Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

Google's plan to restrict sideloading on Android has a potential escape hatch for users

⁨527⁩ ⁨likes⁩

Submitted ⁨⁨1⁩ ⁨day⁩ ago⁩ by ⁨ardi60@reddthat.com⁩ to ⁨technology@lemmy.world⁩

https://www.androidauthority.com/how-android-sideloading-restrictions-may-work-3595355/

source

Comments

Sort:hotnewtop
  • hendrik@palaver.p3x.de ⁨1⁩ ⁨hour⁩ ago

    So a lot of speculation and we don't know much except 2 paragraphs in the FAQ... I'd like to mention though, they've recently stripped the Pixel devices if their status as developer devices and now push for their emulator for development. Once they follow that kind of logic, there isn't really a reason to keep ADB working as is on real devices.

    source
  • ideonek@piefed.social ⁨1⁩ ⁨day⁩ ago

    Image

    source
    • G3NI5Y5@piefed.social ⁨1⁩ ⁨day⁩ ago

      Like "Jaywalking", suddenly, walking is no longer the norm, but the car is preferred. The victims are seen as perpetrators.

      source
      • ideonek@piefed.social ⁨1⁩ ⁨day⁩ ago

        And "littering" is the "real" culprit why we all drawn in uneccesey plastic. We should blame consumers not the polluters.

        Corporations do it all the time.

        source
        • -> View More Comments
      • joshchandra@midwest.social ⁨10⁩ ⁨hours⁩ ago

        preferred *required

        FTFY, at least here in a certain country…

        source
    • JohnEdwa@sopuli.xyz ⁨1⁩ ⁨day⁩ ago

      It’s the technical term that defines the process of transferring files not from an external networked device - downloading - or to an external networked device - uploading - but between two local devices - sideloading.

      It’s over two decades old, you downloaded an mp3 from napster, and then sideloaded it to your player.

      source
      • ideonek@piefed.social ⁨1⁩ ⁨day⁩ ago

        And companies ofted do it. Thay recoined jaywalking to put the blaim of the accidents to pedestrians and take away the road from them. They change what littering means in attrmpt to delute the responsibility for polution... We are better than that this time, right?

        source
        • -> View More Comments
    • yardratianSoma@lemmy.ca ⁨1⁩ ⁨day⁩ ago

      Don’t forget “side effects”, when really, medications only have “effects”. Whether the effects are intended or not doesn’t change the fact that they happen.

      source
      • knitwitt@lemmy.world ⁨1⁩ ⁨day⁩ ago

        Cough medicine can induce drowsiness, but you probably shouldn’t be taking it as a sleep aid. The distinction between intended vs unintended effects is an important distinction to make, in my opinion, to prevent drugs from being unintentionally misused.

        source
        • -> View More Comments
      • jjlinux@lemmy.zip ⁨1⁩ ⁨day⁩ ago

        Wait, so now I have to talk to a doctor before installing from F-Droid? Well, shit.

        source
        • -> View More Comments
      • Tollana1234567@lemmy.today ⁨1⁩ ⁨day⁩ ago

        you shouldnt be taking medication not for his intended purpose, it has many warnings.

        source
        • -> View More Comments
    • Ulrich@feddit.org ⁨1⁩ ⁨day⁩ ago

      What would you call it?

      source
      • Wrrzag@lemmy.ml ⁨1⁩ ⁨day⁩ ago

        “installing” as in “installing software”

        source
        • -> View More Comments
  • QuestionMark@lemmy.ml ⁨1⁩ ⁨day⁩ ago

    Since Google’s goal is to improve security

    This is an obvious lie.

    source
    • Eggyhead@lemmings.world ⁨22⁩ ⁨hours⁩ ago

      They never specified who’s security…

      source
      • espentan@lemmy.world ⁨6⁩ ⁨hours⁩ ago

        Their revenue probably felt very threatened.

        source
      • SCmSTR@lemmy.blahaj.zone ⁨14⁩ ⁨hours⁩ ago

        Whose*

        Who’s = who + is

        Whose = an indication of possession

        source
        • -> View More Comments
    • Tollana1234567@lemmy.today ⁨1⁩ ⁨day⁩ ago

      they want to improve thier AI and datamining capabilities.

      source
      • nomadjoanne@lemmy.world ⁨1⁩ ⁨day⁩ ago

        What am I not seeing? How does this improve datamining capabilities?

        source
        • -> View More Comments
  • AbidanYre@lemmy.world ⁨1⁩ ⁨day⁩ ago

    Since Google’s goal is to improve security

    Is it though? Really?

    source
    • radix@lemmy.world ⁨1⁩ ⁨day⁩ ago

      The security of their bank balance.

      source
    • Sxan@piefed.zip ⁨1⁩ ⁨day⁩ ago

      No.

      source
    • Ulrich@feddit.org ⁨1⁩ ⁨day⁩ ago

      This publication is always repeating Google’s nonsense.

      source
    • scarabic@lemmy.world ⁨1⁩ ⁨day⁩ ago

      What ulterior motive do they have for blocking sideloading?

      source
      • AndyMFK@lemmy.dbzer0.com ⁨1⁩ ⁨day⁩ ago

        Essentially banning any apps that would hurt googles profits.

        I thought that was pretty obvious.

        source
        • -> View More Comments
  • gnuplusmatt@reddthat.com ⁨1⁩ ⁨day⁩ ago

    I’m not sure why google is over engineering this, proper mainline distros have this solved since forever. Let the community setup trusted repos with gpg keys, then let me trust the repos. If Fdroid trusts the package and I trust Fdroid, who should care?

    source
    • olsonexi@lemmy.world ⁨1⁩ ⁨day⁩ ago

      Because it was never actually about security to begin with. That’s obviously BS. Google just wants control.

      source
    • Lemminary@lemmy.world ⁨1⁩ ⁨day⁩ ago

      Probably because they want to target software that cracks theirs to avoid ads, like ReVanced.

      source
      • SaharaMaleikuhm@feddit.org ⁨1⁩ ⁨day⁩ ago

        Ding ding ding ding ding. It’s so obvious, it’s because Google wants to be in control and block apps it would rather not exist. Newpipe, FreeTube, Revanced and the like.

        source
      • Xatolos@reddthat.com ⁨1⁩ ⁨day⁩ ago

        Then why aren’t they already doing that by blocking DuckDuckGo?

        The DuckDuckGo app blocks all apps from sending to Google (and other advertisers) tracking/ad data on a system level. And it’s freely available on the Play Store (has been for years.

        play.google.com/store/apps/details?id=com.duckduc…

        If they wanted to prevent apps from blocking their ad abilities, this app would never have been allowed on the Play Store.

        source
        • -> View More Comments
  • Ulrich@feddit.org ⁨1⁩ ⁨day⁩ ago

    tl;dr you can still “sideload” via adb.

    This is so incredibly inconvenient as to be meaningless.

    source
    • gaylord_fartmaster@lemmy.world ⁨1⁩ ⁨day⁩ ago

      It’s not completely meaningless because if it’s truly the only option I’m going to be using it until I eventually replace my current phone with one with an unlocked bootloader.

      source
      • Ulrich@feddit.org ⁨1⁩ ⁨day⁩ ago

        I’m afraid that won’t help. There will be even fewer people developing apps specifically for the 0.01% of us using custom ROMs.

        source
        • -> View More Comments
      • watson387@sopuli.xyz ⁨1⁩ ⁨day⁩ ago

        When my current phone dies I’ll be buying a flip phone.

        source
        • -> View More Comments
      • Goodlucksil@lemmy.dbzer0.com ⁨1⁩ ⁨day⁩ ago

        Rimjob_steve moment

        source
    • blargh513@sh.itjust.works ⁨1⁩ ⁨day⁩ ago

      It will be stupid, but I presume there will be a rise in desktop apps or webapps that require you to only plug the phone in and it will handle the rest.

      source
      • gaylord_fartmaster@lemmy.world ⁨1⁩ ⁨day⁩ ago

        Yeah, if something like Obtanium needs to run on my desktop instead of my phone and I have to plug it in every once in a while, that’s not the end of the world.

        source
        • -> View More Comments
      • KSPAtlas@sopuli.xyz ⁨1⁩ ⁨day⁩ ago

        There are already android apps that allow you to ADB into your own phone without root, so you could VERY EASILY just make an app store that utilises that, you only need to install the app from desktop once

        source
    • dukatos@lemmy.zip ⁨1⁩ ⁨day⁩ ago

      good luck updating all your apps that way…

      source
      • Ulrich@feddit.org ⁨1⁩ ⁨day⁩ ago

        Exactly

        source
    • hansolo@lemmy.today ⁨1⁩ ⁨day⁩ ago

      Not at all, just get comfortable with ADB and use Claude to walk you through the steps.

      I see this as an absolute win.

      source
      • Ulrich@feddit.org ⁨1⁩ ⁨day⁩ ago

        No one thinks it’s hard. It is, however, as I said, extremely inconvenient and time-consuming to do this every day, and no one wants to do that.

        source
        • -> View More Comments
    • Arghblarg@lemmy.ca ⁨1⁩ ⁨day⁩ ago

      Perhaps someone could write an ‘adb loopback’ app – get that into the official app store, and said app would then squirt other .apk files through adb on the phone to itself, thus sideloading it.

      source
      • KSPAtlas@sopuli.xyz ⁨1⁩ ⁨day⁩ ago

        ADB loopback apps already exist, such as Shizuku

        source
      • Ulrich@feddit.org ⁨1⁩ ⁨day⁩ ago

        As far as I know, ADB needs to be run on another device which is plugged into the phone.

        source
        • -> View More Comments
    • cmnybo@discuss.tchncs.de ⁨1⁩ ⁨day⁩ ago

      We already have to do that to install older apps. It’s inconvenient, but not as bad as having to boot up an ancient phone every time you need to use the app.

      source
  • umbrella@lemmy.ml ⁨6⁩ ⁨hours⁩ ago

    they always do this to gaslight us into accepting things we would not. when blocking installs from outside gplay is a possibility, further restricting it is a relief, not the outrage it should still be.

    that or they got a feel for it and decided to settle with less restriction. for now.

    the permanent solution as always is deposing them from this position of enormous power and monopoly. easy said.

    source
  • drmoose@lemmy.world ⁨1⁩ ⁨day⁩ ago

    This is actually worse than integration in Play Protect which can be disabled very easily. Now you can only install unsigned apps via ADB which means just developers can do it.

    source
    • arararagi@ani.social ⁨1⁩ ⁨day⁩ ago

      And very annoying too since some government apps don’t like it when you have developer mode on.

      source
      • Zanshi@lemmy.world ⁨18⁩ ⁨hours⁩ ago

        Not only government. I can’t see my daughter’s insulin pump status if I don’t disable developer mode.

        source
        • -> View More Comments
    • SparroHawc@lemmy.zip ⁨18⁩ ⁨hours⁩ ago

      Or anyone with a computer who installs ADB. You don’t have to be a developer.

      source
      • drmoose@lemmy.world ⁨13⁩ ⁨hours⁩ ago

        Nah you can’t realistically distribute your app with adb requirement. No one will bother to go through such friction.

        source
        • -> View More Comments
    • COASTER1921@lemmy.ml ⁨14⁩ ⁨hours⁩ ago

      Leaving ADB open to unverified apps is more than I was expecting. ADB is reasonably straightforward to use even without actually being an Android developer.

      There was never any way they’d integrate it to play protect and still allow play protect to be disabled. I prefer this to being required to use play protect personally, though the services do seem somewhat redundant. Presumably the whole point of doing this is to create an Apple style walled garden (which is of course very profitable). Google likely doesn’t want to fully lock it down and risk legal trouble, they just need to make it difficult enough that the masses don’t bother installing unapproved apps that may not act in Google’s interests.

      I still hope the EU takes legal action against this anyway.

      source
      • drmoose@lemmy.world ⁨13⁩ ⁨hours⁩ ago

        I don’t think this adds anything tbh as peoppe with adb would always be able to bypass this. The issue is that this kills distribution and thats exactly what Google wants - have full competitive control. Once they don’t like your app they’ll block your account and what do you do with your customer base? Give them adb install instructions? That’s basically a death sentence for any app.

        source
  • Zak@lemmy.world ⁨1⁩ ⁨day⁩ ago

    If Google wanted to add developer verification without being evil, it could use SSL certificates connected to domain names. I think the whole concept is ill-conceived, though I’ll admit to a modest bias against protecting people from themselves.

    source
    • tauonite@lemmy.world ⁨1⁩ ⁨day⁩ ago

      They couldn’t. Domains and SSL certificates can be obtained very easily anonymously and thus wouldn’t let Google identify the developers of malicious apps, which is the goal of this

      source
      • coolmojo@lemmy.world ⁨1⁩ ⁨day⁩ ago

        The trouble is Google’s definition of malicious apps. Are adblockers malicious? How about alternative apps for YouTube? Based on the recent history, I don’t think you will be able to install those apps on the phone you purchased.

        source
        • -> View More Comments
      • Zak@lemmy.world ⁨1⁩ ⁨day⁩ ago

        It provides a way to open an investigation into a malicious developer without giving Google the ability to ban anyone it doesn’t like.

        source
      • Squiddork@lemmy.world ⁨1⁩ ⁨day⁩ ago

        Yeah I mean some form of asymmetric encryption/validation would work but it stops the real reason why Google wants to implement this.

        source
    • LodeMike@lemmy.today ⁨1⁩ ⁨day⁩ ago

      The problem with that is that certificates expire before someone would want to keep using the app.

      source
      • xthexder@l.sw0.com ⁨1⁩ ⁨day⁩ ago

        Code signing certificates work a little differently than SSL certificates. A timestamp is included in the signature so the certificate only needs to be valid at the time of signing. The executable will remain valid forever, even if the certificate later expires. (This is how it works on Windows)

        source
        • -> View More Comments
      • Zak@lemmy.world ⁨1⁩ ⁨day⁩ ago

        It need only check at install time.

        source
        • -> View More Comments
  • covert_czar@lemmy.dbzer0.com ⁨22⁩ ⁨hours⁩ ago

    Which means I can make an app for this “Sideloading” by shizuku…

    source
    • themachinestops@lemmy.dbzer0.com ⁨7⁩ ⁨hours⁩ ago

      I heard of shizuku before how does it work? Does it need root?

      source
  • 6nk06@sh.itjust.works ⁨1⁩ ⁨day⁩ ago

    We hope that Google keeps its word and preserves ADB installation

    lol, adb is the first loophole that will be closed.

    source
    • balder1991@lemmy.world ⁨1⁩ ⁨day⁩ ago

      I don’t know, even people here are already considering it a loss of the only way is through ADB, because it’s not practical for everyday usage. But it’s better than nothing.

      source
  • cupcakezealot@piefed.blahaj.zone ⁨1⁩ ⁨day⁩ ago

    why can google not just code something like this into android:

    allow apps from:
    ( ) All sources
    ( ) Just Google Play
    ( ) Apps which have been verified by Google Developer Program

    source
    • cerebralhawks@lemmy.dbzer0.com ⁨1⁩ ⁨day⁩ ago

      Because they want to stop people from using ad blockers.

      source
    • palordrolap@fedia.io ⁨1⁩ ⁨day⁩ ago

      Option 1 is a potential cause of "lost" revenue.

      Late stage capitalism absolutely forbids anything that could cause that, even if the cost of implementation outweighs any potential gain.

      source
    • stevedice@sh.itjust.works ⁨12⁩ ⁨hours⁩ ago

      I can see it already:

      () Just Google Play (safe)

      () Verified apps (not recommended)

      Advanced settings

      click on Advanced settings

      () All sources (Unsafe. Will probably kill your cat and burn down your house)

      tick the box

      Are you sure?

      click yes

      ARE YOU SURE?

      click yes again

      ONE HUNDRED PERCENT SURE?

      wait for the 30 seconds timer to count down

      click yes

      ( ) I do not love my cat and want him to die.

      tick the box

      ( ) I accept the very real risk of my house burning down

      tick the box

      Please wait 24 hours for the change to apply. You can reverse it at any time from this menu.

      get spammed every hour for the next 24 hours with notifications asking me to fix my security settings

      get a bigass ⚠️ every time I turn on the phone

      every once in a while the change just straight up reverses and I have to do it all over again

      source
    • littleguy@lemmy.cif.su ⁨18⁩ ⁨hours⁩ ago

      That would give users choice, and corporations want as many people as possible to be incapable of making decisions for themselves.

      source
    • mariusafa@lemmy.sdf.org ⁨1⁩ ⁨day⁩ ago

      Because it’s Google

      source
    • SanctimoniousApe@lemmings.world ⁨1⁩ ⁨day⁩ ago

      Taking Google at their word for a moment, it’s far too easy to scam the clueless masses into selecting the first one.

      source
  • mastod0n@lemmy.world ⁨1⁩ ⁨day⁩ ago

    We should embrace oldschool SciFy and go for (DIY) Cyberdecks.

    source
  • napkin2020@sh.itjust.works ⁨1⁩ ⁨day⁩ ago

    I honestly think that this is just not going to happen. It’s already a giant pain in the ass to install apps from anywhere else than Play Store. With Shizuku it got much, much better.

    source
  • goatinspace@feddit.org ⁨1⁩ ⁨day⁩ ago

    Image

    source