This still sounds like garbage TBH. This still reeks of Google trying to both mitigate the impact of the court ruling forcing them to open up app store process and take a swipe at all the...
This still sounds like garbage TBH. This still reeks of Google trying to both mitigate the impact of the court ruling forcing them to open up app store process and take a swipe at all the "unauthorized" apps that let me avoid their barrage of ads.
This partly highlights one of the problems with a broken legislative system, but also is part of a bigger revelation of the weakness in our judicial systems. We already know many of these...
This partly highlights one of the problems with a broken legislative system, but also is part of a bigger revelation of the weakness in our judicial systems.
We already know many of these companies get slaps on the wrist equivalent in fines, a very small cost of doing business; However the other flaw that has been increasingly abused in the judicial system is their rulings are meant to be narrow and tailored to specific actions perhaps to mitigate legislation from the bench, but it ultimately leads to factions with lots of resources to be able to continue tweaking their violative actions and they each get treated as separate.
The Trump administration is doing this a lot, break a law, court says they can't, so they pretend to follow the court but meanwhile knowingly break another law in a similar way and court tells them to stop again, adnauseum. As long as each action is treated independently and they don't directly continue to violate court orders for that one specific action, avoid consequences while continuing to break the law.
This action by Google is flagrantly violating the spirit of the order against them to open up the app store. But they can get away without punishment of violating that order because they can open up the app store in the specific way that was challenged in court, while creating a new way to lock it down so that one has to go through the challenge in court again as a separate action.
Because our legislative branch is so corrupt and broken, there's no legislation specific enough to make challenging it in court an easier time while also broad enough to make sure all varying types of actions don't get treated separately.
Seems to be the standard of slightly lessening the impact of the changes to reintroduce them later and there aren't much details about the advanced flow or the looser requirements account type. In...
Seems to be the standard of slightly lessening the impact of the changes to reintroduce them later and there aren't much details about the advanced flow or the looser requirements account type.
In short a new barrier to installing Google unapproved sw will be added but the ability to decide to install the sw should remain. I guess the impact will depend on the exact flow they will implement.
There will also be an additional account type for low distribution counts with looser requirements.
Google has still yet to prove that they're capable of keeping scams off their own services, and this announcement is so vague that it may well just be "use adb" in the end. If you can't install...
Google has still yet to prove that they're capable of keeping scams off their own services, and this announcement is so vague that it may well just be "use adb" in the end.
If you can't install what you want, when you want, you don't own the device. If you need one, then it owns you.
Details are sketchy, but it seems like a reasonable compromise between protecting normal users better and letting people who insist take their own risks.
Details are sketchy, but it seems like a reasonable compromise between protecting normal users better and letting people who insist take their own risks.
They don't by themselves, but they do ask more technically inclined people in their lives to pirate things for them. E.g. my dad: "hey, I hate stupid youtube giving me 1 ad every 2 minutes when I...
They don't by themselves, but they do ask more technically inclined people in their lives to pirate things for them.
E.g. my dad: "hey, I hate stupid youtube giving me 1 ad every 2 minutes when I spend so much time every day watching videos, do you know how to disable it?"
They might be convinced to do so by scammers. That’s what this change is allegedly all about. Curious how everyone ignores the problem that Google is trying to solve. “Pig-butchering” is a large,...
They might be convinced to do so by scammers. That’s what this change is allegedly all about.
Curious how everyone ignores the problem that Google is trying to solve. “Pig-butchering” is a large, lucrative industry.
This is my industry. Neither me or any of my colleagues actually believe that the goal here is to reduce malware. When you try to install an app in this way (sideloading) you are already bombarded...
This is my industry. Neither me or any of my colleagues actually believe that the goal here is to reduce malware.
When you try to install an app in this way (sideloading) you are already bombarded with warning messages about this being unsafe and untrusted.
This doesn't help educate users. It doesn't warn them. It takes away their freedom. This doesn't provide users with more abilities to isolate untrusted apps. It simply adds hurdles for installing anything that is not signed by google. (Not that the app store isn't filled to the brim with google-signed malware anyway).
This is a power grab and a quite blatant one at that. The goal here is to get rid of apps like newpipe that reduce googles ability to serve ads.
I appreciate that you generally try to be positive and give people (or organisations) the benefit of the doubt, but you really should not bother here.
(FYI: The above is regarding the original attempt to take away agency. I am not judging the backpaddeling after the outrage since there are no details available yet so it would just be speculation)
[Previous post deleted and replaced; sorry about the confusion.] From the blog: Do you think they invented this scenario? I have no personal experience with how people get scammed in Thailand, but...
[Previous post deleted and replaced; sorry about the confusion.]
From the blog:
For example, a common attack we track in Southeast Asia illustrates this threat clearly. A scammer calls a victim claiming their bank account is compromised and uses fear and urgency to direct them to sideload a "verification app" to secure their funds, often coaching them to ignore standard security warnings. Once installed, this app — actually malware — intercepts the victim's notifications. When the user logs into their real banking app, the malware captures their two-factor authentication codes, giving the scammer everything they need to drain the account.
Do you think they invented this scenario? I have no personal experience with how people get scammed in Thailand, but it seems pretty plausible.
That is a real scenario, albeit very convoluted and with low succes rate due to the preexisting warnings. Their "fix" for this convoluted scenario will result in a slightly more convoluted...
That is a real scenario, albeit very convoluted and with low succes rate due to the preexisting warnings.
Their "fix" for this convoluted scenario will result in a slightly more convoluted scenario with new playbooks telling users to simply download malware from the playstore or install it through adb.
To make a very stupid analogy. This is equivalent to TSA implementing a new policy where they cavity search every passenger that does not travel with luggage to ensure no more drugs will be smuggled in such a manner. The policy will reduce the amount of smuggled drugs a teeny amount while smugglers find a different way to smuggle and quality of life for passengers without luggage deminishes forever.
Yeah, it's a dumb analogy for something that's a trivial inconvenience for any business that has employees. Even if they're paying minimum wage, a $25 registration fee is like less than an hour or...
Yeah, it's a dumb analogy for something that's a trivial inconvenience for any business that has employees. Even if they're paying minimum wage, a $25 registration fee is like less than an hour or two if you include overhead. Android developers get far more than that.
There are people for whom it's a significant amount, but they're covered by the carve-out for hobbyists. Maybe they won't "go viral" without hitting a speed bump, but that's probably for the best.
And if the developer registers, their users aren't affected at all.
Except for the part where google can (and does) dictate what apps are allowed on the app store. This just extends that control to all apps anywhere (not just in the play store) Again: This is...
Except for the part where google can (and does) dictate what apps are allowed on the app store. This just extends that control to all apps anywhere (not just in the play store)
Again: This is about killing apps like newpipe that prevent google from getting ad revenue
I haven't seen any particular evidence that it's about that. It depends how they use it. After all, Google can ban sideloaded apps already if they want to: So why isn't newpipe already banned? It...
I haven't seen any particular evidence that it's about that. It depends how they use it. After all, Google can ban sideloaded apps already if they want to:
Google Play Protect offers protection for apps that are installed from sources outside of Google Play. When a user tries to install an app, Play Protect conducts a real-time check of the app against known harmful or malicious samples that Google Play Protect has cataloged. The app is also checked by on-device machine learning, similarity comparisons and other techniques to confirm if it's suspicious. If the app is identified as malicious or suspicious, we will warn users or block the installation in extreme cases.
So why isn't newpipe already banned? It would be pretty easy.
I don't see developer registration as a red line. It's the next step in a cat-and-mouse game between Google and some persistent attackers that's already well underway, and most people don't notice because they haven't seen any popular apps banned.
The F-droid folks have claimed that they will have to shut down, but I'm confused about why they think that, and I suspect that's more of a political stance than a practical one. Why couldn't they register?
I view it less as the burden for the developer and more as someone inserting themselves into the usage of my device. Yes they already do it but this is the next step that would have real...
I view it less as the burden for the developer and more as someone inserting themselves into the usage of my device.
Yes they already do it but this is the next step that would have real implications of how an Android phone can be used at all. It is also further normalization of some random third party unilaterally dictating how the end user is allowed to use their property.
In the original plan the user would have zero options to install something not Google approved on the phone's original os using only the phone.
Yeah, that would probably work. But it's a different kind of complexity when side-loaded apps can't ask for permissions that Play Store apps can ask for. People would certainly complain that...
Yeah, that would probably work. But it's a different kind of complexity when side-loaded apps can't ask for permissions that Play Store apps can ask for.
People would certainly complain that side-loaded apps are being nerfed, so it doesn't avoid controversy.
This still sounds like garbage TBH. This still reeks of Google trying to both mitigate the impact of the court ruling forcing them to open up app store process and take a swipe at all the "unauthorized" apps that let me avoid their barrage of ads.
This partly highlights one of the problems with a broken legislative system, but also is part of a bigger revelation of the weakness in our judicial systems.
We already know many of these companies get slaps on the wrist equivalent in fines, a very small cost of doing business; However the other flaw that has been increasingly abused in the judicial system is their rulings are meant to be narrow and tailored to specific actions perhaps to mitigate legislation from the bench, but it ultimately leads to factions with lots of resources to be able to continue tweaking their violative actions and they each get treated as separate.
The Trump administration is doing this a lot, break a law, court says they can't, so they pretend to follow the court but meanwhile knowingly break another law in a similar way and court tells them to stop again, adnauseum. As long as each action is treated independently and they don't directly continue to violate court orders for that one specific action, avoid consequences while continuing to break the law.
This action by Google is flagrantly violating the spirit of the order against them to open up the app store. But they can get away without punishment of violating that order because they can open up the app store in the specific way that was challenged in court, while creating a new way to lock it down so that one has to go through the challenge in court again as a separate action.
Because our legislative branch is so corrupt and broken, there's no legislation specific enough to make challenging it in court an easier time while also broad enough to make sure all varying types of actions don't get treated separately.
Seems to be the standard of slightly lessening the impact of the changes to reintroduce them later and there aren't much details about the advanced flow or the looser requirements account type.
In short a new barrier to installing Google unapproved sw will be added but the ability to decide to install the sw should remain. I guess the impact will depend on the exact flow they will implement.
There will also be an additional account type for low distribution counts with looser requirements.
Google has still yet to prove that they're capable of keeping scams off their own services, and this announcement is so vague that it may well just be "use adb" in the end.
If you can't install what you want, when you want, you don't own the device. If you need one, then it owns you.
Details are sketchy, but it seems like a reasonable compromise between protecting normal users better and letting people who insist take their own risks.
Disagree as "normal users" don't sideload at all and so no extra protections are needed.
They don't by themselves, but they do ask more technically inclined people in their lives to pirate things for them.
E.g. my dad: "hey, I hate stupid youtube giving me 1 ad every 2 minutes when I spend so much time every day watching videos, do you know how to disable it?"
They might be convinced to do so by scammers. That’s what this change is allegedly all about.
Curious how everyone ignores the problem that Google is trying to solve. “Pig-butchering” is a large, lucrative industry.
This is my industry. Neither me or any of my colleagues actually believe that the goal here is to reduce malware.
When you try to install an app in this way (sideloading) you are already bombarded with warning messages about this being unsafe and untrusted.
This doesn't help educate users. It doesn't warn them. It takes away their freedom. This doesn't provide users with more abilities to isolate untrusted apps. It simply adds hurdles for installing anything that is not signed by google. (Not that the app store isn't filled to the brim with google-signed malware anyway).
This is a power grab and a quite blatant one at that. The goal here is to get rid of apps like newpipe that reduce googles ability to serve ads.
I appreciate that you generally try to be positive and give people (or organisations) the benefit of the doubt, but you really should not bother here.
(FYI: The above is regarding the original attempt to take away agency. I am not judging the backpaddeling after the outrage since there are no details available yet so it would just be speculation)
[Previous post deleted and replaced; sorry about the confusion.]
From the blog:
Do you think they invented this scenario? I have no personal experience with how people get scammed in Thailand, but it seems pretty plausible.
That is a real scenario, albeit very convoluted and with low succes rate due to the preexisting warnings.
Their "fix" for this convoluted scenario will result in a slightly more convoluted scenario with new playbooks telling users to simply download malware from the playstore or install it through adb.
To make a very stupid analogy. This is equivalent to TSA implementing a new policy where they cavity search every passenger that does not travel with luggage to ensure no more drugs will be smuggled in such a manner. The policy will reduce the amount of smuggled drugs a teeny amount while smugglers find a different way to smuggle and quality of life for passengers without luggage deminishes forever.
Yeah, it's a dumb analogy for something that's a trivial inconvenience for any business that has employees. Even if they're paying minimum wage, a $25 registration fee is like less than an hour or two if you include overhead. Android developers get far more than that.
There are people for whom it's a significant amount, but they're covered by the carve-out for hobbyists. Maybe they won't "go viral" without hitting a speed bump, but that's probably for the best.
And if the developer registers, their users aren't affected at all.
Except for the part where google can (and does) dictate what apps are allowed on the app store. This just extends that control to all apps anywhere (not just in the play store)
Again: This is about killing apps like newpipe that prevent google from getting ad revenue
I haven't seen any particular evidence that it's about that. It depends how they use it. After all, Google can ban sideloaded apps already if they want to:
So why isn't newpipe already banned? It would be pretty easy.
I don't see developer registration as a red line. It's the next step in a cat-and-mouse game between Google and some persistent attackers that's already well underway, and most people don't notice because they haven't seen any popular apps banned.
The F-droid folks have claimed that they will have to shut down, but I'm confused about why they think that, and I suspect that's more of a political stance than a practical one. Why couldn't they register?
I view it less as the burden for the developer and more as someone inserting themselves into the usage of my device.
Yes they already do it but this is the next step that would have real implications of how an Android phone can be used at all. It is also further normalization of some random third party unilaterally dictating how the end user is allowed to use their property.
In the original plan the user would have zero options to install something not Google approved on the phone's original os using only the phone.
Seems like the solution to that is to disallow apps reading the notifications then, not try to shut down sideloading.
Yeah, that would probably work. But it's a different kind of complexity when side-loaded apps can't ask for permissions that Play Store apps can ask for.
People would certainly complain that side-loaded apps are being nerfed, so it doesn't avoid controversy.
Will wait and see if they've backpedaled enough before I replace my phone.