alt Hacker News> Restart your phone and reauthenticate: This cuts off any remote access or active phone calls a scammer might be using to watch what you’re doing.
This is smart.
But putting my design hat on here: couldn't this be the whole approach? When enabling the "unverified apps" setting, the phone could terminate all running apps and calls before walking the user through the process.
Why do you even need the rest of the complexity -- if the fear is that non-savvy users are being coached into installing malware,then preventing comms while fiddling with the settings seems pretty OK?
You could even combine this with randomised UI, labels etc. so it's not possible to coach someone in advance about what to press.
Replies
I don't understand how it makes any difference.
A scammer is going to be familiar with the flow and can also just... call again?
"Just follow x, y, z and I will call back to help you"
> But putting my design hat on here: couldn't this be the whole approach?
No, because protecting users is just an excuse. The overreach is the goal.