Adb is functionally useless for most people.
Comment on Head of the Signal app threatens to withdraw from Europe
lmmarsano@lemmynsfw.com 3 weeks agoYou misidentified your objection. It isn’t sideloading removal, which isn’t happening. It’s developer verification, which affects the sideloading that remains available.
Just because you don’t understand the value of verifying signatures doesn’t mean it lacks value.
I recall the same alarm over secureboot: there, too, we can load our certificates into secureboot and sign everything ourselves. This locks down the system from boot-time attacks.
I will never ever ever be able to get friends and family access to third-party applications after this change.
Then sign it: problem solved.
Developer verification should also give them a hard enough time to install trash that fucks their system and steals their information when that trash is unsigned or signed & suspended.
Even so, it’s mentioned only in regard to devices certified for and that ship with Play Protect, which I’m pretty sure can be disabled.
Google promised they would allow on-device sideloading
Promise kept.
their word means fuck-all and you know that
No, I don’t. Developers are always going to need some way to load their unfinished work.
khannie@lemmy.world 3 weeks ago
sidelove@lemmy.world 3 weeks ago
That’s twice that you’ve missed the point that everyone else is saying. Read it again:
Google is irreversibly designating themselves the sole arbiter of what apps can be freely installed in the formerly-open Android ecosystem. It’s the same as if they just one day decided that Chromium-based browsers would require sites have a signature from Google and Google alone. I honestly don’t give a shit if they did it just on Pixel devices, but they’re doing it to the phones of ALL manufacturers by looping it into Play services.
I just don’t understand: why the fuck are you so pussy-whipped by Google that you’re stanning their blatant power grabs?
0x0@lemmy.zip 3 weeks ago
Probably works at google or is a fanboy.
lmmarsano@lemmynsfw.com 3 weeks ago
I don’t understand why you can’t read: (1) developer verification can be disabled, bypassed, or worked with, (2) you called it sideloading removal, which it isn’t.
You just don’t like the extra steps that limit the ease for ignorant users to install software known to be malicious that could have been blocked. I don’t like handholding my dumbass folks through the preventable IT problems they created.
mr_satan@lemmy.zip 3 weeks ago
This does fuck all for “security”. It’s targeting, mainly, power users and puts just more hoops for developers. This has nothing with security (they should purge malware from Play store first) and everything to do with consolidating power over users.
It’s a blatant power grab and I’m surprised to see this interpreted as anything else. Arguing about semantics just helps Google fuck everyone over.
sidelove@lemmy.world 3 weeks ago
So let me buy a goddamn phone that I can install what I want in it. Again, I do not give a shit about any phone manufacturers that want to make a walled garden out of their Android installations. I agree, it’s perfect for the grandmas of the world. But Google is forcibly doing this to every goddamn phone, phone manufacturer, and Android enthusiast.
The only silver lining is that whenever Google decides that unregulated social media services like Lemmy are not family-safe I won’t have to listen to your malicious horseshit.
lmmarsano@lemmynsfw.com 2 weeks ago
Seems you don’t care about grandmas & gen z.
They can manage.
So casual users can get wrecked, yet I’m malicious? Maybe think of users other than yourself, weigh the potential losses to them by successful attacks, and consider whether OS designers have a legitimate claim in preventing exposure of known threats to casual users while still allowing power users to bypass those checks.
You’re assuming I use an Android app (trash) to get on here, and not a proper workstation or web browser. You’re welcome to this “malicious horseshit” for eternity.
khannie@lemmy.world 3 weeks ago
In reality, this is useless given the technical capabilities (or access to the technology necessary) of nearly every android user. What percentage of them do you think has the capacity or capability to use ADB?
Strictly it ticks the box, however effectively it is sideloading removal. Arguing otherwise honestly makes me think you work for them. It’s such obvious marketing bullshit “Oh, we left this tiny window open to tick the box which people can use, but almost certainly not you and even if you are capable, it’s a pain in the arse”. There are 7 intelligent people in my house. I’m the only one capable of using ADB without enormous effort, making it a deliberately huge barrier and even I’m not going to do it to install a trusted open source app.
Let’s be clear; the only reason they left that little window open was to have people like you say “no, sideloading is still possible” to cover their arses legally and also for actual developers, not because they care about an open ecosystem.
lmmarsano@lemmynsfw.com 2 weeks ago
All of them: they can follow instructions, plug a cable, and push buttons if they really want to. Most won’t bother: capacity isn’t willpower.
That’s the idea: welcome to an effective deterrent.
Good, then it’ll deter as designed.
Nah, the use cases are legitimate:
Malicious software on devices connected to everything including highly sensitive information poses high-cost risks that you & casual users overlook because muh inconvenience 😭. If casual users can’t bother with a straightforward procedure as you say, then how prepared are they to handle the real challenges of a successful attack?
From a security perspective, it makes sense for OS designers to choose to limit exposure to that threat to power users who can be expected to at least have a better idea of what they’re getting themselves into.
FishFace@lemmy.world 3 weeks ago
They’re being precise about their terms, while everyone else is being sloppy. Not stanning