Meanwhile the Play Store is full of scams. This isn’t about safety, it making sure they get a cut from the scam apps.
Billionaires doing what a billionaire does: feign a reason to kneecap a service, force complaints about its ineffectiveness, then use that as an excuse to dismantle it entirely. I am so tired of this.
I’m not worried about sideloading because I use GrapheneOS, but I’m worried that development for various apps might stop…
The company says it is now developing an “advanced flow that allows experienced users to accept the risks of installing software that isn’t verified.” This installation flow will include safeguards to protect people who are being coerced into installing a dangerous app, or tricked by a scammer, along with “clear warnings to ensure users fully understand the risks involved.”
IIRC we already had to enable a setting and confirm a warning popup. What are they gonna do? Add more popups? A captcha-“puzzle”? Less easy to accept dialogs?
Probably a captcha puzzle, or some other thing that requires you to connect to them and surrender your data for free for their commercial purposes.
Honestly a less easy to accept dialog would go a long way.
Just make it require ADB. Iv had my grandfather fall victim to a crypto scam that got him to install a app on his phone.
As much as we hate it, google is the only one who has any power to prevent abuse of the stupid, elderly and gullible. Someone has too.
There is a line of going to far to protect people that just makes things worse for everyone. But the reality is, our freedom comes at the expense of others freedom.
Finding the balance is hard.
Hot take: We shouldn’t lock down devices by default to a point where they protect even the most vulnerable.
Child safety locks exist for a reason and can also be used for the elderly.
Nah screw needing adb, that absolutely kills free and open source software stores like fdroid, and fdroid have said as much that Google’s then planned signing requirements would lead fdroid to stop.
The only way I’d even be remotely OK with another adb requirement is if
- it’s a requirement to unlock the ability to install unsigned apps, ie it’s not to an install an app but set a flag
- #1 becomes a requirement for Google certification so all manufacturers have to allow it
- It doesn’t cause other types of attestation to fail that we see with unlocked, rooted and third party roms failing certain checks preventing some apps, most commonly banking ones from working
I think whatever is required for third party apps and stores should also be required for play store. No special treatment for their own files.
Eg: “Warning: Are you sure you trust GooglePlayStore.apk? This software might be harmful.”
I reckon that Google would magically get the messaging exactly right with that requirement.
At least with something like shizuku one can effectively adb to your own phone, so even if adb became required to install non-google-approved apps on one’s own phone… It will not block FOSS for long.
In today’s society everything needs to be baby proofed. Protect this protect that. People need to take responsibility for their actions.
Your grandpa got greedy and wanted to invest money to make more money. Now he got scammed and he learned his lesson. Next time guided by prior experience he should/will be more careful. If not he will loose more money until he realises he shouldn’t be clicking and installing everything he sees.
And that applies to everyone. You alone are responsible for your actions, not anybody else
Until he has early dementia and forgets the lessons learned, but of course he’ll forget he invested anything tomorrow and do it again!
I’m all for holding people personally responsible, but sometimes we gotta help each other out. Also blaming the victim for being scammed is not helpful. Scammers do so many underhand tactics its impossible for any us to keep track of it all alone.
I’m okay with more tools to help us protect people. Maybe instead of needing ADB, you have to boot into save mode, and can enable 3rd party sources from there? This way you can still enable it on the phone while preventing a script or app can’t automate enabling it. Oh and because there’s more scam shit on google play than Fdroid, we’ll need google play to be enabled via the same method too.
“side” loading is just normal loading for me. I have one single app from the google app store. (It’s cookie clicker 😂)
Even calling it side loading is an attempt to delegitimise the practice. To make it sound like you’re doing something dodgy by the side.
It’s just installing an app.
Nobody calls installing an app from outside the Microsoft store on their Windows PC “side loading”.
Likewise for Macs regarding their app store, or installing an app from outside your distro’s repository on Linux.
Do you use Fdroid or simply get apks online, like we all used to before these walled gardens?
I use fdroid whenever possible, but I do use Google Play for most everything else. I do have a few apps that I install via APK, but built-in updaters are so uncommon on Android apps that it’s kind of a pain to maintain.
Obtainium can solve that. It will check websites for updates and then download the new apk and install it. I use it more than fdroid now, can get apk straight from the developers github repo usually.
Boiling the frog
They won’t kill side loading (the fact we even call it side loading instead of simply installing software is a problem). They’ll just shoot it in the knees a little. No big deal.
They’ll be able to stop a group of less technically savvy people, who currently are sideloading, from using their phones the way they choose. Apparently that’s good enough for Google.
I bet you less than 1% of users are even aware and of that less than .1% can’t figure out what they need.
They already don’t let you use Google pay if you don’t give them control of your phone. This is just tightening the noose a little bit.
People shouldn’t use google pay in the first place. All of these things being tied together by the same group is a problem in and of itself.
Would use something else if I had the choice
Don’t you have a physical card?
Less convenient and less secure.
We live in a fucking clown country the fact that the same company that makes the phones decides who can use tap to pay.
Its like if visa was the only company that printed plastic cards.
People shouldn’t use google
pay in the first place.
Credit card in your phone case, use your banks’ website, 95+% of people right there.
Most banks don’t allow payment through their apps anymore
This also doesn’t work for shared cards under one person’s name, which is my main use for this
Push 3 degrees harder, relent 2 when there’s resistance.
Meaning, 3 steps ahead for them if there’s no resistance. 1 step ahead if there is.
Wait some time, repeat.
That is more the fault/worry of the financial sector and not G. The fact that they gave up this amount of leeway is shocking. Their risk tolerance is very low and giving G the ability to manage virtual cards and allow payments with them is huge in itself.
Even Privacy, which does part of the same thing/idea, still only works for some cards, doesn’t work at all for credit cards (last time I checked), and has been in the sector for a similar amount of time.
G had to lock down Pay to appease the financial sector’s risk management. Anything else was DOA.
I wonder what an alternate history where Google chose not to become evil would look like.
What if they had looked at Microsoft’s Palladium proposal and thought, as pretty much everyone outside institutional IT departments did that locked devices with remote attestation was a nightmare scenario best forgotten, refused to build it, and made an effort to prevent anyone else from doing so on top of Android? Safetynet didn’t appear until 5-6 years after Android launched to the public. What if it never did? Android already had enough momentum by that point I don’t think the financial sector could refuse to be on it no matter what risk management said.
Well, I kind of know what happened in that scenario… because it did. Until Pay, there was Wallet. The original Wallet, not the current one. Wallet had a physical and virtual prepaid debit card, that you would load up and manage in the app. I used it a few times (new tech woo), and distinctively remember ordering at a McDonald’s, the clerk announced the cost, I held my Nexus 7 to the new nfc pad, they started to say ‘uhh no you have to-’ and then a success beep, and their jaw dropped. They thought it was nuts, I told them in a few years ‘this will be everywhere’.
So before Pay, there was Wallet, and it’s own little sandbox of testing if anyone would use this. A couple years later the Wallet card discontinued, and Pay took its place.
A different Wallet/Pay implementation is a possible outcome, but I’m thinking of a bigger picture where Android phones are more like PCs: no non-unlockable bootloaders, no remote attestation anywhere, barriers to root detection at the OS level, third-party ROMs encouraged.
The early days of Android were like that. I wonder if things had developed along that path, would we have a paradise for power users? A security nightmare for mainstream users? Both? Neither?
Until Pay, there was Wallet. The original Wallet, not the current one.
Classic Google.
I remember wallet only working consistently at McDonald’s.
For most of early wallets existence it did only work McDonald’s lol
So about those linux phones…
Aaaaaaany day now… guys…?
(I have a pinephone and no, it is absolutely nowhere near ready)
My guess is that any good Linux phone experience would need greater funding from some company or foundation…(Valve please?)
That’s kind of a double edged sword though. Android got a foothold because a small scrappy unknown company in silicon valley brought them into the fold…
It’s not if it’s done right, android is problematic because it’s not a community project, it’s just a code dump.
case in point, the linux kernel itself
This framing still sucks. Google is blocking apps THEY don’t approve on YOUR phone.
Agreed. But one climb down means potentially more, as needed. 🤞🏻
Only if the protests continue with full force.
Great, more hoops to jump thr… I mean… an “advanced flow”, for gaining the privilege of installing apps of your choosing
Can anyone verify if this is the “new” update to the process? The article takes 75% of the way to get to this paragraph and isn’t even clear if this is Google’s proposed concession or an existing separate process:
To accommodate educational and noncommercial development, Google will introduce a new limited developer account type aimed at students and hobbyists. These accounts will not undergo full identity verification but will instead allow app installations on a restricted number of registered devices.
If that is the workaround, it sounds like it’s still awful since it requires a Google developer account and really only would work for limited development deployment.
A “concession” to use your phone, and you need to give your address, phone number, and ID. Fuck off.
They must really hate ReVanced.
Oh, I bet. They probably hate GrayJay more though.
GrapheneOS is luckily out of their jurisdiction :)
They’re not killing sideloading, they’re just building the gallows and sharpening the axe.
The outrage doesn’t stop anything, it just makes them slow their plans and wait out the public outrage.
The company has confirmed that it is developing an “advanced flow” to let experienced users install apps from unverified developers
How about don’t change it at all, Google
