This still sounds like garbage TBH. This still reeks of Google trying to both mitigate the impact of the court ruling forcing them to open up app store process and take a swipe at all the...
This still sounds like garbage TBH. This still reeks of Google trying to both mitigate the impact of the court ruling forcing them to open up app store process and take a swipe at all the "unauthorized" apps that let me avoid their barrage of ads.
This partly highlights one of the problems with a broken legislative system, but also is part of a bigger revelation of the weakness in our judicial systems. We already know many of these...
This partly highlights one of the problems with a broken legislative system, but also is part of a bigger revelation of the weakness in our judicial systems.
We already know many of these companies get slaps on the wrist equivalent in fines, a very small cost of doing business; However the other flaw that has been increasingly abused in the judicial system is their rulings are meant to be narrow and tailored to specific actions perhaps to mitigate legislation from the bench, but it ultimately leads to factions with lots of resources to be able to continue tweaking their violative actions and they each get treated as separate.
The Trump administration is doing this a lot, break a law, court says they can't, so they pretend to follow the court but meanwhile knowingly break another law in a similar way and court tells them to stop again, adnauseum. As long as each action is treated independently and they don't directly continue to violate court orders for that one specific action, avoid consequences while continuing to break the law.
This action by Google is flagrantly violating the spirit of the order against them to open up the app store. But they can get away without punishment of violating that order because they can open up the app store in the specific way that was challenged in court, while creating a new way to lock it down so that one has to go through the challenge in court again as a separate action.
Because our legislative branch is so corrupt and broken, there's no legislation specific enough to make challenging it in court an easier time while also broad enough to make sure all varying types of actions don't get treated separately.
Google has still yet to prove that they're capable of keeping scams off their own services, and this announcement is so vague that it may well just be "use adb" in the end. If you can't install...
Google has still yet to prove that they're capable of keeping scams off their own services, and this announcement is so vague that it may well just be "use adb" in the end.
If you can't install what you want, when you want, you don't own the device. If you need one, then it owns you.
Seems to be the standard of slightly lessening the impact of the changes to reintroduce them later and there aren't much details about the advanced flow or the looser requirements account type. In...
Seems to be the standard of slightly lessening the impact of the changes to reintroduce them later and there aren't much details about the advanced flow or the looser requirements account type.
In short a new barrier to installing Google unapproved sw will be added but the ability to decide to install the sw should remain. I guess the impact will depend on the exact flow they will implement.
There will also be an additional account type for low distribution counts with looser requirements.
I’ll still be insanely wary. I just see this as an attempt to try to test the waters, then next time they’ll know how to tackle this to implement what they want while mitigating backlash.
I’ll still be insanely wary.
I just see this as an attempt to try to test the waters, then next time they’ll know how to tackle this to implement what they want while mitigating backlash.
Details are sketchy, but it seems like a reasonable compromise between protecting normal users better and letting people who insist take their own risks.
Details are sketchy, but it seems like a reasonable compromise between protecting normal users better and letting people who insist take their own risks.
They don't by themselves, but they do ask more technically inclined people in their lives to pirate things for them. E.g. my dad: "hey, I hate stupid youtube giving me 1 ad every 2 minutes when I...
They don't by themselves, but they do ask more technically inclined people in their lives to pirate things for them.
E.g. my dad: "hey, I hate stupid youtube giving me 1 ad every 2 minutes when I spend so much time every day watching videos, do you know how to disable it?"
ReVanced is still an option. It requires manually patching and no automatic updates yet so its not for less technical users, but if you're Ok manually running the YouTube APK through their patcher...
ReVanced is still an option. It requires manually patching and no automatic updates yet so its not for less technical users, but if you're Ok manually running the YouTube APK through their patcher a couple times a year it works great.
I installed revanced for my dad because he wanted many youtube features and the standard UI. He honestly hasn't had a problem clicking an update button in the manager(? I think?) when something...
I installed revanced for my dad because he wanted many youtube features and the standard UI. He honestly hasn't had a problem clicking an update button in the manager(? I think?) when something breaks but he definitely wouldn't have figured out how to install the whole thing from scratch to begin with
If you mean the patcher, its at revanced.app. they don't distribute patched YouTube APK though. You'll need to get the matching youtube version from apkmirror and run it through their patcher. Its...
If you mean the patcher, its at revanced.app. they don't distribute patched YouTube APK though. You'll need to get the matching youtube version from apkmirror and run it through their patcher. Its a pretty straightforward process. You just need to open the patcher first to see what version of the YouTube apk it's currently supporting.
Ah, that sounds pretty easy. In your experience, have you found that older versions of YouTube with the patch stop functioning? How often do you update yours and why? Thanks!
Ah, that sounds pretty easy.
In your experience, have you found that older versions of YouTube with the patch stop functioning? How often do you update yours and why?
It has never fully stopped working, but i usually decide to update because small things start breaking. In the past it was long buffering times before a video would start. More recently it was the...
It has never fully stopped working, but i usually decide to update because small things start breaking. In the past it was long buffering times before a video would start. More recently it was the history page failing to load. I think it just depends on how much google is updating the backend, but I usually go 6+ months on a specific version without issue.
Because it is kinda video aggregator, not just Youtube. It is offline (data storage) and able to run on dwsktop and sync between phone and PC. Desktop version is a bit behind with Youtube support...
Because it is kinda video aggregator, not just Youtube. It is offline (data storage) and able to run on dwsktop and sync between phone and PC. Desktop version is a bit behind with Youtube support though (sometimes doean't work for a day or two). It is completely user oriented.
I especially like that Louis Rossmann stands behind it and he is the right guy in my eyes. Also he said a few times that Google can't shut them down as they don't violate the terms of service (as they don't use Youtube API if I understand it right).
They might be convinced to do so by scammers. That’s what this change is allegedly all about. Curious how everyone ignores the problem that Google is trying to solve. “Pig-butchering” is a large,...
They might be convinced to do so by scammers. That’s what this change is allegedly all about.
Curious how everyone ignores the problem that Google is trying to solve. “Pig-butchering” is a large, lucrative industry.
This is my industry. Neither me or any of my colleagues actually believe that the goal here is to reduce malware. When you try to install an app in this way (sideloading) you are already bombarded...
This is my industry. Neither me or any of my colleagues actually believe that the goal here is to reduce malware.
When you try to install an app in this way (sideloading) you are already bombarded with warning messages about this being unsafe and untrusted.
This doesn't help educate users. It doesn't warn them. It takes away their freedom. This doesn't provide users with more abilities to isolate untrusted apps. It simply adds hurdles for installing anything that is not signed by google. (Not that the app store isn't filled to the brim with google-signed malware anyway).
This is a power grab and a quite blatant one at that. The goal here is to get rid of apps like newpipe that reduce googles ability to serve ads.
I appreciate that you generally try to be positive and give people (or organisations) the benefit of the doubt, but you really should not bother here.
(FYI: The above is regarding the original attempt to take away agency. I am not judging the backpaddeling after the outrage since there are no details available yet so it would just be speculation)
[Previous post deleted and replaced; sorry about the confusion.] From the blog: Do you think they invented this scenario? I have no personal experience with how people get scammed in Thailand, but...
[Previous post deleted and replaced; sorry about the confusion.]
From the blog:
For example, a common attack we track in Southeast Asia illustrates this threat clearly. A scammer calls a victim claiming their bank account is compromised and uses fear and urgency to direct them to sideload a "verification app" to secure their funds, often coaching them to ignore standard security warnings. Once installed, this app — actually malware — intercepts the victim's notifications. When the user logs into their real banking app, the malware captures their two-factor authentication codes, giving the scammer everything they need to drain the account.
Do you think they invented this scenario? I have no personal experience with how people get scammed in Thailand, but it seems pretty plausible.
That is a real scenario, albeit very convoluted and with low succes rate due to the preexisting warnings. Their "fix" for this convoluted scenario will result in a slightly more convoluted...
That is a real scenario, albeit very convoluted and with low succes rate due to the preexisting warnings.
Their "fix" for this convoluted scenario will result in a slightly more convoluted scenario with new playbooks telling users to simply download malware from the playstore or install it through adb.
To make a very stupid analogy. This is equivalent to TSA implementing a new policy where they cavity search every passenger that does not travel with luggage to ensure no more drugs will be smuggled in such a manner. The policy will reduce the amount of smuggled drugs a teeny amount while smugglers find a different way to smuggle and quality of life for passengers without luggage deminishes forever.
Yeah, it's a dumb analogy for something that's a trivial inconvenience for any business that has employees. Even if they're paying minimum wage, a $25 registration fee is like less than an hour or...
Yeah, it's a dumb analogy for something that's a trivial inconvenience for any business that has employees. Even if they're paying minimum wage, a $25 registration fee is like less than an hour or two if you include overhead. Android developers get far more than that.
There are people for whom it's a significant amount, but they're covered by the carve-out for hobbyists. Maybe they won't "go viral" without hitting a speed bump, but that's probably for the best.
And if the developer registers, their users aren't affected at all.
Except for the part where google can (and does) dictate what apps are allowed on the app store. This just extends that control to all apps anywhere (not just in the play store) Again: This is...
Except for the part where google can (and does) dictate what apps are allowed on the app store. This just extends that control to all apps anywhere (not just in the play store)
Again: This is about killing apps like newpipe that prevent google from getting ad revenue
I haven't seen any particular evidence that it's about that. It depends how they use it. After all, Google can ban sideloaded apps already if they want to: So why isn't newpipe already banned? It...
I haven't seen any particular evidence that it's about that. It depends how they use it. After all, Google can ban sideloaded apps already if they want to:
Google Play Protect offers protection for apps that are installed from sources outside of Google Play. When a user tries to install an app, Play Protect conducts a real-time check of the app against known harmful or malicious samples that Google Play Protect has cataloged. The app is also checked by on-device machine learning, similarity comparisons and other techniques to confirm if it's suspicious. If the app is identified as malicious or suspicious, we will warn users or block the installation in extreme cases.
So why isn't newpipe already banned? It would be pretty easy.
I don't see developer registration as a red line. It's the next step in a cat-and-mouse game between Google and some persistent attackers that's already well underway, and most people don't notice because they haven't seen any popular apps banned.
The F-droid folks have claimed that they will have to shut down, but I'm confused about why they think that, and I suspect that's more of a political stance than a practical one. Why couldn't they register?
I view it less as the burden for the developer and more as someone inserting themselves into the usage of my device. Yes they already do it but this is the next step that would have real...
I view it less as the burden for the developer and more as someone inserting themselves into the usage of my device.
Yes they already do it but this is the next step that would have real implications of how an Android phone can be used at all. It is also further normalization of some random third party unilaterally dictating how the end user is allowed to use their property.
In the original plan the user would have zero options to install something not Google approved on the phone's original os using only the phone.
It's quite common in Thailand. Most people have their personal information breached from somewhere nobody can identify (my personal hunch is that somewhere along e-commerce chain is breached or...
It's quite common in Thailand. Most people have their personal information breached from somewhere nobody can identify (my personal hunch is that somewhere along e-commerce chain is breached or even intentionally sold to black market actors - likely the last mile courier selling)
The attacker calls you saying they're from a major bank (that you're likely a customer of) or they're a police/postal agency and you're under investigation in a remote location. They often tell part of your information like your full name. If it's e-commerce retailer breach they tell you the item you just bought has an issue, along with the item description. (The e-commerce shop in question got a slap on the wrist fine. It was their employee that sold user data) I got a call like that once and they got me to this point, then I realized I should call back and verify.
Then the attacker adapts to various restrictions with new tricks. You can't disable Play Protect while phone calls are ongoing, so they direct you to add them on LINE (a chat app popular in the country) with account using name and logo of the real agency, then move to VoIP. They may have several people using different persona to threaten you to either transfer the money yourself (eg. your money is under investigation, you'll have to transfer to me or get arrested). If it is scam apps, it may use techniques similar to clickjacking to do that - draw on top of real bank apps acting as other app. For example, the electric company needs to verify you to refund your power meter charge, which the app actually draw on top of the bank's facial recognition page.
By this point most government agency are keen on stopping this (I'm not getting into politics much - some people think the top scammers have top politicians in their pocket), you'll see court ruling that banks are at fault here so that the bank apps start spying on your phone more, the Bank of Thailand regulation start cracking down on online banking with transfer limits (that my friends says if you need to increase its very hard to ask than adjusting your credit card limit - and that is limit to your own cash!) and face recognition (ignoring that they block all the blind people from using online banking now)
Unlike the west, I've never seen anyone here asking for any software freedom - it's your phone and your money but you'll need to follow bank's security policy. At least my major bank doesn't check that ADB is enabled, but every single banks barred two do now (as you'd imagine smaller banks don't have actually good security team that actively protest against checklist based security) so it's not like I have much choice to support banks that align with my policy.
Yeah, that would probably work. But it's a different kind of complexity when side-loaded apps can't ask for permissions that Play Store apps can ask for. People would certainly complain that...
Yeah, that would probably work. But it's a different kind of complexity when side-loaded apps can't ask for permissions that Play Store apps can ask for.
People would certainly complain that side-loaded apps are being nerfed, so it doesn't avoid controversy.
This still sounds like garbage TBH. This still reeks of Google trying to both mitigate the impact of the court ruling forcing them to open up app store process and take a swipe at all the "unauthorized" apps that let me avoid their barrage of ads.
This partly highlights one of the problems with a broken legislative system, but also is part of a bigger revelation of the weakness in our judicial systems.
We already know many of these companies get slaps on the wrist equivalent in fines, a very small cost of doing business; However the other flaw that has been increasingly abused in the judicial system is their rulings are meant to be narrow and tailored to specific actions perhaps to mitigate legislation from the bench, but it ultimately leads to factions with lots of resources to be able to continue tweaking their violative actions and they each get treated as separate.
The Trump administration is doing this a lot, break a law, court says they can't, so they pretend to follow the court but meanwhile knowingly break another law in a similar way and court tells them to stop again, adnauseum. As long as each action is treated independently and they don't directly continue to violate court orders for that one specific action, avoid consequences while continuing to break the law.
This action by Google is flagrantly violating the spirit of the order against them to open up the app store. But they can get away without punishment of violating that order because they can open up the app store in the specific way that was challenged in court, while creating a new way to lock it down so that one has to go through the challenge in court again as a separate action.
Because our legislative branch is so corrupt and broken, there's no legislation specific enough to make challenging it in court an easier time while also broad enough to make sure all varying types of actions don't get treated separately.
Google has still yet to prove that they're capable of keeping scams off their own services, and this announcement is so vague that it may well just be "use adb" in the end.
If you can't install what you want, when you want, you don't own the device. If you need one, then it owns you.
Seems to be the standard of slightly lessening the impact of the changes to reintroduce them later and there aren't much details about the advanced flow or the looser requirements account type.
In short a new barrier to installing Google unapproved sw will be added but the ability to decide to install the sw should remain. I guess the impact will depend on the exact flow they will implement.
There will also be an additional account type for low distribution counts with looser requirements.
I’ll still be insanely wary.
I just see this as an attempt to try to test the waters, then next time they’ll know how to tackle this to implement what they want while mitigating backlash.
Details are sketchy, but it seems like a reasonable compromise between protecting normal users better and letting people who insist take their own risks.
Disagree as "normal users" don't sideload at all and so no extra protections are needed.
They don't by themselves, but they do ask more technically inclined people in their lives to pirate things for them.
E.g. my dad: "hey, I hate stupid youtube giving me 1 ad every 2 minutes when I spend so much time every day watching videos, do you know how to disable it?"
Yes, I do know, actually. Install Grayjay, it is available even in Google Play.
I just checked it out as I've been looking for something since Vanced Tube was killed. Could you tell me why you like GrayJay?
ReVanced is still an option. It requires manually patching and no automatic updates yet so its not for less technical users, but if you're Ok manually running the YouTube APK through their patcher a couple times a year it works great.
I installed revanced for my dad because he wanted many youtube features and the standard UI. He honestly hasn't had a problem clicking an update button in the manager(? I think?) when something breaks but he definitely wouldn't have figured out how to install the whole thing from scratch to begin with
Is there a project webpage where I can grab the apk that you're aware of?
If you mean the patcher, its at revanced.app. they don't distribute patched YouTube APK though. You'll need to get the matching youtube version from apkmirror and run it through their patcher. Its a pretty straightforward process. You just need to open the patcher first to see what version of the YouTube apk it's currently supporting.
Ah, that sounds pretty easy.
In your experience, have you found that older versions of YouTube with the patch stop functioning? How often do you update yours and why?
Thanks!
It has never fully stopped working, but i usually decide to update because small things start breaking. In the past it was long buffering times before a video would start. More recently it was the history page failing to load. I think it just depends on how much google is updating the backend, but I usually go 6+ months on a specific version without issue.
Because it is kinda video aggregator, not just Youtube. It is offline (data storage) and able to run on dwsktop and sync between phone and PC. Desktop version is a bit behind with Youtube support though (sometimes doean't work for a day or two). It is completely user oriented.
I especially like that Louis Rossmann stands behind it and he is the right guy in my eyes. Also he said a few times that Google can't shut them down as they don't violate the terms of service (as they don't use Youtube API if I understand it right).
They might be convinced to do so by scammers. That’s what this change is allegedly all about.
Curious how everyone ignores the problem that Google is trying to solve. “Pig-butchering” is a large, lucrative industry.
This is my industry. Neither me or any of my colleagues actually believe that the goal here is to reduce malware.
When you try to install an app in this way (sideloading) you are already bombarded with warning messages about this being unsafe and untrusted.
This doesn't help educate users. It doesn't warn them. It takes away their freedom. This doesn't provide users with more abilities to isolate untrusted apps. It simply adds hurdles for installing anything that is not signed by google. (Not that the app store isn't filled to the brim with google-signed malware anyway).
This is a power grab and a quite blatant one at that. The goal here is to get rid of apps like newpipe that reduce googles ability to serve ads.
I appreciate that you generally try to be positive and give people (or organisations) the benefit of the doubt, but you really should not bother here.
(FYI: The above is regarding the original attempt to take away agency. I am not judging the backpaddeling after the outrage since there are no details available yet so it would just be speculation)
[Previous post deleted and replaced; sorry about the confusion.]
From the blog:
Do you think they invented this scenario? I have no personal experience with how people get scammed in Thailand, but it seems pretty plausible.
That is a real scenario, albeit very convoluted and with low succes rate due to the preexisting warnings.
Their "fix" for this convoluted scenario will result in a slightly more convoluted scenario with new playbooks telling users to simply download malware from the playstore or install it through adb.
To make a very stupid analogy. This is equivalent to TSA implementing a new policy where they cavity search every passenger that does not travel with luggage to ensure no more drugs will be smuggled in such a manner. The policy will reduce the amount of smuggled drugs a teeny amount while smugglers find a different way to smuggle and quality of life for passengers without luggage deminishes forever.
Yeah, it's a dumb analogy for something that's a trivial inconvenience for any business that has employees. Even if they're paying minimum wage, a $25 registration fee is like less than an hour or two if you include overhead. Android developers get far more than that.
There are people for whom it's a significant amount, but they're covered by the carve-out for hobbyists. Maybe they won't "go viral" without hitting a speed bump, but that's probably for the best.
And if the developer registers, their users aren't affected at all.
Except for the part where google can (and does) dictate what apps are allowed on the app store. This just extends that control to all apps anywhere (not just in the play store)
Again: This is about killing apps like newpipe that prevent google from getting ad revenue
I haven't seen any particular evidence that it's about that. It depends how they use it. After all, Google can ban sideloaded apps already if they want to:
So why isn't newpipe already banned? It would be pretty easy.
I don't see developer registration as a red line. It's the next step in a cat-and-mouse game between Google and some persistent attackers that's already well underway, and most people don't notice because they haven't seen any popular apps banned.
The F-droid folks have claimed that they will have to shut down, but I'm confused about why they think that, and I suspect that's more of a political stance than a practical one. Why couldn't they register?
I view it less as the burden for the developer and more as someone inserting themselves into the usage of my device.
Yes they already do it but this is the next step that would have real implications of how an Android phone can be used at all. It is also further normalization of some random third party unilaterally dictating how the end user is allowed to use their property.
In the original plan the user would have zero options to install something not Google approved on the phone's original os using only the phone.
It's quite common in Thailand. Most people have their personal information breached from somewhere nobody can identify (my personal hunch is that somewhere along e-commerce chain is breached or even intentionally sold to black market actors - likely the last mile courier selling)
The attacker calls you saying they're from a major bank (that you're likely a customer of) or they're a police/postal agency and you're under investigation in a remote location. They often tell part of your information like your full name. If it's e-commerce retailer breach they tell you the item you just bought has an issue, along with the item description. (The e-commerce shop in question got a slap on the wrist fine. It was their employee that sold user data) I got a call like that once and they got me to this point, then I realized I should call back and verify.
Then the attacker adapts to various restrictions with new tricks. You can't disable Play Protect while phone calls are ongoing, so they direct you to add them on LINE (a chat app popular in the country) with account using name and logo of the real agency, then move to VoIP. They may have several people using different persona to threaten you to either transfer the money yourself (eg. your money is under investigation, you'll have to transfer to me or get arrested). If it is scam apps, it may use techniques similar to clickjacking to do that - draw on top of real bank apps acting as other app. For example, the electric company needs to verify you to refund your power meter charge, which the app actually draw on top of the bank's facial recognition page.
By this point most government agency are keen on stopping this (I'm not getting into politics much - some people think the top scammers have top politicians in their pocket), you'll see court ruling that banks are at fault here so that the bank apps start spying on your phone more, the Bank of Thailand regulation start cracking down on online banking with transfer limits (that my friends says if you need to increase its very hard to ask than adjusting your credit card limit - and that is limit to your own cash!) and face recognition (ignoring that they block all the blind people from using online banking now)
Unlike the west, I've never seen anyone here asking for any software freedom - it's your phone and your money but you'll need to follow bank's security policy. At least my major bank doesn't check that ADB is enabled, but every single banks barred two do now (as you'd imagine smaller banks don't have actually good security team that actively protest against checklist based security) so it's not like I have much choice to support banks that align with my policy.
Seems like the solution to that is to disallow apps reading the notifications then, not try to shut down sideloading.
Yeah, that would probably work. But it's a different kind of complexity when side-loaded apps can't ask for permissions that Play Store apps can ask for.
People would certainly complain that side-loaded apps are being nerfed, so it doesn't avoid controversy.
Will wait and see if they've backpedaled enough before I replace my phone.