Comment by paradite
20 days ago
It won't work because of too many false positives. People are already trained to ignore warnings, like how they blindly accept T&C without reading.
20 days ago
It won't work because of too many false positives. People are already trained to ignore warnings, like how they blindly accept T&C without reading.
If a giant red warning saying 'THIS APP MAY BE MALWARE' doesn't stop someone, then they've either made an informed choice to proceed or it's willful negligence. In other words, users aren't 'trained' to ignore warnings; they're simply being willfully negligent.
It’s because on the other side of that warning is a cracked version of Spotify that removes the adverts.
The user can’t make an informed choice because it’s literally impossible to audit the safety of the app or the author. So they will click passed any warnings, follow any number of steps to install the app that gives them something desirable for free.
So what?
Those same users can now install facebook, and facebook does this: https://medium.com/@ak123aryan/facebooks-hidden-android-trac...
And facebook is and will be verified in the future too.
As someone who is usually careful I too have found myself clicking past warnings and error notifications in recent times, mainly because I want to do something and the software is actively preventing me from doing that. It isn't negligence, it is just wanting to get something done and not having the time or the nerves to carefully read through and think about messages, dialogs, and screens.
Back in the early days of the Internet there was the Joel Spolsky article on why users will always do anything to see the dancing bunnies.
It doesn’t matter what adjectives you apply to them - they do it and they’ll do it again. Most people are not equipped to evaluate the veracity of that statement, and if a few good apps don’t register with Google (that these will exist is the whole reason this move is problematic at all, right?) and ask you to click through on the website or whatever, they’ll get used to touching the stove and not getting burned.
c.f. the Windows “it could be malware” blurb. You basically can’t use any software from a small publisher without clicking through it, even if they pay for the code signing certificate.
But then you get situations like, "THIS PRODUCT MAY CAUSE CANCER," being cautioned everywhere, with no distinction between, "this is certainly harmful," and "we just haven't verified it isn't harmful".
Have you met a human before? Most will simply click past anything that’s impeding their immediate goal.
The fact that you don't even realise why that wouldn't work is kind of telling.
> users aren't being 'trained' to ignore warnings
Of course they are. Every time they click "continue anyway" and it actually isn't malware (which is 99% of the time) they are being trained that the warning is nonsense.
And they're right! What use is a warning that an app might be malware, if a) it actually isn't almost every time you see the warning, and b) you have no way of telling if it is or isn't anyway?
I hate this move too and I don't think they should have done "just make the warning even bigger!" is obviously dumb.
There aren't too many false positives, it's just that most modern android software is malware.
Saying "this will steal your data" is probably correct.
So what were actually asking users is to install some malware, if it's provided by a big enough tech company, but not other malware. Of course users get confused.
Just stop downloading apps altogether and run the web views in the original web view - the web browser.
Will Google, Meta et al. do that and abandon their apps? Of course not, they need to install malware.
The way we allow paternalistic tech companies to train the consumer to abdicate personal responsibility is going to bite us in the ass sooner or later. I'm betting on sooner.
Then make the false positives lower. The problem is they aren't incentivized to improve such features because, where's the money in that?
How about requiring the user to type into a text box "App Foo might be malware. I want to install it anyways."? And disable copy and paste for that box.
Maybe they shouldn't offer a "OK" button that the stupid user can blindly click. They could tell you, "this app is dangerous, go to system settings to enabled" and a "Dismiss" button.
I'll point to Windows Vista that went all in on this kind of security, even giving you a big warning if you tried to change your background. The computer magazines quickly published guides on how to change a slider or registry setting to reduce the amount of stupid warnings, and the people were quickly trained to ignore and just hit OK on these screens.
Anyway, Apple already does this with unknown apps downloaded from the internet, you need to go to security settings and hit a button there.
Lmao, that is literally how it worked.
This is something laughable that Apple does. Anytime you install something from Github it'll make you click a few extra boxes. And their tightening down of things also ends up making people look for third party software in the first place. All this really does is, like you said, teach people to ignore warnings.
That's just their first step. They will remove the extra boxes eventually. They already removed option-click as a workaround.
Is it possible to install stuff from GitHub on iOS? I thought it was completely impossible on apple devices.
I was referring to OSX but if you didn't know there's a current European lawsuit going on about doing exactly this for iOS
It is, but you have to reinstall it every week.
5 replies →
There was a workaround using an enterprise certificate, but I believe Apple stopped that for misuse of the enterprise program.