Comment

Comment on Google gives Android users a way to install unverified apps if they prove they really, really want to

I can understand this workflow being created to protect the legions of people who are tricked into installing spyware.

It doesn’t remotely affect me because I use GrapheneOS and if this is an issue for you then you’re probably someone who should look at installing GOS or Lineage.

I don’t think Google should be able to do this and it is likely part of a longer-term strategy to strangle any competition. At the same time, I can understand how this change will save a lot of grandparents from clicking a link in a text from their ‘grandchildren’ and installing spyware that’ll steal all of their bank information.

source

Sort:hotnew top

AHemlocksLie@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago
GrapheneOS is built on AOSP, which is where the change is being made. Graphene and other custom ROMs will need to maintain a fork that cuts out the feature if they want to avoid. Google is also starting to close off Android to make that more difficult, so it’ll become a genuine project to maintain the fork well.

source
- nomadpxl@programming.dev ⁨3⁩ ⁨weeks⁩ ago
  As far as I understand the enforcement depends on privileged play services. xcancel.com/Metr0pl3x/status/1960329785277571420#…
  
  source
  - AHemlocksLie@lemmy.zip ⁨2⁩ ⁨weeks⁩ ago
    That’s better, at least. GrapheneOS users should be fine at least since there are extensive restrictions on Play. Other Android ROMs may have issues, though. Maybe not if they use MicroG.
    
    source
fallaciousBasis@lemmy.world ⁨2⁩ ⁨weeks⁩ ago
I mean… This is kind of why I never let people use my phone.

I have installations from various sources enabled… Like my browser, because I know what I’m doing. But I wouldn’t trust anyone as the process is currently effortless…

If someone is trying to install spyware on you (like a partner or parent.) this might offer some notification and prevention.

I don’t really see the big deal. You do it once, enable it forever, and wipe up those tears.

I think a better way would just to have maybe like a biometric/pin confirmation upon installation. Simple. Clean.

source
- reksas@sopuli.xyz ⁨2⁩ ⁨weeks⁩ ago
  they want to suppress the developers, not users. By making it so bothersome, so many people will just stop using sources from outside google play. First they do this and at some later time they will add more hoops to it. If they manage to strangle any developers that make stuff, people will have nowhere to turn yet they cant complain either because google will have undeniable monopoly.
  
  source
- FauxLiving@lemmy.world ⁨2⁩ ⁨weeks⁩ ago
  The delay is almost assuredly to prevent live scamming. Like a grandparent picking up a random call or text and being tricked into thinking they’re a family member/bank worker/etc.
  
  I’ll admit it’s annoying, and could be used by Google later to do more annoying shit.
  
  Taking their explanations in good faith and looking at it from an customer security point of view, I can see this cutting back on some common scam types. This is kind of like how, when you go to rustdesk.com there’s a giant ‘YOU’RE PROBABLY GETTING SCAMMED’ banner across the top of the page:
  
  Image
  
  These little steps can seems pointless or annoying to us, as most of us are probably in the upper range of tech skills, but consider the average user and it starts to make a lot more sense.
  
  source
  - conorab@lemmy.conorab.com ⁨2⁩ ⁨weeks⁩ ago
    The delay makes intuitive sense especially since it will give the target a chance to complain about it to their friends and family who will hopefully stop it from there.
    
    However, I’m not sure if it’s worth it. I imagine this would stop exfiltration apps which scan the users device to useful data and maybe passive screenshots but this pales in comparison to apps with subscription dark patterns, gambling and apps that harvest and sell your data legally already. If this was a case of apps prompting the user to enter sensitive information into a form then they could just use a browser.
    
    I don’t know. I think this is a good measure to prevent scams. I’m just uncomfortable about Google’s motivation.
    
    source
ThirdConsul@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago

I can understand this workflow being created to protect the legions of people who are tricked into installing spyware.

Then you’re stupid, as most people install third party spyware through the Google Play store.

source
- FauxLiving@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  Yes, how stupid of me for not explicitly explaining the context that everyone with basic reading comprehension can understand.
  
  I’ll add the obvious context for everyone else who is new to the world and has issues parsing regular English sentences:
  
  The link and description of the post is the part at the top of the page.
  
  If you click the Title link it will take you to a web page (a collection of HTML documents and javascript) which contains a story.
  
  The story in the OP is about installing unverified apps.
  
  Unverified apps are installed directly from apks and not from the Play Store
  
  Scams often target elderly people with text messages or phone calls.
  
  Part of these scams involves getting access to the victim’s devices so that the scammer can leverage that access to obtain bank information and account control.
  
  Creating a system which prevents a scam victim from easily installing unverified apps will mitigate this attack vector.
  
  source