Comment by ricudis
20 days ago
Before quickly running to dismiss this move, please at least do your research with regards to the situation in the countries mentioned in the article, especially Singapore and Thailand.
Side-loaded malware has been an epidemic in SE Asia, and there are MILLIONS of dollars stolen (mostly from pensioners!) via side-loaded malware disguised as gambling apps - the local population is particularly suspectible to gambling, especially the older generations that are not so tech-savvy.
It's good they decided to do something about it.
So make it an unlockable feature with a big red warning saying something like: 'If you unlock this feature, your money might be stolen, malware could infiltrate your system. You take full responsibility and acknowledge that you are tech-savvy.'
I'm sure if my grandma saw something like that, she wouldn't click it. This way, people who want to stay in a closed garden are protected, while those who want full control have it. The current implementation seems designed for state interests, not the people's.
It shouldn't be impossible. Not every FOSS developer will want to register, or be mature enough, or may be from sanctioned countries, and so forth.
I think that you are right, although that is not the only issue.
One of the issues is that perhaps they should also check the software in the official app stores better (I think I had read that Apple does a little bit, although they don't do it so well either, and they don't have side-loading so that is another problem).
However, perhaps a more significant issue is when something requires having Android (or iPhone) even if you do not want that, you cannot use your own (or none at all, if that would make sense which sometimes it does).
Private app companies should be and are doing more to protect against malware.
Banking apps in Malaysia are required to include malware detection software [0]. Companies should have better fraud and trust teams to identity and block fraud activities.
The rest of the world shouldn't suffer because a handful of banking companies refuse to offer basic fraud protections for their users.
[0] - https://www.abm.org.my/press-releases/banks-to-enable-malwar...
The requirement per Google's post is rolling out globally though in a couple years. There was nothing stopping per country governments that this may disproportionately affect from requiring this for Play Protect/GMS certified Android devices sold in their region but enforcing it worldwide for such non-AOSP devices I don't find surprising to be controversial.
Brave of you to say this. Yeah, in my humble opinion, agree with you, android and ios devices target the mainstream users more than say a PC or Mac's, and should be more locked down. We can keep PC's and Mac's relative open (although they are getting more secure too, which might be good?), but for devices that truly target the masses, secure them as much as possible (why would typical users like my parent's need to install a remote access server on their phone?).
Yeah, my Dad got hacked only a month ago, through a tech-support phishing phone-call. He uses a windows PC which makes him vulnerable, and the scammers did install tons of evil crap. He really should be using an android or ios tablet, to reduce his chances of being hacked like this. I know these devices are still vulnerable, but they do seem more secure based on how much more locked down they are.