Comment by arielcostas
21 days ago
So what's wrong with that? You get warned, you ignore the warning and get hacked, that's on you for being dumb enough to download stuff from some shady website. Plus, Android is supposed to have decent isolation and permission controls, unlike desktop OSs like Windows or Linux (not counting Snap/Flatpak) where software can read your entire disk or any arbitrary file and send it via the internet.
Plus, you are not required to do that, you can just stick to Google Play and trust what Google approves there. But no need to lock down others because of your recklessness.
Exactly this. I want a big toggle that I can turn on in developer settings (perhaps make it more involved than that, but you get the gist) that says "I acknowledge that from here on in I am responsible for my data and I hereby absolve Google and other interested parties from responsibility should I blah blah blah..."
Why the hell can't I use my rooted device for payments? It's my goddamn money at risk.
My Pixel phone warns me before allowing free installs (I refuse to call it "sideloading") from any app for the first time. And others like Xiaomi show (or used to show) a more prominent warning you had to read with the consequences, waiting at least 10 seconds to enable the option.
Plus the whole "banks need to protect you by ensuring your device" is stupid when cards are protected only by a PIN, and the app also requires some form of biometry to unlock it, which is to encrypt the underlying tokens. Banks should protect your money on their end, with clients having their responsibility to keep safe their stuff, whether that's their card or phone. It's a stupid premise itself, and it's lazy engineering.
Is the point of the warning to avoid liability or to actually inform the users? If you tell people everything causes cancer (instead of only saying when you've verified it doesn't), soon enough they're going to stop caring when you say stuff like, "don't eat asbestos, that causes cancer". I think a "checkmark" system makes more sense—for verified accounts/developers, put a checkmark near their name, and for unverified ones, have nothing. There's no reason to cause alarm when 99% of the time the alarm is misfounded.