Comment by Aurornis
9 months ago
> In a pilot program launched in Singapore, the tech giant now blocks the installation of certain sideloaded apps—particularly those requesting sensitive permissions such as SMS access or accessibility services—if they are downloaded via web browsers, messaging apps, or file managers.
There are a lot of qualifiers on this: Only in Singapore, only on apps requesting certain permissions frequently used by scams, and only when downloaded via certain paths.
I don’t see the full details but this implies that it’s still possible for advanced users to side load whatever they want. They don’t want to make it easy for the average user to start sideloading apps that access SMS permissions or accessibility controls.
If it takes a few extra steps for the advanced user to sideload these apps that’s not really a big infringement on freedom like this purism PR piece is trying to imply. Unfortunately sideloaded apps are a problematic scam avenue for low-tech users.
> The move, developed in partnership with Singapore’s Cyber Security Agency, is designed to prevent fraud and malware-enabled scams.
This explains why it’s only in Singapore for now.
I think you're dismissing legitimate concerns without fully understanding them, because through the right lens you realize how this can be anticompetitive in the mass market.
Even if some technically inclined folk can install what they want, the masses will stay in the walled garden so that Google can get their cut and exert ideological control. Even now, both Google and Apple engage in practices across their product that are designed to scare people away from third party applications. From Google's terminology when describing Google in banners as "a more secure browser" etc, to Apple requiring a secret incantation in order to run unsigned apps.
All of this kind of mind control bullshit should be eradicated via regulation. Companies should not have a license to be deceptive towards their users.
The comment you're responding to includes the line:
> The move, developed in partnership with Singapore’s Cyber Security Agency, is designed to prevent fraud and malware-enabled scams.
Your comment seems to disregard it and instead lay this entirely at Google's feet as if they're seeking anti-competitive behavior - but if this was driven by a government, does Google really deserve all the blame?
(Note that I am explicitly not endorsing the move. I think sideloading should be left mostly untouched.)
Singapore is far from a nation known for free speech or to pick the side of liberty should it come into conflict with security. I've no doubt whatsoever that approved apps on a CTS "hardware backed" remote attestation phone is more secure. It's also possible to remotely own such a device unambiguously, and provides a central place where apps can be taken offline. It's win win from the point of view of a security agency. It's not from mine.
> partnership
Could mean anything from reluctant to opportunistic.
Isn't the Singapore government pretty authoritarian? They might have other motivation than just pure user security.
Google has already been weighed and found guilty of creating and persisting systemic anti competitive policy.
> Your comment seems to disregard it
Because it's irrelevant.
> but if this was driven by a government, does Google really deserve all the blame?
Of course. If the government ordered Google to assist in a genocide against some demographic, and Google goes along with it, it doesn't matter if the government is also evil. Google is evil for playing ball.
And we don't have to speak in hypotheticals. Both Google and Amazon are actively engaging in tech-assisted genocide.
https://www.aljazeera.com/news/2024/4/23/what-is-project-nim...
I have boycotted Amazon for a while now and I'd boycott Google too if it wasn't so pervasive in my professional life.
4 replies →
The masses will always stay in the walled garden. It's where they want to be and they don't even realize there are walls. It is just what is for them.
> The masses will always stay in the walled garden. It's where they want to be and they don't even realize there are walls. It is just what is for them.
The walls should have open doors, though, versus prison bars. Physical switches on devices (much like older Chromebook devices had) used to opt out of the walled garden should be mandated by consumer protection regulations.
9 replies →
Normal users complain about not being able to change things on their devices all the time. My whole family was pissed about the latest android update because Gemini was foisted on them and they didn't know how to turn it off.
It's a misconception that the masses want it
I don't think they cheeref at the arrival of the Microsoft Store on Windows, for example.
That's what's pushed for on the current smartphones, and they accept it; they easily don't see the problems, and it can seem complex for them to avoid it.
2 replies →
> All of this kind of mind control bullshit should be eradicated via regulation. Companies should not have a license to be deceptive towards their users.
I agree with you. However, the impact of scams should not be underestimated either.
To me it seems like fighting teen pregnancy by preaching abstinence. We should be teaching a higher baseline of computer literacy, and providing more secure systems that keep the user in control and in the know when it comes to their own device and the software running on it.
Attacking the problem by reducing user freedoms and increasingly monopolistic control is not the answer, even though Google's PR department would tell you otherwise.
4 replies →
.... This doesnt stop scammers. Software will never stop scammers. Its pretty wild that people would be willing to sacrafice their freedom permantely so a scammer can spend two weeks thinking of another approach to scam.
1 reply →
> There are a lot of qualifiers on this: Only in Singapore, only on apps requesting certain permissions frequently used by scams, and only when downloaded via certain paths.
Only certain permissions actually matter. That's one of three.
But "only in singapore so far" is not reassuring.
And "downloaded via certain paths"? Browsers and file managers are the normal ways to put files onto a phone. That doesn't reassure me at all.
Browsers and file managers are absolutely not the "normal ways" to put apps in a phone however.
Well sure but "app store" is already excluded by the context of sideloading.
Unless they block ADB, I wouldn't say it's accurate to claim they're "blocking sideloading". That said, it's clearly a balancing act between protecting people from installing malware but allowing them to intentionally install things they really do want to install, regardless of what permissions they need.
Every time the technical sophistication required to install apps from anywhere but Google's store (I don't love the term "sideloading" since it kind of denormalizes the act) is increased, the chances anyone will put in the effort to distribute apps any other way goes down. It also means apps Google doesn't want in its store are less likely to get made; I'd really like to see something that prioritizes notifications for me, for example, and I think that's against Google's rules.
I'm sure making it harder to obtain software outside a first-party app store provides some protection to some users from scams, but I really don't want that to be the answer. I don't claim to have a good one myself.
They don't, and they don't even block F-Droid. You can also just disable Play Protect (though Google won't let you while you're on a call, probably a smart move). According to the Singapore police, scammers also have victims download VPNs of Google Play to work around the regional restrictions.
I don't think the restrictions are doing much for victims. I assume Google was pressured into doing this by the authorities, or may be doing this to get in a good spot politically.
requiring a user to own a PC in order to sideload apps (with adb) would, in fact, count as blocking sideloading, albeit partially. so i don't think that's the right limit
I've sideloaded apps for other people. They don't have to own a PC but it's true that it'll slow it down, so you do have a point.
Yeah, just like you can sideload on iPhone by desoldering the flash, decrypting it, and modifying the OS.
Just because something is technically possible does not make it a solution
That's a little higher bar than plugging in a usb cable and running ADB... but I would agree that most users probably won't figure out how to sideload from a terminal.
Once it's normalized it's just one more step to block everything. No thanks.
> There are a lot of qualifiers on this: Only in Singapore, only on apps requesting certain permissions frequently used by scams, and only when downloaded via certain paths.
Those "certain paths" include "file managers"; how exactly would you sideload an app without providing the file?
>There are a lot of qualifiers on this: Only in Singapore,
We had a big client from Singapore who only agreed to buy our SaaS subscription after we integrated SingPass (Singapore's national digital identity system) for user login.
When I read "Singapore" in the OP I immediately remembered about it.
The client is not with us anymore, but we still have this thing somewhere in the codebase :)
Boiling the frog though... Obviously they're not going to roll it out all in one go.
They can still add more locations later.
I would prefer if Google moved in the direction of giving apps fake permissions. Otherwise the scammers will just move onto another layer.
It will always be possible to side-load apps on Android if you really want. It is one big strength of Android. There are many Android's no-internet deployments in the wild that rely on this feature.