Comment by maxerickson
22 days ago
It's easy. For the average user, device integrity is more valuable (by a lot) than side loading.
People that think this is unacceptable are not remotely average users. Average users benefit greatly from their pocket appliance not being a full fledged computer.
Ultimate control over devices you own should be a basic right. Apple's wanton abuse of users and developers via the control they have over their platform, and Google's nipping at their heels, should be evidence enough of that.
Fundamentally, it is a trust issue. Why should I be forced to trust Google or Apple has my best interests in mind (they don't)? That is not ensuring 'device integrity', it's ensuring that I am at the whims of a corporation which doesn't care about me and will leverage what it can to extract as much blood as it can from me. You can ensure 'device integrity' without putting any permanent trust in Google or Apple.
Why should I be forced to trust Google or Apple.
You are not.
It's certainly convenient in this modern world to pay for and use one of their devices though.
That was intended to be a generic 'device manufacturer', not calling out Google and Apple specifically. It's my device. I should control it, full stop. It should simply not be legal for a device manufacturer to lock me out of a device I own, post sale. In the past it wasn't _possible_, so we didn't need to worry about it. But now the tech is at the point where manufacturers can create digital locks which simply cannot be broken, and give them full control of devices they sell (ie. which they no longer own), which are being used in anti-consumer ways.
Considering market forces are against it, I believe the only practical way to accomplish this in the long term is for this to be a right that is enforced by legislation. I don't think it is even far from precedent surrounding first sale doctrine and things like Magnuson-Moss, that the user should be the ultimate one in control post-purchase, it just takes a different shape when we're talking about computing technology.
3 replies →
You are forced to trust Google or Apple if you want a smartphone. They own the whole market, it's a duopoly. You already have no power to install an OS without such limitations on most smartphones.
Limitations because it's not just protection - you don't get to choose which authorities you trust. Defaulting to manufacturer/OS vendor as the default authority would be ok, but there is no option to choose. Users have no power over their own device. That's not ok even if most choose to never execute it or don't know about it, it will lead to abuse of power.
Modern life without either of these OS (or like a phone number) is pretty difficult, i.e. you can't charge your car or access e-government without an app.
1 reply →
I’m willing to sacrifice your rights if it means that there’s less incentive to steal my phone
why do you think you have any say over others' rights? using that same logic, you know what? i think you're going to steal my phone. so do you mind if i sacrifice your rights and install a camera right in your room? wouldn't want you to plot the theft of my phone now would i
Id argue that the average user is not a good barometer. They are okay with slowly being boiled alive. See windows 11 as a good example.
What's being sacrificed in the name of security is not worth it imo.
Enabling side loading on android is not a standard setting you can flick on. Is there any data on the number of devices who have this enabled and are falling for hacked apps?
I might partially agree, but the market already has a fantastic, secure option for those users: Apple.
Android's value was always in being the open(ish) alternative. When we lose that choice and the whole world adopts one philosophy, the ecosystem becomes brittle.
We saw this with the Bell monopoly, which held up telephone innovation for three quarters of a century.
In the short term, some users are safer. In the medium term, all users suffer from the lack of competition and innovation that a duopoly of walled gardens will create.
They're happy in their walled garden, until they don't and discover there is a wall they now can't overcome and learn whose hardware it really is
I do think it is in everyone's interest to be able to run software of your choosing on hardware you bought to own. The manufacturer needn't make it easy (my microwave sure didn't expect to install extra software packages; I don't expect them to open up an interface for this) but they also don't need to actively block the device owner from doing it
> Average users benefit greatly from their pocket appliance not being a full fledged computer.
In what way? Seriously, what benefit is there? (And don't say security...)
Not having social media?
The world would be a much better place if we only had calls and direct messages.
Bro, you forbade exactly the reason this is good for average users. Average users get emails that say:
> you have been infected by 3 viruses, click here in the next 5 minutes or the damage will be permanent
And they believe it. Giving them the power to run any software they want, also means giving everyone else the power to make them run any software they can be tricked into installing.
I'm deeply concerned about how this will impact users like us, especially since we're such a small minority that our desires could easily be trampled by the masses, but this is a clear win for the average user.
(And don't make the perfectionist fallacy w.r.t. Google not successfully preventing 100% of malware)
Damn we should just give up on this whole computer thing outright then, seems pretty dangerous. There are plenty of other things we could strip away that would make people much safer than just installing software, that's thinking small!
2 replies →
> And they believe it.
Two reasons: they are not educated about devices they use, desktop operating systems are still awful at security (exe from a mail attachment can have a pdf looking thumbnail, executed with two clicks, even if accidental, immediately gets access to all user files... the whole concept of antivirus software...). It has nothing to do with side loading, especially on Android, where sideloading is a very explicit action already, and then you need to allow the application to do harm.
> Giving them the power to run any software they want, also means giving everyone else the power to make them run any software they can be tricked into installing.
You are taking away people's agency. Either you get to control your bank account risking that you get scammed, or someone will control it for you.
4 replies →
> this is a clear win for the average user.
In the short term, yes. In the long term, it means Google can ban any app it doesn't like, and it means governments can compel it to do so.
Governments being able to ban software without easy workarounds could have far-reaching consequences affecting people who don't even use the software in question. This is a Bad Thing even if it helps keep a few people from getting scammed.
> Average users benefit greatly from their pocket appliance not being a full fledged computer.
Why, though?
There's certainly no technical reason that a pocket appliance can't be a full fledged computer. The primary reason it isn't is because device manufacturers benefit greatly from having a tight control over their products. This is not unique to mobile devices; we see the same trend of desktop operating systems becoming increasingly user hostile as well.
The claim that these features are in the best interest of users is an inane excuse. Operating systems can certainly give users the freedom to use their devices to their full capabilities, without sacrificing their security or privacy. There are many ways that Google could implement this that doesn't involve being the global authority over which apps users are allowed to install. But, of course, they are in the advertising business, where all data that can be collected, must be collected.
> For the average user, device integrity is more valuable (by a lot) than side loading.
Right until their devices start to act against their will.
The device integrity is are talking about it integral only to Google and Apple. Not to you.
Agreed. Most people don't care that they can't run "unauthorized app XYZ", as long as their bank account / vacation pics / texts don't leak.
Now, that may happen anyway, but they'll give up a TON to avoid that.
Me, I try to avoid using my phone for anything important, use a VPN under Linux at home whenever possible, ad blockers, privacy guard, etc, etc. I can't expect my non-technical family members to do that.
Bad car analogy coming up: MOST drivers benefit more from ABS than the few really, really good race car drivers who can do threshold braking and outbrake ABS - and even then, I doubt it's true for anything but the earliest ABS systems. I'll bet the newest ABS systems are better than almost any human - because they don't have an off day, don't get distracted, etc.
And I get the anger - I'm an old school Atari 800xl / ST / DOS / Linux user who tries to ditch Windows where possible. Restricting things seems heavy-handed - and I don't trust Google in the least. But I would NEVER tell anyone in my family to sideload an app, even though they're all Android users - I don't want that support burden.
But this is not about device integrity.
I'm all for code signing and integrity verification. We need both technologies on pretty much all devices.
You are just conflating two different issues - side loading has nothing to do with device integrity.
Don't pretend that average users are asked, or that their opinions would matter. Or even that you have some sort of insight into the average user that other people don't have.
People who think this is unacceptable are the people who 1) understand what it is, 2) don't stand to profit from it, and 3) don't dream about locking average users into an ecosystem that they control some day.
You say this as if the widespread embrace of Apple/locked down Android phones is meaningless, fully a bamboozle with no user choice reflected at all.
Then they should go buy a boomerphone that can make calls and text and nothing else and stop screwing things up for the rest of us.
Average users also benefit from restricting their ability to purchase alcohol or tobacco, but I don’t see anyone suggesting that…
And people who are financially interested in letting users side-load apps (malicious or otherwise) are good at what they do. I mean, even Russian banks that are banned from the Apple App Store are still finding ways to distribute iPhone apps.
Most users are oblivious around those issues, how can they possibly make an informed choice here?