They won’t kill side loading (the fact we even call it side loading instead of simply installing software is a problem). They’ll just shoot it in the knees a little. No big deal.
Android won't kill sideloading after all, but new verification rules will make it harder
Submitted 3 weeks ago by Gsus4@mander.xyz to technology@lemmy.world
https://www.techspot.com/news/110243-android-wont-kill-sideloading-after-all-but-new.html
Comments
Feyd@programming.dev 3 weeks ago
XLE@piefed.social 3 weeks ago
They’ll be able to stop a group of less technically savvy people, who currently are sideloading, from using their phones the way they choose. Apparently that’s good enough for Google.
CallMeAnAI@lemmy.world 3 weeks ago
I bet you less than 1% of users are even aware and of that less than .1% can’t figure out what they need.
Cocodapuf@lemmy.world 2 weeks ago
I don’t know, it’s possible that the number of people already interested in sideloading and savvy enough to do it, but not savvy enough to get over this new hurdle, may be a very small number.
I mean there are already some roadblocks to sideloading and scary messages about safety and security.
AbidanYre@lemmy.world 3 weeks ago
They already don’t let you use Google pay if you don’t give them control of your phone. This is just tightening the noose a little bit.
Feyd@programming.dev 3 weeks ago
People shouldn’t use google pay in the first place. All of these things being tied together by the same group is a problem in and of itself.
Lost_My_Mind@lemmy.world 3 weeks ago
Push 3 degrees harder, relent 2 when there’s resistance.
Meaning, 3 steps ahead for them if there’s no resistance. 1 step ahead if there is.
Wait some time, repeat.
wreckedcarzz@lemmy.world 3 weeks ago
That is more the fault/worry of the financial sector and not G. The fact that they gave up this amount of leeway is shocking. Their risk tolerance is very low and giving G the ability to manage virtual cards and allow payments with them is huge in itself.
Even Privacy, which does part of the same thing/idea, still only works for some cards, doesn’t work at all for credit cards (last time I checked), and has been in the sector for a similar amount of time.
G had to lock down Pay to appease the financial sector’s risk management. Anything else was DOA.
MalReynolds@slrpnk.net 2 weeks ago
Credit card in your phone case, use your banks’ website, 95+% of people right there.
wide_eyed_stupid@lemmy.world 2 weeks ago
I fucking hate that word. It’s not ‘sideloading’ to install on my own device what I want to install, to use the apps I want to use; to not use the apps I don’t want to use. I am not ‘sideloading’ anything when I install programs on my PC. No different on my phone.
Fuck off with all these new bullshit terms that are only used to imply that what we’re doing (with our own devices) is somehow outside the norm, to justify the constant enshittifcation and the growing stranglehold these corporations want on our lives. It’s infuriating.
JohnEdwa@sopuli.xyz 2 weeks ago
It’s not a “bullshit new term”, it’s three decades old and means transferring files locally from one device to another, instead of directly downloading or uploading from/to an external server.
The most common sideloading people did was downloading music to their PC using services like iTunes, and transferring them to their mp3 players. As they did often with early PDA and smartphone apps, where the term for Android comes from - get the .app on your computer, transfer it to your phone, and install it.
Sideloading.HK65@sopuli.xyz 2 weeks ago
Okay, but Google uses it in a way where directly going to the server they host F-Droid.apk, downloading and installing it counts as sideloading.
If anything, using Google Play is sideloading by that definition, since I can’t just download a release from the originators’ server, they need to first transfer it into a secondary location, Google’s servers, and I can only install it from there.
wide_eyed_stupid@lemmy.world 2 weeks ago
Fair, it’s not a new term. I was born in the 80’ies, I’m familiar with the concept.
However, it’s now being used with new bullshit meaning (i.e. going outside the Google/Apple app and their own offered selection), and media are normalizing this use.
vrighter@discuss.tchncs.de 2 weeks ago
so you’re saying it is the wrong word, because most apks are downloaded from the internet on-device. That is not a local transfer
lritter@mastodon.gamedev.place 2 weeks ago
@JohnEdwa @wide_eyed_stupid indeed. but it takes only a single incendiarily indignant but factually wrong mastodon post to force anyone left who's still reading wikipedia to clarify forever.
RnDanger@infosec.exchange 2 weeks ago
@wide_eyed_stupid @Gsus4
They're "sideloading" our vocabularyarararagi@ani.social 2 weeks ago
I’m sure there’s something in the EULA about how it’s actually their device and we are just licensing it, just like software. I hate this tech feudalism so much.
wide_eyed_stupid@lemmy.world 2 weeks ago
You know, it’s very possible, because I’ve never actually read an entire EULA, I don’t think.
su_liam@mas.to 2 weeks ago
@wide_eyed_stupid @Gsus4 “You will own nothing, and if you don’t like it you can talk to the security cyberdog that has you in its sights.”
nodiratime@lemmy.world 2 weeks ago
SinningStromgald@lemmy.world 3 weeks ago
So about those linux phones…
wreckedcarzz@lemmy.world 3 weeks ago
Aaaaaaany day now… guys…?
(I have a pinephone and no, it is absolutely nowhere near ready)
Gigasser@lemmy.world 3 weeks ago
My guess is that any good Linux phone experience would need greater funding from some company or foundation…(Valve please?)
exu@feditown.com 2 weeks ago
The Pinephone used way underpowered hardware when it came out.
Regardless, there’s been a lot of progress from postmarketOS and others the past years and especially accelerated once again with the original announcement to kill installing apps outside of the PlayStore.
I’ve also gone ahead and put in a reservation for the new Jolla phone to support another alternative.
Kissaki@feddit.org 2 weeks ago
The company says it is now developing an “advanced flow that allows experienced users to accept the risks of installing software that isn’t verified.” This installation flow will include safeguards to protect people who are being coerced into installing a dangerous app, or tricked by a scammer, along with “clear warnings to ensure users fully understand the risks involved.”
IIRC we already had to enable a setting and confirm a warning popup. What are they gonna do? Add more popups? A captcha-“puzzle”? Less easy to accept dialogs?
TWeaK@lemmy.today 2 weeks ago
Probably a captcha puzzle, or some other thing that requires you to connect to them and surrender your data for free for their commercial purposes.
rumba@lemmy.zip 2 weeks ago
how about a $20 development license!
Holytimes@sh.itjust.works 2 weeks ago
Honestly a less easy to accept dialog would go a long way.
Just make it require ADB. Iv had my grandfather fall victim to a crypto scam that got him to install a app on his phone.
As much as we hate it, google is the only one who has any power to prevent abuse of the stupid, elderly and gullible. Someone has too.
There is a line of going to far to protect people that just makes things worse for everyone. But the reality is, our freedom comes at the expense of others freedom.
Finding the balance is hard.
Dekkia@this.doesnotcut.it 2 weeks ago
Hot take: We shouldn’t lock down devices by default to a point where they protect even the most vulnerable.
Child safety locks exist for a reason and can also be used for the elderly.
adavis@lemmy.world 2 weeks ago
Nah screw needing adb, that absolutely kills free and open source software stores like fdroid, and fdroid have said as much that Google’s then planned signing requirements would lead fdroid to stop.
The only way I’d even be remotely OK with another adb requirement is if
- it’s a requirement to unlock the ability to install unsigned apps, ie it’s not to an install an app but set a flag
- #1 becomes a requirement for Google certification so all manufacturers have to allow it
- It doesn’t cause other types of attestation to fail that we see with unlocked, rooted and third party roms failing certain checks preventing some apps, most commonly banking ones from working
dumbadoor@lemmy.zip 2 weeks ago
In today’s society everything needs to be baby proofed. Protect this protect that. People need to take responsibility for their actions.
Your grandpa got greedy and wanted to invest money to make more money. Now he got scammed and he learned his lesson. Next time guided by prior experience he should/will be more careful. If not he will loose more money until he realises he shouldn’t be clicking and installing everything he sees.
And that applies to everyone. You alone are responsible for your actions, not anybody else
DeathByBigSad@sh.itjust.works 2 weeks ago
As much as we hate it, google is the only one who has any power to prevent abuse of the stupid, elderly and gullible. Someone has too.
Not far enough. We should require a government agent to be with people to verify there isn’t any fraud before allowing any money transactions to happen.
Wanna buy food at the grocery store? Please wait for your assigned NSA agent to verify that you’re not being scammed.
(Is /s even needed?)
Kissaki@feddit.org 2 weeks ago
I think the dialog can be changed to give a more stern and obvious warning before escalating to no alternative installs without developer tooling.
leftascenter@jlai.lu 2 weeks ago
My guess is they’ll enforeba xiaomi-style thing where you have to login, wait, go through hoops, wait again,…
WhyJiffie@sh.itjust.works 2 weeks ago
that would be fine, without the login and sim card requirement
6nk06@sh.itjust.works 3 weeks ago
A “concession” to use your phone, and you need to give your address, phone number, and ID. Fuck off.
helpImTrappedOnline@lemmy.world 2 weeks ago
Meanwhile the Play Store is full of scams. This isn’t about safety, it making sure they get a cut from the scam apps.
filcuk@lemmy.zip 2 weeks ago
It’s a trashpile. If I need an app, I search ‘site:reddit android app x’ or look in f-droid
FauxLiving@lemmy.world 3 weeks ago
They’re not killing sideloading, they’re just building the gallows and sharpening the axe.
The outrage doesn’t stop anything, it just makes them slow their plans and wait out the public outrage.
termaxima@slrpnk.net 2 weeks ago
“side” loading is just normal loading for me. I have one single app from the google app store. (It’s cookie clicker 😂)
TheGrandNagus@lemmy.world 2 weeks ago
Even calling it side loading is an attempt to delegitimise the practice. To make it sound like you’re doing something dodgy by the side.
It’s just installing an app.
Nobody calls installing an app from outside the Microsoft store on their Windows PC “side loading”.
Likewise for Macs regarding their app store, or installing an app from outside your distro’s repository on Linux.
Gsus4@mander.xyz 2 weeks ago
Do you use Fdroid or simply get apks online, like we all used to before these walled gardens?
termaxima@slrpnk.net 2 weeks ago
Neither ! I use Obtainium, which allows you to get apps directly from the source, with the convenience of a normal app store for updating !
I usually look for apps on droid-ify, which is an alternative front end to f-droid, then whenever possible I copy the link of the source repo and install via Obtainium ; when I can’t I install the f-droid version via Obtainium as well (as a result, I have 0 apps installed by droid-ify, I only use it for search)
When I need an App Store exclusive app, I install it via Aurora Store (which downloads apps via shared anonymous accounts)
The only thing this system can’t get around is paid apps from the App Store. I have exactly one : Cookie Clicker. (I like the game in general so I paid to support the dev)
Joelk111@lemmy.world 2 weeks ago
I use fdroid whenever possible, but I do use Google Play for most everything else.
XLE@piefed.social 3 weeks ago
The company has confirmed that it is developing an “advanced flow” to let experienced users install apps from unverified developers
How about don’t change it at all, Google
Anon764967@lemmy.org 2 weeks ago
I’m not worried about sideloading because I use GrapheneOS, but I’m worried that development for various apps might stop…
ZeroGravitas@lemmy.dbzer0.com 3 weeks ago
They must really hate ReVanced.
Truscape@lemmy.blahaj.zone 3 weeks ago
Oh, I bet. They probably hate GrayJay more though.
GrapheneOS is luckily out of their jurisdiction :)
ReallyActuallyFrankenstein@lemmynsfw.com 3 weeks ago
Can anyone verify if this is the “new” update to the process? The article takes 75% of the way to get to this paragraph and isn’t even clear if this is Google’s proposed concession or an existing separate process:
To accommodate educational and noncommercial development, Google will introduce a new limited developer account type aimed at students and hobbyists. These accounts will not undergo full identity verification but will instead allow app installations on a restricted number of registered devices.
If that is the workaround, it sounds like it’s still awful since it requires a Google developer account and really only would work for limited development deployment.
x00z@lemmy.world 2 weeks ago
Weird that they want to do all the verification themselves and not just allow certificate signing using verified CAs. Oh well it’s not weird because we all know Google does this to fight back against third party stores and to get developers back to their shitty one and of course to better track them.
NateNate60@lemmy.world 2 weeks ago
I’m guessing what you’re suggesting is that Google’s proposal is the same as requiring all packages be signed and accompanied by an Extended Validation or Oragnisation Validation X.509 certificate.
While that would technically work, the problem with using the existing PKI is that it’s still very expensive to get EV/OV certificates. And the most common of these certs (those for TLS purposes) will soon only last 47 days which is, to put it mildly, would be a pain in the ass to use for package-signing.
x00z@lemmy.world 2 weeks ago
My project uses a free one from SignPath. They offer this for opensource projects and require a verifiable GitHub build process. It’s not EV certs but it’s good enough and free.
pantomime@leminal.space 2 weeks ago
Billionaires doing what a billionaire does: feign a reason to kneecap a service, force complaints about its ineffectiveness, then use that as an excuse to dismantle it entirely. I am so tired of this.
WhyJiffie@sh.itjust.works 2 weeks ago
bullshit! if this is actually what the “new” rule is, the exact same thing was already part of their unacceptable original plans.
To accommodate educational and noncommercial development, Google will introduce a new limited developer account type aimed at students and hobbyists. These accounts will not undergo full identity verification but will instead allow app installations on a restricted number of registered devices.
no to any kind of accounts, to any kind of developer registration, and any kind of install limits! its none of google’s business what apps people install outside their store, and so they shouldn’t be able to enforce a global installation limit for any apps!
OscarRobin@lemmy.world 2 weeks ago
Boiling the frog
cupcakezealot@piefed.blahaj.zone 2 weeks ago
remember when people were actually excited about new android releases because they were weird and consumer friendly?
PierceTheBubble@lemmy.ml 2 weeks ago
Great, more hoops to jump thr… I mean… an “advanced flow”, for gaining the privilege of installing apps of your choosing
Zink@programming.dev 2 weeks ago
Cool story, goog.
I’m just going to keep waiting for a linux/foss phone so that its features and capabilities are actually predictable year to year.
But maybe I’m just too picky about what features and capabilities I want. I admit I’ve gotten used to some pretty outlandish stuff like… lemme check my notes here… “the device does the things I tell it to do.” Real galaxy-brain shit!
DeathByBigSad@sh.itjust.works 2 weeks ago
Not to be pessimistic: But Good luck with the linux phone when carriers start doing whitelisting like ATT already does
(Unless you wanna dual-phone?)
Balldowern@lemmy.world 2 weeks ago
For carriers like AT&T, texting & other data are important. Dumb phones won’t provide them the data needed. They will absolutely support Linux phones.
RalfWausE@feddit.org 2 weeks ago
There is already postmarketOS if you have an old supported phone somewhere in the drawer… it has still some rough edges, but it works and gives a nice glimpse into that ecosystem.
Balldowern@lemmy.world 2 weeks ago
Perfect time for the Chinese to setup a shell company in Mexico that sells smartphones & devices with AOSP-android-based OS to the US. It’ll sell like hot cakes.
DeathByBigSad@sh.itjust.works 2 weeks ago
It’ll sell like hot cakes.
Nope… lot of apps won’t run.
Nobody is buying a phone without Google Play Certification.
Not to mention, some carriers like ATT have a weird whitelist thing.
Also, there might be compatibility issues with provisioning the SIM, since I just had an issue with LineageOS breaking data connection, but restoring factory rom fixes it, then I flash Lineage again and it broke again, so yeah… I expect similar issues with a “Non- Google Play Certified” device.
Biggest thing is: Netflix Widewine defaults back to L3 instead of L1 requited for HD stuff
Before you say “just pirate”, most people don’t know how to do that. Also somethings can’t even get pirated since its so niche.
davidgro@lemmy.world 3 weeks ago
This is from November, and is about the ‘student accounts’ thing which doesn’t at all help the central issue of being forced to make an account to distribute your app
melsaskca@lemmy.ca 2 weeks ago
Fuck all of this tech bros enshittification surveillance bullshit. I’m going to Radio Shack and buy a Heath Kit! /s
trashboat@piefed.social 3 weeks ago
If Google continues to round the corners of their Google Play triangle icon, it’ll become a circle in a few years
berty@feddit.org 2 weeks ago
So this sucks obviously. Will this also affects apps from alternate appstores like F-Droid or only APK’s? I mean F-Droid already signs the apps, right? I’m a little confused.
brooke592@sh.itjust.works 2 weeks ago
It’s all about herding people by dictating the path of least resistance.
Dreamer@lemmy.ml 3 weeks ago
Are there any longstanding open source alternatives to Android OS?
Gsus4@mander.xyz 3 weeks ago
LineageOS?
Truscape@lemmy.blahaj.zone 3 weeks ago
Lineage, Graphene, and /e/ OS are all forks I believe, not alternatives (since they are dependent on the main Android branch for some updates and feature implementations).
Linux phones don’t really have enough support for the necessary applications to be viable for most people, at least for now.
DeathByBigSad@sh.itjust.works 2 weeks ago
I installed LineageOS on my Motorola and the data connection stops working… restored back to factory rom and it starts working again
So I guess if you really want to use it as a wifi-only device, sure
or daily drive 2 phones with one of them on the factory rom to use as a hotspot for the other one running Lineage
Rekall_Incorporated@piefed.social 2 weeks ago
There is the Linux-based Jolla phone:
https://commerce.jolla.com/products/jolla-phone-preorder
But their UI framework and Android app support system are not open source.
eleitl@lemmy.zip 2 weeks ago
I use GrapheneOS (Lineage OS and CyanogenMod before that) and I’m perfectly happy witn alternative software installation sources.
nutsack@lemmy.dbzer0.com 2 weeks ago
this was the plan from the beginning, but nobody was reading any of the articles that they clicked on
Gsus4@mander.xyz 2 weeks ago
That’s why I posted this old article. I only heard about it from a hackaday podcast.
Psythik@lemmy.world 2 weeks ago
My entire job depends on such an app, so this is a bit of a relief.
afk_strats@lemmy.world 3 weeks ago
This framing still sucks. Google is blocking apps THEY don’t approve on YOUR phone.
Brewchin@lemmy.world 3 weeks ago
Agreed. But one climb down means potentially more, as needed. 🤞🏻
Zwuzelmaus@feddit.org 2 weeks ago
Only if the protests continue with full force.