version to up to 20 people.
We already have that. The market for the "technophobe" (e.g. above average and below levels of security awareness) phone is 100x larger.
That means the people who say "I can evaluate the intricacies and impacts of software authorization" have significantly fewer speciality devices to pick from, and those devices may not be worth developers (or regulators) making carve-outs to support.
Android has about 2/3 worldwide market share and it hasn't had anything like this before. Many people, myself included, chose it exactly because it allows the installation of modded, pirated, or otherwise non-store-worthy apps.
The 2/3 marketshare must be almost entirely due to Android being cheap and accessible, not because those people need to install arbitrary software. A lot of mobile plans don't even give you GB/mo, they give WhatsApp messages/mo.
There two main mobile OS in the space, one moron-proof but limited, the other a bit more permissive, but slightly less secure for it.
The problem is that most apps target only those two, and the second is trying to moron-proof, loosing most of it value to part of its users, while the apps are still locked in.
> to try to maybe help some rather technologically-hopeless groups of people
Even if they're the majority?
(Keep in mind that as average lifespan keeps getting longer while birth rates keep going lower, demographics will tend to skew older and older. Already happened in Japan; other developed countries will catch up soon.)
> They should probably not have a bank account at all and just stick to cash.
You know that these (mostly) don't fall into this category of being "hopeless with [modern] technology" because they're cognitively impaired, right?
Mostly, the people who most benefit by these protections, are just people 1. with full lives, who 2. are old enough that when they were first introduced to these kinds of technologies, it came at a time in their life when they already had too much to do and too many other things to think/care about, to have any time left over for adapting their thinking to a "new way of doing things."
This group of people still fully understands, and can make fluent use of, all the older technologies "from back in their day" that they did absorb and adapt to earlier in their lives, back when they had the time/motivation to do so. They can use a bank account; they can make phone calls and understand voicemail; they can print and fax and probably even email things. They can, just barely, use messaging apps. But truly modern inventions like "social media' confound them.
Old bigcorps with low churn rates are literally chock-full of this type of person, because they've worked there since they were young. That's why these companies themselves can sometimes come off as "out of touch", both in their communications and in their decision-making. But those companies don't often collapse from mismanagement. Things still get done just fine. Just using slower, older processes.
(some) people are starting to understand why cash is so important. It's the neutrality that it provides. The fact that it can't be programmatically limited or censored and you can't be excluded from the economy. Cash is inclusive.
Obviously cash becomes much harder to "use" online and in apps...
Activists and human rights lawyers are constantly getting their bank accounts closed or denied, even UN human rights council members, members of the ICC, journalists, pro-palestine activists or people in the BDS movement, it happens ALL the time now in europe, people have no idea how bad that has become, nobody in mass media is ever reporting on it.
I got personally de-banked from one bank and I'm nobody. I had other options, so it was only a minor issue, but I can't imagine what it's like for people when they run out of alternatives.
I'm not surprised - the Zionist lobby has basically criminalized all opposition to it.
Trump's "anti-DEI" geniuses ensured that any censure of Israel and its crimes would lead to the total destruction of one's life in the US (Gleen Greenwald talks about this on Tucker).
Given how this is going, I'd not be surprised if anti-semitism comes roaring back by the end of the decade.
open source alternative, at first it's going to suck. but over time it will win. imagine how miserable we would be if all we had was windows and osx. but we have linux. we are now at such crossroads were the choice is android and apple, we need a free alternative. much sooner than most realize the threat to freedom from big corps, govt and others will be so big that we would wish to have a free mobile OS. mobile is now the main computing platform and needs a free big corp alternative. it's true that some big corps would refuse to allow there apps to run on there like a bank, but that's okay! there will be alternatives ...
Yellowstone rangers taught us that building an effective anti-bear trash container is impossible because the top 10% of bears are smarter than the bottom 10% of tourists.
I like this idea. But last time I tried it the customer representative on the other line told me they were sorry but they could not accommodate my request at this time.
> At this point I'm convinced that there's something deeply wrong with how our society treats technology.
The problem isnt with technology. The problem is with physical ownership versus copyright/trademark/patent ownership in abeyance of physical ownership.
I go to a store and buy a device. I have a receipt showing a legal and good sale. This device isnt mine, even if a receipt says so.
The software (and now theres ALWAYS software) isnt mine and can never be mine. My ownership is degraded because a company can claim that I didn't buy a copy of software, or that its only licensed, or they retain control remotely.
And the situation is even worse if the company claims its a "digital restriction", ala DMCA. Then even my 1st amendment speech rights are abrogated AND my ownership rights are ignored.
It would not be hard to right this sinking ship.
1. Abolish DMCA.
2. Establish that first sale doctrine is priority above copyright/patent/trademark
3. Tax these 'virtual property rights'
4. Have FTC find any remote control of sold goods be considered as fraudulently classified indefinite rental (want to rent? State it as such)
If you think about it for as long as I did, you will find that the moment everything went sideways is when general-purpose computing devices started having their initial bootloader in the mask ROM of the CPU/SoC. Outlaw just that, say, by requiring the first instruction the CPU executes to physically reside in a separate ROM/flash chip, and suddenly, everything is super hackable. But DMCA abolition would certainly be very helpful as well.
'Only the educated elite should be permitted to use technology' is a great take, but unfortunately the peons outvote and outspend you, so their opinions matter more than yours.
I fully agree. Similar to killing bacteria with antibiotics, Attempting to idiot-proof machinery only leads to the creation of idiot-proofing-resistant idiots.
We need to move back to putting users back into full control. Machines (including computers) should ALWAYS respect the input of the user, even if the user is wrong.
If a person shoots themself with a gun as a result of their incompetence, we don't fault the gun manufacturer for not designing the gun to prevent auto-execution. If you can't operate a firearm safely, you shouldn't attempt to operate a firearm.
Similarly, if a person deliberately points their car a solid object and accelerates into it, the actions of the operator shouldn't be the car manufacturer's responsibility. We need to get rid of ESC, ABS, AEB, etc. These features have created a whole slew of drivers who speed headfirst into the back of stationary drivers and expect their car to stop itself. This works right up until a sensor fails and the operator flies through the windshield (usually people like this don't wear seat-belts). If you can't drive, you shouldn't be driving until you rectify your incompetence.
Similarly, phones and computers should respect user input. If a users wants root access to their personal device, they should be able to get root access. If a user runs "rm -rf --no-preserve-root /" as root, the device should oblige and delete everything, since that is what the operator instructed it to do. If you can't be trusted to use a computer, you shouldn't be using a computer until you rectify your incompetence.
The lack of accountability in modern society is disgusting, and it leads to much deeper societal problems when people refuse to better themselves and instead expect the world to shield them from their willful ignorance.
I was with you right up until "We need to get rid of ESC, ABS, AEB, etc.".
That is unreasonable. ABS, ESC, and AEB all exist to interpret what the driver intends. The driver does not intend for their wheels to lock up, that's why ABS exists, nor does the driver intend to skid. You can argue that AEB does not reflect the will of the driver, but it can also be disabled.
Smartphones and the internet are really useful and convenient. Even if we could make it work, it seems quite rude to say that people should be excluded from it because we can't be bothered to make it safe.
Consider an older technology that became fundamental to much of daily life a century or two ago: writing. After a few millennia where literacy was a specialized skill, we pretty quickly transitioned to a society where it was essential for common activities. Rather than make sure everything had pictures and such to accommodate the illiterate, we tried to make it so that the entire population is literate, and came pretty close to succeeding. There are people who just outright can't read for whatever reason, but they're a very small minority and we aim to accommodate them by giving them assistance so they can get by in a literate world, rather than changing the world so you don't need to be able to read to live a normal life.
Rather than saying that half the population (a low estimate, I believe, for how many people will fall prey to malware in an anything-goes world) should abandon this technology, we should work to make it so they don't have to, with some combination of education and technological measures.
Some people don't want to be taught about some things because they don't care enough about them. I was told a story as a kid about a grandma that didn't want to learn to read and write. It's the same thing here — there are people who don't want a smartphone. They were just fine with an old cell phone that could only call and text, but then the society forced them to buy a smartphone, so they did, but they still don't really want it. It's still a burden to them. It still creates more problems for them than it solves. I know several people like that.
Is this even the reason? If Android phonemakers are simply concerned about tech-illiterate users switching to iPhone, they could sell a locked-down Android phone that requires some know-how to unlock.
> Ruining Android for everyone to try to maybe help some rather technologically-hopeless groups of people is the wrong solution.
Those groups of people are Google's paying customers. Google will, of course, defer to the ones who need more help to be safe online over the ones who don't. That's how you create a safe ecosystem.
What's then left as Google's advantage? I'm really not interested in buying myself a cage, but if Google will make me choose between two cages then Apple has nicer one.
you also don't need to pay apple for using xcode and building apps for ios either; the 99 dollars is for uploading to appstore or installing to devices for more than 7 days
Illegal would by a hyperbole. But the noose is tightening a bit.
There are upcoming limits for cash transactions (10K, countries can opt to go lower), and strong requirements for identity verification at 3K or more euros in cash.
Also illegal in Denmark. You need a NemKonto by law. Also making cash payments over 15000 is illegal since 2024.
So you can't make a large purchase without a bank transfer.
Not illegal per se in Germany but you won't find a legal job that doesn't require you to have a bank account. Benefits will also only be paid electronically (exceptions for some asylum seekers apply).
You also cannot get a tax refund or pay taxes without a bank account.
Not sure how it works in countries that didn't go through 80 years of socialism, but I assume that you're saying that in those countries, your salary is required to go to your bank account and can't be paid in cash. Then you can still pretty much "stick to cash" by withdrawing the whole thing on your payday. But then idk, maybe everyone in those countries is aware of the risks related to keeping their money in a bank, it's just the internet banking that introduces the new ones for them.
I agree. In fact, one of the things I frequently propose is that we disallow the elderly and mentally disabled from using advanced technology without government proctor. In this way we can protect them. Everyone else can choose to turn off their scam protection.
People frequently talk about this with respect to AI and ads and how it’s bad for people to be use these things. I recommend we disallow the internet entirely for classes of people whose minds are not ready for the downsides of the tech.
With your Adderall prescription should come a phone number to sign up to the government proctoring service.
Your mistake is taking Google's argument at face value. Protecting users is an outright lie, this is purely about control.
Google doesn't give one single shit if users download malware from the Play Store, but hypothetical malware from third party sources is so much worse that we need to ruin the whole OS? That doesn't pass the sniff test.
Google wants to make sure you can only download malware from developers who give google a cut. They want to control the OS and remove user choice. That's all it is. That's what it's always been about.
"Protecting users" is a pretense and nothing more. Google does not care at all about user safety. They aren't even capable of caring at this point. There are far, far cheaper and more effective ways to actually protect users, and google isn't doing any of them.
I'm assuming good faith and giving them the benefit of the doubt.
Of course it might be that they want more control. In addition to controlling the world's most popular web browser and the world's most popular search engine and the world's most popular online advertising network and the world's most popular online video service.
It's really hard to when there's already technical solutions. They could require a process like bootloader unlocking that puts it in "dev" mode for instance
While signing is useful, leaving no escape hatch imo is blatantly predatory
These restrictions already don't apply to something you install over adb, so there's already that. But that still considerably raises the bar for things like apps made by sanctioned entities, for example, most Russian banks.
It's all part of the war on general computing. This dystopian nightmare is coming to desktop operating systems too. See the age verification stuff that's all of a sudden being pushed hard by countries all over the world.
As someone that was going to switch from iPhone to Android/Pixel later this year, at least now I know not to bother anymore, as the locking down of Android won't stop here.
It's crazy to me how technical people willfully disregard the coming end of individually-owned general purpose computers. I have a strange mix of nostalgia and crushing sadness knowing that I got to live through that time.
No, you have that backwards. A society is judged by how it treats its least able members. Android devices are primarily for mainstream users, not us. Technically adept users are the minority and we can deal with a few hoops to customize our phones the way we like.
It's selfish to advocate against better protections for the least able people in the world just for our own convenience.
This is going to hurt legitimate sideloading way more than actually necessary to reduce scams:
- Must enable developer mode -- some apps (e.g., banking apps) will refuse to operate and such when developer mode is on, and so if you depend on such apps, I guess you just can't sideload?
- One-day (day!!!) waiting period to activate (one-time) -- the vast majority of people who need to sideload something will probably not be willing to wait a day, and will thus just not sideload unless they really have no choice for what they need. This kills the pathway for new users to sideload apps that have similar functionality to those on the Play Store.
The rest -- restarting, confirming you aren't being coached, and per-install warnings -- would be just as effective alone to "protect users," but with those prior two points, it's clear that this is just simply intended to make sideloading so inconvenient that many won't bother or can't (dev mode req.).
>- Must enable developer mode -- some apps (e.g., banking apps) will refuse to operate and such when developer mode is on, and so if you depend on such apps, I guess you just can't sideload?
Hi, I'm the community engagement manager @ Android. It's my understanding that you don't have to keep developer options enabled after you enable the advanced flow. Once you make the change on your device, it's enabled.
If you turn off developer options, then to turn off the advanced flow, you would first have to turn developer options back on.
>- One-day (day!!!) waiting period to activate (one-time) -- the vast majority of people who need to sideload something will probably not be willing to wait a day, and will thus just not sideload unless they really have no choice for what they need.
ADB installs are not impacted by the waiting period, so that is an option if you need to install certain unregistered applications immediately.
I don't think Google should be changing Android this way at all, and fear that it will later be used for evil. That said, I thought of an improvement:
Allow a toggle with no waiting period during initial device setup. The user is almost certainly not being guided by a scammer when they're first setting up their device, so this addresses the concern Google claims is driving the verification requirement. I'll be pretty angry if I have to wait a day to install F-Droid and finish setting up a new phone.
Evil, for the record would mean blocking developers of things that do not act against the user's wishes, but might offend governments or interfere with Google's business model, like the article's example of an alternative YouTube client that bypasses Google’s ads. Youtube is within its rights to try to block such clients, but preventing my device from installing them when that's what I want to do is itself a malicious act.
> Allow a toggle with no waiting period during initial device setup
I like this idea in principle but I think it could become a workaround that the same malicious entities would be willing to exploit, by just coercing their victims to "reset" their phones to access that toggle.
Isn't app data, photos etc. usually synced with the Google account? Besides, Google claims that the scammers are using social engineering to create a feeling of panic and urgency, so I think the victim would be willing to reset and log in to the accounts again in such a frame of mind.
I'm sure there's a hypothetical scenario where someone successfully runs a scam that way, but there's also a hypothetical scenario where a 24 hour wait doesn't succeed at interrupting the scam.
None of this is stopping a malicious entity. We keep trying to use tech (poorly thought out tech at that) to solve issues of social engineering. And no one is asking for a solution, either; it's being jammed in for control.
Such a silly statement. Of course tech can solve social engineering problem, we do so every day startign from UX design. This is a good solution to killing urgency.
Ux is made for humans. Humans can learn to exploit UX. This is as useless a battle as fighting piracy: you will destroy your product before you solve the problem.
> It's my understanding that you don't have to keep developer options enabled after you enable the advanced flow. Once you make the change on your device, it's enabled.
Ok, but why is this advertised to applications in the first place? It's quite literally none of their business that developer options are enabled and it's a constant source of pain when some government / banking apps think they're being more "secure" by disallowing this.
> ADB installs are not impacted by the waiting period, so that is an option if you need to install certain unregistered applications immediately.
Someone is just going to make a nice GUI application for sideloading apks with a single drag-and-drop, so if your idea is that ADB is a way to ensure only "users who know what they're doing" are gonna sideload, you've done nothing. This is all security theatre.
The scammers don't even need to make a GUI, they just need to get you to enable adb-over-tcp and bridge that to their network somehow - an ssh client app would do the trick.
How many people do you suspect are gullible enough to fall for these scammers but also competent enough to install an SSH client and enable port-forwarding for an ADB proxy? Like fifteen people worldwide?
How many people are gullible enough right now to plug a phone to a laptop over USB and execute an exe on an operating system with no sandboxing at all? ADB even seems to work over webusb. (at that point you may as well give up on hacking the phone, but I digress). That's exactly why I believe the problem is more complicated and why Google's solution is not really fixing anything, not for the users.
If you mean things like Shizuku or local adb connection through Termux, it's quite an awkward process to set up even for someone like me who's been building Android apps since 2011. Like, you can do if you really really need it, but most people won't bother. You have to do it again after every reboot, too.
People who want your money always want to have really great UX. I remember how painless buying lottery tickets online was, it was the smoothest checkout experience in all of online shopping I have ever done.
Why do you keep harping on about ADB installs. That's not helpful. It doesn't help me install open source apps from FDroid. It's ridiculous that you think booting up a computer and using ADB is a reasonable workaround. It isn't.
How? Reading this it seems like only verified developers can skip this process. Most Fdroid developers won't be verified. I don't see where it says Fdroid would be exempt from this requirement. Would Fdroid be a verified developer?
The only reason I run android over iOS is the freedom to install things I want on it. A waiting period is unacceptable as Android has proven that it can't be trusted not to tighten the grip further.
Why don’t you create an option to bypass this whole thing permanently on adb then? You can even add your 24h delay.
I’m not convinced this is really to protect users from being hurt by scammers, it is really about protecting the users from doing what hurts your company interests.
Thank you so much for clarifying! That is most definitely not as bad as I had feared.
I still feel, though, that having to go ahead and proclaim “I am a developer!” just to enable sideloading is a bit much, as almost certainly the vast majority of sideloaders aren’t developers. Nonetheless, it does keep sideloading as an option, and I do see why, from Google’s perspective, using the already-existing developer mode to gate the feature would be convenient in the short term. Perhaps the announcement should specify this -- I suspect a number of people who read it also noticed the lack of that clarification.
And yes, good point on ADB. That does make this less inconvenient for developers or power users, though doesn’t help non-developers very much.
So give me a way to completely disable this nonsense via ADB.
This is hot garbage. Eliminating third party app stores like F-Droid defeats the whole purpose many of us even bother running Android instead of locked down Apple stuff.
Will third party apps like bank apps be able to detect whether advanced mode is enabled or not, like how they currently detect if developer options is enabled?
Do I need to be signed in to Google play to get the sideloading exception turned on? I don't sign in to it because I don't want to have my phone associated with a Google account. But I can't uninstall play completely on the devices I have.
It says something about 'restart your phone and reauthenticate' that's why I'm asking. What do you autenticate?
> ADB installs are not impacted by the waiting period, so that is an option if you need to install certain unregistered applications immediately.
Um yeah but then do I have to install every update via adb? I want to just use F-Droid.
>It says something about 'restart your phone and reauthenticate' that's why I'm asking. What do you autenticate?
You're authenticating that you're the device owner (via your device's saved biometrics or PIN/pattern/password).
>Um yeah but then do I have to install every update via adb? I want to just use F-Droid.
No, once you go through the advanced flow and choose the option to allow installing unregistered apps indefinitely, you can both install and update unregistered apps without going through the flow again (or using ADB).
This part I don't understand. I want to allow for a couple minutes, the time to install a unregistered app, and then go back to deny. I don't want to allow "for 7 days" or "indefinitely". In the text and screenshot of the announcement I see that you can switch these feature "on", but can they be switched "off"?
Every single one of these steps are blatantly an attack on user freedom. The steps to unlocking the bootloader and install a different rom are not nearly as onerous. The only thing I will accept as reasonable, is a complete abandonment of this policy. Google has destroyed all trust I could have in it, and these weaselly worded concessions are based on a bullshit premise.
I see the chosen language of "certain unregistered applications" (I suppose company mandated) already hints on the goal of control aspect. I want to deploy apps on my device. They are my apps, it’s my device, and I should not be required to ask for permission to do so.
So... we're just going to move the scam into convincing the end user to run an application on their PC to ADB sideload the Scam App. Got it, simple enough. It's not hard to coach a user into clicking the "no, I'm not being coached" button, too, to guide them towards the ADB enable flow.
I think this is a "don't let the perfect be the enemy of the good thing". It's technically possible to get around, but adding more speed bumps in the way of scammers tends to drastically reduce the number of people who get scammed.
This is clearly anticompetitive. Hope regulators will figure out, then we won't have it eg not in the EU. However, Google is also abusing their power to e.g. deinstall apps without any option to decide using 'play protect' and blocks whole alternative stores through 'safe browsing' flags.
I posted this play protect incident about IzzyOnDroid a few days ago, because I was so outraged:
https://news.ycombinator.com/item?id=47409344
> - Must enable developer mode -- some apps (e.g., banking apps) will refuse to operate and such when developer mode is on, and so if you depend on such apps, I guess you just can't sideload?
What apps are those? I've yet to run into any of my banking apps that refuse to run with developer mode enabled. I've seen a few that do that for rooted phones but that's a different story. I've been running android for a decade and a half now with developer mode turned on basically the whole time and never had an app refuse to load because of it.
I can use Wero just fine in my banking app. Can't try the app that's called Wero in the Play store because it just directs me to my banking app. But I can open it at least ...
Philippines' most popular e-wallet app GCash outright closes when the developer mode is enabled with the popup saying that the device has "settings [enabled] that are not secure".
The one-day waiting period is so arbitrary. Have they demonstrated any supporting data? We know google loves to flaunt data.
Something like Github's approach of forcing users to type the name of the repo they wish to delete would seem to be more than sufficient to protect technically disinclined users while still allowing technically aware users to do what they please with their own device.
Brother, there's an entire genre of scamming where the scammers spend months building rapport with their victims, usually without ever asking for anything, before "cashing out". One day is nothing.
Wouldn't a wait time like 2 hours with some jitter make it more difficult for a scammer to pursue the case? People aren't going to be willing to stay on the phone for hours at a time. With 24 hour wait, the scammer could just schedule another call for the next day.
This is obvious to anyone with a brain. I'm not familiar with scam logistics or the videos you mentioned, and the exact same line you put in quotes is what first came to my mind.
tl;dr of this post is that Google wants to lock down Android and be its gatekeeper. Every other point of discussion is just a distraction.
I think the more important aspect is that people will have 24h to slow down, think, and realize that they are being scammed. Urgency and pressure is one of the top tactics used by scammers.
Scammers will definitely call back the next day to continue. But it is quite possible that by then the victim has realized, or talked to someone who helped them realize that they are being scammed.
There's been some reporting recently where I live about a case of some woman being scammed.
She went to a bank to transfer the scammer money. They told her no. She came back the next day. The police got involved and explained everything to her. Then she came back the next day. After that, she apparently found another location which let her transfer the money.
There's basically zero chance a 24 hour (or any amount of a) cool off period will help these people.
It's not one example. The scammers purposefully target people like these. That's their business.
Like, I'm sure there's a small amount of people who normally wouldn't get scammed but fall for it in a panic. But, is that really such a big concern for Google that they absolutely must continue stripping user freedoms from us? Is the current 30s popup which needs 3 confirmations not enough? Will the new one really work?
> helping some people is great even if it doesn't help everyone
It's kind of funny, but I very much agree with this. It's just in this case, it's hurting everyone (in ways most don't even realize) so that you can help a few people.
It's like putting everyone in prison, because some people might commit a crime and this would save some victims. A bit of an overreaction, no?
Right, this friction makes it much harder for a scammer to get away with saying something like, "wire me $10,000 right now or you won't see your child ever again!" as the potential victim is forced to wait 24 hours before they can install the scammer's malicious app, thus giving them time to think about it and/or call their trusted contacts.
The sheer arrogance that you think someone manipulated successfully will just re-think the situation and ask their friends/family. The naivety to assume all scammers are impulsive fools and don't do this for a living, as their primary line of work.
So Google's going to add some nonsense abstraction layer and when this fails to curb the problem after a 24 hour wait, it will be extended more maybe a week, and more information must be collected to release it. We all know how this goes.
Sure, but what about a 30 minute delay? 1 hour? 2 hour?
24 is just so long.
But also, my expectation is that a scammer is going to just automate the flow here anyways. Cool, you hit the "24 hour" wait period, I'll call you back tomorrow, the next day, or the next day and continue the scam process.
It might stop some less sophisticated spammers for a little bit, but I expect that it'll just be a few tweaks to make it work again.
24 hours is long enough to get them off the phone, and potentially talking to other people who might recognize the scam.
There will be some proportion of people who mention to their spouse/child/friend about how Google called them to fix their phone, and are saved by that waiting period.
Sure, but wouldn't 35 hours do the same trick? Or 5 hours? Or 10 hours and 28 minutes? :)
The question is, why exactly 24 hours? The argument is that the time limit is set to protect the users and sacrifice usability to do so. So it would be prudent to set the time limit to the shortest amount that will protect the user -> and that shortest amount is apparently 24 hours, which is rather.. suspiciously long and round :)
You've got to pick some time value (if you choose this route at all), and if the goal is to prevent urgency-coercion it needs to be at least multiple hours. An extremely-common-for-humans one seems rather obvious compared to, like, 18.2 hours (65,536 seconds).
Unless you want to pick 1 week. But that's a lot more annoying.
Well, I guess 24 hours gives a good change to include at least one window where a vulnerable person might be able to speak with a trusted contact.
Someone who lives in another timezone or works weird hours etc. Our routines generally repeat on 24hour schedules, so likely to be one point of overlap.
Have you ever watched Kitboga? Scammers call people back all the time. They keep spreadsheets of their marks like a CRM. It takes time to build trust and victimize someone, and these scammers are very patient.
It sounds like the 24 hour advanced flow should be completely removed then to protect these people. Right? It can't be perfect so to follow you, it should not exist.
You have to wait one day only once, when enabling the feature. I agree that enabling developer mode could be a problem but mostly because it's buried below screens and multiple touches. As a data point, I enabled developer mode on all my devices since 2011 and no banking app complained about it. But it could depend by the different banking systems of our countries.
They don't operate in my county AFAIK. However that reinforces my idea that the endgame will be a pristine Android phone in a drawer at home with the banking apps required for accessing their sites with 2FA and another phone in my pocket for daily use.
> This is going to hurt legitimate sideloading way more than actually necessary to reduce scams
Isn't that the objective? "Reducing scams" is the same kind of argument as "what about the children"; it's supposed to make you stop thinking about what it means, because the intentions are so good.
> some apps (e.g., banking apps) will refuse to operate and such when developer mode is on
And you blame Google for this? First of all, banks chose to make apps work this way, not Google. Moreover, they chose this likely due to scams. That proves scamming on android IS an issue that needs some technical solution.
their goal is to make software installation as painful as possible without being outright impossible : ‘sideloading’ is only ever a euphemism for ‘illegitimate’.
We'll see when this rolls out, but I don't foresee the package manager checking for developer mode when launching "unverified" apps, just when installing them. AFAICT the verification service is only queried on install currently.
Googler here (community engagement for Android) - I looked into the developer options question, and it's my understanding that you don't have to keep developer options enabled after you enable the advanced flow. Once you make the change on your device, it's enabled.
If you turn off developer options, then to turn off the advanced flow, you would first have to turn developer options back on.
If I understand correctly, the F-Droid store itself would be possible to install without waiting period, as it's an app from a verified developer.
Would apps installed from F-Droid be subject to this process, or would they also be exempt? Could that be a solution that makes everyone happy? Android already tracks which app store an app originates from re: autoupdating.
Also: Can I skip the 24h by changing the my phone's clock?
If one verified app can install many unverified apps, either aurora droid or fdroid basic or one of the many other frontends would end up offering that feature quickly.
But there's been some comments that even that wouldn't be possible, every app would have to be verified individually, or be signed by a developer with less than 20 installs.
(Which of course then begs the question: Why not build a version of Fdroid that generates its own signing key and resigns every app on device?)
As described developer mode is only required at install time. Remains to be seen in the actual implementation, but as described in the post developer mode can be switched off after apps have been side loaded.
Yes, it is really dumb that some of these settings are exposed to all apps with no permission gating [0]. But it will likely always be possible to fingerprint based on enabled developer options because there are preferences which can only be enabled via the developer options UI and (arguably) need to be visible to apps.
What might help better is having permissions that you can set separate settings that can be read for different apps (including the possibility to return errors instead of the actual values), even if they can be read by default you can also change them per apps. (This has other benefits as well, including possibility of some settings not working properly due to a bug, you can then work around it.)
Because estimates suggest Americans lose about $119 billion annually to financial scams, which is a not insignificant fraction of our entire military budget, or more than 5% of annual social security expenditures.
Banks do these things to check security boxes, not to prevent scams.
In this case, they don't want users to reverse-engineer their app or look at logs that might inadvertently leak information about how to reverse-engineer their app. It is pointless, I know, but some security consultant has created a checkbox which must be checked at all costs.
What do scams have to do with having developer options enabled?
This isn't a rhetorical question. There's no big red warning on the developer options screen saying it's dangerous. I haven't heard about real-world attacks leveraging developer settings. I suppose granting USB debug to an infected PC is dangerous, but if you're in that situation, you're already pwned.
Android is attempting to discourage good / regular users from sideloading apps, rooting their phone, etc.
Android wants good / regular users to pass things like Play Integrity with the strongest verdicts.
This helps app distributors to separate regular good users from custom clients, API scripting etc that is often used to coordinate scamming, create bots, etc. If an app developer can just toss anyone who doesn't pass Play Integrity checks in the trash, they can increase friction for malicious developers.
Nobody reads disclaimers, and people who get scammed and lose their life savings won't be made whole by being told "you accepted the disclaimer, nothing we can do."
Most of the victims were last in school in the 1960s when all this stuff didn't exist. Also from experience teaching people with dementia or memory issues is kinda challenging as they just forget.
I wonder if you might be relying on a stereotype of victims. Here's some recent data: "The 2024 FTC Consumer Sentinel Network reported that 44% of all 20-somethings claimed losses in 2023". More data here: https://www.synovus.com/personal/resource-center/fraud-preve...
I don't know. I've been silently outraged and disappointed by this whole forbidding of unverified apps, but also hopeful it wouldn't affect me much as a user of grapheneos.
But this process seems pretty reasonable to me.
I'd like to think it is due in part to the efforts of F-Droid and others.
Waiting a day, once, to disable this protection doesn't seem like a big deal to me. I'd probably do it once when I got a phone and then forget about it.
I happen to have developer mode enabled right now, for no good reason other than I never disabled last time I needed it. Haven't had any issues with any apps.
I actually think these protections could help mitigate scammers.
It's not directly a big issue for us technical people and our own individual usage. Telling people about F-Droid, NewPipe (& forks) or secuso apps will be a pain. People will find free software / software not approved by Google complicated or suspicious. It is a huge issue, and even for us in the end because it hurts the software we love.
> some apps (e.g., banking apps) will refuse to operate and such when developer mode is on
Enable dev mode, sideload the apk, then disable dev mode. I'd argue that it is poor security practice to keep developer mode enabled long-term on a phone that is used for everyday activities, such as banking.
Didn't Google already lose a case over making it hard to install alternative app stores? How is this not going to get them hit again? This is way worse than what Epic sued over.
> Restart your phone and reauthenticate: This cuts off any remote access or active phone calls a scammer might be using to watch what you’re doing.
This is smart.
But putting my design hat on here: couldn't this be the whole approach? When enabling the "unverified apps" setting, the phone could terminate all running apps and calls before walking the user through the process.
Why do you even need the rest of the complexity -- if the fear is that non-savvy users are being coached into installing malware,then preventing comms while fiddling with the settings seems pretty OK?
You could even combine this with randomised UI, labels etc. so it's not possible to coach someone in advance about what to press.
The forced ID for developers outside the Play store is already killing open source projects you could get on F-Droid. The EU really needs to identify this platform gatekeeping as a threat. As an EU citizen I should not be forced to give government ID to a US company, which can blacklist me without recourse, in order to share apps with other EU citizens on devices we own.
The DSA covers App stores with a large numbers of users - this is about allowing users side load unsigned apps. Afaik there is no requirement to identify the developers of applications that can be installed on a vendors platform (outside the app store). Otherwise Microsoft would require Government ID to compile and email someone an EXE.
Welp, I guess my current Android phone will be my last one.
At least half of the apps I use on a daily basis come from f-droid. This enforced 24-hour wait is simply not acceptable. Android has always been a far inferior overall user experience compared to iPhone. Android's _only_ saving grace was that I could put my own third-party open-source apps on it. There is nothing left keeping me on Android now.
I'll probably get an iPhone next, but I do sincerely hope this hastens progress on a real "Linux phone" for the rest of us. Plasma Mobile (https://plasma-mobile.org) looks very nice indeed. I'll be more than happy to contribute to development and funding.
If it helps, the 24-hour wait is a one-time process. You do it once, click the toggle to allow installing unregistered apps indefinitely, and then install whatever you want. You can even turn off developer options afterwards, per my understanding, and it won't impact your ability to install unregistered apps.
That does not help. That is a fundamentally fucking insane limitation that will completely destroy any developer's ability to develop without getting approval from Google. Regardless of my feelings of the annoyance of going through this process myself, 90% of users simply will not go through this process to install apps, killing any potential userbase. Google has no goddamn right to be the sole dictator of who is allowed to develop software for the largest platform in the world, to decide who is allowed to have a career in mobile software development and who is not, and you should be utterly ashamed of yourself for accepting a paycheck to defend this. I hope your shitty company and Apple both get their comeuppance in court for these monopolistic practices, and may we some day get a future where anyone is free to develop software without approval of a central police corp.
Switching to an iPhone will put you in an even worse walled garden that respects you even less. Even simple things like setting your default navigation app in iOS are gated behind moving to the EU.
If they manage to expand their lineup a bit, that'll be my next phone. Or, if a company makes a phone with GrapheneOS preinstalled, I'm giving them my money.
Fuck Google for doing this, and Play Integrity making me unable to use banks is even worse.
> if a company makes a phone with GrapheneOS preinstalled, I'm giving them my money.
FWIW you can buy a Pixel (new or 2nd hand) and install GrapheneOS via the Web https://grapheneos.org/install/web with nothing (genuinely nothing) installed on your computer and get it working in ~15min (depending on your connection to download the ROM) out of which maybe ~2min will be your interacting with the setup process.
I initially bought an /e/OS precisely with your requirement, namely I "just" want a phone that works when I receive it, no tinkering, but having installed GrapheneOS myself few days (or weeks?) ago I can tell you, it's really straightforward.
They're actually partnering with Motorola and have phones coming out next year! It sounds like they'll be the Motorola Signature, Razr and Fold (iirc).
And what kind of support do you think a Linux phone will have? While also having trash tier security. I don’t see that as an issue (for Americans at least since most banks here don’t use NFC/wallets in their apps), just use the web browser to access your bank.
Also GrapheneOS has in my experience decent banking app support outside of a handful of apps (including, ironically, my main bank which disabled GrapheneOS support a week or two ago). There is a maintained list of working apps that you can see for yourself: https://privsec.dev/posts/android/banking-applications-compa...
Does/do your bank/s absolutely always require you to use an app? Is there a desktop/website that you can use? Do they have a brick and mortar location?
Probably f droid will become an official app store recognized by Google, and then you won't have to go through this flow to install f droid or its apps.
Death, taxes and escalating safety are the only certainities in this tech dominated world. So, be ready for more safety in the next round few months/years down the line. Eventually Android will become as secure as ios. We need a third alternative before that day comes.
It's not a win by any means. I hope that we don't stop making noise.
It's a a defeat, albeit a minor one. The defeats will escalate until there's nothing left to lose. "Normies" don't care and the tech people who do care are fewer and further between than you'd think.
I believe that is why "escalating safety" and "secure" were written in italics in the comment. Those are the terms Google would use, not necessarily the truth.
Google serves ads with known scams and nothing seems done about it.
Yet, they are concerned about this.
It has nothing to do with safety, but everything to do with control.
I remember when Google disabled call recording in Android, so you no longer could record scammers. Thanks to recording I was able to get money back from insurance company that claimed they absolutely didn't sell me this and that over the phone (paid for premium insurance and got basic).
> I remember when Google disabled call recording in Android, so you no longer could record scammers.
Citation needed. My Pixel 7a with the latest updates has settings for call recording in the phone app. Since I never screwed around with it, I'd assume these are the defaults:
Call recording is turned on, with "asks to record calls" set
Automatically delete recordings is "never"
Automatically record calls with non-contacts is off
No specific numbers to automatically record calls are set
There is also a note that you have to agree to their ToS to use it, and I'd also suggest being careful if you live in a jurisdiction that requires two-party consent for recording.
In any case, I'm of the opinion that if F-Droid goes, I'm basically going to treat this as a feature phone and stay away from third-party apps in general aside from "musts" like banking.
This news confirms my thoughts to abandon Google's line of Android upgrades at the first opportunity.
Even before Google's edict I disabled enforced Android updates in case that at Google's demand manufacturers slipstreamed some restrictive code that cannot be later removed. One only has to look at the disastrous precedent with Windows 11 to see how insidious and ever-increasing lock-in works.
Fact is Big Tech cannot be trusted and there's a long lineage to prove it—MS Windows, Sun/OpenOffice and many others—and now Android. To avoid future calamities like this and to ensure survival of F-Droid, et al we urgently need to break Big Tech's nexus with open source independent of Big Tech's control.
I can only hope more manufacturers are prepared to fork Android to cater for the upcoming demand.
Anytime I open the Play store it feels like I am getting hustled to install Scam Software I don't want. With Scam I mean either it is overblown with Ads or wants a subscription.
I really extremely rarely open the Play Store.
F-Droid is my place to. Even if the tools are simple, they are reliable.
Maybe Google is also scared, that with coding agents some OSS Tools improve that much that commercial alternatives don't matter.
I'm generally OK with this, but the 24 hour hang time does seem a bit onerous.
Most of the apps on my phone are installed from F-Droid. I guess the next time I get a new phone I'll have to wait at least 24 hours for it to become useful.
I'm seriously considering Graphene for a next personal device and whatever the cheapest iOS device is for work.
The apps might not be available though. Many developers are simply stopping in the face of Google's invasive policies. I don't blame them. Say goodbye to useful apps like Newpipe.
I'd say some od those apps starting with N and ending with E might... but I'm saying that only because of my intuition... might be the exact reason why Google introduces this policy
A few apps have been showing pop-ups warning users in advance that they are not going to do the verification. Obtanium is definitely on of them. I think I saw something similar on NewPipe.
It says they will not comply with whatever registration is required. It does not say specifically what they will do, in part I assume because they had not been given enough specifics (for example if it remains possible to sideload but not to be in a third party app store, would they continue to develop with that diminished accessibility?). Additionally YouTube itself has been making some system changes that, outside NewPipe's control, may make it functionally impossible to use the service without being logged into a Google account, so they may be suggesting that they think the writing is on the wall for them.
This is hopefully an exciting time to consider a Motorola device, since they are partnering with GrapheneOS, but I worry that Google will block Google Play Services on any device that doesn't comply, so this might actually be a demoralizing time to be a GrapheneOS fan, when we watch them worm their stupid walled garden nonsense into the Motorola version of it.
You don't need Google Play at all on GrapheneOS. You have to option of installing a sandboxed version of Google Play, but it isn't installed by default. Google's verification shenanigans are otherwise irrelevant to Graphene, it only applies to apps distributed through the Google store.
The vast majority of apks work just fine without Google libraries. In some rare cases, things such as notifications that depend on Google's servers may not work if the developers haven't not implemented an alternative backend such as a direct connection.
In addition to a enabling it in this onerous way, this should be a thing you can set when you first set up the phone after factory default: "I am technologically literate and I accept the risks of side loading indefinitely." If it's set once during set up then none of the vulnerable people will have it set for the lifetime of their phone. A scammer would have to factory reset their phone which would defeat the purpose of gaining access.
This 24-hour wait time nonsense is a humiliation ritual designed to invalidate any expectation of Android being an open platform. The messaging is very clear and the writing's on the wall now, there's nowhere to go from here but down.
I'm not sure if I've heard this discussion from somewhere else and took it as my owm thought. Anyways, I consider this era the beginning of tech feudalism. I honestly don't think we'll be able to escape it. Please note I use Linux and GapheneOS as my two main daily drivers. Most normal people do not care and they think it's crazy I'd make my life so inconvenient. It's my perspective, but I believe users in general don't care, understand, and prefer convenience over choice. Which gives a lot of power to this push for max control. Wether we like it or not I think we won't be able to stop it. I'm not being negative about it or trying to demoralize anyone. We already have at least four basic tech-feudal states, Microsoft, Android, Apple, and Freedom-Software. Each one somewhat has a used base that reflects it's ideology.
> “In that 24-hour period, we think it becomes much harder for attackers to persist their attack,” said Samat. “In that time, you can probably find out that your loved one isn’t really being held in jail or that your bank account isn’t really under attack.”
I wanted to be negative about the whole idea, as due to my age I'm resentful of not being allowed to use my own computer as I see fit.
On the other hand, in principle I see what they're going for here. The only decent argument for these user-hostile lockdowns is the malware issue.
As an idea, what about allowing the 24 hours to be bypassed using adb (edit: bypass to allow indefinitely, not just install a single app)?
I understand there is some problem trying to be solved here, but honestly this is still quite frustrating for legitimate uses. If this is the direction that computing is moving, I'd really rather there were separate products available for power users/devs that reflected our different usage.
Right, if this is being built into AOSP I dont see how they wouldn't add an adb command to immediately skip the "Advanced Flow" wait. if it's safe to let uses run "adb install", then "adb skip-advanced-flow" should be just as safe to do too.
I'm surprised but happy to see you and so many others here saying this. In recent years it seemed like this 'hacker' community was all about Apple devices, but now that Google is going partway in the same direction, people aren't all just taking it.
Do you think there's two groups, and the people that cared simply went with Android and so there was never this outcry about installing free software on iOS, or that this will last only as long as the change still feels recent and like a new restriction?
iPhone users generally decided against owning the pocket computer full of sensors — that they carry around with them everywhere, put all their private data into, that they use to participate in society and that they use to inform themselves — when they bought an iPhone. Some of these people just do not see a smartphone as a computer but as a limited purpose device and do have an actual computer that they care to own. Most do not.
24 hour mandatory wait time to side load!? All apps I want to use on my phone are not in the Play Store. So I buy a new phone (or wipe a used phone) and then I can’t even use it for 24 hours?
1) The one-time, one-day waiting period only applies if you go through the advanced flow to allow installing unregistered apps. You can still install registered apps (ie. apps made by developers who have verified their identity) even if they're distributed outside the Play Store.
2) You can use ADB to immediately install unregistered apps. ADB installs are not subject to the waiting period.
So let's say I'm F-Droid, an organization making a direct competitor to the Google Play Store and openly pointing out how much scammy shit is available in that store. My options are 1) submit my identity to Google (my competitor) so they can identify me and choose to revoke that verification at any point, or 2) I can tell all my users that they must go through these scary dialogs AND wait 1 day before they can use my competing product? That's cool, glad we've got the options laid out in front of us.
I forgot 3) instruct my users how to use ADB from another computer to install my competing app. Awesome.
You'd think regulators should make Google ship a 'Choose my store(s)' screen at setup, but Google thinks the opposite is the case and Google should also be able to control app distribution outside of the Playstore.
I want to use the apps that don't hellbent on your Google right away. This is MY phone. I paid my money. I don't want Google to dictate what I should do.
Developers who distribute Android apps on other app stores are not strictly required to undergo verification and thus can remain anonymous, but if they choose not to, then later this year (when the enforcement of verification goes active) their apps can only be installed on certified Android devices via ADB and/or the new advanced flow.
Thus, you can still install unregistered apps if they're distributed via F-Droid or other sources, but to do so, you will need to use ADB and/or go through the new advanced flow. And remember, the new advanced flow is a one-time process - once you go through with it, you can allow your device to install unregistered apps indefinitely!
Yeah, it's terrible. I buy a new phone and then can't effectively use it for 24 hours? Half my apps are downloaded from F-Droid, which I've used for over a decade. Just gives me another reason why I'm very happy to have recently moved over to GrapheneOS.
From purely a usability standpoint, not a freedom standpoint, I would actually be okay with that for my personal use if it stayed like that. But the point is that they're just making it worse and worse. They won't stop with this. I can arrange to do without an important app for a day, even if I had to get a new phone unexpectedly (If I had to skip attending an event and stay at home where my computer is, because I could only properly be on call with my sideloaded app, I'd chalk it up to an unusual situation). But it won't be long before they change it again.
> In addition to the advanced flow we’re building free, limited distribution accounts for students and hobbyists. This allows you to share apps with a small group (up to 20 devices) without needing to provide a government-issued ID or pay a registration fee.
What stops scammers from simply creating a new hobbyist account for every 20 people they scam?
> In addition to the advanced flow we’re building free, limited distribution accounts for students and hobbyists. This allows you to share apps with a small group (up to 20 devices) without needing to provide a government-issued ID or pay a registration fee.
I don't quite understand how those installs would be tracked. If I create a "hobbyist" account and share the apk, are the devices that install that app all reporting it to Google? To my knowledge, Google only does this through the optional Play Protect system, is that now no longer optional? I'd like to know if my computer is reporting every app I install up to Google.
Which I also don't like, but at least that can be done offline. The signature could be verified on device without sending everything to Google. If they have to track the 20 seats for the hobbyist accounts then they have to be tracking every single install
I mean, I'm happy to be conspiratorial about it too, I give Google no benefit of the doubt, but outside of Play Protect I don't think they explicitly say "your phone is telling us every app you install." This new feature is them making that explicit.
It probably sounds like a nitty gritty detail here but who is enforcing the 24 hours and how are they enforcing it?
Because if that "enforcement" is Google then they are still engineering a situation where they hold the keys to the kingdom. They may benevolently let you install what you want, but the sword of damacles will hang over everyone forever, with the darth vader contract in full force ("pray we don't change the deal any further"). If nothing else, it will have a chilling effect. But more than likely, it will attract regulators like moths to a flame to coerce Google into banning their favorite open source apps that they don't like. In other words: it won't solve anything at all, really.
When I side-load open-source apps for other people, I want to do it right in the moment, not activate the feature, and the next time I see them (like half a year later), install the app.
When Google announced there would be an alternative installation method, I did not expect such a mess...
I can see that majority of response is negative, being mobile developer myself I can understand.
What's the solution for 3rd world countries where 80% phones are android (and usually old/low spec) that balances freedom for knowledgeable users vs security/safety for the majority of users? you can roughly understand education level and tech literacy for the majority of people in 3rd world countries.
I had a taxi driver ask me for help with their Android phone after their kid did something and now their phone kept getting ads every 5 minutes in every app no matter what they were doing
This is great news for my wife and my parents, but it would really be nice to have the choice when it comes to my phone's OS. Just like I had with Linux. I boggles my mind how the components in a phone are somehow different to the components in a PC in that they are unaccessible to people who write drivers for them.
I think I would be fine with that if they also provided the option to check the box immediately when you first setup your account on a new phone. I don't want to wait for 24 hours every time I change phones.
Find the email address of the CEO/board members. When you get this on your device. Let your thoughts be known to them with a screenshot. Feel free to use language that will make them feel dumb and sad. Don't expect them to understand logical arguments or pleas.
Companies get away from this because they distance themselves from their customers and they have systems to hide feedback.
Supported Android since the beta m3 SDK in 2008 (ok, I was in high school, but I still downloaded it!) Never considered abandoning it before now.
It's time to leave Android.
Call me naive, but despite the feeling in my gut I was holding out for Google's answer. Reading what it is, this is still going way too far. You essentially need to be a developer in order to sideload, which brings Android down to parity with iOS.
No, being able to sideload (on my phones, AND friends and family as-needed) is a fundamental computing right. This is my personal belief. And this move by Google is a step too far.
I feel like loading sideloaded applications it's locked enough, google created google protect (which I have disable) but it if you have it enabled you are unable to instal sideloaded apps, also you have to accept the prompt to accept the app you're installing from and the prompt from your android to let you install sideloaded apps, like how many prompts is enough?
now also a fee and verification.
Most of the apps I enjoy the most are in alternatives stores.
Ankidroid,keeepassxc,revanced, newpipe,tubular.
Scammers will just start the process and call back the next day. There is an entire genre of scam relying on slowly building rapport and only cashing in once all the way at the end.
Unfortunately that's your own misunderstanding. iOS (as well as modern android) quite effectively prevent phone theft while the electronics are in transit along the last mile of the supply chain. Anything beyond that is a happy accident.
(I'm being a bit overly cynical there but IMO only the tiniest bit.)
How exactly is this going to stop scammers from simply modifying their scam runbook to say "Turn this thing on, and get back to me in 24 hours.", and then continue on from the next step?
We know from Nigerian email scams that these things can stretch out days, weeks, months, all to get the victim to do the thing.
> We know from Nigerian email scams that these things can stretch out days, weeks, months, all to get the victim to do the thing.
the real issue i think is using technology to stop a non-technology problem (scams) as that is a society problem
but it seems govts arent interested or incapable of solving the causes (education, opportunity, destitution, etc etc) and probably also influx of scams from sanctioned countries (again a society/world level problem) that cant participate in the world trade etc...
so they lean on the technology companies to lockdown things more because what else can they do?
I think most people here live too much in their tech bubble and don't realize how dumb the vast majority of people are when it comes to tech. I know that feeling myself that you lose the grip to "reality" when you are too much into tech, but after dealing a bit with "ordinary" people, I do understand why Google wants to do that.
Most people have absolutely no idea about tech at all. So many people don't even know what exactly a browser is, what a "tab" means or can't even get to install an iPad. Google mainly has to take care of these people, not people who install apps using F-Droid. Go to the streets and ask strangers if they know what F-Droid is, and if they don't, try to explain it to them.
The 24 hour wait period looks like a good trade off to me. Still allowing experienced users to install apps, but the majority of people will be protected, and it won't even affect most people.
And no, I'm not a bot or some pro Google activist, check my github account, I even use GrapheneOS myself.
Hmm, as long as the waiting period is not per-app then maybe this is OK. Especially now that there is a well supported way to distribute alternative app stores without going through the sideloading process.
I've been slowly degoogling because of how Google is treating Android. It's slow, but I've been setting up emails on other providers, stopped using Google search, stopped uploading photos etc.
There are multiple apps that I know and want to use that are no longer available on Play Store, but only via Zapstore, Obtanium or similar. I'm just hoping that these changes don't affect solutions like GrapheneOS or that we will soon get linux based phone that's good...
This seems like a good solution that will put a sizeable dent in scam success rates while not actually removing options for developers and power users. The added friction will make some people bounce off F-Droid and the likes which is unfortunate, but the wins here in scam prevention are much bigger than the losses in onboarding power users.
That's not entirely unreasonable. As long as there is a way to enable this in perpetuity for my device(s) and it works for all Android devices it's a compromise I could live with.
Again, can we, please, stop call it side-loading. I'm not sliding in anything "from the side" on the sly, I am simply installing an app of my choice on my damn phone.
I read several articles about this today, and surprisingly, found this video more clear and easy to understand what is the situation https://youtu.be/-WF34Sgq76c
Reminder that when you use terminology like "sideloading" you're accepting the premise that there's something inherently dodgy about installing your software onto your operating system.
I wonder how long this will last before they lock it down further. There was a lot of pushback this time around and they still ended up increasing the temperature of the metaphorical boiling frog. It still seems like they're pushing towards the Apple model where those who don't want to self-dox and/or pay get a very limited key (what Google currently calls "limited distribution accounts").
I mean the writing's on the wall, they just don't want to do it all at once to avoid backlash. I wouldn't be surprised if they kill sideloading completely several years down the road.
I switched to iOS in anticipation of this change. The reality is, if they are thinking about doing this, it's only a matter of time before they do it. If I have to choose between two walled gardens, apple will win every time.
Nothing screams being infantilised by your platform more than having to wait 24 hours to be allowed to install software on your own purchased computing devices.
The 24 hour wait period is the largest of the annoyances in this list, but given that adb installs still work, I think this is a list of things I can ultimately live with.
A lot of people here are looking for compromises. Any compromise on this means giving ground to Google's monopoly and the war on open computing and ultimately freedom.
This is exactly what Google intended. This is why they started off by announcing completely removing device owner chosen installs (this is not side loading! It's simply installing.) and announced only apps allowed by Google would be available for install.
They knew it would cause backlash. They anticipated that and planned ahead faking a compromise.
They are trying to boil us like frogs by so slowly raising the temperature so we do not notice. Whenever the water gets so warm that people do notice they cool it down a little. But they will turn up the the heat again!
This 24h window is designed to make device owner controlled installs as unattractive as possible. They try to reduce it as much as they can while having plausible deniability ("You can still install apps not whitelisted by us"). They want to get the concept of people installing software of their own choice onto their own device as far away from the mainstream as possible. They want to marginalize it. They want to slowly and quietly kill off the open Android app ecosystem by reducing the user base.
The next step will be them claiming that barely anyone is installing apps not signed by them anyway. First they make people jump through ridiculous hoops to install non whitelisted apps, then they use the fact that few people jump through these hoops to justify removing the ability altogether.
Google does not care about preventing scams. If they did they would do something against the massive amount of scam ads that they host. Scams are just their "think of the children".
Do not play by their playbook!
Do not give them ground!
We must not accept any restrictions on the software we run on our own devices. The concept of ownership, personal autonomy and choice are being dismantled. Our freedom is the target of a slow, long waging war. This is yet another attack.
We must not compromise with the attacker. We must not give them any centimeter of ground.
im just as much of a hater of this as the next guy, because i depend on custom apks for work sometimes. pushing custom apks over adb is apparently going to be fine, so if that holds true, i dont care about this. at the end of the day, buying an android phone is buying a google device. i dont get the righteousness here. wouldnt this energy be better spent on discussing how we could make a new open source os to rival that of google? why would anyone at google (company at the forefront of anti privacy measures) care about what some nerds on the internet think about privacy? its like an ant screaming in front of an approaching bulldozer.
It's a pretty dire situation. There are two major options. iOS is iOS. Android is at least somewhat open and Google free Android actually exists.
The problem is that you often need a smartphone running either Android or iOS to participate in modern life. Unfortunately when running Android many apps that one might be more or less forced to use do not just require AOSP, but expect the presence of the proprietary Google services malware.
If we want to create an independent mobile OS AOSP might actually be a good start. We're just faced with a world that is actively harmful to people having control over their device and data.
Do you need a Google account to opt out of the restriction? It says something about authenticating.
I don't have a Google account on my Androids. But I can't remove play services on them, sadly. As an intermediate protection I just don't sign in to Google play, that gives them at least a bit less identifying information to play with.
>And what is malware? For [Android Ecosystem President], malware in the context of developer verification is an application package that “causes harm to the user’s device or personal data that the user did not intend.”
Like when Google, Facebook, Apple, Microsoft, et al. cooperated with¹ the unconstitutional and illegal² PRISM program to hand over bulk user data to the NSA without a warrant? That kind of harm to my personal data that I did not intend?
If so, I'd love to hear an explanation of why every Google/Alphabet, Facebook/Meta, and Microsoft application haven't been removed for being malware already.
That's just friggin great, except for those who use newer phones from Cricket - who disables developer mode for until the phone's been active on their network for 6 months...
The 7 days vs forever choice is still crappy and gives me a bit of bad vibes considering they are the ones that pulled the youtube promotions (shorts, games) you can never turn off forever, so there's the concern they will remove the forever option from Android in the future. But as long as they don't end up doing that, it's fine for me.
Also, I do think it would be a good idea to make an exception to the 24-hour wait time if the phone is new enough (e.g. onboarding steps were completed less than one day ago), and/or through some specific bypass method using ADB. Power users who get a new phone want to set it up with all their cool apps and trinkets right away, and it's not good user experience to have to use ADB to install every single sideloaded app. Meanwhile a a regular user getting scammed right after getting a new phone is statistically unlikely.
I think it would be a bad idea to require an internet connection (for one thing, you might want to write your own app that does not require a internet connection); but, even if it doesn't, would not mean you can set the clock to avoid the delay, because it could be made to reset the delay if the clock is set.
I hate it of course, but I think for once there is a solution: just go for an alternative AOSP-based OS. Preferably GrapheneOS (soon available on Motorola phones).
The truth is that 99.9% of the people don't care. The remaining 0.1% is perfectly capable to use GrapheneOS.
The secret reason they are doing this is because governments want to be able to identify everyone online everywhere it matters at all time. They want to strip anonymity from computing.
Apple and Google can now credibly claim to governments to have nearly ubiquitous computing platforms that they can guarantee do not run any software that is not approved or antithetical to the goals of authorities. This makes the device safe for storing things like government IDs. OSs and Browsers will be required to present these IDs or at first just attest to them.
Before posting online, renting a server, using an app you will have to idenitfy yourself using your phone or similarly locked down PC (i.e. mac).
The introduction is under the guise as always of protecting the children. In reality they are removing your rights to privacy and free speech.
I'd urge everyone here to seriously consider switching to GrapheneOS. It's a far simpler transition than e.g. switching from Windows or OSX to Linux, and many people find that it has basically no friction vs android.
More people moving to GrapheneOS is the best tool we have against Google's continued and escalating hostility to user freedom and privacy and general anti-competitive conduct. (Of course, you could ditch having a smartphone entirely..., but if you're willing to consider that you don't need me plugging an alternative).
Would but unfortunately I got screwed with a locked bootloader, either going to go the dumbphone or the (much less practical) cyberdeck + SIM card route.
Honestly, if coerced sideloading is a real attack vector, then this seems to be a pretty fair compromise.
I just remain skeptical that this tactic is successful on modern Android, with all the settings and scare screens you need to go through in order to sideload an app and grant dangerous permissions.
I expect scammers will move to pre-packaged software with a bundled ADB client for Windows/Mac, then the flow is "enable developer options" -> "enable usb debugging" -> "install malware and grant permissions with one click over ADB". People with laptops are more lucrative targets anyway.
After today's announced policy goes into effect, it will be easier to coach users to install a Progressive Web App ("Installable Web Apps") than it will be to coach users to sideload a native Android app, even if the Android app has no permissions to do anything more than what an Installable Web App can do: make basic HTTPS requests and store some app-local data. (99% of apps need no more permissions than that!)
I think Google believes it should be easy to install a web app. It should be just as easy to sideload a native app with limited permissions. But it should be very hard/expensive for a malware author to anonymously distribute an app with the permission to intercept texts and calls.
I don't think Google has a strategy around what should be easy for users to do. PWAs still lack native capabilities and are obviously shortcuts to Chrome, and Google pushes developers to Trusted Web Activities which need to be published on the Play Store or sideloaded.
But these developer verification policies don't make any exceptions for permission-light apps, nor do they make it harder to sideload apps which request dangerous permissions, they just identify developers. I also suspect that making developer verification dependent on app manifest permissions opens up a bypass, as the package manager would need to check both on each update instead of just on first install.
Yep, I have a legitimate use case for exactly this. It integrates directly with my application and gives it native phone capabilities that are unavailable if I were to use a VoIP provider of any kind.
As a legitimate developer developing an app with the power to take over the phone, I think it's appropriate to ask you to verify your identity. It should be an affordable one-time verification process.
This should not be required for apps that do HTTPS requests and store app-local data, like 99%+ of all apps, including 99% of F-Droid apps.
But, in my opinion, the benefit of anonymity to you is much smaller than the harm of anonymous malware authors coaching/coercing users to install phone-takeover apps.
(I'm sure you and I won't agree about this; I bet you have a principled stand that you should be able to anonymously distribute malware phone-takeover apps because "I own my device," and so everyone must be vulnerable to being coerced to install malware under that ethical principle. It's a reasonable stance, but I don't share it, and I don't think most people share it.)
I think you read a bit too much into my message. I agree, it's complicated, I don't want my parents and grandparents easily getting scammed.
But yes they are my devices, and I should be able to do exactly what I want with them. If I'm forced to deal with other developers incredibly shitty decisions around how they treat VoIP numbers, guess who's going to have a stack of phones with cheap plans in the office instead of paying a VoIP provider...
But no, I have no interest in actually distributing software like that further than than the phones sitting in my office.
For a security-sensitive permission like intercepting texts and calls, I'm not sure it makes sense for that to be anonymous at all, not even for local development, not even for students/hobbyists.
Getting someone to verify their identity before they have the permission to completely takeover my phone feels pretty reasonable to me. It should be a cheap, one-time process to verify your identity and develop an app with that much power.
I can already hear the reply, "What a slippery slope! First Google will make you verify identity for complete phone takeovers, but soon enough they'll try to verify developer identity for all apps."
But if I'm forced to choose between "any malware author can anonymously intercept texts and calls" or "only identified developers can do that, and maybe someday Google will go too far with it," I'm definitely picking the latter.
The scam only has to work on a tiny slice of users, and the people who fall for fake bank alerts or package texts will march through a pile of Android warnigns if the script is convincing enough. Once the operator gets them onto a PC, the whole thing gets easier because ADB turns it into a guided install instead of a phone-only sideload.
That's why I don't think the extra prompts matter much beyond raising attacker cost a bit. Google is patching the visible path while the scam just moves one hop sideways.
> Honestly, if coerced sideloading is a real attack vector, [...]
I don't believe that it is. I follow this "scene" pretty closely, and that means I read about successful scams all the time. They happen in huge numbers. Yet I have never encountered a reliable report of one that utilized a "sideloaded"[1] malicious app. Not once. Phishing email messages and web sites, sure. This change will not help counter those, though.
I don't even see what you could accomplish with a malicious app that you couldn't otherwise. I would certainly be interested to hear of any real world cases demonstrating the danger.
[1] When I was a kid, this was called "installing."
This is the thing that bothers me the most about this. It is as if even the HN crowd is taking it as given that malware is this big problem for banking on Android but in reality there seems to be very little evidence to back this up. I regularly read local (Finnish) news stories about scams and they always seem to be about purely social engineering via whatsapp or the scammer calling their number and convincing the victim they are a banking official or police etc.
That's why I'm inclined to believe Google is just using safety as an excuse to further leverage their monopoly.
I _install_ apps through F-Droid, because on average, they are much less user-hostile. Less tracking, less accounts, less shenanigans. Built for usefulness rather than profit extraction. Which apps it shows is also 0% influenced by ads and other commercial value, whereas on Google's store, it's the opposite as it's the biggest factor.
F-Droid. And also by Google's definition, everything I install from F-Droid. So Antennapod (Podcasts), ConnectBot, DAVx (sync my Fastmail calendar to my phone), Etar (Calendar app), Jellyfin (media player), Jiten (JP dictionary), KOReader (ebook reader), OsmAnd~ (Maps), VLC.
Meanwhile from the Play Store I have Bitwarden, Firefox, 2 banking apps, a few airline apps, Wireguard and Whatsapp. So I actually have more from F-Droid than the Play Store from what I regularly use.
Why not grab Fennec from f-droid as well? It used to also have more features, I'm not sure if that's still the case but might as well go with the open source build
I sideload no apps. I install most apps from either F-Droid main, or an other repo.
> Why those apps are not in a store?
All of them are in a repository. Just only the state sponsored ID-app is only available via the ad-infected Google RAT delivery service, also known as Google Play.
Every non-stock app on my phone was installed from an APK directly downloaded from the manufacturer or open source developer's site / Github releases. I've never had a Google Play account and have never used any Android "app store".
I switched from iOS to Android about three years ago. I saved all the APKs for everything I installed (or updated). When I got a new phone last fall it was pleasantly like geting a new PC. I imported my SMS and contacts from my last backup, then installed all the apps I use and imported or manually set any settings I wanted to customize.
The biggest pain was having to manually logon the couple of sites I allow to keep persistent cookies since device owners aren't allowed to just import/export cookies from mobile Chrome.
Apart from why "those apps are not in a store", there's very good reason to want to use an alternative source for your applications. F-droid is a far safer source than google play is, because they actually vet the source code and project and build it themselves. You are far more likely to download malware from google's official 'safe' sources than from F-droid, and hence it's my first option when searching for simple utility applications because the top results on google play will be utterly infested with ads and tracking at minimum.
Would Obtainium continue to work? I like the freedom of entrusting developers I know and installing APKs from repositories instead of restricting myself to app stores whose publishers have to be identified and approved by an advertising company.
I'd rather not have to go through this ritual, but I appreciate that there is a genuine security problem that google are trying to address. I also suspect that they have other motivations bound-up in this - principally discouraging use of alternative app stores. But basically I could live with this process.
Yeah, I know... Stockholm syndrome...
Although I may not have to live with it, as none of my present devices are recent enough to still receive ota updates.
Context: I don't use alternative app stores. I occasionally side-load updates to apps that I've written myself, and very occasionally third party apps from trusted sources.
I don't think developers targeting alternative app stores would care much about having to perform verified developer registration. Particularly apps that are available in both Play Store and alternative app stores.
Yet more reasons to keep using an old rooted Android for as long as possible and contribute to any efforts that make it easier to do so. I suspect the reason Android become dominant was the ease of modding and the community that created, and now they're trying to turn it into another authoritarian walled-garden like Apple. To paraphrase the famous Torvalds: "Google, fuck you!"
"Those who give up freedom for security deserve neither."
This comment makes no sense to me. As an individual user, opting out takes 24 hours and is much easier than rooting. Either your criticism is that this is prohibitive for too many users who aren't likely to care enough to ever root their phone (which might be fair, but your response doesn't fit) or it is that Google is locking down the ecosystem for some nefarious purpose (they're evidently not).
The alleged inability of a company like Google to create an operating system that makes banking apps secure while allowing users to install whatever they like is very implausible. Android apps are already sandboxed and have fine-grained access control, and the operating system controls everything that is painted on the screen.
The security justification for this measure is not credible.
The only reason I stuck with Android was to have the freedom to basically install anything I like. This is not a solution, much less to any problem which existed before. I don't think my next phone will be Android.
I get that its pretty clear with the straight sideloading case, but can anyone say for sure what this will look like for an f-droid user? Its hard to keep track but I thought something new here because of EU is that alternative app stores != sideloading? Something where app stores could choose themselves to get "verified," whatever that means, to become a trusted vendor? Or is this completely wrong?
From my read, it's explicitly a one-time thing. Presumably that means that even if you pick the "allow for 7 days" option, you can re-enable it after that without a delay (maybe with a reboot?).
Is this in AOSP? I was assuming the changes are to GMS. I should hope that no distributor of AOSP(-based) images include this code anyway so it's just on the google devices
At this point the meta for tech inclined people is to go full dumbphone, get a UMPC with SIM card support, cobble together a cyberdeck with a SIM module, or building an ESP32 powered cellphone (https://www.xda-developers.com/someone-made-a-4g-esp32-smart...). RIP F-Droid.
Non-playstore applications will have restricted access(sms/telephony), and bit by bit the screws will be tightened.
"Only 0.0004% of the userbase installs after the initial 24 period, greater than x% take 48 hours or more so the 24hr window is now 72hr", and repeat until its all nice and locked down for them.
"Your google play account will now need ID to prevent children accessing adult software" will come along not long after. For the children.
Since after doing this Google knows the user knows what they're doing (and officially they say they don't want to get in the way), why does this only enable installing unverified apps (still unprivileged), why is the system still insanely locked down? I thought the 24-hour delay solved the "security" problem?
Some years ago had a scam call about my "router connection error logs" and "I needed" to install TeamViewer from the PlayStore... So can't imagine what is this going stop
> Install apps: Once you confirm you understand the risks, you’re all set to install apps from unverified developers, with the option of enabling for 7 days or indefinitely. For safety, you’ll still see a warning that the app is from an unverified developer, but you can just tap “Install Anyway.”
If you can enable this once, forever, after a 24 hour cooldown period I don't hate this as much as I hated some of the other proposals from Google. It'll just be something you do as part of the setup for a new phone.
I am not happy about this, but as long as advanced Android users can still turn this off and keep it off, we're still in a better place than iOS.
Even though I understand the design decisions here, I think we're going about this the wrong way. Sure, users can be pressured into allowing unverified apps and installing malware, and adding a 24-hour delay will probably reduce the number of victims, but ultimately, the real solution here is user education, not technological guardrails.
If I want to completely nuke my phone with malware, Google shouldn't stand in my way. Why not just force me to read some sort of "If someone is rushing you to do this, it is probably an attack" message before letting me adjust this setting?
Anyone who ignores that warning is probably going to still fall for the scam. If anything, scammers will just communicate the new process, and it risks sounding even more legitimate if they have to go through more Google-centric steps.
I hate to say it, but I'm somewhat in agreement. I don't know why there's a allow 3 days/allow forever option. That's the only thing that's suspicious.
Assuming the requirements are actually justified, this seems like a tolerable compromise.
It's not like the Google Play store hasn't been known to host malicious apps, yet you are not required to wait 24 hours before you install apps from their store.
I suspect they are hoping users just give up and go to the play store instead. Google touts about "Play Protect" which scans all apps on the device, even those from unknown sources so these measures can barely be justified.
Imagine if Microsoft said you need to wait 24 hours before installing a program not from their store, which is against the entire premise of windows.
Computing, I once believed was based on an open idea that people made software and you could install it freely, yes there are bad actors, but that's why we had antivirus and other protection methods, now we're inch by inch losing those freedoms. iOS wants you to enter your date of birth now.
The future feels very uncertain, but we need to protect the little freedoms we have left, once they're gone, they're gone for good.
What? No requirement to personally bring in a form in triplicate to the Google office in Siberia, of course notarized by the Pope and Zendaya, and simply prove it was signed on the moon.
I'll say it again: this isn't a problem for Android to solve. Scammers will naturally adapt their "processes" to account for this 24-hour requirement and IMO it might make it seem more legitimate to the victim because there's less urgency.
The onus of protecting people's wealth should fall on the bank / institution who manages that persons wealth.
Nevertheless, this solution is better than ID verification for devs.
Why should the bank/institution be responsible for protecting individuals from themselves? They don't have police power- protecting people from bad actors is like, the reason to have a state. If the state wishes to farm it out to third parties, then we don't need the state anymore!
Yea I have no idea why the original commenter thinks Banks should have the power to tell me what I can and can't do with my own money.
It's nice that Zelle has checks and identity information shown to you when you're sending money, but if I click through 5 screens that say "Yes I know this person" but I actually don't.....no amount of regulation is going to solve that.
Banks absolutely have that power and will stop transactions that seem suspicious or fraudulent already, no? Sometimes they'll call/text to verify you want it go through. I imagine that type of thing but cranked up for accounts flagged "vulnerable" where a family or the person themselves can check a box saying "yes, lockdown this account heavily please" (or whatever you can imagine, idk, I'm not a bank)
The bank/institution is where the money is leaving from therefore they should implement policies that protect vulnerable customers like seniors, for example. I don't know how that looks but it seems reasonable that they could put limits on an account flagged "vulnerable person"
I'm not sure what you're getting at with the rant about police power and a state? Google isn't the government either. What would legislation provide that banks can't already do today?
Sure, there are things banks can do, and those are features they can market. But ultimately, if the state isn't pursuing criminals who prey on the vulnerable, then society as we know it has failed and we would need a new society, or a new state, or both...The bank can't arrest anyone!
I never said anything about it being Googles responsability, I agree it is not. And the only legislation that might be necessary over what we have is a budget directly to go after criminal fraudsters.
Fraud is already illegal, the issue is that these scammers reside in other countries. I don't doubt there could be pressure applied from really high up at the diplomatic level but I highly doubt the FBI for example is going to be able to do anything even with legislation.
> I'll say it again: this isn't a problem for Android to solve.
They're not solving that problem. They're using it as an excuse to lock down the platform further and assume more control. Any incidental benefit for user "security" is an unintended consequence of their real agenda.
The constant sociopathic nudging from Google to do this or that to use something that was absolutely normal before or to enable something I didn't want and slowly removing reasonable options in favor of their dark pattern preferences was what made me to degoogle ~10 years ago, and they just seem to continue on the march to their dark side unconcerned.
They'll just remove the "Advanced" ability in a few years once they've frog boiled people into jumping through hoops to use their phone the way they want.
Meh. I get the annoyance, but it's a one time cost for a small subset of their users. I would prefer if there was a flow during device setup that allowed you to opt into developer mode (with all the attendant big scary warnings), but it's a pretty reasonable balance for the vast majority of their users. (I suspect the number of scammers that are able to get a victim to buy a whole new device and onboard it is probably very low).
Good point, having a once off advanced option to completely bypass this at device setup would be good.
Also, other commenters have mentioned that adb is unaffected by this which makes it seem like less of a problem, to me at least. Still inconvenient that even if you adb install fdroid you can't install apps directly from it.
Developers, including non-US citizens, are forced to give Google their government ID to distribute apps. This enables Google to track and censor projects, like NewPipe, an alternative open source Youtube frontend, by revoking signing permissions for developers.
This. Side loading being restricted is only one part of the problem; the other is mandatory developer verification for apps distributed through the Play Store.
>Developers, including non-US citizens, are forced to give Google their government ID to distribute apps.
Developers can choose to not undergo verification, thereby remaining anonymous. The only change is that their applications will need to be installed via ADB and/or this new advanced flow on certified Android devices.
Either way, you can still distribute your apps wherever you want. If you verify your identity, then there are no changes to the existing installation flow from a user perspective. If you choose not to verify your identity, then the installation will still be possible but only through high-friction methods (ADB, advanced flow). These methods are high-friction so anonymous scammers can't easily coerce their victims into installing malicious software.
Not quite. You can do a lot of stuff that requires no permissions, or at least not ones that the user has to confirm (e.g. you get internet permission, sensor access, always run in the background etc. by default, but you do need to declare this in the manifest file iirc), which isn't possible on websites like that (a website will ask before it lets a site do limited things while you think the tab is closed)
Depending on your threat model, it might be mostly harmless
> Developers can choose to not undergo verification, thereby remaining anonymous. The only change is […]
"The only change" – with all due respect, are you even listening to yourself? The "only change" is that you, as a developer, will be completely excluded from publishing apps in the Play Store and that people effectively won't be able to install your app anymore! (Unless you were targeting only e.g. F-Droid users to begin with, which very few apps do.)
In essence, you are cutting down on the privacy of tens of thousands of honest developers around the world in the name of protecting users from scammers and you're pretending that 1) it's a nothingburger and 2) developers have a choice.
That's not correct - the flow described in the post outlines the requirements to install any apps that haven't had their signature registered with Google.
That means those apps still keep on existing, they are just more of a hassle to install.
They already announced it. Here they only mention the special case where it does not apply:
> In addition to the advanced flow we’re building free, limited distribution accounts for students and hobbyists. This allows you to share apps with a small group (up to 20 devices) without needing to provide a government-issued ID or pay a registration fee.
i.e. Government-issued ID and fees are needed for more than 20 devices, e,g, every app on F-Droid
If there were a reliable way of identifying people making multiple accounts, it wouldn't be anonymous now would it? This not a loophole but inherent to an anonymous system
The trouble is, the accounts aren't meant to be anonymous. Pseudonymous at best, depending also on the country (a lot of places require government ID before you can assign a phone number, or have a central government querying system for mapping IP addresses and timestamp to the name and address of the subscriber that used it at the time). It's not like they let you create infinite Google accounts without supplying an infinite amount of fresh phone numbers or IP addresses. You also agree to the general Google privacy policy, which allows them to do anything for any purpose last I checked (a few years ago) unless you're a business customer (but then you've got a payment method in use, and they don't accept cash in the mail), such as fingerprinting as part of reCaptcha
It's a little inconvenient for someone setting up a new phone to have to wait a full day to install unregistered apps. But while I can't speak for others, it's a price I'm personally willing to pay to make the types of scams they mention much less effective. The perfect is the enemy of the good.
How would you feel about needing to wait 24 hours to visit an "unapproved" website on your phone? You would pay Google/Apple $25 to get whitelisted so people can browse to your personal website without getting a scary security message.
This is the same thing since it applies to all apps, not just apps that need special permissions.
I don't think it's fair to extend the analogy to what amounts to censorship of websites since that's not the system they're proposing. Also isn't the owner of a website already identifying themselves when they register their domain name and/or rent a server? I think this is not the same as downloading an app by an unknown developer.
From the article I understood this to be a one-time delay, as opposed to having to go through the same waiting process for every single "unlicensed" app I want to install (which I would not accept). I'm just waiting 24 hours once to permanently change my device into a mode where I can install any app I like without any restrictions/delays whatsoever.
On what basis do you believe that it will meaningfully reduce the dollars lost or persons harmed by fraud, as opposed to simple shuffling around the exact means used?
Well maybe nothing ultimately changes. Maybe we end up in a world where Android users have to wait 24 hours to change a setting so that their devices will install any apps they want, from then on with no further delays. But this seems to me like a relatively low cost for a potentially huge benefit for victims.
I'm not in agreement with most of you, hn. They've found a decent compromise that works for power users and the general population. Your status as a power user does not invalidate the need to help the more vulnerable.
Having to wait a day for a one off isn't a big deal, if they kept it looser then you'd be shouting about the amount of scams that propagate on the platform.
Why would I pay Google after this? I have gotten rid of Xiaomi a long time ago.
For now, I am rolling with my OnePlus 7 with LineageOS, till I find a phone that's not completely locked down. Yes, it's old, but it gets my job done. Once I am off all of Google's services, I'll probably get rid of Google in most part of my life.
As, someone who is a user from invite only Gmail, it's difficult, but necessary.
So like a Motorola, Sony, Fairphone, Shiftphone, Jolla... none of these are 'completely locked down' (though besides Jolla, they're all a little: they don't come as "yours" by default because of the contract with Google to be allowed to ship Play/Maps/etc.)
This helping the vulnerable framing is naive at best. This is about an American ad company consolidating their power over what people can do with devices they bought and are reliant on daily.
Helping the vulnerable should not involve that. If your only idea on how to help the vulnerable involves that, think of better ideas.
At some point we need to start wondering if it's not just naivete but intellectual dishonesty. The same American corporations that claim to be imposing draconian control measures to "protect the vulnerable" are, at the same time, exploiting those very same vulnerable people to the best of their ability. Take Google, they have no problem showing ads for scams in Youtube and Google Ads. There is mounting evidence that their recommendation algorithms for Youtube, shorts, etc. negatively affect mental health, especially youngest ones. But it makes them money, and they've zero interest in preventing that or changing it.
And it's not just Google, it's the m.o. of all large corporations. Another example is Epic Games, they advertise how they will fight in court against big companies like Google and Apple to defend their users. Yet they've gotten fined repeatedly for amounts in the millions, for predatory micro-transactions, and misleading minors into spending money without the consent of their parents.
Time and time again it is proven that everything these companies do, it's always for the benefit of their bottom line, and consideration for their users does not even factor into their considerations. This is no different, they want to push it because it will give them more control or make them money, and it either won't protect anyone, or that's just an unintended side effect but a good way to market it.
My personal hard line is having to ask Google for permission to sideload. Even if it's free and no personal info is exchanged.
This new process is annoying but I can see it helping prevent scams.
Scammers can coerce people into ignoring warnings if they convince them their entire life savings are on the line. It's hard to do if you need to wait 24 hours before the setting unlocks.
They will just call you the next days lmfao. There are countless news in my country that scammers hanging around on phone with the victims for some days before they do the deed. They are just switching from 1 long call to multiple reasonable calls because people naturally become more trusting the ones they talk more frequently and the scammers succeed more. That's exactly the words of a scammer when the police interrogating him at my place.
Scammers can also convince people to give them their home's keys. Does not allow you to keep me from opening my door without the door maker's permission.
As a non American, losing my ability to run software even if google decides that software can't enter their store feels much higher a risk.
Tbh, I love this flow. They truely think for users, all users not just advanced users. Unlike Apple, Apple just think for its ecosystem, its money.
How the advanced flow works for users
Enable developer mode in system settings: Activating this is simple. This prevents accidental triggers or "one-tap" bypasses often used in high-pressure scams.
Confirm you aren't being coached: There is a quick check to make sure that no one is talking you into turning off your security. While power users know how to vet apps, scammers often pressure victims into disabling protections.
Restart your phone and reauthenticate: This cuts off any remote access or active phone calls a scammer might be using to watch what you’re doing.
Come back after the protective waiting period and verify: There is a one-time, one-day wait and then you can confirm that this is really you who’s making this change with our biometric authentication (fingerprint or face unlock) or device PIN. Scammers rely on manufactured urgency, so this breaks their spell and gives you time to think.
Install apps: Once you confirm you understand the risks, you’re all set to install apps from unverified developers, with the option of enabling for 7 days or indefinitely. For safety, you’ll still see a warning that the app is from an unverified developer, but you can just tap “Install Anyway.”
I can bet that a few versions down the line, the "Not recommended" option of allowing installs indefinitely will become so not recommended that they'll remove it outright. Then shrink the 7 day window to 3 days or less. Or only give users one allowed attempt at installing an app, after which it's another 24 hour waiting period for you. Then ask the user to verify themselves as a developer if they want to install whatever they want. Whatever helps them turn people away from alternatives and shrink the odds of someone dislodging their monopoly, they will do. Anything to drive people to Google Play only.
1. Chrome
2. Google
3. Default browser app (w/unfamiliar generic logo)
They removed the option for Safari some time in the last two years; here's how it looked in 2024: https://imgur.com/1iBVFfc
And the cherry on top of dark UX patterns: an unchecked toggle rests at the bottom. "Ask me which app to use every time." You cannot stop getting these.
I’ve seen it with non-Google apps too. I’m not sure what causes it, but I believe sometimes you can long tap the link and select the correct option.
I believe the behavior where you say no and it still tries to open the app is because the default behavior on Google Maps links is to open Google Maps.
This kind of thing should be illegal. The default browser is the default for a reason, to avoid this kind of stuff.
I think I’ve reported this as a bug to Google a couple times, in a couple different apps… as they do it in their other apps too.
The only thing that bothers me more are the, “sign-in with Google”, prompts on 90% of websites now. How about just giving the option to login with Google if so choose to login, and not spam it on every website just for visiting?
Google really has made the internet and worse place in so many ways.
Alas, I don't think it's a bug. A PM or VP probably got a bonus for this.
> How about just giving the option to login with Google if so choose to login, and not spam it on every website just for visiting?
Yeah this is kinda weird. I don't know if it's browser specific though. I use Firefox on my main computer and I think I still see it. Which means that the website owner opted into this weird pattern. No other auth providers do this. Just Google.
In short, it's what companies like IBM and Broadcom are now.
Shallow husks of their former self, mere holding companies for patents, with a complete lack of care and concern about any end-user retention.
Google search has turned completely into junk over the last two weeks. You may think "two weeks only?!", and you're right there, but this is a whole new level of stupid.
You may not be getting this where you are, but here searches are constantly prepended with human checks, searches can take up to 5+ seconds, you name it. They literally spend so little on maintaining and working on their search engine, that it's effectively unusable much of the time now. I don't care whether it's bot traffic, or what, and no it's not just me, or my ISP. This is wide-scale.
It takes so long I just click on an alternate search engine and search there. I don't have time to waste in their inanity.
Any sane and sensible company wouldn't entirely trash and destroy their mainline product, which is key to drive users to experience Google products. But this degree of sheer, unbridled arrogance is what topples empires. The thought that it really doesn't matter, flows off of google as a foul stench.
Look at Microsoft of old, the god of arrogance. Once the most dominant, powerful tech company in the world. They were king. Browser king. OS king. Everything king. Now they are barely noticed by large swaths of the market.
So goes Alphabet these days.
If they follow the path of IBM and Broadcom, they will move away from the consumer market and focus more on the enterprise. If Google fully realized that vision it would be extremely disruptive. Them shutting down Google Reader practically killed RSS for quite a while. Imagine that level of disruption with products that have mainstream appeal… mail, maps, docs, search, etc. It would be pandemonium.
I would hardly notice, TBH.
There are alternatives for all of that.
They are big in everything that is mass scale developer oriented with things like GitHub, VSCode, or all their libs, tools, and integrations (they "own" in large parts for example Python, TS, and Rust). Governments and public services are all running on Azure. So do a lot of companies; more or less all small and mid sized. They are still dominant in the gaming market, and get stronger there with every year.
Microslop was always, and still is the same Microslop. They are very successful with what they do since decades. Whether one likes that or not.
Have they ever been more valuable than now?
Everyone loves to talk about FAANG… there is no M, why not? One would think Microsoft would belong more in that collection than Netflix, yet here we are.
In terms of technology and looking forward, what is Microsoft doing really right? Even their investment in AI seems questionable and they pushed it into their products so hard that everyone hates it. They have GitHub and VS Code, but that was an acquisition and people are always nervous, because they don’t really trust Microsoft based on their track record. Azure is fairly popular, but AWS is still the benchmark everyone talks about. There is their enterprise management software… that helped take Styker completely down last week (maybe not totally Microsoft’s fault and more the admin, but that’s still some really bad press). Did I forget something big?
MS has been successful despite fucking up the monolithic position they held in desktop and gaming, because they managed to find a particularly valuable golden goose. It's just that in doing so they allowed the other golden geese they have to become quite sick.
If you took out cloud rev MS would have been much more motivated to not let the rest of the company's products turn in to the sorry state they're in.
They are, as always, using Windows to sell all their other crap, especially Azure and 365. Things like their AD or office tools are tightly integrated into the cloud so you realistically can't even use the one without using the other.
It's the website that spamming that.
Either via google.accounts.id.prompt(), or options provided to loaded Google scripts.
Google is guilty only insofar as that feature is possible.
I’m sure the real goal of this “feature” is to get people to sign-up for the site without them actually realizing they are signing up. They click OK just so the modal goes away and now the site has their email address. They can use that growing email list to seek higher prices from sponsors when they put an add in their newsletter the user will now be spammed with.
Imagine if the other auth providers followed suit. Open a news article and you need to close the Google auth, Apple auth, Facebook auth, Microsoft auth, GutHub auth, X auth… I’m sure I’m forgetting some. After closing those 6 modals, reject the cookie prompt, close the newsletter modal, and maybe now we can start reading the article if there is an auto-playing video ad covering some of the content.
All of this is really pushing me away from the internet in general and souring me on the tech industry as a whole. I’m at that point where I find myself casually browsing for jobs that won’t require I ever touch a computer again.
Google and all of Big Tech well know of our objections but unfortunately we are only hardly perceptible noise to be ignored on their way to even greater profits.
I don’t see the sheet for imgur.com either because, well, they’ve blocked access completely for UK users. :shrug:
Sparrow made Gmail a great experience, but Google bought it and shut it down. I’m still rather bitter about that. It’s the only email client that actually made me enjoy email.
Not that hard. Get new email, autoforward old email to new. In old email, set reply-to as new email.
After suitable time has elapsed, disable old email.
It would require systematically changing my email at the 300+ sites I’m aware of, assuming they allow that, or deleting the account if they allow that. I’ve been making efforts here and it’s painful. Many companies don’t have good systems for that, if any at all. Even big companies like Amazon and Sony, I was told to just abandon old accounts and let them hang out there forever… I had duplicate Audible and PlayStation accounts. No way to delete them. I found this particularly upsetting with Sony, considering how many times they’ve been hacked. On some sites I also ended up in captcha purgatory.
Then there are the hundreds more who have my email somewhere. I tied to change my email 13 years ago. My own mother still sends to my old gmail account. I think she used the new one a few times, but do I really want to nag my 70 year old mother about using the wrong address? My dad is the only one who reliably uses it, because he uses his contacts app properly. Over a decade and the progress has been almost non-existent. All this effort did was make email and logins harder to manage by spreading it out.
The pragmatic approach is to go back to Gmail, since most stuff is still there. I don’t want to be in bed with Google, but at least it’s only one thing to think about.
Thinking about it, my Gmail account is also my Apple ID. I think Apple only recently made an option available to change that, but it feels risky.
My main Amazon account has all the Audible stuff I actually care about, as well as copies of the stuff on my legacy account, so I wouldn’t lose anything that mattered if they deleted it.
My goal was to delete the legacy account and all my personal data related to it (which I believe is required by law in some places).
I ended up on the phone with support and talked to them for quite a while. They said there was nothing that could be done. This was probably a year ago, Best I could do I guess is delete as much as I can, if they allow it, change the email to a 10 minute email, and then let it go. This is what I had to do for Papa John’s last week and a couple other places, but I’d rather my account actually be deleted so I don’t have to worry about a future data breach on an account I would no longer be able to get into. I don’t know how their database is setup, if I change something I can see, is it actually gone or does the DB keep a history? There are a lot of unknowns that make me uncomfortable with just abandoning an account.
With Sony it was worse. At least Amazon talked to me. Similar situation with 2 accounts. Their website said to call to have your account deleted. I called, waited on hold for 40 minutes, then was told they couldn’t do it. They hung up on me while I was trying to tell them their website said to call the number.
This past weekend I migrated out of 1Password, which I had been using for 18 years. That was a fairly big job. The export/import did OK, but I still had to go one-by-one through 600+ entires to sure things up and fix little things. The main job is done, but I have a little more I’d like to do. The email job is bigger and has lots of other people involved, which is where the real challenge is, as they’re all different.
You can use mobile Thunderbird with a Gmail account.
Maybe all those apps have since updated to natively support all Gmail’s features, but that is also a cat and mouse game with all the stuff they try that doesn’t fit neatly into established mail protocols.
I think that's actually true. But what does it mean, what's the way forward?
I'm probably out of the loop, but last I checked, to put an app somewhere that's not the official App Store, they required you to pay their hefty fee for putting it in the App Store (even if you weren't going to do that), _and_ an additional Core Technology Fee.
(And if that's still accurate, one thing I don't get is how that isn't also anti-competitive.)
Apple didn't lie about supporting a user's freedom to run anything they like, only to execute a rug pull after they successfully drove the other open options out of the marketplace.
They did execute a rugpull, and they aren't offering safety anymore.
The rug pull is ads in the app store. If I go to the app store now and search for my bank's name, the first result is a different bank. If I search for 'anki', the first 3 results are spam ad-ware tracking-cookie trash.
If I search "password store" I get 4 results before the "password store" app. I had a family member try to install one of the google-docs suite of apps, and the first result was some spamware that opened a full-screen ad, which on click resulted in a phishing site.
My family can't safely use the app store anymore because they click the first result, and the first result for most searches is now adware infested crap because of apple's "sponsored results".
What's the point of charging huge overhead on the hardware, and then an astounding 30% tax, and also a $100/year developer fee, if you then double-dip and screw over the users who want your app by selling user's clicks to the highest bidder?
At the same time Apple keeps telling their users some fairy-tales about "privacy".
No, Apple isn't honest. Definitely not.
This is a red herring. Is Google a hypocrite for lying about it first? Sure. But suppose Android dies and gets replaced by something that never claimed to be open. Or gets replaced by nothing so there is only iOS. Is that fine then?
Of course not, because the problem is the lack of alternatives, and having your choice glued to an entire ecosystem full of other choices so that everything is all or nothing and the choices you would make the other way are coerced by them all being tied together into something with a network effect.
Honestly, it might finally result in me fully exiting the Google ecosystem.
Same here. If I must be in a walled garden, then I will choose the better kept garden and it sure as hell isn't one of Google's crappy platforms.
The only reason to put up with the shittiness of Android is freedom. The same freedom they keep eroding with their constant, never ending attempts to force remote attestation and sideloading limits.
GrapheneOS is the last hope for Android as far as I'm concerned. Hopefully Google won't find ways to screw that up.
> it might finally result in me fully exiting the Google ecosystem
Don't wait for them to push you away. Start exiting now. Setting up mail on my own domain and distancing myself from gmail is one of the best things I've ever done. Highly recommended.
* The date has now gone missing from my lockscreen, only showing the time.
* I can no longer see signal strength on my phone for mobile, if wiki is off. I turn wifi on, and now I can. I use a larger font, but it used to be just fine.
There are all sorts of little changes like this I've noticed recently.
It makes me wonder if Google is slowly mangling default ASOP so projects like GrapheneOS will have a crappier daily build experience.
And GrapheneOS doesn't have time to manage features changes like this, they focus on their key security improvements and fixes. If Google is doing this on purpose, it has real potential to seriously degrade ASOP as usable without lots of fixes and changes.
They already rug-pulled security updates or whatever it was a few months back.
And it really seems like the sort of sneaky, underhanded way Google would handle things.
Google stopped publishing any info about security updates until (I think) quarterlies come out. GrapheneOS had to sign some sort of non-disclosure for them, in order to roll them into updates.
If you don't have that on, then you're not fully up to date with security updates. This could be the difference.
So doesn't this mean GrapheneOS is effectively controlled by Google now?
Also, how is keeping anything secret under NDA possible at all if you want to know what's in a security update and be actually able to build that update yourself from source?
People sometimes act as if the one would be an viable alternative to the other. Even both are effectively the exact same shit for the exact same reasons.
How about we move instead to open systems?
I swapped out my MBP for an Asus Pro Art running linux last year and that's been working out pretty well. Hopefully my cheap motorola phone will be supported by GrapheneOS soon and that will work out too.
https://news.ycombinator.com/item?id=47241551
Note that this needs to be a Pixel at the moment.
EDIT: Edited the above which previously said 90 days incorrectly. Not sure where my brain pulled that from but I posted the correct details here prior: https://news.ycombinator.com/item?id=45743615
Notably if you install a month before your subscription expires you need to reinstall the app in 1 month.
It increases to 365 days, no? At least thats the longest I can sign my app and I use a personal but paid Apple Developer Account
But it's only 365 days if you install the app on day 1 of your $99 subscription period.
I think they later made a Black Mirror episode along these lines. "Resume viewing... Resume viewing..."
Metalhead is also among my favorites. Those kill bots put Skynet to shame.
I don't know how I feel about this change but context does in fact matter about whether something is a good idea or not
In physical world, there’s only so many people who can rob you if you do something stupid (like constantly give away copies of your keys to strangers), they will be very noticeable when they are doing so, and if you feel like something’s off you can always change the lock.
On the Internet, an you are fair game to anyone and everyone in the entire world (where in some jurisdictions even if it’s known precisely who is the figurative robber they wouldn’t face any consequences), you could get pwned as a result of an undirected mass attack, and if you do get pwned you get pwned invisibly and persistently.
Some might say in these circumstances the management company installing a (figurative) biometric lock is warranted, and the most reliable way to stop unsuspecting residents from figuratively giving access to random masked strangers (in exchange for often very minor promised convenience) is to require money to change hands. Of course, that is predicated on that figurative management company 1) constantly upping their defences against tenacious, well-funded adversaries across the globe and 2) themselves being careful about their roster of approved trusted parties, whom they make it easy to grant access to your premises to.
Meanwhile installing software on your own device is the thing that isn't that. They're preventing it even when you're the owner of the device and have physical access to it. They're not installing a lock so that only you can get in, they're locking you out of your own building so they can install a toll booth on the door.
I'm fine with an opt-in lock-down feature so people can do it for their parents/grandparents/children.
Also, just let people get used to it. People will get burned, then tell their friends and they will then know not to simply follow what a stranger guides them to do over the phone. Maybe they will actually have second thoughts about what personal data they enter on their phone and when and where and who it may be sent to.
Same as with emails telling you to buy gift cards at the gas station. Should the clerk tell people to come back tomorrow if they want to buy a gift card, just in case they are being "guided" by a Nigerian prince scammer?
> I'm fine with an opt-in lock-down feature
Me too, but it's really just some UI semantics whether this is 'opt-in' or 'opt-out'. Essentially it would be an option to set up the phone in "developer mode".
With billions of Android users, there's only millions of people who need or really want this. So like 1%. My point is stop thinking about your mom's windows box and consider the scale.
Yes, sad, but works.
People will learn about scams, but scammers are unfortunately a few steps ahead. (Lots of scammers, good techniques spread faster among them than among the general public.)
Essential means to get fucking lost and let me do with the hardware I paid for whatever I want.
These are general purpose computing devices. It's sure taking a long time, but Cory Doctorow's talk on the war on general purpose computing is sure starting to become a depressing reality: https://www.youtube.com/watch?v=HUEvRyemKSg
I'm not the only one who has noticed: https://www.reddit.com/r/windows/s/6y39VNaLUh
Even if you are a bank or whatever, you shouldn't store global secrets on the app itself, obfuscated or not. And once you have good engineering practices to not store global secrets (user specific secrets is ok), then there is no reason why the source code couldn't be public.
Tongue-in-cheek example, just to get the point across: instead of calling it Developer Mode, call it "Scam mode (dangerous)". Require pressing a button that says "Someone might be scamming me right now." Then require the user to type (not paste) in a long sentence like "STOP! DO NOT CONTINUE IF SOMEONE IS TELLING YOU TO DO THIS! THIS IS A SCAM!"... you get the idea. Maybe ask them to type in some Linux command with special symbols to find the contents of some file with a random name. Then require a reboot for good measure and maybe require typing in another bit of text like "If a stranger told me to do this, it's a scam." Basically, make it as ridiculous and obnoxious as possible so that the message gets across loud and clear to anybody who doesn't know what they're doing.
The problem with this line of reasoning is that it proves too much, which really gets to the heart of the issue.
If people are willing to be led to the slaughterhouse in a blindfold then it's not just installing third party code which is a problem. You can't allow them to use the official bank app on an approved device to transfer money because a scammer could convince them to do it (and then string them along until the dispute window is closed). You can't allow them to read their own email or SMS or they'll give the scammer the code. If the user is willing to follow malicious instructions then the attacker doesn't need the device to be running malicious code. Those users can't be saved by the thing that purportedly exists only to save them.
Whereas if you can expect them to think for two seconds before doing something, what's wrong with letting them make their own choices about what to install?
This isn't actually that obvious, for a number of reasons.
The first is that it causes there to be more sheep. If you add friction to running your own software then fewer people start learning about it to begin with. Cynical cliches about the government wanting a stupid population aside, as a matter of policy that's bad. You don't want a default that erodes the inherent defenses of people to being victimized and forces them to rely on a corporate bureaucracy that doesn't always work. And it's not just bad because it makes people easier to scam. You don't want to be eroding your industrial base of nerds. They tend to be pretty important if you ever want anything new to be invented, or have to fight a war, or even just want to continue building bridges that don't fall down and planes that don't fall out of the sky.
Another major one is that it's massively anti-competitive. If the incumbents get a veto, guess what they're going to veto. This is, of course, the thing the incumbents are using the scams as an excuse to do on purpose. But destroying competition is also bad, even for sheep. Nobody benefits from an oligopoly except the incumbents.
And it's not just competition between platforms. Think about how "scratch that itch" apps get created: Some nerd writes the app and it has only one feature and is full of bugs, but they post it on the internet for other people to try. If trying it is easy, other people do, and then they get bug reports, other people contribute code, etc. Eventually it gets good enough that everyone, including the sheep, will want to use it, and by that point it might even be in the big app store. But if trying it is hard when it's still a pile of bugs and the original author isn't sure anybody else even wants to use it, then nobody else tries it and it never gets developed to the point that ordinary people can use it.
So maybe the scam we should most be worried about here is the one where scams are used as an excuse to justify making it hard for people to try new apps and competing app stores, and deal with the other scams in a different way. Like putting the people who commit fraud in prison.
No. This assumption is the core fault with the entire line of reasoning. The typical sheep will not do arbitrary things for a stranger such as sending you his entire bank account because you told him he needed to pay an IRS penalty in crypto to avoid being picked up by the state police who are already en route in 15 minutes.
It's a continuum. The question is how much of the low end needs to be protected by the system.
Binning into discreet blocks to match your example, the question is where to place the dividers between the three categories - nerd, sheep, and incompetent. We don't care to accommodate the third.
Maybe 10-20%, generously. The people who are falling for it under current protections clearly are not reading anything they're looking at or thinking about security at all, they've fallen for social engineering scams and sincerely believe they're at imminent risk of being arrested by the FBI or that their adult child is about to be killed. They're in fight or flight mode already, not critical thinking and careful deliberation mode.
If you were to rank everyone by gullibility, these people would largely be clustered in the top 1-2% of most gullible people. There is very little you can do to protect these people, realistically.
That actually sounds like an argument is favor of this restriction. If someone is in a position of deep trust with the scammer then waiting a day is nothing. But if they're in a panic, not thinking things through or calling anyone for advice, that state probably won't last 24 hours.
What I would challenge you to consider is this: where do we draw the "good enough" line, where we finally stop sacrificing freedom over the devices we purchased under terms that originally included freedom, control, and ownership at the altar of protecting the vulnerable?
Do scam victims need to be 0.1% of all Android users? 0.01%? 0.0001%? Should this extend to computers too - should local admin become completely unavailable to all Windows users? Should root become unavailable to all Mac users? To all Linux users? Should you be allowed to own technology at all, or merely rent it as a managed service, to protect those who cannot be trusted to own devices without getting scammed?
> What I would challenge you to consider is this: where do we draw the "good enough" line, where we finally stop sacrificing freedom over the devices we purchased under terms that originally included freedom, control, and ownership at the altar of protecting the vulnerable?
There's nothing to challenge here. The method I proposed keeps you fully in control and owning your device. Anybody can follow that process if they want. It's not like I said each person has to get approval from Google before enabling developer mode on their phone.
> Do scam victims need to be 0.1% of all Android users? 0.01%? 0.0001%?
This is not some kind of paradox like you're making it out to be. A very reasonable starting point would be "get this scam rate down to match {that of another less-common scam}". Iterate until/unless new data comes along suggesting otherwise.
> Should this extend to computers too - should local admin become completely unavailable to all Windows users? Should root become unavailable to all Mac users? To all Linux users?
"Too"?! Where did I ever suggest root should be "completely unavailable" to all Android users?
> Should you be allowed to own technology at all, or merely rent it as a managed service, to protect those who cannot be trusted to own devices without getting scammed?
Where did I suggest any of this?
There are just as many scam apps in play store and this system does nothing to help with those.
Why destroy the ecosystem that gives you the freedom to shoot yourself in the foot?
Turning Android into another walled garden removes user choice from the equation.
Then Google can do whatever they want with their OS and I can do what I need with mine. You might actually get phone OS competition. This is what the walled garden is actually meant to prevent.
Done.
...which clearly companies don't want, because complacent mindless idiots are easier to brainwash, control, and milk.
How did they manage to survive as the grandma-account-draining brand for over 15 years, though? They're still the market leader.
One of the best arguing tactics the pro-control side has come up with is "The way it works right now is JUST not good enough". And then you don't need to argue any further or substantiate that. You just force your opponent into coming up with new measures because obviously right now we have an emergency that must be dealt with immediately. So far, this reasoning has worked for program install restrictions, de-anonymizing internet users, all sorts of other random attestation and verification measures, and it will be used for so much more.
My question to all that is - what has happened NOW that changed the situation from how it was just a couple years back?. Google hasn't been sitting idle for all these years, they've been adding measures to Android to detect malicious software and prevent app installs by clueless users - measures that were striking a balance between safety and freedom. Why is everything safety-related in the last few years suddenly an emergency that must be rectified by our corporate overlords immediately and in the most radical ways? How did we even survive the 2010s if people are less secure and more prone to being scammed with the new restrictions right now than they were back then?
I'm not saying there's not an issue, but without hard stats, these issues will always be magnified by companies as much as possible as the wedge to put in measures that benefit them in ways other than the good-natured safeguarding of the consumer. In an open society, there's always a point where you balance the ability to act freely with ensuring that the worst actors can't prosper in the environment. Only one of these things is bad, but you can't have both. You need a middle ground.
15 years ago ransomware effectively didn't exist and virtually nobody's grandparents did their banking on their phones.
So, 2020 or 2023 or so. Plenty of ransomware, plenty of phone banking. What changed since then?
They're an amoral monopolistic megacorp that should have been broken up a year ago.
They are performing the ritual of maximalist offensive position -> half-hearted walk back to a worse status quo.
Is the problem they claim to want to solve real? Maybe. I haven't seen a convincing breakdown that doesn't lump a lot of unrelated fraud in the unvetted APK bucket.
That's beside the point though. No one should applaud this utterly predictable and disgusting behavior.
I don't accept it when Unity does it. I don't accept it when Hasbro does it. I won't accept it here either.
What a ridiculous strawman. I outlined a specific issue with what they introduced. To make it even more clear - the new flow Google created would work just the same with just the 24 hour delay, but the way how they introduced the "For how long should you be able to install apps?" question comes out of left field and suddenly makes you think about timing. Why would they ask you that? After all, you jumped through a sufficient number of hoops for Google, they probably estimated that anyone who has gone that far out of their way should know what they're doing. So why ask a developer or power user about the duration when this feature works? The very unsubtle hint here is that the question is asked because soon enough, 'Forever' will not be an option anymore. It's a very common tactic - restrictions start light, and then are ratcheted up into a nagging reminder that works to dissuade everyone but the most dedicated.
> You understand there's a real goal being pursued here, right? Suppose Google is dealing in good faith.
I do. But why are you so implicitly adamant that the only goals here are good, noble, moral goals? Google will do everything in its interests, regardless of how good or bad it is for people. Decreasing the vectors of attack on their platform is profitable for them, and it also coincides with the public interest of not getting hacked. But ensuring that other brands, OEMs or developers can't interfere with them building an app distribution monopoly is also good for them. Being the sole arbiters of what goes on the devices that have now become mandatory for participating in society is extremely good for them. Do you think they're only pursuing the first one of the three?
> How should they solve it differently?
You're not going to like the answer, but there's no clean, perfect solution that balances everyone's interests. Companies are pushing the safety angle in pursuit of the three interests I listed above. You can see just how much it ramped up in the last few years, even though we've been living under this status quo for decades. But it's not as simple as turning devices into grandma-phones with approved functionality only, because both extremes have big drawbacks. If you have 90s-style insecure fully-privileged computing for everyone, that's a path towards extremely unsafe and vulnerable systems, worked on by people who don't know what they're doing. If you have full lock-down, you're awarding current market leaders with an endless reign of power by insulating them from competition and giving them more control over users. The way we were doing things before this crackdown was striking a good balance of keeping most grandmas out while not choking the abilities of the hobbyists or third-party app distributors too much. If you want an alternative, an ADB flag that you have to change once through a command prompt would've been good too.
Ruining Android for everyone to try to maybe help some rather technologically-hopeless groups of people is the wrong solution. It's unsustainable in the long run. Also, the last thing this world needs right now is even more centralization of power. Especially around yet another US company.
People who are unwilling to figure out the risks just should not use smartphones and the internet. They should not use internet banking. They should probably not have a bank account at all and just stick to cash. And the society should be able to accommodate such people — which is not that hard, really. Just roll back some of the so-called innovations that happened over the last 15 years. Whether someone uses technology, and how much they do, should be a choice, not a burden.
Sounds great in theory, but just today I was reminded how impossible this is when walking back from lunch, I noticed all the parking meters covered with a hood, labelled with instructions on how to pay with the app.
https://www.cbc.ca/news/canada/saskatchewan/city-of-regina-r...
EDIT: I guess "just" is doing some heavy-lifting, so I won't argue this further, but "impossible" isn't the word I would use either. The city could revert this decision, definitely if enough people wanted them to (that's... I know, the hardest part). I just agree with the OP that we technically could go back to slightly less-digital society.
Unfortunately, a more accurate way of putting it is: stuff takes cards in lieu of coins. Like, where I live (also EU), ticket machines in buses and trams have gradually been upgraded over the past decade to accept cards, and then to accept only cards.
It's a ratchet. Hidden inflation striking again. Cashless is cheaper to maintain than cash-enabled, so it pretends to be a value-add at first, but quickly displaces the more expensive option. Same with apps, which again, are cheaper to maintain than actual payment-safe hardware.
It's near impossible to reverse this, because to do that, you have to successfully argue for increasing costs - especially that inflation quickly eats all the savings from the original change, so you'd be essentially arguing to make things more expensive than the baseline.
So at least from that angle I see it as an easy “government is actually trying to be more efficient” argument.
As a user cash is a pain in the ass. I have to count it out, keep it in my pockets, etc. So much easier to just tap my phone or my card. But yeah that’s a tradeoff in the classic “You’re trading X for convenience”.
Combined with the fact almost no one uses cash in Australia.
because I doubt anyone who spends cash regularly is holding much of it long enough to lose value to the digital ones in their checking account.
If you need $6 to pay for parking, and the largest commonly available coin is a quarter, that means you need 24 coins to pay. If the value of currency was such that the parking only costed $3, or if dollar coins were more common, you'd need less coins to pay.
It doesn't surprise me that they want to make hardware maintenance your problem.
I'm sure it was sold to the garage as a way to "maximize revenue and unlock operational efficiency". And sure enough, look, the revenue number is up and to the right. Working as designed.
It was a public lot, and the only lot in the town, as far as we could tell.
I don't see the "impossible" in my understanding of the linked article.
Coin-operated meters means someone have to come around checking the meter, collect coins, check the parking tickets. One person can only cover so many devices per day.
Then you have mechanical maintenance, with that comes disputes with "it was broken, it didn't accept the money" and so forth.
I've probably forgotten a number of other related things, but compare the above to digital solution.
Parking app, where the customer pays only for the parked time, no fiddling with money or keeping track of time. The parking attendant checks much quicker by just scanning the license plate while walking the rounds (could be done via car and a mounted camera even).
Analog just costs more, and citizens doesn't want taxes to go to things that are not strictly necessary.
I don't even think this a fair comparison, it's more like keeping the old car just in case or for other family members. But I think I specified enough what I'm arguing already, yes this is unlikely, just not impossible.
And cashless is the default.
For example, I read that Switzerland voted to guarantee the use of physical cash, even enshrining it in the constitution, which clearly points toward preserving older infrastructure. However, if you have cash but no one accepts it, it becomes useless. So it would probably require more—something like requiring businesses and the government to accept that form of payment.
As many things in life, not impossible: but is society willing to pay for that?
Or by phone.
It is promising that Google has avoided just turning off sideloading but still put measures in place to protect people.
This stops nothing of the sort.
Yes, banks should (and sometimes do) double- and triple-check with you before allowing large transfers/withdrawals, but scammers know how to coach their victims past this. Speaking from experience.
(I also don't fully agree this is Google's responsibility, and I am not happy about this development. But there are legitimate points in favor of outsourcing the question of "will this software do nefarious things" to some kind of trusted signing authority.)
how would the clueless victim check anyway?
There are more grandmas who just want their banking secure than there are FOSS advocates wanting full system access.
From who? I'd rather have this done by a regulated service like a bank than a private corporation with a perverse incentive. Frauds and scams are already illegal.
That't the similar narrative to "think of the children". They want to act as this middleman and secure their place, all while having unfettered access to people's data.
...and...
some people are gullible enough to go into a hidden setting on their phone and enable that in order to install an app from a random Chinese website
are kind of contradictory.
And, you don't need an app, I would imagine most scamming is done without an app.
So, really, we're solving a subset of a subset of a subset of a subset of the problem.
https://en.wikipedia.org/wiki/Trusted_Computing#Criticism
The most effective means of hacking is social engineering. You can't solve that with any number of "security measures". If you require all the DNA sources in the world, a scammer will still charm a target into opening it up for them.
This isn't about how skilled a person is, it is about tackling social engineering. The article gave the example of someone posing as a relative, it could also be a blackmail scheme, but it could also be the carefully planned takeover of a respected open source project (ahem, xz).
What I am saying is this sort of crime affect anyone. We simply see more of it among the vulnerable because they are the low hanging fruit. Raising the bar will only change who is vulnerable. Society is simply too invested in technology to dissuade criminals. Which is why I don't think this will work, and why I think going nuclear on truly independent developers is going to do more damage than good.
One way to look at it: there are many open source projects targeting Android, projects that gain some sense of legitimacy over being open source yet have few (if any) eyes vetting them. Or, perhaps, the project is legitimate but people are getting third-party builds. That is what F-Droid does. That is what the developer of a third-party ROM does. It would not require the resources of a nation state to compromise them. I am not trying to cast a shadow on open source projects or F-Droid here. I am simply using them as an example because I use said software and am familiar with that ecosystem. The same goes for any software obtained outside of the Play Store, and it's likely worse since there is no transparency in those cases. Heck, the same goes for software obtained through the Play Store (but we're probably talking about nation state resources on that front).
Another way to look at it: we are only considering a specific avenue for exploitation here. If you close it off, the criminals will look for others. I would be surprised if they weren't looking for ways to bypass Google's checks. I would be surprised if they weren't looking for weaknesses in popular apps. Then there is social engineering. While convincing someone to install software is likely desirable, it certainly isn't the only approach.
Either way, I don't think Google's approach is solving the problem and I think it is going to do a huge amount of damage. Let's face it: major corporations aren't a paragon of goodness, yet Google's shift is handing them the market.
Ha ha ha, "resources of a nation state"! One could run phishing campaigns at scale over many years without breaking the bank. This was true before LLMs, it's probably even cheaper now.
And yet, people on HN respond to bots all the time.
Should we ever suffer a significant loss of customer identity data and/or funds, that risk was considered an existential threat for our customers and our institution.
I'm not coming to Google's defense, but fraud is a big, heavy, violent force in critical infrastructure.
And our phones are a compelling surface area for attacks and identity thefts.
Then also allow the kernel to run linux as a process, and run whatever you like there, however you want.
Its technically possible at the device level. The hard part seems to be UX. Do you show trusted and untrusted apps alongside one another? How do you teach users the difference?
My piano teacher was recently scammed. The attackers took all the money in her bank account. As far as I could tell, they did it by convincing her to install some android app on her phone and then grant that app accessibility permissions. That let the app remotely control other apps. They they simply swapped over to her banking app and transferred all the money out. Its tricky, because obviously we want 3rd party accessibility applications. But if those permissions allow applications to escape their sandbox, and its trouble.
(She contacted the bank and the police, and they managed to reverse the transactions and get her her money back. But she was a mess for a few days.)
And this almost certainly means that the bank took a fraud-related monetary loss, because the regulatory framework that governs banks makes it difficult for them to refuse to return their customer's money on the grounds that it was actually your piano teacher's fault for being stupid with her bank app on her smartphone (also, even if it were legal to do so, doing this regularly would create a lot of bad press for the bank). And they're unlikely to recover the losses from the actual scammers.
Fraud losses are something that banks track internally and attempt to minimize when possible and when it doesn't trade-off against other goals they have, such as maintaining regulatory compliance or costing more money than the fraud does. This means that banks - really, any regulated financial institution at all that has a smartphone app - have a financial incentive to encourage Apple and Google to build functionality into their mass-market smartphone OSs that locks them down and makes it harder for attackers to scam ordinary, unsophisticated customers in this way. They have zero incentive to lobby to make smartphone platforms more open. And there's a lot more technically-unsophisticated users like your piano teacher than there are free-software-enthusiasts who care about their smartphone OS provider not locking down the OS.
I think this is a bad thing, but then I'm personally a free-software-enthusiast, not a technically-unsophisticated smartphone user.
In which country? This happened in Australia. The rules are almost certainly different from the US.
This won't work. It's turtles all the way down and it will just end up back where we are now.
More software will demand installation in the sandboxed enclave. Outside the enclave the owner of the device would be able to exert control over the software. The software makers don't want the device owners exerting control of the software (for 'security', or anti-copyright infringement, or preventing advertising avoidance). The end user is the adversary as much as the scammer, if not more.
The problem at the root of this is the "right" some (entitled) developers / companies believe they have to control how end users run "their" software on devices that belongs to the end users. If a developer wants that kind of control of the "experience" the software should run on a computer they own, simply using the end user's device as "dumb terminal".
Those economics aren't as good, though. They'd have to pay for all their compute / storage / bandwidth, versus just using the end user's. So much cheaper to treat other people's devices like they're your own.
It's the same "privatize gains, socialize losses" story that's at the root of so many problems.
It may still be an improvement over the situation now though. At least something like this would let you run arbitrary software on the device. That software just wouldn't have "root", since whatever you run would be running in a separate container from the OS and banking apps and things.
It would also allow 3rd party app stores, since a 3rd party app store app could be a sandboxed application itself, and then it could in turn pass privileges to any applications it launches.
I can run an emulator in the browser my phone and run whatever software I want. The software inside that emulator doesn't get access to cool physical hardware features. It runs at a performance loss. It doesn't have direct network access. Second class software.
SeL4 and similar sandboxing mechanisms run programs at full, native speed. In a scheme like I'm proposing, all software would be sandboxed using the same mechanism, including banking apps and 3rd party software. Everything can run fast and take full advantage of the hardware and all exposed APIs. Apps just can't mess with one another. So random programs can't mess with the banking app.
Some people in this thread have proposed using separate devices for secure computing (eg banking) and "hacking". That's probably the right thing in practice. But you could - at least technically - build a device that let you do both on top of SeL4. Just have different sandboxed contexts for each type of software. (And the root kernel would have to be trusted).
I interpreted your statement "Then also allow the kernel to run linux as a process, and run whatever you like there, however you want." as the Linux process being analogous to a VM. Invoking an emulator wasn't really the right analogy. Sorry about that.
For me it comes down to this:
As long as the root-of-trust in the device is controlled by the device owner the copyright cartels, control-freak developers, companies who profit end users viewing ads, and interests who would create "security" by removing user freedom (to get out of fraud liability) won't be satisfied.
Likewise, if that root-of-trust in the device isn't controlled by the device owner then they're not really the device owner.
But a design like this might please nobody. Apple doesn't want 3rd party app stores. Or really hackers to do anything they don't approve of. And hackers want actual root.
You also have so much grey area where things aren't actual illegal, such as gathering a massive amount of information on adults in the US via third party cookies and ubiquitous third party javascript.
Thats why platforms created in the internet age are much more opinionated on what API they provide to apps, much more stringent on sandboxing, and try to push software installation onto app stores which can restrict apps based on business policy, to go beyond technological and legal limitations.
Did she make it through the non-google play app install flow?
[1] https://en.wikipedia.org/wiki/Transaction_authentication_num... (This is a bit outdated, nowadays it works via QR codes instead of those flickering barcodes but the concept stays the same)
And the website and app of my bank with offices is ... how should I put it ... a bit Kafkaesque.
The obvious thing banks should be doing is putting fucking restrictions on these accounts by default and let people ask for exceptions.
And of course if regulations don't encourage them to pick social-engineering-proof defaults then things won't improve.
That train has left the station decades ago. The internet has become an essential part of modern societies. People can't not use the internet (or smartphones), at least if they don't live in the woods.
we should probably workshop ideas that are within reality.
downvoters are welcome to tell me how they would approach a worlwide review of everything that requires internet and un-internet it. i will wait.
some primer questions to get your brain turning: who organizes and conducts the review? who pays for the review? who pays for the implementations? whats the messaging and how do you convince people to go along with rethinking/re-implementing their entire already-working infrastructure that they have potentially spent millions to billions of dollars on? do you just dissolve all of the internet-only services, and tell the founders to suck it? who enforces it and how?
If a business has more than X employees / does more than X amount of business per year / has more than X physical locations (pick one or more, make up some new criteria, tune to suit the needs of society) it must offer the same capabilities to interact with the business to those without smart phones as those with.
Small businesses wouldn't be radically impacted because they generally aren't "Internet only" anyway. The large business that are impacted have plenty of resources to handle compliance. If anything I'd argue it levels the playing field to an extent.
1) if you make it only applicable to smart phones, i just stop offering an uber smartphone app and now uber is website-only. if you apply it to "internet", as the original poster did, then:
2) companies like uber would be forced to shut down. you can say "cool, if they cant do it, their problem", which is fine, but a dozen of major issues pop up if something like 1/4 of the businesses currently propping up the stock market have to close doors or otherwise invest billions of dollars in phone centers or whatever they need.
it also raises questions about all sorts of businesses. another off the top of my head example: should 1password setup a call center where i can tell the operator what my new hackernews password is? is 1password exempt even if they have hundreds of employees and do millions per year? if yes, we have to come up with a bunch of murky criteria and definitions of what companies are exempt (across every industry, no less). which will, of course, cost a lot of time and money, just to surely be gamed. can we convince tax payers to foot that bill?
(this is also ignoring the approximately 0% chance that some sort of regulation of this sort gets pushed into law, against all of the extremely powerful tech lobbies. we dont even have ubiquitous right-to-repair!)
There won't ever be any consumer protection legislation like I suggested. I know that. It would make things better, but it'll never happen.
Things aren't going to get better for people who don't want to be forced to use new technology. (Eventually it'll be you being forced, too.)
I'm arguing, much in the way some techies bemoan removing malware from their parents' computer as an argument for why we shouldn't be allowed to use our mobile computers for what we want, for businesses to be required to offer ways of interacting to people who don't want to own smartphones. My argument isn't in the interests of powerful lobbies.
My wife and I have been helping her elderly aunt deal with a bank recently. I was shocked at the assumption her aunt would be able to receive SMS, use a smartphone with a camera to do "identity verification", etc. This lady has a flip phone, a land line, and no personal computer. Sure-- she could meet with someone at a branch to help her. Their first available meeting was a month away.
It's not going to get fixed. Nobody with the power to do anything about it cares.
i am 100% with you.
>My wife and I have been helping her elderly aunt deal with a bank recently. I was shocked at the assumption her aunt would be able to receive SMS, use a smartphone with a camera to do "identity verification", etc. This lady has a flip phone, a land line, and no personal computer. Sure-- she could meet with someone at a branch to help her. Their first available meeting was a month away.
i have been there too, and it drives me mental.
i would love to work on realistic ways of addressing it, because it is a real issue. i am not denying that at all. my whole point, in my original comment, was that a plan of "un-internet the world" is, in my opinion, a complete waste of time and energy to seriously work on. the internet is here -- okay, lets figure it out from there. the genie isnt going back into the bottle. so lets spend our energy on ideas that acknowledge that fact, instead of trying to shove the genie back in.
I'm talking more about things that used to work without the internet for decades just fine but suddenly started requiring the use of the internet. Banks, government agencies, parking, event tickets, etc.
I've had multiple venues just straight-up tell me "no app, no entry" when I've contacted them pushing-back on installing Ticketmaster's drek.
For one I was able to play "confused old man" and get printed tickets, at least.
For another I just gave up, swallowed my morals, and loaded their app on my wife's iPhone.
There was one that I just didn't buy tickets for. The performer didn't really need my support, and I wasn't super broken up to not see them, but they lost a sale because of the stupid app requirement.
how are you determining which businesses are affected? would you apply these regulations to entire industries (e.g. the entire finance industry) or would each business have to be reviewed independently?
if we run with the finance/bank example, what do you do about online-only banks (e.g. WealthSimple)? should they be forced to shut down?
(keeping in mind that this regulation applies to all industries, so the above example of closing all physical operations because the regulations make it more profitable to now be online-only, so that the regulations dont apply, repeats in all industries)
It will be easier to comply for other industries. From my initial example, for event tickets, they wouldn't care much whether they scan a screen or a piece of paper when you enter, and they could let already-existing box offices sell the tickets. For government agencies, those already have offices, so nothing changes. For parking, just bring back the kiosks.
Then can do standard formulas like, will operations continue if the power is out, internet, smart phones, running water, phone lines, payment processing, etc, how long will service be down 1-3 days, weeks, months etc
If your store can't immediately switch to cash apply some modest tax increase. If people can't buy food for more than a week the extra tax is high. You might want to buy gas lamps and a "home" battery.
i am saying that you cant do a worldwide systematic review of everything that relies on the internet, and un-internet it.
if you have a realistic approach to doing so, i will eat my shoe.
your idea is not the One Good Idea that everyone must subscribe to or else they must shrug and give up.
but, lets hear it. what specifically is involved in "pushing for it"?
Some organization like the EFF could campaign for something like this.
Making algorithmic social media unappealing could help too.
But this is the wrong take. I expect to go to a restaurant and not die from the food… and I want nothing to do with the inner workings of the kitchen. I just want to know any restaurant I go into will be safe. Society has made restaurants safe, either because of government pressure or it’s good for business.
How is that not a fair ask for technology, too? We all have things we know well, and then there’s reasons we’re alive that we don’t even know exist because someone took care of it.
It’s unreasonable to only allow people to participate in society once they understand every nuance.
Now imagine that every restaurant in your city is owned by one of two megacorporations and they really don't want you to have a microwave at home, let alone a stove. They expect that you will get all your food from them. This is where it's going with apps right now.
I think it's fine to give people an easy mode. Not everyone cares about cooking (or tech). I just wish companies weren't trying to take the advanced features from the rest of us who do care.
I'd imagine someone who is passionate about cooking wouldn't be delighted if you cloudn't buy any ingredients in a store.
I see the value in precooked food and black-box working technology. But for me myself, as an enthusiast: I like being able to tinker and control my technology.
And I expect to buy food without that food being sanctioned by a huge, monopolistic company. Especially if said company has shown itself to be completely subservient to an overbearing, increasingly fascist government.
Are they really though? does the average person really care about side loading? I think we are in an echo chamber. I can't picture any of the people in my life installing things from outside of an app store on their phone. However I realize that's purely anecdotal, it would be nice to see actual statistics on this to have a more informed decision.
Some of them will even be frightened by the question because they consider their devices scary and dangerous enough already.
But it will affect them all the same.
Even Fortnite gave up on direct installs. If one of most popular game in the world can't make it, who can?
So yes, hundreds of millions of people care about this.
Normies in sanctioned countries install banking apps by "sideloading" APK's downloaded from an official site. They all know exactly what "sideloading" is and why Google is banning it.
> They all know [...] why Google is banning it.
Do they? I don't think most "normies" would come to the same conclusion you have. By definition, a "normie" seems much more likely to trust that this is being done for security rather than persecution. Especially when they learn that Americans can't easily sideload bank apps either.
Absolutely 100 percent.
> a "normie" seems much more likely to trust that this is being done for security rather than persecution
When USGov sanctions a NormieBank in a sanctioned country and its apps disappear from the Play Store and then Google announces that APK's cannot be installed anymore then even the dumbest sheeple can put two and two together.
Also, this isn't a Google issue, this is a USGov issue.
What is Google to do when people in suits ask why they provide a sanctions avoidance technology with a scary name like "sideloading"? (Sounds like something that terrorists and Iranians do, tbh.)
"Ruining Android for everyone" ("to try to maybe help some") does not mean, "Android is now ruined for X, for all X." It means, perhaps confusingly, pretty much the opposite.
It means: "There exists some X for which Android is now ruined (because Google is trying to protect Y, for all Y)." (Yes, really. The way the other person phrased it is the right way way to phrase it—or, at least, it's a valid way to phrase it.)
This is about Google wanting more control over their ecosystem.
People who aren't technically sophisticated should choose the smartphone ecosystem that was designed to offer the safety of a walled garden from the start.
Google sold Android as the ecosystem that gave users the freedom to do anything they like, including shooting themselves in the foot.
Google should not be allowed to fraudulently go back on their promise now that they have driven the other open ecosystems out of the marketplace.
Just yesterday I discovered that my grandmother had been receiving calls from "Google business support" on her iPhone. The fact that they can't get her to sideload some app doesn't seem to stop them.
How do you plan to decide who gets to use internet banking and who doesn't? That doesn't seem like a good road to be going down, either.
Apple's argument for locking down the iPhone but not the Mac has always been some variation of "Mac users are professionals and iPhones are for everyone." Fine! Where can I buy the unrestricted iPhone? As far as I'm concerned, basically every problem could be solved if Apple would put the Security Research Device on an unlisted page of their online store for the general public. Normies won't buy it, and I will.
What guarantees your banking app is the right one? A PNG and an app name with no security whatsoever.
Typosquatting would like to have a word with you.
That means the people who say "I can evaluate the intricacies and impacts of software authorization" have significantly fewer speciality devices to pick from, and those devices may not be worth developers (or regulators) making carve-outs to support.
We haven't started watering crops with salt-water but it's only a matter of time.
https://www.scientificamerican.com/article/as-israel-floods-...
Not saying that this is right on principle.
But also a tiny percentage of the whole.
The problem is that most apps target only those two, and the second is trying to moron-proof, loosing most of it value to part of its users, while the apps are still locked in.
Even if they're the majority?
(Keep in mind that as average lifespan keeps getting longer while birth rates keep going lower, demographics will tend to skew older and older. Already happened in Japan; other developed countries will catch up soon.)
> They should probably not have a bank account at all and just stick to cash.
You know that these (mostly) don't fall into this category of being "hopeless with [modern] technology" because they're cognitively impaired, right?
Mostly, the people who most benefit by these protections, are just people 1. with full lives, who 2. are old enough that when they were first introduced to these kinds of technologies, it came at a time in their life when they already had too much to do and too many other things to think/care about, to have any time left over for adapting their thinking to a "new way of doing things."
This group of people still fully understands, and can make fluent use of, all the older technologies "from back in their day" that they did absorb and adapt to earlier in their lives, back when they had the time/motivation to do so. They can use a bank account; they can make phone calls and understand voicemail; they can print and fax and probably even email things. They can, just barely, use messaging apps. But truly modern inventions like "social media' confound them.
Old bigcorps with low churn rates are literally chock-full of this type of person, because they've worked there since they were young. That's why these companies themselves can sometimes come off as "out of touch", both in their communications and in their decision-making. But those companies don't often collapse from mismanagement. Things still get done just fine. Just using slower, older processes.
Given how this is going, I'd not be surprised if anti-semitism comes roaring back by the end of the decade.
The problem isnt with technology. The problem is with physical ownership versus copyright/trademark/patent ownership in abeyance of physical ownership.
I go to a store and buy a device. I have a receipt showing a legal and good sale. This device isnt mine, even if a receipt says so.
The software (and now theres ALWAYS software) isnt mine and can never be mine. My ownership is degraded because a company can claim that I didn't buy a copy of software, or that its only licensed, or they retain control remotely.
And the situation is even worse if the company claims its a "digital restriction", ala DMCA. Then even my 1st amendment speech rights are abrogated AND my ownership rights are ignored.
It would not be hard to right this sinking ship.
We need to move back to putting users back into full control. Machines (including computers) should ALWAYS respect the input of the user, even if the user is wrong.
If a person shoots themself with a gun as a result of their incompetence, we don't fault the gun manufacturer for not designing the gun to prevent auto-execution. If you can't operate a firearm safely, you shouldn't attempt to operate a firearm.
Similarly, if a person deliberately points their car a solid object and accelerates into it, the actions of the operator shouldn't be the car manufacturer's responsibility. We need to get rid of ESC, ABS, AEB, etc. These features have created a whole slew of drivers who speed headfirst into the back of stationary drivers and expect their car to stop itself. This works right up until a sensor fails and the operator flies through the windshield (usually people like this don't wear seat-belts). If you can't drive, you shouldn't be driving until you rectify your incompetence.
Similarly, phones and computers should respect user input. If a users wants root access to their personal device, they should be able to get root access. If a user runs "rm -rf --no-preserve-root /" as root, the device should oblige and delete everything, since that is what the operator instructed it to do. If you can't be trusted to use a computer, you shouldn't be using a computer until you rectify your incompetence.
The lack of accountability in modern society is disgusting, and it leads to much deeper societal problems when people refuse to better themselves and instead expect the world to shield them from their willful ignorance.
That is unreasonable. ABS, ESC, and AEB all exist to interpret what the driver intends. The driver does not intend for their wheels to lock up, that's why ABS exists, nor does the driver intend to skid. You can argue that AEB does not reflect the will of the driver, but it can also be disabled.
So long as the 5g chips and the 2 mobile app stores remain under control, then 5 eyes has nearly full coverage.
Nobody is forcing you to use a smartphone. If your work needs you to use some app, they’ll buy you a phone if they respect you.
If you’re so upset just stop using it. But you won’t.
Consider an older technology that became fundamental to much of daily life a century or two ago: writing. After a few millennia where literacy was a specialized skill, we pretty quickly transitioned to a society where it was essential for common activities. Rather than make sure everything had pictures and such to accommodate the illiterate, we tried to make it so that the entire population is literate, and came pretty close to succeeding. There are people who just outright can't read for whatever reason, but they're a very small minority and we aim to accommodate them by giving them assistance so they can get by in a literate world, rather than changing the world so you don't need to be able to read to live a normal life.
Rather than saying that half the population (a low estimate, I believe, for how many people will fall prey to malware in an anything-goes world) should abandon this technology, we should work to make it so they don't have to, with some combination of education and technological measures.
Those groups of people are Google's paying customers. Google will, of course, defer to the ones who need more help to be safe online over the ones who don't. That's how you create a safe ecosystem.
Pretty much illegal in some parts of EU
Also how is it related to the EU if it only affects certain places? Could have just said certain places in Europe
There are upcoming limits for cash transactions (10K, countries can opt to go lower), and strong requirements for identity verification at 3K or more euros in cash.
See: https://www.deloittelegal.de/dl/en/services/legal/perspectiv...
EDIT: The other side of the coin is that banks are _required_ to give legal residents of a country a basic account that can be used for payments.
You also cannot get a tax refund or pay taxes without a bank account.
-have a steady contract -are paid more than 1000€ for a job (say you are self-employed).
Not if you want to make a purchase beyond a small amount, like $500 or $1000. Then it has to be through some fucking bank or CC.
You "may" but maybe you "cannot".
People frequently talk about this with respect to AI and ads and how it’s bad for people to be use these things. I recommend we disallow the internet entirely for classes of people whose minds are not ready for the downsides of the tech.
With your Adderall prescription should come a phone number to sign up to the government proctoring service.
Google doesn't give one single shit if users download malware from the Play Store, but hypothetical malware from third party sources is so much worse that we need to ruin the whole OS? That doesn't pass the sniff test.
Google wants to make sure you can only download malware from developers who give google a cut. They want to control the OS and remove user choice. That's all it is. That's what it's always been about.
"Protecting users" is a pretense and nothing more. Google does not care at all about user safety. They aren't even capable of caring at this point. There are far, far cheaper and more effective ways to actually protect users, and google isn't doing any of them.
Of course it might be that they want more control. In addition to controlling the world's most popular web browser and the world's most popular search engine and the world's most popular online advertising network and the world's most popular online video service.
While signing is useful, leaving no escape hatch imo is blatantly predatory
As someone that was going to switch from iPhone to Android/Pixel later this year, at least now I know not to bother anymore, as the locking down of Android won't stop here.
That's ridiculous. Phones are being made more and more of a requirement to participate in society, including by governments.
The latter is what's ridiculous, not what the parent suggests.
It's selfish to advocate against better protections for the least able people in the world just for our own convenience.
- Must enable developer mode -- some apps (e.g., banking apps) will refuse to operate and such when developer mode is on, and so if you depend on such apps, I guess you just can't sideload?
- One-day (day!!!) waiting period to activate (one-time) -- the vast majority of people who need to sideload something will probably not be willing to wait a day, and will thus just not sideload unless they really have no choice for what they need. This kills the pathway for new users to sideload apps that have similar functionality to those on the Play Store.
The rest -- restarting, confirming you aren't being coached, and per-install warnings -- would be just as effective alone to "protect users," but with those prior two points, it's clear that this is just simply intended to make sideloading so inconvenient that many won't bother or can't (dev mode req.).
Hi, I'm the community engagement manager @ Android. It's my understanding that you don't have to keep developer options enabled after you enable the advanced flow. Once you make the change on your device, it's enabled.
If you turn off developer options, then to turn off the advanced flow, you would first have to turn developer options back on.
>- One-day (day!!!) waiting period to activate (one-time) -- the vast majority of people who need to sideload something will probably not be willing to wait a day, and will thus just not sideload unless they really have no choice for what they need.
ADB installs are not impacted by the waiting period, so that is an option if you need to install certain unregistered applications immediately.
Allow a toggle with no waiting period during initial device setup. The user is almost certainly not being guided by a scammer when they're first setting up their device, so this addresses the concern Google claims is driving the verification requirement. I'll be pretty angry if I have to wait a day to install F-Droid and finish setting up a new phone.
Evil, for the record would mean blocking developers of things that do not act against the user's wishes, but might offend governments or interfere with Google's business model, like the article's example of an alternative YouTube client that bypasses Google’s ads. Youtube is within its rights to try to block such clients, but preventing my device from installing them when that's what I want to do is itself a malicious act.
I like this idea in principle but I think it could become a workaround that the same malicious entities would be willing to exploit, by just coercing their victims to "reset" their phones to access that toggle.
I'm sure there's a hypothetical scenario where someone successfully runs a scam that way, but there's also a hypothetical scenario where a 24 hour wait doesn't succeed at interrupting the scam.
Ok, but why is this advertised to applications in the first place? It's quite literally none of their business that developer options are enabled and it's a constant source of pain when some government / banking apps think they're being more "secure" by disallowing this.
Someone is just going to make a nice GUI application for sideloading apks with a single drag-and-drop, so if your idea is that ADB is a way to ensure only "users who know what they're doing" are gonna sideload, you've done nothing. This is all security theatre.
Not applying the policy to adb installs makes a lot more sense if the people this is trying to protect don't have a computer
This just adds the step of "download Cool ABD Installer from the play store" to the set of directions I would think.
Reconsider.
I’m not convinced this is really to protect users from being hurt by scammers, it is really about protecting the users from doing what hurts your company interests.
I still feel, though, that having to go ahead and proclaim “I am a developer!” just to enable sideloading is a bit much, as almost certainly the vast majority of sideloaders aren’t developers. Nonetheless, it does keep sideloading as an option, and I do see why, from Google’s perspective, using the already-existing developer mode to gate the feature would be convenient in the short term. Perhaps the announcement should specify this -- I suspect a number of people who read it also noticed the lack of that clarification.
And yes, good point on ADB. That does make this less inconvenient for developers or power users, though doesn’t help non-developers very much.
This is hot garbage. Eliminating third party app stores like F-Droid defeats the whole purpose many of us even bother running Android instead of locked down Apple stuff.
It says something about 'restart your phone and reauthenticate' that's why I'm asking. What do you autenticate?
> ADB installs are not impacted by the waiting period, so that is an option if you need to install certain unregistered applications immediately.
Um yeah but then do I have to install every update via adb? I want to just use F-Droid.
You're authenticating that you're the device owner (via your device's saved biometrics or PIN/pattern/password).
>Um yeah but then do I have to install every update via adb? I want to just use F-Droid.
No, once you go through the advanced flow and choose the option to allow installing unregistered apps indefinitely, you can both install and update unregistered apps without going through the flow again (or using ADB).
On a scale from "not worried" to "let them eat shit", how is the product team thinking about the breakage you'll get from people moving off platform?
What apps are those? I've yet to run into any of my banking apps that refuse to run with developer mode enabled. I've seen a few that do that for rooted phones but that's a different story. I've been running android for a decade and a half now with developer mode turned on basically the whole time and never had an app refuse to load because of it.
The amount of control we've given corporations over our computers is incredibly disappointing.
Something like Github's approach of forcing users to type the name of the repo they wish to delete would seem to be more than sufficient to protect technically disinclined users while still allowing technically aware users to do what they please with their own device.
Scammers aren't going to wait on the phone for a day with your elderly parent.
"Okay, come back to me in a few hours and we'll continue"
Remember, these are already people who took the time to respond. They are invested.
"Google will call you again tomorrow to get you your refund."
There, we've successfully circumvented all of Google's security engineering on this "feature."
https://youtu.be/YIR-nJv_-VA?t=121
They don't mind being patient when they have dozens of other victims in the wait queue.
tl;dr of this post is that Google wants to lock down Android and be its gatekeeper. Every other point of discussion is just a distraction.
Scammers will definitely call back the next day to continue. But it is quite possible that by then the victim has realized, or talked to someone who helped them realize that they are being scammed.
She went to a bank to transfer the scammer money. They told her no. She came back the next day. The police got involved and explained everything to her. Then she came back the next day. After that, she apparently found another location which let her transfer the money.
There's basically zero chance a 24 hour (or any amount of a) cool off period will help these people.
Like, I'm sure there's a small amount of people who normally wouldn't get scammed but fall for it in a panic. But, is that really such a big concern for Google that they absolutely must continue stripping user freedoms from us? Is the current 30s popup which needs 3 confirmations not enough? Will the new one really work?
Whether the feature is beneficial overall is a different story. But helping some people is great even if it doesn't help everyone.
It's kind of funny, but I very much agree with this. It's just in this case, it's hurting everyone (in ways most don't even realize) so that you can help a few people.
It's like putting everyone in prison, because some people might commit a crime and this would save some victims. A bit of an overreaction, no?
>Whether the feature is beneficial overall is a different story.
It's the entore story in my eyes. Hell paved with good intentions (and I don't even think Google's intentions are good).
So Google's going to add some nonsense abstraction layer and when this fails to curb the problem after a 24 hour wait, it will be extended more maybe a week, and more information must be collected to release it. We all know how this goes.
24 is just so long.
But also, my expectation is that a scammer is going to just automate the flow here anyways. Cool, you hit the "24 hour" wait period, I'll call you back tomorrow, the next day, or the next day and continue the scam process.
It might stop some less sophisticated spammers for a little bit, but I expect that it'll just be a few tweaks to make it work again.
There will be some proportion of people who mention to their spouse/child/friend about how Google called them to fix their phone, and are saved by that waiting period.
The question is, why exactly 24 hours? The argument is that the time limit is set to protect the users and sacrifice usability to do so. So it would be prudent to set the time limit to the shortest amount that will protect the user -> and that shortest amount is apparently 24 hours, which is rather.. suspiciously long and round :)
Unless you want to pick 1 week. But that's a lot more annoying.
Someone who lives in another timezone or works weird hours etc. Our routines generally repeat on 24hour schedules, so likely to be one point of overlap.
They have infinite time and patience.
Isn't that the objective? "Reducing scams" is the same kind of argument as "what about the children"; it's supposed to make you stop thinking about what it means, because the intentions are so good.
And you blame Google for this? First of all, banks chose to make apps work this way, not Google. Moreover, they chose this likely due to scams. That proves scamming on android IS an issue that needs some technical solution.
Why does google allow apps to access this info?
Installing apps manually or through another store app is not "sideloading".
Sideloading is the new jaywalking, a newish word to pretend that a pretty normal action would be in any way illegal, dangerous or harmful.
If you turn off developer options, then to turn off the advanced flow, you would first have to turn developer options back on.
Would apps installed from F-Droid be subject to this process, or would they also be exempt? Could that be a solution that makes everyone happy? Android already tracks which app store an app originates from re: autoupdating.
Also: Can I skip the 24h by changing the my phone's clock?
Well that's if they go through the verification process, which does not seem like a thing they'd want to do - https://f-droid.org/en/2026/02/24/open-letter-opposing-devel...
But there's been some comments that even that wouldn't be possible, every app would have to be verified individually, or be signed by a developer with less than 20 installs.
(Which of course then begs the question: Why not build a version of Fdroid that generates its own signing key and resigns every app on device?)
JFC. Why would an app be allowed to know this? Just another datapoint for fingerprinting.
0: https://developer.android.com/reference/android/provider/Set...
In this case, they don't want users to reverse-engineer their app or look at logs that might inadvertently leak information about how to reverse-engineer their app. It is pointless, I know, but some security consultant has created a checkbox which must be checked at all costs.
This isn't a rhetorical question. There's no big red warning on the developer options screen saying it's dangerous. I haven't heard about real-world attacks leveraging developer settings. I suppose granting USB debug to an infected PC is dangerous, but if you're in that situation, you're already pwned.
Is there a real vulnerability nobody talks about?
Android wants good / regular users to pass things like Play Integrity with the strongest verdicts.
This helps app distributors to separate regular good users from custom clients, API scripting etc that is often used to coordinate scamming, create bots, etc. If an app developer can just toss anyone who doesn't pass Play Integrity checks in the trash, they can increase friction for malicious developers.
It is like mandating that people use rainjackets in the rain to avoid getting cancer.
But this process seems pretty reasonable to me.
I'd like to think it is due in part to the efforts of F-Droid and others.
Waiting a day, once, to disable this protection doesn't seem like a big deal to me. I'd probably do it once when I got a phone and then forget about it.
I happen to have developer mode enabled right now, for no good reason other than I never disabled last time I needed it. Haven't had any issues with any apps.
I actually think these protections could help mitigate scammers.
I disagree with this. Won't somebody who need to sideload something will just try again the next day...
Enable dev mode, sideload the apk, then disable dev mode. I'd argue that it is poor security practice to keep developer mode enabled long-term on a phone that is used for everyday activities, such as banking.
This is smart.
But putting my design hat on here: couldn't this be the whole approach? When enabling the "unverified apps" setting, the phone could terminate all running apps and calls before walking the user through the process.
Why do you even need the rest of the complexity -- if the fear is that non-savvy users are being coached into installing malware,then preventing comms while fiddling with the settings seems pretty OK?
You could even combine this with randomised UI, labels etc. so it's not possible to coach someone in advance about what to press.
At least half of the apps I use on a daily basis come from f-droid. This enforced 24-hour wait is simply not acceptable. Android has always been a far inferior overall user experience compared to iPhone. Android's _only_ saving grace was that I could put my own third-party open-source apps on it. There is nothing left keeping me on Android now.
I'll probably get an iPhone next, but I do sincerely hope this hastens progress on a real "Linux phone" for the rest of us. Plasma Mobile (https://plasma-mobile.org) looks very nice indeed. I'll be more than happy to contribute to development and funding.
I own my device, I choose the software running on it. Create friction points and I will chose another platform to execute my software.
Fuck Google for doing this, and Play Integrity making me unable to use banks is even worse.
FWIW you can buy a Pixel (new or 2nd hand) and install GrapheneOS via the Web https://grapheneos.org/install/web with nothing (genuinely nothing) installed on your computer and get it working in ~15min (depending on your connection to download the ROM) out of which maybe ~2min will be your interacting with the setup process.
I initially bought an /e/OS precisely with your requirement, namely I "just" want a phone that works when I receive it, no tinkering, but having installed GrapheneOS myself few days (or weeks?) ago I can tell you, it's really straightforward.
GrapheneOS has full support for Play Integrity[0].
[0]: https://grapheneos.org/articles/attestation-compatibility-gu...
Also GrapheneOS has in my experience decent banking app support outside of a handful of apps (including, ironically, my main bank which disabled GrapheneOS support a week or two ago). There is a maintained list of working apps that you can see for yourself: https://privsec.dev/posts/android/banking-applications-compa...
Etc
It's not a win by any means. I hope that we don't stop making noise.
It's a a defeat, albeit a minor one. The defeats will escalate until there's nothing left to lose. "Normies" don't care and the tech people who do care are fewer and further between than you'd think.
Yet, they are concerned about this.
It has nothing to do with safety, but everything to do with control.
I remember when Google disabled call recording in Android, so you no longer could record scammers. Thanks to recording I was able to get money back from insurance company that claimed they absolutely didn't sell me this and that over the phone (paid for premium insurance and got basic).
Citation needed. My Pixel 7a with the latest updates has settings for call recording in the phone app. Since I never screwed around with it, I'd assume these are the defaults:
Call recording is turned on, with "asks to record calls" set
Automatically delete recordings is "never"
Automatically record calls with non-contacts is off
No specific numbers to automatically record calls are set
There is also a note that you have to agree to their ToS to use it, and I'd also suggest being careful if you live in a jurisdiction that requires two-party consent for recording.
In any case, I'm of the opinion that if F-Droid goes, I'm basically going to treat this as a feature phone and stay away from third-party apps in general aside from "musts" like banking.
Even before Google's edict I disabled enforced Android updates in case that at Google's demand manufacturers slipstreamed some restrictive code that cannot be later removed. One only has to look at the disastrous precedent with Windows 11 to see how insidious and ever-increasing lock-in works.
Fact is Big Tech cannot be trusted and there's a long lineage to prove it—MS Windows, Sun/OpenOffice and many others—and now Android. To avoid future calamities like this and to ensure survival of F-Droid, et al we urgently need to break Big Tech's nexus with open source independent of Big Tech's control.
I can only hope more manufacturers are prepared to fork Android to cater for the upcoming demand.
I really extremely rarely open the Play Store.
F-Droid is my place to. Even if the tools are simple, they are reliable.
Maybe Google is also scared, that with coding agents some OSS Tools improve that much that commercial alternatives don't matter.
Most of the apps on my phone are installed from F-Droid. I guess the next time I get a new phone I'll have to wait at least 24 hours for it to become useful.
I'm seriously considering Graphene for a next personal device and whatever the cheapest iOS device is for work.
I wanted to be negative about the whole idea, as due to my age I'm resentful of not being allowed to use my own computer as I see fit.
On the other hand, in principle I see what they're going for here. The only decent argument for these user-hostile lockdowns is the malware issue.
Wondering how long the blogpost would be if it explained what the flow for corpoloading applications approved by Google's shareholders would be?
The casual cynicism on this website really is something.
I understand there is some problem trying to be solved here, but honestly this is still quite frustrating for legitimate uses. If this is the direction that computing is moving, I'd really rather there were separate products available for power users/devs that reflected our different usage.
This is ridiculous. Google is trying to dismantle the concept of ownership and personal autonomy. Do not give them any ground.
Do you think there's two groups, and the people that cared simply went with Android and so there was never this outcry about installing free software on iOS, or that this will last only as long as the change still feels recent and like a new restriction?
2) You can use ADB to immediately install unregistered apps. ADB installs are not subject to the waiting period.
I forgot 3) instruct my users how to use ADB from another computer to install my competing app. Awesome.
You'd think regulators should make Google ship a 'Choose my store(s)' screen at setup, but Google thinks the opposite is the case and Google should also be able to control app distribution outside of the Playstore.
4) How can we install apps made by devs who won't do the verification dance with Google?
Thus, you can still install unregistered apps if they're distributed via F-Droid or other sources, but to do so, you will need to use ADB and/or go through the new advanced flow. And remember, the new advanced flow is a one-time process - once you go through with it, you can allow your device to install unregistered apps indefinitely!
What stops scammers from simply creating a new hobbyist account for every 20 people they scam?
I don't quite understand how those installs would be tracked. If I create a "hobbyist" account and share the apk, are the devices that install that app all reporting it to Google? To my knowledge, Google only does this through the optional Play Protect system, is that now no longer optional? I'd like to know if my computer is reporting every app I install up to Google.
Because if that "enforcement" is Google then they are still engineering a situation where they hold the keys to the kingdom. They may benevolently let you install what you want, but the sword of damacles will hang over everyone forever, with the darth vader contract in full force ("pray we don't change the deal any further"). If nothing else, it will have a chilling effect. But more than likely, it will attract regulators like moths to a flame to coerce Google into banning their favorite open source apps that they don't like. In other words: it won't solve anything at all, really.
When I side-load open-source apps for other people, I want to do it right in the moment, not activate the feature, and the next time I see them (like half a year later), install the app.
When Google announced there would be an alternative installation method, I did not expect such a mess...
"I did not expect such a mess", I certainly did. Another arm of the push to remove anonymity online.
Orwell couldn't even dream of the invasive monitoring that exists right now.
What's the solution for 3rd world countries where 80% phones are android (and usually old/low spec) that balances freedom for knowledgeable users vs security/safety for the majority of users? you can roughly understand education level and tech literacy for the majority of people in 3rd world countries.
I will die on this hill.
Companies get away from this because they distance themselves from their customers and they have systems to hide feedback.
No, I'm afraid this is tipping the scale of control in Google's favor.
It's time to leave Android.
Call me naive, but despite the feeling in my gut I was holding out for Google's answer. Reading what it is, this is still going way too far. You essentially need to be a developer in order to sideload, which brings Android down to parity with iOS.
No, being able to sideload (on my phones, AND friends and family as-needed) is a fundamental computing right. This is my personal belief. And this move by Google is a step too far.
The search begins...
Now, phone thieves just ask you at knifepoint or gunpoint to log out of iCloud
(I'm being a bit overly cynical there but IMO only the tiniest bit.)
We know from Nigerian email scams that these things can stretch out days, weeks, months, all to get the victim to do the thing.
but it seems govts arent interested or incapable of solving the causes (education, opportunity, destitution, etc etc) and probably also influx of scams from sanctioned countries (again a society/world level problem) that cant participate in the world trade etc...
so they lean on the technology companies to lockdown things more because what else can they do?
And no, I'm not a bot or some pro Google activist, check my github account, I even use GrapheneOS myself.
Let’s be clear here.
https://hn.algolia.com/?dateRange=all&page=0&prefix=true&sor...?
Edit: I've put one up there now - if there's a better article, let us know and we can change it again. I put the submitted URL in the toptext.
Again, can we, please, stop call it side-loading. I'm not sliding in anything "from the side" on the sly, I am simply installing an app of my choice on my damn phone.
Just call it "installing".
- You need to enable developer mode
- You need to click through a few scare dialogs
- You need to wait 24h once
I wonder how long this will last before they lock it down further. There was a lot of pushback this time around and they still ended up increasing the temperature of the metaphorical boiling frog. It still seems like they're pushing towards the Apple model where those who don't want to self-dox and/or pay get a very limited key (what Google currently calls "limited distribution accounts").
This is so overt.
This is exactly what Google intended. This is why they started off by announcing completely removing device owner chosen installs (this is not side loading! It's simply installing.) and announced only apps allowed by Google would be available for install.
They knew it would cause backlash. They anticipated that and planned ahead faking a compromise.
They are trying to boil us like frogs by so slowly raising the temperature so we do not notice. Whenever the water gets so warm that people do notice they cool it down a little. But they will turn up the the heat again!
This 24h window is designed to make device owner controlled installs as unattractive as possible. They try to reduce it as much as they can while having plausible deniability ("You can still install apps not whitelisted by us"). They want to get the concept of people installing software of their own choice onto their own device as far away from the mainstream as possible. They want to marginalize it. They want to slowly and quietly kill off the open Android app ecosystem by reducing the user base.
The next step will be them claiming that barely anyone is installing apps not signed by them anyway. First they make people jump through ridiculous hoops to install non whitelisted apps, then they use the fact that few people jump through these hoops to justify removing the ability altogether.
Google does not care about preventing scams. If they did they would do something against the massive amount of scam ads that they host. Scams are just their "think of the children".
Do not play by their playbook!
Do not give them ground!
We must not accept any restrictions on the software we run on our own devices. The concept of ownership, personal autonomy and choice are being dismantled. Our freedom is the target of a slow, long waging war. This is yet another attack.
We must not compromise with the attacker. We must not give them any centimeter of ground.
And Google thinks they can pull this? I hope regulators make it very clear that this is the wrong direction, and with record fines.
The problem is that you often need a smartphone running either Android or iOS to participate in modern life. Unfortunately when running Android many apps that one might be more or less forced to use do not just require AOSP, but expect the presence of the proprietary Google services malware.
If we want to create an independent mobile OS AOSP might actually be a good start. We're just faced with a world that is actively harmful to people having control over their device and data.
I don't have a Google account on my Androids. But I can't remove play services on them, sadly. As an intermediate protection I just don't sign in to Google play, that gives them at least a bit less identifying information to play with.
I hope this can be done without a Google account.
You will not need a Google account.
Like when Google, Facebook, Apple, Microsoft, et al. cooperated with¹ the unconstitutional and illegal² PRISM program to hand over bulk user data to the NSA without a warrant? That kind of harm to my personal data that I did not intend?
If so, I'd love to hear an explanation of why every Google/Alphabet, Facebook/Meta, and Microsoft application haven't been removed for being malware already.
¹ https://www.theguardian.com/world/2013/jun/06/us-tech-giants...
² https://www.reuters.com/business/media-telecom/us-court-mass...
The 7 days vs forever choice is still crappy and gives me a bit of bad vibes considering they are the ones that pulled the youtube promotions (shorts, games) you can never turn off forever, so there's the concern they will remove the forever option from Android in the future. But as long as they don't end up doing that, it's fine for me.
Also, I do think it would be a good idea to make an exception to the 24-hour wait time if the phone is new enough (e.g. onboarding steps were completed less than one day ago), and/or through some specific bypass method using ADB. Power users who get a new phone want to set it up with all their cool apps and trinkets right away, and it's not good user experience to have to use ADB to install every single sideloaded app. Meanwhile a a regular user getting scammed right after getting a new phone is statistically unlikely.
Its just installing an app.
The truth is that 99.9% of the people don't care. The remaining 0.1% is perfectly capable to use GrapheneOS.
Apple and Google can now credibly claim to governments to have nearly ubiquitous computing platforms that they can guarantee do not run any software that is not approved or antithetical to the goals of authorities. This makes the device safe for storing things like government IDs. OSs and Browsers will be required to present these IDs or at first just attest to them.
Before posting online, renting a server, using an app you will have to idenitfy yourself using your phone or similarly locked down PC (i.e. mac).
The introduction is under the guise as always of protecting the children. In reality they are removing your rights to privacy and free speech.
More people moving to GrapheneOS is the best tool we have against Google's continued and escalating hostility to user freedom and privacy and general anti-competitive conduct. (Of course, you could ditch having a smartphone entirely..., but if you're willing to consider that you don't need me plugging an alternative).
Admittadly I was being lazy and not checking if Line works on it yet, but I'll be finding that out this weekend it seems.
I just remain skeptical that this tactic is successful on modern Android, with all the settings and scare screens you need to go through in order to sideload an app and grant dangerous permissions.
I expect scammers will move to pre-packaged software with a bundled ADB client for Windows/Mac, then the flow is "enable developer options" -> "enable usb debugging" -> "install malware and grant permissions with one click over ADB". People with laptops are more lucrative targets anyway.
The use case they're trying to protect against is malware authors "coaching" users to install their app.
In November, they specifically called out anonymous malware apps with the permission to intercept text messages and phone calls (circumventing two-factor authentication). https://android-developers.googleblog.com/2025/11/android-de...
After today's announced policy goes into effect, it will be easier to coach users to install a Progressive Web App ("Installable Web Apps") than it will be to coach users to sideload a native Android app, even if the Android app has no permissions to do anything more than what an Installable Web App can do: make basic HTTPS requests and store some app-local data. (99% of apps need no more permissions than that!)
I think Google believes it should be easy to install a web app. It should be just as easy to sideload a native app with limited permissions. But it should be very hard/expensive for a malware author to anonymously distribute an app with the permission to intercept texts and calls.
But these developer verification policies don't make any exceptions for permission-light apps, nor do they make it harder to sideload apps which request dangerous permissions, they just identify developers. I also suspect that making developer verification dependent on app manifest permissions opens up a bypass, as the package manager would need to check both on each update instead of just on first install.
And how hard/expensive should it be for the developer of a legitimate F/OSS app to intercept calls/texts?
This should not be required for apps that do HTTPS requests and store app-local data, like 99%+ of all apps, including 99% of F-Droid apps.
But, in my opinion, the benefit of anonymity to you is much smaller than the harm of anonymous malware authors coaching/coercing users to install phone-takeover apps.
(I'm sure you and I won't agree about this; I bet you have a principled stand that you should be able to anonymously distribute malware phone-takeover apps because "I own my device," and so everyone must be vulnerable to being coerced to install malware under that ethical principle. It's a reasonable stance, but I don't share it, and I don't think most people share it.)
But yes they are my devices, and I should be able to do exactly what I want with them. If I'm forced to deal with other developers incredibly shitty decisions around how they treat VoIP numbers, guess who's going to have a stack of phones with cheap plans in the office instead of paying a VoIP provider...
But no, I have no interest in actually distributing software like that further than than the phones sitting in my office.
Getting someone to verify their identity before they have the permission to completely takeover my phone feels pretty reasonable to me. It should be a cheap, one-time process to verify your identity and develop an app with that much power.
I can already hear the reply, "What a slippery slope! First Google will make you verify identity for complete phone takeovers, but soon enough they'll try to verify developer identity for all apps."
But if I'm forced to choose between "any malware author can anonymously intercept texts and calls" or "only identified developers can do that, and maybe someday Google will go too far with it," I'm definitely picking the latter.
That's why I don't think the extra prompts matter much beyond raising attacker cost a bit. Google is patching the visible path while the scam just moves one hop sideways.
I don't believe that it is. I follow this "scene" pretty closely, and that means I read about successful scams all the time. They happen in huge numbers. Yet I have never encountered a reliable report of one that utilized a "sideloaded"[1] malicious app. Not once. Phishing email messages and web sites, sure. This change will not help counter those, though.
I don't even see what you could accomplish with a malicious app that you couldn't otherwise. I would certainly be interested to hear of any real world cases demonstrating the danger.
[1] When I was a kid, this was called "installing."
That's why I'm inclined to believe Google is just using safety as an excuse to further leverage their monopoly.
Meanwhile from the Play Store I have Bitwarden, Firefox, 2 banking apps, a few airline apps, Wireguard and Whatsapp. So I actually have more from F-Droid than the Play Store from what I regularly use.
I sideload no apps. I install most apps from either F-Droid main, or an other repo.
> Why those apps are not in a store?
All of them are in a repository. Just only the state sponsored ID-app is only available via the ad-infected Google RAT delivery service, also known as Google Play.
I switched from iOS to Android about three years ago. I saved all the APKs for everything I installed (or updated). When I got a new phone last fall it was pleasantly like geting a new PC. I imported my SMS and contacts from my last backup, then installed all the apps I use and imported or manually set any settings I wanted to customize.
The biggest pain was having to manually logon the couple of sites I allow to keep persistent cookies since device owners aren't allowed to just import/export cookies from mobile Chrome.
Why'd I put my app into their store if I don't agree with the store owner's policies?
Can I keep this freedom?
There are some true gems such as:
(I'm not sure if you wanted to edit in entries or if this was our cue :D)
Yeah, I know... Stockholm syndrome...
Although I may not have to live with it, as none of my present devices are recent enough to still receive ota updates.
Context: I don't use alternative app stores. I occasionally side-load updates to apps that I've written myself, and very occasionally third party apps from trusted sources.
Now if only Android would allow for stronger sandboxing of apps (i.e. lie to them about any and all system settings).
If so, it's clear that none of these changes are actually to protect users.
"Those who give up freedom for security deserve neither."
Most of the comments here seem to agree that they are. Some people have clearly been so brainwashed that they can't figure it out.
Yeah I think I'm out of here.
The security justification for this measure is not credible.
"Only 0.0004% of the userbase installs after the initial 24 period, greater than x% take 48 hours or more so the 24hr window is now 72hr", and repeat until its all nice and locked down for them.
"Your google play account will now need ID to prevent children accessing adult software" will come along not long after. For the children.
-.-
If you can enable this once, forever, after a 24 hour cooldown period I don't hate this as much as I hated some of the other proposals from Google. It'll just be something you do as part of the setup for a new phone.
Even though I understand the design decisions here, I think we're going about this the wrong way. Sure, users can be pressured into allowing unverified apps and installing malware, and adding a 24-hour delay will probably reduce the number of victims, but ultimately, the real solution here is user education, not technological guardrails.
If I want to completely nuke my phone with malware, Google shouldn't stand in my way. Why not just force me to read some sort of "If someone is rushing you to do this, it is probably an attack" message before letting me adjust this setting?
Anyone who ignores that warning is probably going to still fall for the scam. If anything, scammers will just communicate the new process, and it risks sounding even more legitimate if they have to go through more Google-centric steps.
Assuming the requirements are actually justified, this seems like a tolerable compromise.
I suspect they are hoping users just give up and go to the play store instead. Google touts about "Play Protect" which scans all apps on the device, even those from unknown sources so these measures can barely be justified.
Imagine if Microsoft said you need to wait 24 hours before installing a program not from their store, which is against the entire premise of windows.
Computing, I once believed was based on an open idea that people made software and you could install it freely, yes there are bad actors, but that's why we had antivirus and other protection methods, now we're inch by inch losing those freedoms. iOS wants you to enter your date of birth now.
The future feels very uncertain, but we need to protect the little freedoms we have left, once they're gone, they're gone for good.
The onus of protecting people's wealth should fall on the bank / institution who manages that persons wealth.
Nevertheless, this solution is better than ID verification for devs.
It's nice that Zelle has checks and identity information shown to you when you're sending money, but if I click through 5 screens that say "Yes I know this person" but I actually don't.....no amount of regulation is going to solve that.
I'm not sure what you're getting at with the rant about police power and a state? Google isn't the government either. What would legislation provide that banks can't already do today?
I never said anything about it being Googles responsability, I agree it is not. And the only legislation that might be necessary over what we have is a budget directly to go after criminal fraudsters.
They're not solving that problem. They're using it as an excuse to lock down the platform further and assume more control. Any incidental benefit for user "security" is an unintended consequence of their real agenda.
Also, other commenters have mentioned that adb is unaffected by this which makes it seem like less of a problem, to me at least. Still inconvenient that even if you adb install fdroid you can't install apps directly from it.
Developers can choose to not undergo verification, thereby remaining anonymous. The only change is that their applications will need to be installed via ADB and/or this new advanced flow on certified Android devices.
Either way, you can still distribute your apps wherever you want. If you verify your identity, then there are no changes to the existing installation flow from a user perspective. If you choose not to verify your identity, then the installation will still be possible but only through high-friction methods (ADB, advanced flow). These methods are high-friction so anonymous scammers can't easily coerce their victims into installing malicious software.
Are apps like this more dangerous than browsing to a website? I thought they were entirely sandboxed from the rest of the device?
Depending on your threat model, it might be mostly harmless
"The only change" – with all due respect, are you even listening to yourself? The "only change" is that you, as a developer, will be completely excluded from publishing apps in the Play Store and that people effectively won't be able to install your app anymore! (Unless you were targeting only e.g. F-Droid users to begin with, which very few apps do.)
In essence, you are cutting down on the privacy of tens of thousands of honest developers around the world in the name of protecting users from scammers and you're pretending that 1) it's a nothingburger and 2) developers have a choice.
That means those apps still keep on existing, they are just more of a hassle to install.
> In addition to the advanced flow we’re building free, limited distribution accounts for students and hobbyists. This allows you to share apps with a small group (up to 20 devices) without needing to provide a government-issued ID or pay a registration fee.
i.e. Government-issued ID and fees are needed for more than 20 devices, e,g, every app on F-Droid
The trouble is, the accounts aren't meant to be anonymous. Pseudonymous at best, depending also on the country (a lot of places require government ID before you can assign a phone number, or have a central government querying system for mapping IP addresses and timestamp to the name and address of the subscriber that used it at the time). It's not like they let you create infinite Google accounts without supplying an infinite amount of fresh phone numbers or IP addresses. You also agree to the general Google privacy policy, which allows them to do anything for any purpose last I checked (a few years ago) unless you're a business customer (but then you've got a payment method in use, and they don't accept cash in the mail), such as fingerprinting as part of reCaptcha
Note that the OP is about side loading, i.e. installing apps from non-Play Store sources and thereby circumventing developer verification.
Does it have a Linux kernel? Of course. But this isn't a free operating system.
Man, fuck Google. I hope this bullshit is struck down by government regulation as malicious compliance to 3rd party app stores.
I wonder if GrapheneOS will have the same level of user-hostile bullshit. That may be my salvation board right now.
Sailfish OS would be great, but unfortunately my banks don't seem to play along with it.
This is the same thing since it applies to all apps, not just apps that need special permissions.
From the article I understood this to be a one-time delay, as opposed to having to go through the same waiting process for every single "unlicensed" app I want to install (which I would not accept). I'm just waiting 24 hours once to permanently change my device into a mode where I can install any app I like without any restrictions/delays whatsoever.
Having to wait a day for a one off isn't a big deal, if they kept it looser then you'd be shouting about the amount of scams that propagate on the platform.
Ah, its not much, just an email away ...
oh, not much it's email and a phone call away ...
Just wait 7 days ... no, it's just a month, and only one device par account? What's wrong with it? You are overreacting
Wait! Why you want to unlock your boot loader, only 0.000001% does it. You are abnormal, not the mass user
Fool me once it's on you Fool me twice ... it's on me.
We are already over twice, but none the wiser.
For now, I am rolling with my OnePlus 7 with LineageOS, till I find a phone that's not completely locked down. Yes, it's old, but it gets my job done. Once I am off all of Google's services, I'll probably get rid of Google in most part of my life.
As, someone who is a user from invite only Gmail, it's difficult, but necessary.
Helping the vulnerable should not involve that. If your only idea on how to help the vulnerable involves that, think of better ideas.
And it's not just Google, it's the m.o. of all large corporations. Another example is Epic Games, they advertise how they will fight in court against big companies like Google and Apple to defend their users. Yet they've gotten fined repeatedly for amounts in the millions, for predatory micro-transactions, and misleading minors into spending money without the consent of their parents.
Time and time again it is proven that everything these companies do, it's always for the benefit of their bottom line, and consideration for their users does not even factor into their considerations. This is no different, they want to push it because it will give them more control or make them money, and it either won't protect anyone, or that's just an unintended side effect but a good way to market it.
I'd say this has nothing to do with preventing scams, but to make independent software more difficult to distribute.
It's my phone. It's my software. Period.
The general population is deterred by burying a setting deep. Waiting is a dark pattern and we're not idiots.
As a non American, losing my ability to run software even if google decides that software can't enter their store feels much higher a risk.