63
votes
Android to debut "advanced flow" for sideloading unverified applications
Link information
This data is scraped automatically and may be incorrect.
- Title
- Android developer verification: Balancing openness and choice with safety
- Word count
- 580 words
The only thing I don't like is that they make you wait a full day. I understand the why, but it's really going to frustrate people who buy a new phone and immediately want to side load apps onto it. They'll have to wait a full day? That seems bizarre.
It's almost like they don't want you to sideload apps.
They very much don't. What I don't understand though, is why they still let you do it.
I'm not complaining. It would really piss me off and drive me to seek a more open alternative.
It does seem directly antithetical to Google's bottom line though. It enables alternative app stores, apps like smart tube that directly cut off some of Google's most lucrative revenue streams (YouTube ads), enables piracy apps that I'm sure their partners are not too happy about, and all kinds of other useful tools that negatively impact Google's revenue.
The question for me isn't "why are they trying to make this harder". It's "why do they allow it at all?".
It may be Google's engineer driven culture, it may be Google trying to preserve good will, it may be because of legacy use cases for Android that would blow a lot of stuff up, but none of this reasons satisfactorily explain it for me.
That kinda makes me worried for the future of side loading.
It's probably just another step on the ladder to eventually removing the option.
I assume it’s to avoid regulation. So few people do it, but Google can point to it as a way of “allowing competition”. So why not?
Because they would get sued by the EU for monopolistic practices, but I think they should be sued for this as well.
That's the EU, and is only very recent. Android has always allowed side loading though. iOS only started allowing it a couple years ago, and only when they were mandated to in the EU.
Apple still doesn't allow you to side load anywhere else.
Other markets seem very unlikely to require them to enable it, so Google doesn't really have a regulatory concern there.
Yes, they are going through a fair bit of trouble to preserve side-loading, which I think suggests that there are some people at Google in favor of keeping it.
It's not called sideloading. It's called installing and we've had it for decades. This is just another chapter in the war against general purpose computing.
In this case, they simply don't want you to be able to install newpipe on your friend's devices. Same as they kneecapped uBlock in Chrome.
Good point. When and why people started calling installing software "sideloading"? Language matters, the more strange and unfamiliar words we use to describe a thing, the more strange and unfamiliar it becomes in people's minds.
From what I can find, it sounds like it originally referred to transferring a file between two devices (contrast "download" from a server). My guess would be it made its way to Android by people installing APKs from their computer over ADB and then over time became broader to mean any direct APK install, but I can't find much proof either way so this is entirely speculation.
Maybe that's part of it, but let's not pretend that there isn't also a very real security concern here.
Modern phone OSes are very secure compared to even modern desktop OSes, and especially desktop OSes from 20+ years ago when downloading software from random websites and trusting they were what they said it was was the every day norm for most people.
The issue is that everyone in the developed world has a computer in their pocket they use every day now, and trust for extremely sensitive tasks like banking, medical care, mental healthcare, cryptocurrency and so on. The financial motivation to compromise those computers has gone through the roof, and the average technical skillset of those computers users has gone into the toilet.
As a result, way more phones get compromised than computers ever did a couple of decades ago. There are way, way way more of them for starters, and the financial motivation exists today in a way that it didn't 20 years ago.
Because of that, the only meaningful way to enhance security on smartphones is by protecting users from themselves.
So probably a little from column a a little from column b.
Sigh. If people are idiots, how hard is it to just pay couple bucks to them to register as software developers for your malware?
And most successful scams don't rely on apps. They just purchase info on people and start calling once they turn 65. Which will get ever more dangerous as it becomes trivial to deepfake grandkids.
The only real protection is having more people in the loop for important stuff. Daughter calls they've had an accident and need tow, please instant transfer to this account. So they do, it's above limit, kids get pinged and call in to check what the grandma is doing.
And above all else, get rid of the "legitimate" spyware that enables this.
OK, how about malware that e.g. mass mails / mass messages your contacts? Where are decent mechanisms to retract messages? Where is account recovery anchored in reality? Why are we not seeing e.g. collaboration between data protection agencies, public notaries and online platforms to work out opt-in schemes to make accounts recoverable?
I am not buying this bitcoin-style idea that e.g. money transfers are irreversible. That property transfers are irreversible. Make it a huge red blinking warning that you are sending money to somewhere your legal system cannot reach.
And work towards making mistakes those silly people make rectifiable. Easy to claim being misled. Swiftly investigated and resolved. Insured.
Well, most scams may not rely on apps, but some do. There are a massive amount of malicious apks containing infostealers, crypto miners, adware, and all other kinds of nasty stuff you don't want on your phone.
They rely on people being socially engineered into disabling security controls because they don't know better.
Well in my experience the apps that went on to send my data to brokers were completely legit weather apps comissioned by a public agency. That went on to stop paying to maintain them and made a worse new app. The original app authors, a registered, mostly reputable company, just sold the user base with position tracking to said brokers for extra cash.
Well, those are sort of two separate issues, aren't they? Protection of your data that you willingly hand over to an app developer on the app store is mostly out of Google's control. They've done a decent job making apps ask for more granular permissions, but if an app asks, you allow permissions or fill out personal info, there's not much they can do at that point besides basic due diligence that the app isn't asking for extremely broad permissions. The way to address that is to pass data protection regulations. Those regulations are meaningless for attackers that operate outside of the boundaries of the law though.
I'll also say that both situations are bad, but there's a pretty big difference between a company selling your demographic data to an advertiser who uses it to enhance your ad profile for more targeted ads, versus an attacker putting an infostealer on your phone and taking your social security number to open credit cards in your name, your credit card numbers to make fraudulent charges, your crypto private keys and bank login information to directly steal your money, and compromising personal information to run extortion schemes on you.
Solving the latter doesn't preclude solving the former either. So it doesn't really make sense to say that Google should do nothing about malicious software because we haven't passed comprehensive data protection laws. The two threats have different solutions and need to be addressed differently.
There is a lot to unpack, so.
Not just demography. A frickin unique identifier that can be linked with other cooperating apps and a real time location.
These brokers have been repeatedly hacked. They do not take care to protect the data and generally eventually sell the data to scammers who DO target you.
How? Because apps are sandboxed on phones. If they escape the sandbox, it's an issue with the sandboxing and should be rectified promptly.
EU specifically asks vendors now to ensure security updates or they are fined and kicked off the market.
So unless the user goes out of their way to install an app that obviously poses as another, I fail to see how this vector is unmitigated.
And again, getting a vulnerable person to pose as your "developer" is trivial so developer identity checks are a theater designed to prevent alternative distribution channels and secure Google's dominant position. Not effective countermeasure.
Lots of ways. Accessibility services allowing screen scraping, file system access allowing apps to grab local files, OS vulnerabilities allowing sandbox escapes, keyboard access allowing input recording and so on.
Side loading right now already requires disabling a security control that people are coached through. Having a check to confirm you're not being coached, requiring a device restart to force a hard reauthorization, and then forcing a wait period are all valid speed bumps that make the process more difficult to circumvent.
Will it stop all malicious sideloaded apps? Obviously no, but no security measure will, aside from the Apple style nuclear option of just completely disallowing third party application installs. They are fairly effective security measures against the specific thing they're trying to stop though.
Was this written by a chatbot?
Er... No. I don't use chatbots to make comments on the internet
I (and I think 90% of people in this thread) are aware of that. But it’s a common term used to describe the specific act of installing an app from the non-primary App Store of an Android phone.
Being pedantic doesn’t help solve the problem.
Well on my phone the primary way I install apps is from f-droid. So what you call side-loading is my front-loading.
It's a kinda big deal if companies engage in newspeak to mislead people and succeed. The point is that it's the user who should be able to use their device in any way they like. We should be empowering users, not manufacturers.
So repeat after me:
We don't need Google deterring elderly from installing applications. We need Google to make it trivial to allow care giving family members to gently insert themselves between elderly and their bank accounts. And in some (more civilized) places with such institutions, public guardians, if there are no family members able to do it.
We actually do need to drive the scammers who take people’s life savings out of business. The elderly are often victims. It’s more important than your “freedom” from a bit of inconvenience.
It’s a good sign that Google is taking the victims’ side when designing their systems.
At the same time not giving a shit about such app as Facebook on their Google Play Store, proxykilling societes in Asia and Africa, e.g. Myanmar. For me this move is just greenwashing, pretending they want to do anything good for the vulnerable, while allowing much more of vulnerable people suffer because of their greed. It's overkill in my opinion, it's definitely not aimed to help elder, it's only $$$ talking here, to get the noncorporate apps hell out of their ecosystem, to be able to do business in dictatorships by playing by their rules.
It doesn’t actually block that, but it might take a day.
Once they have the ability to block not just apps they directly ship via their store, they will block all apps that "facilitate use of online services contrary to their terms (aka abuse)" and say bye to newpipe.
They could do that already if they wanted to using the built-in malware protection:
The new system is a countermeasure against malware that’s actively evading that protection, but the cat-and-mouse game is already happening.
I understand the smokescreen of why. I know the real reason is to add friction to alternativre app stores. Which I thought was a case they already lost.
This doesn't meaningfully affect most alternative app stores like Samsung or Epic as long as they and their developers get a signing key from Google which is a one-time $25 fee per developer. This only affects unsigned [EDIT: or self-signed] apps.
Which of course is a problem for the only alternative app store that matters to me, F-Droid, but you know. It has no bearing on Epic v Google.
I don't see how you could possibly know that? There's nobody reporting on who inside Google is advocating for what. There's no way to know, that I can see. All we can do is speculate.
I hope my speculation can be proven right or wrong in future litigation. I don't think this will be the last we hear of this. But tech outside of Apple has a horrible track record with using "security and privacy" as a justification for changing user facing features.
Apple also does that for installing profiles. If you aren't at your usual location (eg. Home) you'll need to wait 4 hours.
The attacks they're trying to prevent are real and prevalent in Thailand. Either it will be a malicious phishing link sent via SMS (eg. There's something wrong with your account, tax refund, etc.) or a phone call from authority that tells you to contact the authority using a specific app which of course is a fake app.
Personally, I wish it's like Nintendo DS custom firmware. Open the battery tray, there's an electrical contact in one of the screw hole with warranty sticker. While flashing CFW you need to keep the contact bridged with a flathead screwdriver. I heard ChromeOS machines also require unscrewing something inside the machine. No need to wait for arbitrary time yet nobody will accidentally do it
Meh. How many apps does (basically any) user really sideload and how often is that a critical application that you can't wait 24 hours for?
I'm using GrapheneOS now and even if they make me wait 24 hours to install graphene on my next device I'll just deal with it.
Also of note, after you do all the steps it gives you the option to never have to do it again so seems pretty tame to me.
It’s not that apps are critical, it’s that you’re in the setup mode in your brain, downloading all your stuff and then you get told you have to wait to finish installing the last few apps. I’m not saying it’s a bad trade off, just that It’s annoying.
How the advanced flow works for users
This all seems reasonable.
I disagree, the one day wait period is especially egregious.
Would you feel the same way if you bought a new Windows PC and had to go through all these inane hoops if you wanted to install something from somewhere other than the Microsoft Store?
(Not same person, answering for myself.) Difference with Windows to me is that there almost all software is distributed exclusively or near-exclusively outside the Microsoft Store, so in practice almost every single user who ever installs anything would need to turn it off. This would make it completely useless as a protection, so the inconvenience is a bigger factor.
If the ecosystem were such that the vast majority of programs were downloaded via one of a few stores and the number of people running direct-download installers/programs was small, as is the case on Android, then yes I would be fine with them adding a toggle to allow running unsigned EXEs and making you wait a bit to turn it on.
(If this was required for every individual install rather than being a one-time thing I would feel differently, and same if the app could only be registered if it was uploaded to Google Play rather than having the separate dashboard + third-party store support, or if it cost $100 every year like Apple's notarization crap.)
It's frustrating that it's a technological solution to a legal problem.
This is a reasonable enough middle ground to try and combat fraud while also allowing people to install whatever programs they want on devices they own. Still not a fan of 'sideloading' as the framing but that battle was lost at least a decade ago. So, fine.
But in large part it's a band-aid in order for Google / telecom companies to "do something" so there won't be any actual legal pressure to fix the problem. (Basically?) Every western country has an aging population, scams are going to become more of a problem, not less of one. There needs to be a legal framework to meaningfully punish the companies enabling the scams.
Gen Z has overtaken the 60+ crowd for being the most likely demographic to lose money to fraud. https://www.ftc.gov/news-events/data-visualizations/data-spotlight/2022/12/who-experiences-scams-story-all-ages
The types are just different. Instead of financial transfers of cash, it's falling for fraudulent shopping, scams targeting people seeking employment, or investment fraud (cough shitcoins and WallStreetBets).
I know someone who's looking for a job and the number of times they've gotten excited at an offer/interview only to come back and say "oh, it was fake" after looking into the company more... Shit's rough out there.
I'm not sure how it's a legal problem.
All of this activity is already illegal. I guess you could frame it as an enforcement problem, but that seems extremely difficult to solve. Most of the countries that launch these attacks are not willing to work with US or EU law enforcement.
They're place like North Korea, Russia, and Iran, where there's not even a slight chance that their government would cooperate with an investigation or extradite their citizens for cyber crime, if you can even determine who they are. It takes an absolutely massive investigative apperatus to even get that far, and once you do, there's not much you can do to deter or punish the people doing it.
If you're talking about pressuring companies whose platforms are being used for scams... isn't that what this is?
I think Google is doing this at least in part because of anticipated legal pressure. They're one of the companies you've identified as enabling these scams, and this is a solution they're putting in place to help solve it.
Not sure what legal frameworks (in which countries?) you have in mind that are going to help against North Korea or organized crime running pig butchering schemes in Myanmar. How would it help victims?
Technical fixes seem more direct.
Yes.
I wouldn't like it, and I'd feel a sense that I should be personally exempted because I'm savvy, but in terms of designing responsible technology, I think the reality is that phones are used broadly by people who don't (and will never) understand how they work. Like my 80 year old mom, who grew up without a computer and calls herself a Luddite, with a little pride, but is on her phone all the time. I do believe that they need protection, even at the cost of convenience for me. AI exacerbates the need, because it could absolutely impersonate me to my mom and get her to do something stupid under the guise of urgency.
Having said that, I've spent no time thinking about the problem, so I ain't necessarily think that what they've done is the only or best way. But I'm impressed by the cleverness - it is simple to implement and communicate, and neuters an entire class of scams that generally work on low-tech people.
There are probably other ways to do it that I'd also find reasonable, maybe moreso.
This doesn't seem reasonable at all to me. This doesn't provide any sort of improved security, all it does it further discourage people from daring to use software that doesn't flow through Google's walled garden.
It does provide improved security.
Phone OSes on a technical basis are already extremely secure. The amount of phones compromised by zero days and unpatched vulnerabilities on fully updated phones is so miniscule that they're barely worth considering.
The number one way by a gargantuan margin that phones get compromised are by socially engineering users to disable built in security protections. That's because by and large, smartphone users are not technically savvy. The only way to meaningfully improve security on smart phones then, is to protect users from their own technical ignorance.
I suppose that is one point of view. If I replaced the door handle to a cool room in my home with some sort of Byzantine puzzle that took hours to solve it would technically be more secure. It would also be a shitty way to go about solving door security and would clearly just be a means to keep people in my family away from the room with the cool stuff in it that they should be entitled to use.
Well, those are two completely different threat landscapes. If most of your family rarely needed to use that room, and it was also extremely common for random people to show up and successfully trick them into giving them the key to the room every day, and someone gaining access to that room who shouldn't have be there would result in your life savings being stolen, it might make sense to put some speed bumps in place for the rare case that someone needs to get in there.
I'm curious what makes you define Google as a "walled garden"? I've seen far more interoperability of their services on other devices than I do for their competition (Apple). RCS, being able to make calls, texts, and video calls from any device, Quick Share having having a Windows binary as well as the recent reverse-engineering work to make it compatible with AirDrop, to name a couple.
RCS is a pretty bad example given that it’s a protocol that nobody is allowed to implement without paying Google for it. If you think about it google’s “open garden” is basically them insisting on control over the foundations - even the web itself is this way.
Sure, but RCS wasn't designed to be that way, that's the fault of mobile carriers dragging their feet. A previous discussion on the topic here.
I think that’s an extremely charitable way to characterize Google’s takeover of the standard.
The problem with RCS before google eas that it was a really shitty standard. There were more pages on the user interface than there were in how to actually implement it on a protocol level, so most RCS implementations were incompatible. Google solved this by forcing themselves in to be the de facto standard.
Eh, the spec has been around since 2008? With the "Universal profile" spec being released in 2016 I think? That's a lot of time for carriers to get things moving. If not for Google forcing themselves to be the defacto standard, we'd still have no high quality messaging/RCS widely available. Again, I'd be happy to see carriers take responsibility like they should. But in the mean time, sending my wife HD videos of our kids is nice too.
Like I said, the spec wasn’t detailed enough for interoperability. You could have easily sent HD videos without RCS by opting in to google’s services but now your data goes through them regardless of your opinion on it.
Could you expand on this? Other than MMS, I wasn't aware of any other way to send HD videos to other devices via carrier messaging.
I’m referring to the endless swarm of messaging apps before Google decided to conquer RCS.
Ah, so third party solutions. But then how is that any different than Google's "third party solution"? They may be the backbone of RCS in 2026, but they still don't "own RCS", the GSMA does. In fact, looking at the spec, it continues to just be an open standard that any carrier can provide. If a carrier wants to get their act together, nowhere in the spec does it say that they need to use Google/Jibe to offer RCS.
If carriers won't get the ball rolling on providing RCS to their subscribers, what solution do you think could be put in place, in lieu of Google doing it? Or should Android users be forced to just live with SMS/MMS, and use third party solutions for high quality messaging? If so, who is the third party solution you trust?
I don't mean to come across as hostile, I'm just not quite understanding what your proposed solution is here, if any.
To be clear, I didn't define Google itself as walled garden, I was talking about their Android ecosystem. Apple's ecosystem is also a walled garden, and a far more restrictive one, but that doesn't preclude the other. I've been an Android used since the launch of the G1 with Cupcake. Early on, meaning the first few years of Android, I'd have called Android an open system. Google has made the system more and more restrictive to both users and OEMs (and been in court repeatedly because of it). I believe that it has been a walled garden for quite a while, but the walls were "short" if you will forgive the analogy. Google has spent the last decade trying to claw back the freedom that made Android such an appealing platform because they've seen how ludicrously successful and profitable Apple's approach is.
I'm not sure why you are talking about RCS, or making calls, texts, or video calls from any device as those having little to do with Google and you can do all of those things even on Apple devices . RCS is an open standard, though ironically, pretty much everyone uses Google proprietary extensions and thus servers for it, which makes it not all that open in my mind.
But you used the words: through Google's walled garden
But substituting the word "Google" for "Android":
RCS is an open standard that Google/Android pushed. Apple had no interest in any kind of open standard for messaging prior to the big push Google/Android put in to have it rolled out. I agree, that it's unfortunate that carriers have dragged their feet on infrastructure to the point that use of RCS has been funneled through Google rather than carriers. But still, the interoperability for me to send my wife's iPhone a short video of our kids and have it not compressed to 2 MB gets no credit from Apple.
If you own an iPhone, you can make calls, texts, or video calls from your iOS devices, and your Apple devices.
If you own an Android, you can make calls, text, or video calls from your other Android devices, iOS devices, Windows devices, Linux devices, or any devices with a modern browser.
There's a fair amount that Google/Android can do better, and probably a fair amount that Apple does better. But I don't think it's a stretch to argue that when it comes to interoperability, I don't think of Android as (that much) of a walled garden.
Yes, because Google owns Android. I thought this was clear. I also referred to Apple's walled garden because they own iOS. I didn't think that I needed to be so explicit and explain things, but here we are.
Am I wrong in thinking that you can use Discord, Teams, or a multitude of other apps/services on iOS?
My exact point. It (Google's Android ecosystem) is a walled garden, but less so than Apple's iOS ecosystem. And Google has been consistently tightening their grip, as the topic of this thread clearly shows. The garden is getting worse, not better.
At this point, I wish it was viable to go back to having no mobile phone at all as I fear that anyone that replaces the current duopoly would eventually end up in the same situation.
Sure, you can use those services on iOS and Android devices. But I'm describing use core Android services (Calls/Video calls/SMS/MMS/RCS) from any device with a modern browser. Something much more "open" than the walled garden that is iOS.
There are elements of your points I agree with, and disagree with. Particularly in the context of device security to the technologically illiterate. But ultimately I hope that the topic of the thread doesn't devolve into something that becomes anything more than "a gentle annoyance" to power users who know what they're doing.
We'll leave it at that, but I suspect/hope that many of the Android power users are already on the fringes and significantly less affected by from Google's direct antagonism on this front due to using various alternative ROMs.
Alphabet is trying very hard to assure us that this is not a big deal. Ultimately, I hope they are unsuccessful in that endeavor. At first glance, their pull back to this ground actually feels like a sane move. But when I spend time with it, I realize that this was probably the intention from the start. The plan was probably to make a move that was clearly too far so when they pull back there isn't outrage over what Alphabet actually cares about: government issued ID requirements for developers.
That's the problem I really have with their proposal. Developers having a government issued ID does absolutely nothing to build trust for me as a user. This move seems to serve corporations and governments in their move to increase surveillance, control, and wealth extraction of the digital realm.
I'm now extremely weary of Alphabet ever shipping a Fuschia OS based device. I hope this boosts interest and development in GrapheneOS, strengthens their partnership with Motorola and boosts development interest in true Linux based phones. I don't want to support this, and I hope there's a true alternative available to me when the time comes.
Devil's advocate: It means that if someone sends out a malware-riddled app outside established storefronts and their dev account gets shut down, it's much harder for them to just spin a new one back up, and if they were sloppy might even directly tell you who they are so you can shut them down entirely.
That said, I am worried given the broader trends you mention. As long as an opt-out process like this exists and isn't unreasonably onerous I can tentatively accept it (imo the steps listed here are justified for protecting the average user even if a bit annoying for users like me), but definitely side-eyeing it and worried for the future.
They aren't, IMO. Adding a day of delay is way more friction that needing to toggle a few settings. And that was already lost in court. This whole goal is to shut down alternative app store competition (and ofc gather data. But that's alwasys Google's MO).
We're already down the slipperly slope here. So I'm not giving any
I have no idea what the legal policies are, I'm talking about my own judgement. Toggles with clear explanations and a delay to interrupt any in-progress scam attempts make sense to me, even if it'll be mildly annoying for the first day with a new phone next time I need to get one.
F-Droid will probably require opting in to use it since they build from source themselves, but for "professional" stores like Epic or Samsung where devs upload the APK(s) themselves, wouldn't most apps probably have verification info set up already (or be by devs who can do the verification easily)? I don't doubt that Google intends on malicious compliance with the rulings, but I'm not sure this deeply impacts most app stores, and for the last couple this new announcement carves out a space for them to remain. Perhaps I'm not thinking through the implications enough, though.
If there were actual review of apps, then enforcement of this might be a positive. But we've seen for years now that Google is happy to collect fees while these developers flood their various marketplaces with malicious code. They don't even take down most browser extensions that are unambiguously stealing URL history, cookies, and session tokens. So after witnessing failure after failure, why should anyone trust that this new restriction would be better for customers?
Oh for sure they need to clean their own shit up too, just responding to the "does absolutely nothing" point with a thing it can do. Whether they will execute that properly remains to be seen (and as I said in my comment, the broader anti-privacy trends going on make me worried about this).
I'll be the one to state the obvious: The motivation for this is not security or protecting people from scammers, the motivation is increased friction for apps outside their ecosystem. They don't want to fight the EU, and they don't have to, because they build software and run the world's largest ad platform. They have the metrics to know that a little extra friction causes adoption to go off a cliff.
I sure hope the EU sees through this and shuts them down. They are already playing Cat and Mouse with Apple, so it's strange that Google decided to join in the rat race.
I'm cautiously thinking this is a good thing. I don't normally do this, but I'll make an argument based on ablism.
Android devices are primarily for mainstream users, not us techies. Technically adept users are the minority and we can deal with a few hoops to customize our phones the way we like. Or we can buy non-mainstream devices.
If a society should be judged by how it treats its least able members. It seems selfish to advocate against better protections for all the naive people out there who will get ripped off by scam artists, just for our own convenience?
I wouldn't necessarily have a problem with that if it wasn't also such a self-serving maneuver. Apple, Google etc. I'm so sick and tired of their endless excuses about security because it's gotten to a point where security excuses advantage themselves over everyone else. So while you gain security for the masses, you lose so much more because you enable giant vertically integrated companies to advantage themselves further, to further entrench their position and further make everyone more dependent on them.
I don't think you can easily separate the gains in security with the losses in healthy competition both now and potential futures where such compromises didn't exist or were handled differently.
It's true that it does more than one thing. I'm not sure there's any way around it? The ability to install apps written by complete strangers is both a security risk and a way of enabling competition.
But for any serious competitior, paying $25 for an id check doesn't seem like all that big a hurdle? It seems like a rather minor speedbump.
Also, I'll point out that this isn't needed for websites, which are easier to build and very capable. Writing Android apps is a real slog.
Sure, Epic has the money, but a lot of the objections come from places that aren't serious competitors. I'll mention two here.
F-droid is an alternative app store, and every single app is free as in both beer and speech. Google's rules would require every single one of these developers to provide government ID. For most F-droid developers this is a barrier in one way or another, be it monetary, bureaucratic, or ideological. For some, particularly the ones building apps focused on privacy, giving government ID to Google of all corporations outright puts them in danger due to Google's involvement with US law enforcement. F-droid themselves have put out a couple of posts on the topic, explaining their stance further.
The second I'll mention is myself. I'm not really an app developer, and have no intention of being one. However I greatly benefit from the ability to install unsigned apps on my phone. A few years ago there was a project called YouTube Vanced, which was a patched version of the YouTube app that removed ads, among other customisation tweaks. (As an aside, I do actually pay for YT Premium as part of a family bundle so my parents can watch normally, but the other customisation tweaks and inclusion of Sponsorblock is enough for me to keep me using patched apps.) Vanced was shut down for redistributing Google's IP in the form of the YouTube app, but from its ashes were spawned projects that allow you to take the YouTube APK you source yourself (e.g. the one you already have installed, or from apkmirror), download the patches separately that don't include the source code of any apps they're patching, and perform the patching on your own device (the one I'd recommend right now is Morphe, which is a fork of ReVanced by some of the original ReVanced developers. It's pretty damn easy to use too) because the act of patching software is not illegal and nor should it be. Thanks to this process, I have sponsorblock on my phone, I have hidden as much to do with Shorts as possible, and most of the distractions and calls-to-action are gone. I'm not paying Google $25 for the privilege of letting them know that I'm patching the shittiness out of their own applications.
Could F-Droid start the "F-Droid Foundation" and become the developer of every app it hosts for identification purposes? They'd need to be able to build it anyway.
The problematic thing is that you need to register the key you'll use for each individual app, which would mean if you want to release both on F-Droid (built by them with their key) and another store like Google Play (built by you with your key) it's more complicated (need to build with separate package names), and for existing apps wouldn't work at all (because their names are already set). If I remember correctly, the registration process is also done in a way that in F-Droid's case would make it difficult to register it with their key even if you wanted to (the org might be able to do it but it'd require a lot of manual effort on their part for each new app, and the first issue of not being able to have the app anywhere else still stands).
My understanding is that the end user going through the so-called "advanced flow" from this post would allow them to install everything like normal, though? But the reboot and subsequent one-day delay is a new point of non-negligible friction, so I can understand people being unhappy about it.
Yes. Very hard to install F-droid + NewPipe on your friends phone so that they can play ad-less music through the evenings inevitable YouTube party when there's the 24h cooldown.
I'm not sure every developer needs to pay $25. This depends on how the project is organized. It could be a smaller number of developers doing the releases, provided that they're willing to review and vouch for multiple apps.
It's a bit of friction, but might increase software quality too if people team up. Consider how Linux distros work.
I'll take freedom over security in this case. The current workaround was already needing to go into settings to allow apps to install from unknown sources. if those 5 extra clicks wasn't enogh friction, I don't think the answer is adding even more friction.
Less about the id check and more about giving Google to shut down any app it disagrees with, even if it's not on the Play store. Emulation and adult apps are the most obvious targets here.
Apologies in advance for the cheap shot, but to update the Shrek meme: "Some of you may lose your life savings, but that's a risk I'm willing to take."
Non-mainstream devices? The mobile ecosystem is a duopoly. The choice is Google (Android), or Apple (IOS). There are a couple of tiny Linux mobile alternatives, but as devices get more and more locked down, so does the ability to switch to something less controlling- and even if you manage to, on a device which can be bootloader-unlocked (your choices are dwindling), etc, you'll be entirely unable to perform many actions, such as mobile banking (some banks provide only a mobile interface, such as Revolut).
Not to mention the false "security" justifications which Grumble has already outlined. If anybody thinks that an inability to sideload apps easily is going to fix the malware problem, then they need to look into the issues that the Play Store has with malicious apps. The walls of the walled garden are raised a brick higher, and they must be destroyed before the mortar has set.
I was thinking more along the lines of a Raspberry Pi or the many fine microcontroller boards available from AdaFruit. There are also many portable video game devices.
I'm going to double post because, the right way to stop people from being scammed into installing apps is not to make it take 24 hours. The right way to stop people from being scammed into installing apps is to make the idea of installing an app you don't genuinely want to avoid some negative consequence completely, societally absurd. Like, take-off-all-your-clothes-and-cluck-like-a-chicken, nobody-could-ever-have-a-reason-to-do-that absurd.
It is only in our society where people are routinely pressured or compelled into nonconsensual relationships with software (for a bank, a parking spot, YouTube, a news site, the government, a concert ticket) that it is even possible for someone to call you up and scam, threaten, or harrangue you into installing an app.
I'm in favor of public education and I also prefer web apps to mobile apps. But a solution where one of the steps is "let's educate everyone worldwide" is kind of big project? A stopgap measure that only takes years of work by one big tech company is also a big project, but I'd guess a couple of orders of magnitude smaller.
Especially when usually the scammers will be targeting people who have the least existing technical knowledge and thus will be harder to educate. And even if you reduce the pool of things you need apps for, there'll always be some things where a website either can't work or isn't preferable—how much malware gets in from imitating malware-protectors, which if you really did need one (as the scammers try to convince you that you do) would probably need more access to the device than a website has?
Whether you think this is the right way to combat scammers or not, I don't think the proposal of "just make the idea of installing apps silly" works.
I don't think the ability of genuine developers to run software of their choosing was ever in doubt. A legitimate owner with physical access and control, among other things, of which device they actually buy, is always going to win.
The thing that's being traded off against "scammers need to scam you more slowly" is "only software that participates in the marketplace is available to the public".
If you can just give away software, different software is produced. Consider the average quality of the software in F-Droid, in terms of whose interests it acts in, versus that of the software in the Play Store.
If you must pay for the right to give away software, even a token amount, you are now operating in a regime where you want your money back. If an AppID is has to be registered to a particular legal entity, it makes an app as an entity, independent of its source code, into capital.
The existence of a genuine software gift economy that envisions all people as potential producers of software is a threat to the Play Store's offering to businesses, which is control over the devices of a captive audience of consumers, which can be sold back to them one microtransaction at a time.
It seems like open source organizations like Debian should be able to get someone to pitch in $25 to support shipping lots of different apps? It's true that the $25 fee would affect people who want to ship software independently, sort of like having your own record label.
Does that only apply to sharing said app over the play store or will little projects that distribute a bare apk on github be affected by this?
That is for bare APK verification, so they'll skip the described advance flow, but still require some form of verification.
https://developer.android.com/developer-verification/guides/limited-distribution
Honestly? Sounds like more of a hassle than allowing unverified APKs through the advanced flow once and then clicking "install anyway" when the unverified app pop up displays at install. But maybe I'm missing something here.
My impression is the limited distribution process is supposed to be easier for a non-technical user who is only ever going to install one or two things directly from someone they know to do that without having to remove the anti-scam roadblocks in other situations, not necessarily easier for developers or power users (who probably should just use the "advanced flow" to opt out).
Hmm makes sense, I can see this being simple enough for the end user, as long as they're in the same room as the dev.
I think "Coached" is perhaps the wrong word to use and, if people had to convince people to click the build number 10 times to enter developer mode to install an unofficial APK... well I'm sure the new way will be even easier since it is just one button and a scheduled call to the victim 24 hours later.
Other way around, currently you don't need to enter developer options but with the new flow you will need to.
Agree that if the prompt uses "coached" that would probably be a bad word choice, but the options in the mockup use the more neutral phrasings
Yes, someone is guiding meandNo one is instructing me, so I'm hoping "coached" is just being used in the announcement to explain the issue and the actual thing will use a better term.I still feel like these words won't be very effective. Maybe a large stop 🛑 sign with multiple pages explaining the risks with AI generated pictures of family members crying... idk.
It's a very real problem but one that won't be effectively solved unless the Play Store itself was severely locked down--even more than Apple's App Store. And in order to unlock third party app stores you need to talk to someone in a private environment like talking to a manager at a bank where another human being can make sure you are not under duress or being told that the FBI is going to open a case file for your parking ticket if you don't install an APK.
I don't think that world is ideal. But I also don't think any middle solution will effectively solve this problem--and even in that dystopian environment criminals will find a way...
Instead, we need to be better at criminalizing scams and tracing the money flows. Get better at detecting bad apps (which they need to do anyway to actually make their Play Store safe).
The thing about it to me is that I bet 99% of these scams are coming from people who live in other countries. If you look at what a lot of IT network vendors and companies do, they employ threat detection software that generally just blocks anything from various countries they would have no expectation of internal traffic coming from.
I don't know enough about the phone system to understand the full scope of how it's built and operated, but in the US at least, it's been comically easy to spoof numbers and scam people over the phone for decades at this point. It's absolutely absurd that such a system even exists. The reality is that many people have absolutely ZERO need to receive calls from people in other parts of the world and yet the vast majority of the scams likely come from people not residing in their country, but people use VOIP systems built on total shit technology that is the phone system to originate their calls in the country they are targeting. There are also plenty of people who probably who need to receive calls from people in other countries, this isn't the 1950s after all, but it would be a start.
I honestly think the future is that the internet will eventually be restricted on a country by country basis. I don't see how it will continue to be justified to allow countries like North Korea or Russia etc. to launch attacks and election manipulation tactics with impunity because they are outside of any jurisdiction that matters.
So China was right after all.......
From a national security standpoint, unfortunately they probably were closer to the mark than I'd have ever wanted to acknowledge. That doesn't mean I agree with the whole GFW in concept or principle and surely not the implementation as well as their other internet controlling tactics. I'm not very familiar with the details of their setup, some people that I know who have been to China tell me it's trivial to bypass and that it's a joke and it doesn't do anything and that all Chinese citizens know how to bypass it etc., I have no clue the actual truth to it, but if it actually allows them any greater control or insight into what type of internet traffic is happening going into and out of China and limits exposure to attacks in ways other countries seem to be more exposed to them, then that's a clear advantage for national security if nothing else.
Of course, national security is sometimes more advantageous to the controlling interests of the nation than it is to the people of the nation, so it's not inherently a clear win to the people of any country that the national security of their country is superior to other countries. A country with great national security under the rule of a dictator is still a country under the rule of a dictator.
And I'm probably using national security in a broader sense than perhaps it's actually meant to be. I think that phone scams that come from poorer nations targeting wealthier nations is a national security issue. Due to the recent decade's revelations of Russia interfering in elections, involvement in Brexit etc., it goes beyond phones even. When it gets to the point that you know this kind of interference is happening and you can't do anything about it, that's a problem. I am honestly somewhat surprised that it hasn't already been the case that sanctioning countries doesn't involve cutting off physical network connections to other countries. I'm sure it's a lot more complicated than that due to the interconnected-ness of things, but still. I also know it won't stop them from being able to send people over the border to other countries and commit crimes in unsanctioned countries, but that at least forces people into jurisdictions where they may be exposed to consequences.
I always come back to:
The optimal amount of crime in society is not zero.
Trying to squash the bad actors by heavyhanded authoritarian means everyone gets to live under a heavyhanded authoritarian regime. Or:
Those whom would give up liberty for security deserve neither.
That's really not what I'm talking about though. I'm not even sure how that's what you came away with to be honest. I even stated "A country with great national security under the rule of a dictator is still a country under the rule of a dictator."
Also lets be real, you enjoy freedoms and securities of life that you would never have if the world was built in the principle that you state, so it's easy to say it for things you can't erase the existence of but only exist because people gave up liberty for security and you grew up in that situation that you had no ability to change.
Living under any government at all is giving up liberty for security. Living in any kind of community setting is potentially giving up liberty for security. Even if you're fully on board and in agreement with the series of engagements of any community type of setting, procreating and creating any life at all is forcing others into situations they had no choice over. All of life is making compromises for things you don't want for the sake of continuing to live, and often for the sake of increasing your own comfort and safety.
Yes, however we have Google Ads, Facebook, Instagram, Youtube, Tiktok, Twitter etc.
I think that election manipulation tactics are easier done using these nowadays. You don't need Russian propaganda be sent straight from Russia. It will be proxied by corporate social media. People will go on streets if you try to take their favourite
drugsapps away. The Rich will be laughing and continue to put money to influencers and ads on theses platforms, while having parties on various islands. And people will be protesting against blocking their favorite apps.Slightly offtopic, but I felt that I need to write it.
Sure, that prompt on its own won't solve it, but the article lists further steps beyond that to hopefully further lessen the odds (rebooting to cut off any calls, delay to remove the panic impulse and give a chance to talk to people about it). I'm just talking about the use of the word "coached".
But yeah, it's not going to solve everything, nothing will; that doesn't mean no attempt can be made. It'd be good to get better at the other solutions you mention too (especially on the Play Store that they control), but given those aren't going to be perfect either, attacking the problem from multiple angles is probably more effective than just one.
This is probably as good as could have been expected given the direction Android is being steered in.
Given a few constraints that are not met I would even be fine with this.
Such as not being introduced and controlled by for profit entity for transparently self serving reasons o a standard ability to reinstall the os of the phone completely.
It still leaves the issue of developer registration too.
There are two reasons things are done for that should be examined closely. For the children and for security.
From Android Police: