Making users wait 24 hours doesn’t improve security; it’s an anti-competitive change designed to make the Google Play store seem like less of a hassle in comparison.
I can actually see where it can improve security against scammers trying to scam elderly and non-tech savvy people.
- Scammer tries to get someone to install malware from their site
- Victim isn’t familiar with sideloading, but scammer instructs them
- Victim hits the first time 24 hour block and has to restart and wait
- The restart alone breaks contact with the scammer, scam thwarted
For the rest of us that know our way around Android, it’s just a one time annoyance, after completing all the steps to enable sideloading, you won’t have to wait 24 hours anymore.
It’s going to be effective, but it’s a sad world where you have to create a total nanny state because there exist a subset of users who are INCREDIBLY stupid.
Is it still a subset when it’s the majority?
And to be honest, the level of effort scammers are willing to go through is shocking, and AI’s just making it easier for them.
Anything less than the whole is a subset, yes.
Evidence that any significant percentage of people, never mind the majority, is getting scammed? Then how many of them via app installs?
And to be honest, the level of effort scammers are willing to go through is shocking
Is it? If you live in a country like India, then a single successful scam will be able to pay for years of living expenses
It’s sad, but this is the world we live in. It’s constantly disappointing.
But I do want to push back a bit, the people getting scammed are not incredibly stupid, they’re incredibly vulnerable. They’re often people who are generally less tech savvy, but also they’re people who don’t have a lot to lose, it’s a bit counterintuitive, but it’s easier to scam people who take money very seriously.
I’d believe that if most Pig Butchering scams weren’t using apps from Google Play already.
Fair enough, you have a point. Although, I do think the developer verification thing will make it easier for Google to weed out bad actor developers altogether from the Play Store.
Sure there’s no perfect solution, but at least they’re trying to make it a lot more difficult for the scammers out there, while still leaving power users a path to keep using Android the way we want.
I think it is absolutely delusional to assume any of this actually has anything to do with security or safety of users. Google just wants more power and control over, well, everything they can get.
I think it is absolutely delusional to assume any of this actually has anything to do with security or safety of users. Google just wants more power and control over, well, everything they can get.
I’d believe that if most Pig Butchering scams weren’t using apps from Google Play already.
No we didn’t win. This is Google making it harder to install the programs you want, rather than the programs Google wants you to have.
Can someone please come out with a phone that’s an actual computer and help stop this nonsense?
Phones cost a lot of money at this point and I’m completely sick of them being some locked down, surveillance ridden pile of crap. A reasonably built one would be able to replace a laptop at this point if it weren’t for these artificial constraints imposed by the stupid fucking suits running things.
furilabs flx1s. I’m using one
Battery life is limited by cell modem drivers being closed source and having to be reverse engineered.
I have been looking into an alternate hybrid radio device using Reticulum. Though with that comes a new less convenient user experience for a lot of apps.
https://www.www3.planetcom.co.uk/astro-slide-5g
This sounds up your ally
dude. you can just install a custom rom.
As long as your phone model is supported by any custom mod. I have checked compatibility for almost all smartphones I owned, some 7 or 8 through the years.
Not a single one of them was ever supported by a custom mod.
but you did not check custom rom aupport before you bought tgem, cause did not want freedom and moddability. its on you.
I consider price and technical specifications. I don’t have 200€ to spend on a phone. Most phones I bought were less than 100€ new. What I care about a phone is that it supports two SIM cards.
With such constraints, choice is quite limited unfortunately.
Is it worth having a free device? Indeed. Is it worth spending 4 times the price just for that? Not to me.
We will win when nobody can tell you what you can or can’t put in your own fucking device.
Counterpoint: my software allows you to access your banking needs. I’m financially on the hook if fraud occurs. Fraud occurs because your favorite “slap the monkey” game also installs a keylogger and network monitor. So I don’t allow my software to work if you have that installed.
I think you’re right that companies should not be able to tell you what software you can run, but users also can’t be trusted to keep their devices safe.
A lot of network, banking, and telephony protocols historically rely on trusting that there are no bad actors in the chain. Technology has added more links to the chain increasing the opportunities for bad actors to tap into it.
It’s a situation that needs better fixes. Maybe we just need to hand the current internet over to the bots and start a new one with security and privacy built in from the ground up.
A lot of network, banking, and telephony protocols historically rely on trusting that there are no bad actors in the chain. Technology has added more links to the chain increasing the opportunities for bad actors to tap into it.
Their wish to break the first rule of network security (you can’t trust the client) shouldn’t be everyone else’s problem.
Counterpoint: my software allows you to access your banking needs. I’m financially on the hook if fraud occurs. Fraud occurs because your favorite “slap the monkey” game also installs a keylogger and network monitor. So I don’t allow my software to work if you have that installed.
I think you’re right that companies should not be able to tell you what software you can run, but users also can’t be trusted to keep their devices safe.
A lot of network, banking, and telephony protocols historically rely on trusting that there are no bad actors in the chain. Technology has added more links to the chain increasing the opportunities for bad actors to tap into it.
It’s a situation that needs better fixes. Maybe we just need to hand the current internet over to the bots and start a new one with security and privacy built in from the ground up.
Maybe banks could use a way to authenticate the user a second way, that doesn’t involve a password. If only. (Sidenote: why do banks still insist on sms 2FA?)
You’re liable if someone shares their credentials? Even if they did it accidentally by installing a keylogger, that seems like user error.
Microsoft appeared to walk back Recall until they suddenly brought it back unannounced and doubled down. So I’ll believe it when I see it
Yeah corpos don’t respect consumers or norms of human dignity, they’ll just do what they want more quietly if you complain. The only real solution is to break up monopolies (ideally for the last several decades).
This isn’t a win, this is Google making things shitty for the benefit of no one but themselves.
- enable developer options
- confirm that you are not tricked
- restart phone and re-authenticate
- wait one day
- confirm with biometrics that you know what you are doing
- decide if you only want unrestricted installs for 1 week or forever
- confirm that you accept the risks
- enjoy the few apps that still have developers motivated to develop for a user-base willing to put up with this
- Fuck that, keep an old phone and don’t update it
- When it breaks, buy a Linux phone. Or a dumbphone.
- Only way to win? Don’t play their game
I’m writing an app that I will distribute only through f-droid. The people I would like to share it with are typical, non-technical android users. Before those changes I could just send them a link to f-droid apk and explain it’s just another app store or send a link to the apk directly and probably most of them would be able to install it. Now I would have to tell them to do all those weird things first, things that look suspicious and that they would not understand the purpose of. I don’t think anyone will be wiling to do it. This is not a win. The effect will be exactly the same - serious limits on distributing apps though alternative channels.
I do not consider this a win, and I will continue applying pressure where I can.
Please share how
- The official developer verification feedback form: https://docs.google.com/forms/d/e/1FAIpQLSeN8qv6GRTztqsXy6P8P2_Q93BOIIkT2X7sOQKesQD_LCvnKw/viewform
- Android on X: https://x.com/Android
To call the install of apps of your choice as «sideloading», means that they have won.
I, as the owner of my device, don’t want to wait 24h.
I hope this will popularize the ROM community again. It gradually faded out due to mainstream ROMs having every perk of the custom ROMs but now the custom ROMs can start offering freedom, which no official ROM will offer.
Is there a tap to pay system that works on custom ROMs? I thought those really required SafetyNet/PlayIntegrity/Whatever-it-is-now.
I would rather not give up tap to pay but I will if I have to. It seems like trying to Magisk my way into getting Google Wallet to work would be a PITA.
Pardon my ignorance, but physical cards are tap-to-pay since it exists, no smartphone needed, and as a bonus, you don’t need to think about your battery dying before you need to buy something. It’s a problem of extreme convenience, not something you depend on in any way. An alternative could also be a smartwatch, which you can set up tap-to-pay on, so you can have a custom ROM on your smartphone and pay with your wrist.
I, as the owner of my device, don’t want to wait 24h.
then dont. adb is instant
It is always like this. Make a very anti consumer decision that everyone hates, then tone it down so the half of those people will say “we won”. This is a loss.
Reading the article it looks like they found a decent middle ground. It lays out how the steps help prevent people from getting scammed.
It’s not side loading. It’s installing software on the device you probably paid multiple thousands for that you no longer own.
Multiple thousands!? My phone was like $250
not all people are americans
That’s multiple thousands in some countries
Lol same, I spent $250 on a used pixel 8, threw grapheneos on it the day I got it. Honestly my dream scenario right now is that sailfish let’s me just purchase a sailfish X license for a community port
Congratulations!
Lol same, I spent $250 on a used pixel 8, threw grapheneos on it the day I got it. Honestly my dream scenario right now is that sailfish let’s me just purchase a sailfish X license for a community port
Multiple thousands!? No phone isn’t worth that much. Bloody marketing brainwashing people into accepting exorbitant prices for everything.
Time for another OS. Android is over.
Postmarketos is looking pretty promising right now.
The year of the Linux phone is upon us brethren!
You can’t sideload on Linux…
Almost got me…
The square app will not run on a phone that has developer mode enabled. I turned developer mode on to disable annoying animations, so now I can’t take card payments unless I carry around a second phone.
If Google goes through with this, my payment phone won’t be able to run any third party apps.
