Comment by Aachen
3 months ago
Edit: be sure to read geoffschmidt's reply below /edit
The buried lede:
> a dedicated account type for students and hobbyists. This will allow you to distribute your creations to a limited number of devices without going through the full verification
So a natural limit on how big a hobby project can get. The example they give, where verification would require scammers to burn an identity to build another app instead of just being able to do a new build whenever an app gets detected as malware, shows that apps with few installs are where the danger is. This measure just doesn't add up
But see also the next section ("empowering experienced users"):
> We are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified
Oh! I thought I had found the crucial piece finally after ~500 words, but there's indeed better news in the section after that! Thanks, I can go sleep with a more optimistic feeling now :)
Also this will kill any impetus that was growing on the Linux phone development side, for better or worse. We get to live in this ecosystem a while longer, let's see if people keep damocles' sword in mind and we might see more efforts towards cross-platform builds for example
Let's take the "W". This is pretty good news!
14 replies →
> We are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified
Sure, they'll keep building it forever — this is just a delay tactic.
That doesn't say that you can just build an APK and distribute it. I suspect this path _still_ requires you to create a developer console account and distribute binaries signed by it... just that that developer account doesn't have to have completed identity verification.
So you will now need a useless and needless account to build and run your own apps? It's like Microsoft forcing online login on pcs.
1 reply →
it's probably just gonna be under the Developer Options "secret" menu
Which is totally fine IMO, it was weird to me that they weren't going with this approach when they first announced it.
Macs blocked launching apps from unverified devs, but you can override in settings. I thought they could just do something along those lines.
6 replies →
Let me guess, a warning box that requires me to give permission to the app to install from third-party sources? Is that not clear enough confirmation that I know what I'm doing? /s
So.. all this drama over an alert(yes/no) box?
Wow, this really pulls back the veil. This Vendor (google) is only looking out for numero uno.
> So.. all this drama over an alert(yes/no) box?
A simple yes/no alert box is not "[...] specifically to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer". In fact, AFAIK we already have exactly that alert box.
No, what they want is something so complicated that no muggle could possibly enable it, either by accident or by being guided on the phone.
3 replies →
> So.. all this drama over an alert(yes/no) box?
The angry social media narratives have been running wild from people who insert their own assumptions into what’s happening.
It’s been fairly clear from the start that this wasn’t the end of sideloading, period. However that doesn’t get as many clicks and shares as writing a headline claiming that Google is taking away your rights.
6 replies →
And of course: you need an account, rather than simply allowing you to tell your OS that yes, you know what you're doing.
You're right: if the logic is that low-install apps are the most dangerous (because they can fly under the radar), then making it easier for unverified apps to reach a "small" audience doesn't really solve the problem