alt Hacker NewsI get the feeling that clamping down on useful functionality is often an unfortunate side-effect of closing down paths that are being exploited by criminals to harm users.
What should Google do when a change they are making to protect regular less-technical users breaks functionality needed by more advanced users?
Replies
> What should Google do when a change they are making to protect regular less-technical users breaks functionality needed by more advanced users?
Put it behind an USB ADB only toggle and be more transparent to avoid slippery slope?
Oh yes, a very unfortunate side-effect that companies are implementing with tears in their eyes, tearing their clothes apart.
The problem with the toxic max-security[0] arguments is that it is always possible to invent a more gullible fool. There is no security measure that will perfectly protect a user from getting scammed out of everything, save for scamming them first and then treating their property as your own. That's the Apple argument. The only way you can keep people secure without falling into the same rhetorical trap Apple employs is with bright red lines that you swear not to cross, no matter how many people wind up getting scammed, because at the end of the day, people are adults, and their property is theirs.
Furthermore, we have to acknowledge that scam-fighting is not Google's job. They can assist with law enforcement (assuming they do not violate the rights of their customers while doing so) but they should not be making themselves judge, jury, and executioner in the process.
If you want a more concrete technical recommendation, locking down device management profiles would be a far more effective and less onerous countermeasure than putting a 24-hour waiting period on unknown app installs. Device management exists almost exclusively for the sake of businesses locking down property they're loaning out to employees, but a large subset of scams abuse this functionality. Part of the problem is that installing a device profile is designed to sound non-distressing, because it's "routine", even though you're literally installing spyware. Ideally, for a certain subset of strong management profile capabilities, the phone should wipe itself (and warn you that it's going to wipe itself) if you attempt to install that profile.
> What should Google do when a change they are making to protect regular less-technical users breaks functionality needed by more advanced users?
Have people read and type in a message saying "I'm not on the phone with a potential scammer who is trying to get me to install a package that may be dangerous", trust people to actually read what they're typing, and if they can't read and comprehend that, stop getting in the way of them shooting themselves in the foot.