Comment

Comment on Google gives Android users a way to install unverified apps if they prove they really, really want to

COASTER1921@lemmy.ml ⁨6⁩ ⁨days⁩ ago

If this is really as straightforward as it sounds then I’d consider this the best case scenario. Google could have gone full Apple style lockdown or even just have implemented this flow on a per app basis, but needing to wait 24hr one time to enable unverified app installation isn’t a bad idea from a security perspective. It prevents a bad actor with temporary access from being able to do much while not getting in the way of us power users after the initial 24hr period.

My bigger problem is how Google is leveraging their monopoly to implement this single-handedly and only for themselves. If they had instead gone through AOSP this perhaps could have been implemented in a better way to allow other parties than just Google to be the verifier, and that 24hr waiting period could be applied to any verifier that is not the phone’s default. I’d argue this would be an equally reasonable security measure considering how many scams are out there preying on those who aren’t technologically savvy, yet would maintain transparency.

source

Sort:hotnew top

Eximius@lemmy.world ⁨6⁩ ⁨days⁩ ago
I’ve heard of security by obscurity being accepted, but never heard of security by obtuseness being accepted as valid.

source
tired_n_bored@lemmy.world ⁨6⁩ ⁨days⁩ ago
I hate the fact that Android is open source only on paper. You can’t compile your own flavor and install it.

source
- fallaciousBasis@lemmy.world ⁨6⁩ ⁨days⁩ ago
  You absolutely can… Custom ROMs do just that.
  
  Your phone has to support it. It’s not a Google wall. Your phone maker determines how difficult it easy this is. Google pixels make this really easy to install Graphene on.
  
  source
  - tired_n_bored@lemmy.world ⁨5⁩ ⁨days⁩ ago
    Which is not as libre as a computer
    
    source
    fallaciousBasis@lemmy.world ⁨4⁩ ⁨days⁩ ago
    Android used to be a little more diverse.
    
    But it’s been limited to the launcher(shell) mostly.
    
    What do you think are in the best interest of the community that Google isn’t doing? Do you have any less contentious examples? As a technical support specialist I’ve talked to numerous dipshits that were talked into installing a virus on their own Computer system or phone or other device.
    
    Some people are really really really fucking gullible.
    
    source
    -> View More Comments