alt Hacker NewsGoogle details new 24-hour process to sideload unverified Android apps
Comments
Selfhosted apps are going to start using PWA's in an even bigger way if this goes ahead.
the best marketing apple has received in a long; death by self sabotage
Random thought, but doesn't disabling developer mode turn off all of the changes in there?
They made a huge mistake with Dalvik and they seem to be doubling down on that mistake.
Any chance there is push from the carriers to implement something like this to cut down on hijacked devices sending spam?
I'd rather not have to go through this ritual, but I appreciate that there is a genuine security problem that google are trying to address. I also suspect that they have other motivations bound-up in this - principally discouraging use of alternative app stores. But basically I could live with this process.
Yeah, I know... Stockholm syndrome...
Although I may not have to live with it, as none of my present devices are recent enough to still receive ota updates.
Context: I don't use alternative app stores. I occasionally side-load updates to apps that I've written myself, and very occasionally third party apps from trusted sources.
I can see that majority of response is negative, being mobile developer myself I can understand.
What's the solution for 3rd world countries where 80% phones are android (and usually old/low spec) that balances freedom for knowledgeable users vs security/safety for the majority of users? you can roughly understand education level and tech literacy for the majority of people in 3rd world countries.
Huzzah! Our most gracious sovereign shall bestow his mercy upon us and allow us to install apps on our phones
Hey, the user doesn't need a Google account, that's good. Still a danger of frog boiling but not as bad as I was expecting.
I hate it of course, but I think for once there is a solution: just go for an alternative AOSP-based OS. Preferably GrapheneOS (soon available on Motorola phones).
The truth is that 99.9% of the people don't care. The remaining 0.1% is perfectly capable to use GrapheneOS.
What versions of Android will this apply to?
This instruction set should be linked in the Urbandictionary definition for Kafkaesque
Switch to GrapheneOS
It fun to see how they know exactly that really no one is trusting them.
A king wanted to test the complacency of his subjects. He put a toll on a bridge. There were some noises but eventually everyone got used to it. He slowly kept increasing the toll, which came with increasing noises which would all eventually subside. He decided to take it a step further. He proclaimed that anyone crossing the bridge will be slapped by one of his guards. This time the protests were stronger and getting bigger. He thought "thank God my populace has woken up". He went outside to meet the leaders of the protesters and asked why are they protesting. The leaders said: "you started taking toll, we said nothing, you kept increasing it, we said nothing. But with this new policy, there's only 2 guards delivering the slaps, leading to huge line ups. So we demand that you employ more guards at the bridge to ensure faster slaps and smooth flow of traffic."
All these vibe coders and we're still stuck with Google and Apple. This is what you get with a duopoly
If you login, log out they don't prompt you with the security warning on Android TV.
That's similar to the process of enabling developer options on Xiaomi phones, for the last 5 years
I'll repeat my question from a while ago. Is the official Temu app, available on the Play Store, still full of questionable malware / spyware code?
If so, it's clear that none of these changes are actually to protect users.
"Sideload", "unverified"!!! Woaa, careful now, we can't guarantee for anything!! Danger, danger!
How much can you twist words and language to engage in fear mongering? The headline could just as well have been "install", and "free choice" and "Google gatekeeps".
I actually was kinda looking for a reason to give up phones. Thanks google.
It's a little inconvenient for someone setting up a new phone to have to wait a full day to install unregistered apps. But while I can't speak for others, it's a price I'm personally willing to pay to make the types of scams they mention much less effective. The perfect is the enemy of the good.
Those working in Google (AOSP) that write these code should be ashamed of themselves. Eventually they are doing a bad thing for the society.
Malicious compliance.
So convoluted... that's all I gotta say.
But you're not balancing anything, just saying that you are
Judging by the comments sideloading plays a major part in everyone's life. What apps do you sideload guys? Why those apps are not in a store?
A big problem that causes gullible people to follow scammers guidance is that real software with legit and important functionality is often utter crap and requires regularly dismissing various big red warning screens like expired or misconfogured ssl certs on the web, etc. People are taught to not take warning screens seriously because they often have to be bypassed for legit reasons.
This is ridiculous, most malware is shipped by google itself through the playstore.
The criticism against this decision seem to often miss the point of it IMHO.
Let's be realistic, there IS a problem with sideloaded apps being downloaded by ignorant people, and they do get scammed/hacked or whatever.
This leads to unhappy people complaining to their banks, politicians and media, these in turn starts lighting a fire under Googles bottom.
So, my point being, how do we solve the ACTUAL problem with rogue apps then?
Newspeak is the trademark of oppressive regimes. Can we please not overexert ourselves in trying to please the global tech companies by pre-emptively changing our language?
Google details new process to install unverified Android apps. The sentence is much more clear using established language. Not "side-load", whatever that means.
Yet more reasons to keep using an old rooted Android for as long as possible and contribute to any efforts that make it easier to do so. I suspect the reason Android become dominant was the ease of modding and the community that created, and now they're trying to turn it into another authoritarian walled-garden like Apple. To paraphrase the famous Torvalds: "Google, fuck you!"
"Those who give up freedom for security deserve neither."
This is eminently reasonable.
Now if only Android would allow for stronger sandboxing of apps (i.e. lie to them about any and all system settings).
I’m often annoyed at the 10 second timeout when installing Firefox extensions - 24 hours is beyond egregious. Telling me to come back tomorrow to install software on a device I own is a giant “fuck you”. Pretty sure I’d rather they banned side loading outright than this
The alleged inability of a company like Google to create an operating system that makes banking apps secure while allowing users to install whatever they like is very implausible. Android apps are already sandboxed and have fine-grained access control, and the operating system controls everything that is painted on the screen.
The security justification for this measure is not credible.
such a bummer man, might as well go back to apple i guess..
Funny how that post doesn't mention that a huge amount of malware is downloaded from Google (from the Chrome Web Store as well as from Google Play).
I get that its pretty clear with the straight sideloading case, but can anyone say for sure what this will look like for an f-droid user? Its hard to keep track but I thought something new here because of EU is that alternative app stores != sideloading? Something where app stores could choose themselves to get "verified," whatever that means, to become a trusted vendor? Or is this completely wrong?
I hate this. GrapheneOS all the way. I'll never purchase devices that force this on users without a simple way to opt out. I'm done with Google. Glad I cut all ties with that entity over the last few years. Just despicable.
Coming soon:
- New toaster requires permission from manufacturer to toast bread from a local bakery.
- Car manufacturer to vet all passengers. Any unidentified and unvetted passengers will disable the vehicle.
- TV manufacturer requires 7 days advance notice of what you want to watch.
If this was truthful about security...
Google could make a mobile website to take an app apk and verify it if its secure and offer to install it back to android users ...
My bias, former Android app developer.
This is using the increase in attacks to do a business monopoly goal instead...
is it 24 hour per app or to enable sideloading at all?
So Google tightens its iron grip for "alternative" app stores.
There is a way out!
They do it for your own good, to defend you from dangerous software.
Dangerous software is software that is not making Google money and that does not give Google control.
"Don't be evil" how far we've fallen.
dear google: fuck off and die. May something worth the resources it consumes grow from your fetid corpse.
This is destroying and devaluing the app ecosystem on all platforms, discouraging companies from treating it as a stable target, right when Apple is gaining dominant market share.
Is it really worth executing payments, maps, geospatial APIs, etc. on one platform if >30% of your customer base can't use it and it changes every 6 months (because that's what they've engineered)? No. Who wants to maintain that?
Then what is the interface people are pushed to? The browser, where Google historically dominates.
Android should be freed from Google. I know, I know, not realistic, not easy to do, but still. With that I mean there should be only open source software at all times, at the least for any base system to use (so, not only Google but ALL of them; this is a different focus than open source alternatives).
I think this topic is not about safety, but about profit and responsibilities.
The reality is that users should take responsibility but are not allowed to, so Google takes over and makes a profit.
You don't need a CS degree to use a phone, but you can be a power user by time....but not anymore, the company needs you to stay fool and pay for "help" (not directly sometime).
This is a marketing tactic, similar to a side-load.
As someone who has been forced at the Australian border to unlock my phone, and seen it taken away, maybe this isn't a bad idea.