Comment by vayup
4 hours ago
Dare I say it, I think we're being too harsh on Google here.
When you own a massively successful consumer product like Android, which is foundational to users' lives, you have an obligation to your users to keep them safe*. Sometimes you will have to choose between protecting users who don't know what they are doing at the expense of limiting users who know what they are doing. In this case, they have chosen to err on the side of the former.
I get it. It's OK to not like this development, especially if you use a lot of sideloaded apps. However, if you call this "anti-consumer", then perhaps you and Google have different notions of who the consumers are.
All said and done, Android/Pixel is still the most open mobile platform. Users are still free to install other AOSP-based OSes such as Graphene OS, which have no such restrictions on sideloading.
PS: I'm a former Google employee. I don't think I am a Google shill. I worked on mobile security, but I was not involved on this matter.
* I am using "safety" as a catch all for privacy and security as well.
> Android/Pixel is still the most open mobile platform
There are 2 options in this space (practically). Being better than Apple, who is explicit about the fact that they own every iPhone on the planet, is not a flex.
Do you think Apple is being reckless not doing the same thing on MacOS, Microsoft on Windows? Is the population too stupid to be permitted general purpose computers?
>Is the population too stupid to be permitted general purpose computers?
I'm strongly against this Android change (for a simple reason written below) but the answer to this is a resounding yes! The general population is a complete security disaster with unsigned software! The latest generations being brought up within abstracted mobile ecosystems are no improvement either on that front (probably worse).
That said - and I think this is a key point in this debate - sideloading apps is already a fringe part of the Android ecosystem. The vast majority of average Android users will never interface with this functionality. Well there is still obviously a security risk as with any time unsigned software is offered, it doesn't seem to me to be a major issue in the ecosystem. This is clearly about control, not security. Let's say there is more antitrust action and Google loses more control over their preferred forced storefront monopoly within the ecosystem. With this change, at least according my understanding of it, they are still the arbiter of what is allowed on the platform and not even if an app comes from another app store.
No, I am not flexing. I am just stating a fact.
FWIW, I am also pissed that there are only two mainstream options.
> …perhaps you and Google have different notions of who the consumers are.
A relatively small percentage of HN users have empathy for people who haven't the faintest idea how their gadgets work and no curiosity about learning that. It can seem inconceivable.
I agree with you that normal people deserve safety when using their most intimate device, and that backdoors that can give technical people unfettered access will ultimately be abused by bad actors. I wish the world didn't work this way, but it's the one we live in.
I have empathy for them, that's precisely why I made them much more secure by recommending mobile Firefox with uBlock :)
AOSP is starting to be locked down. Google's idea of promoting safety is charging developers for recognition. When there's a profit incentive involved, no, we are not being "too harsh"
Almost all of the pushback I have seen is on the notion of "developer registration", not the cost. That's what I was responding to.
I don't know how much it costs. But if there's any pushback that it costs too much, my comment is not about that.
If I buy a Google Pixel device then I AM a consumer. You don't have to choose, you could release a separate device for those who know what they're doing, just like Mozilla releases a separate edition of Firefox that doesn't require signatures.
And yes, I while I can still install some alternative OS on my older Pixel (now Google has stopped providing device trees for the newer ones which I therefore won't buy), Google constantly tries to make this as insufferable as possible with their "Play Integrity" crap.
> now Google has stopped providing device trees for the newer ones which I therefore won't buy
Yeah, that sucks. I don't know if they made any official statement on that. I hope they will continue releasing device trees. It's a feather in their cap that the best mobile device to use for de-Googling so far was a Pixel device (with alt OSes). I hope they won't lose that distinction.