Comment by vayup
6 hours ago
Dare I say it, I think we're being too harsh on Google here.
When you own a massively successful consumer product like Android, which is foundational to users' lives, you have an obligation to your users to keep them safe*. Sometimes you will have to choose between protecting users who don't know what they are doing at the expense of limiting users who know what they are doing. In this case, they have chosen to err on the side of the former.
I get it. It's OK to not like this development, especially if you use a lot of sideloaded apps. However, if you call this "anti-consumer", then perhaps you and Google have different notions of who the consumers are.
All said and done, Android/Pixel is still the most open mobile platform. Users are still free to install other AOSP-based OSes such as Graphene OS, which have no such restrictions on sideloading.
PS: I'm a former Google employee. I don't think I am a Google shill. I worked on mobile security, but I was not involved on this matter.
* I am using "safety" as a catch all for privacy and security as well.
> Android/Pixel is still the most open mobile platform
There are 2 options in this space (practically). Being better than Apple, who is explicit about the fact that they own every iPhone on the planet, is not a flex.
Do you think Apple is being reckless not doing the same thing on MacOS, Microsoft on Windows? Is the population too stupid to be permitted general purpose computers?
>Is the population too stupid to be permitted general purpose computers?
I'm strongly against this Android change (for a simple reason written below) but the answer to this is a resounding yes! The general population is a complete security disaster with unsigned software! The latest generations being brought up within abstracted mobile ecosystems are no improvement either on that front (probably worse).
That said - and I think this is a key point in this debate - sideloading apps is already a fringe part of the Android ecosystem. The vast majority of average Android users will never interface with this functionality. Well there is still obviously a security risk as with any time unsigned software is offered, it doesn't seem to me to be a major issue in the ecosystem. This is clearly about control, not security. Let's say there is more antitrust action and Google loses more control over their preferred forced storefront monopoly within the ecosystem. With this change, at least according my understanding of it, they are still the arbiter of what is allowed on the platform and not even if an app comes from another app store.
No, I am not flexing. I am just stating a fact.
FWIW, I am also pissed that there are only two mainstream options.
Let's take this to the logical extreme: I can make my phone even more secure if I pound a nail through it so that it doesn't turn on anymore. The phone is really secure now; it is impossible to install any malware on it, no one can install a bitcoin miner or track my credit cards or anything.
Even better, how about we replace the concept of "smartphone" with a glossy print of a Pixel phone that people can carry in their pocket? It would be lighter and completely secure as there would be no way to run any software on it.
Obviously I'm being farcical here, but ultimately I think there's a spectrum of security, and generally speaking these kinds of "security increases" end up making the phone less useful. Sideloading apps is already disabled by default. Most users aren't going to enable it; really the only people who are going to enable this are nerds who want to sideload stuff, and there's a strong selection bias towards people who know how to take care of themselves in the first place.
Also, frankly I don't really buy the "security" argument anyway. These companies aren't selfless benevolent entities who care so much about us, they are for-profit enterprises. If all apps need to be approved by and purchased through Google, then they can extract more money from users, which wouldn't be true with a side-loaded app store (e.g. what Amazon tried).
I currently run an iPhone, but I don't like how locked down it is and I have considered moving back to Android because of that, but now I'm not really seeing the point. I could of course install Lineage or Graphene or something else but that's considerably more effort.
I wish Ubuntu Touch had gained traction.
AOSP is starting to be locked down. Google's idea of promoting safety is charging developers for recognition. When there's a profit incentive involved, no, we are not being "too harsh"
Almost all of the pushback I have seen is on the notion of "developer registration", not the cost. That's what I was responding to.
I don't know how much it costs. But if there's any pushback that it costs too much, my comment is not about that.
> …perhaps you and Google have different notions of who the consumers are.
A relatively small percentage of HN users have empathy for people who haven't the faintest idea how their gadgets work and no curiosity about learning that. It can seem inconceivable.
I agree with you that normal people deserve safety when using their most intimate device, and that backdoors that can give technical people unfettered access will ultimately be abused by bad actors. I wish the world didn't work this way, but it's the one we live in.
> have empathy for people who haven't the faintest idea how their gadgets work and no curiosity about learning that.
I sincerely hope that a lot of people are actually better than how the stereotypes may make one think. Empathy (or lack of it) doesn't change the issue: users are deprived of choice and forced to go along a corporate decision, whenever it benefits them or not.
Ultimately, it all boils down to lack of informed consent and power/voice disparity between casual users and large corporations, especially when the choice is limited (and we have a de-facto duopoly). What you're seeing here is users expressing their dissatisfaction with a major decision that goes against their interests and that they had no say in. Have some empathy for those folks too.
I'm pretty sure most people who are unhappy about the news don't want to harm anyone and find no enjoyment if someone is harmed by lacking informedness. I'm very confident there are ways to present the issue and give a choice in a manner that is comprehensible to anyone, without requiring any technical knowledge. Every competent adult should be able to decide if they want to risk a thief gaining access to all their accounts at the benefit of ability to have extended control over their phone. Or be unable to install applications not blessed by the vendor, at the benefit of vendor promising to keep them safe from malware. I might not do the best job here, but I strongly believe that such things can be explained to anyone regardless of their life choices.
That's not what Google is doing, and their disrespect for user autonomy should not be confused for a lack of empathy towards those who don't understand computers.
Consider this framing: there's a controversy whenever it's acceptable that one could be punished for their choices on how their devices behave. I.e. whenever users willing to have better control over their devices should be punished by a refusal to access a lot of popular apps, sometimes even resulting in social awkwardness. I'm sure that empathetic people can see how this can feel unfair.
I have empathy for them, that's precisely why I made them much more secure by recommending mobile Firefox with uBlock :)
Yes, these big corporations are truly benevolent entities who are only looking out for the common man, and us software engineers are out of touch and "lack empathy".
It couldn't possibly be a frustration and concern that this is blatantly anti-competitive and serves to make Google considerably more money and leaves us with little/no options for people who actually know how to use a computer.
Frankly I think the security argument is largely a smokescreen to avoid discussions of anti-trust.
If I buy a Google Pixel device then I AM a consumer. You don't have to choose, you could release a separate device for those who know what they're doing, just like Mozilla releases a separate edition of Firefox that doesn't require signatures.
And yes, I while I can still install some alternative OS on my older Pixel (now Google has stopped providing device trees for the newer ones which I therefore won't buy), Google constantly tries to make this as insufferable as possible with their "Play Integrity" crap.
> now Google has stopped providing device trees for the newer ones which I therefore won't buy
Yeah, that sucks. I don't know if they made any official statement on that. I hope they will continue releasing device trees. It's a feather in their cap that the best mobile device to use for de-Googling so far was a Pixel device (with alt OSes). I hope they won't lose that distinction.