Comment by goldenarm
1 month ago
Sideloading is a neologism to scare users and lawmakers, it just means "Installing software" and should be a basic right.
Also software installation in Android has been high friction for a while. Installing an APK on my phone is at least 10 clicks.
I think what is missing here is the growing trend of scammers convincing people they are their bank (or whatever) and walking them through enabling side-loading and then installing malware (sometimes to address some urgent security issues with their account).
This is meant to counter an actual issues that is affecting many many users.
If you can convince the user your are their bank, can convince them to install software and walk them through how to do it and enable side loading, you can also convince them to input their logging into any webpage.
Somehow that’s not working for them, it would be simpler
If that was the only reason, they would proactively cooperate with alternative app-stores like F-Droid to allow them to provide a lesser friction flow for open source releases. My question would be why I they see themselves as the only possible trust anchor here. A high friction method to install a different app store, once, IMHO would be OK.
> This is meant to counter an actual issues that is affecting many many users.
No, that's an excuse. Google just wants a tighter grip on their software chain, which is understandable if they were Apple but they're not.
This is not simply an excuse. Android phones are prevalent in countries where smartphones offer the only realistic access to banking and cashless payments to the majority of the population. Scamming schemes targeting those users are also very frequent in many, if not most of these countries, and educating people about them is hard. Like it or not, this change is likely going to be a net positive for many people.
1 reply →
Should we whitelist the whole web for this reason too? Why does that trend use apps and not websites?
In the impacted nations people only use phones, and the local banking ecosystem is really focused on apps. I think most people would never think to use their bank website.
1 reply →
You cannot save these people by technical means. They'll just fall for something else instead.
The only one who can protect them is a family member or appointed guardian.
Or maybe, just maybe, we start doing something about the criminals and those who protect them. It's ridiculous how these industrial-scale scam operations are allowed to exist.
I have no trust in a solution that mostly benefits the proposer.
By all means let people curate and use safe lists of software, but let's not pretend that making the life harder for the few registries containing solely open source and vetted software is in any way about making people safer.
This solution clearly mostly benefits the ignorant phone users of the world who are susceptible to scams. There is a minuscule number of people sideloading Android apps on their phones compared to the greater population.
Like I strongly believe that sideloading should be possible on phones, I don't even do it myself anymore but it can be very helpful and is part of what makes the Android platform fundamentally more open than iOS. I was VERY opposed to their original idea of closing off sideloading altogether, but having to mark it in your settings manually seems like a very good compromise.
This has been going on since the Internet became widespread and Windows users started regularly downloading random executables from random websites.
And many things have been done, including Windows telling you in bold red letters that this software is dangerous if it wasn't signed by a trusted signer with lots of installs.
7 replies →
Is the solution to make it harder? Or is the threat of scammers and the insecurity of the OS used as false flag to make installing software outside of the profitable walled garden much much harder?
I doubt that side-loading impacts revenue all that much. Alternate stores are the real, potential, risk to $.
I think the solution is to come up with a balance between the needs of different groups of users. People here see the phone as a general purpose computer they should be able to modify and use for all kinds of novel tasks. This is great, and should be fully supported.
But there are also many, many more people who see the phone as an important way to enable a higher standard of living. Giving them access to information, government services and banking for the first time. They are not technically sophisticated, and don't need or want a general purpose computer.
So, we need platform providers to come up with ways to work out who is who, and give each side what they need.
It seems you think what is missing here is some FUD, which is what I believe you are feeding us with here.
If there's anyone people need to be protected against, it's Alphabet and Apple and the entities they let in intentionally, rather than specter of "growing trend of scammers".
What do they use the app to do?
Steal banking credentials, I think
2 replies →
This is revisionist history to make things sound scary and evil. The term sideloading was first published before Google existed.
Go to the XDA forums and search for the word "sideload". You can filter for results before 2020 if you like, you get hits going back decades.
It's been in common use since the day we got smartphones. The term dates back to the 1990s. I remember reading the word when I bought my HTC Evo at launch. It's an industry standard term and has been for longer than Google has existed.
You know this is the internet and anyone can fact check anything at any time? Including you!
[flagged]
Please don't post insinuations about astroturfing, shilling, brigading, foreign agents, and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email hn@ycombinator.com and we'll look at the data.
https://news.ycombinator.com/newsguidelines.html
That is my own opinion as an Android developer and ex custom ROM maintainer, I've not read that blog post.
Instead of ad-hominem, can you explain what do you really disagree on?
[flagged]
10 replies →
Cromulent for describing something of secondary importance or shadowy nature yes, but the entire idea is that that is wrong.
[flagged]
2 replies →
>Sideloading is a neologism to scare users and lawmakers, it just means "Installing software" and should be a basic right.
No it's not. The term originated far before this debacle, and carries a meaningful distinction than just "installing". Specifically it means installing from a non-first party source. You might not agree the restriction should exist, or that even the concept of first party source at all, but for communication purposes it's worth having a simple word to describe that concept, rather than something like "installing from a non-first party app store".
>No it's not. The term originated far before this debacle, and carries a meaningful distinction than just "installing". Specifically it means installing from a non-first party source
It's amazing how many confidently wrong people are springing up out of the wordwork to present revisionist history about the meaning of "install" like it's ancient wisdom. Pre-mobile computing treated "install" as neutral and primary and had no built in relation to centralized distribution. Sideloading as a term of art originally, in practice came into usage for transferring media to devices, and some cloud file hosts briefly used it to mean load a file to an online drive without downloading it to computer. It's usage was varied, irregular, and not at any threshold of popular acceptance for one meaning or another.
Windows, Dos, Linux, and online self-hosted services had no notion of "sideloading", or at least no usage of that vocabulary and did not use this notion of "install" that is now being retrospectively declared a longstanding historical norm. Even now, that's not a term used in Windows or Linux. Even Apple, who very much in practice utilize this controlled distribution model but even they don't use this sideloading/installing verbal distinction. In Apple's lexicon installing is neutral with respect to where an app comes from.
So it's staggering to see a specific term of art that deviates from historical precedent that only is used in an Android context and only relatively recently in the history of computing be referred to as if its observing a longstanding precedent across all of computing. It's nothing of the sort.
2007 https://xdaforums.com/t/sandisk-announcement.316860/
2009 https://xdaforums.com/t/android-market-updates-on-sideloaded...
2012 https://xdaforums.com/t/app-wifi-band-switcher-switch-betwee...
2014 https://xdaforums.com/t/q-att-htc-one-m8-not-working-explana...
2020 https://xdaforums.com/t/app-mono_-flipfont-custom-ttf-instal...
This is a long standing term of art. If you're ignorant of a big part of the industry, that's on you.
1 reply →
>Even now, that's not a term used in Windows or Linux.
No, it's existed in windows 10 (and probably windows 8.1) for over a decade.
https://www.ghacks.net/2015/06/13/how-to-enable-developer-mo... (note the date)
>So it's staggering to see a specific term of art that deviates from historical precedent that only is used in an Android context and only relatively recently in the history of computing be referred to as if its observing a longstanding precedent across all of computing. It's nothing of the sort.
None of that refutes anything I said. You're basically arguing "back in the good old days, all installs were not from first party source and there was no distinction", but that doesn't mean no such distinction exists right now. Otherwise it's like arguing "immigration" is some "neologism" because back before the advent of the nation state, people just moved wherever, there wasn't random lines that turned "moving" to "immigration", and the word "immigration" is coined by statists that want to impose their worldview on the populace.
1 reply →
So... installing software?
>Specifically it means installing from a non-first party source.
Just like 99% of software running on computers in the world today? How is it different from "installing software"?
>How is that different from "installing software"?
It's easy to see this play out if try to replace "sideloading" with "installing software". If you apply it to OP's headline of
>Google confirms 'high-friction' sideloading flow is coming to Android
You get
>Google confirms 'high-friction' installing software flow is coming to Android
which isn't at all accurate. You still need the distinct concept of "installing software not from first party sources", otherwise it sounds like google is making it a pain to install all apps, which isn't the case.
5 replies →
How are "programming" "coding" and "developing" different? Is a "tap" different from a "click"? How about "swipe" vs "drag"?
Sometimes we use different words in different contexts. Language usually doesn't make logical sense. In mobile environments you sideload to get the binary onto the device and use the OS to properly install it. This dates from a time where putting the binary on the device was the difficult part. Devices didn't have standard ports or fast/free wireless data. You had to do something special to transfer the data.
In a lot of cases, installation was also a separate special process involving the command line. It wasn't always just tapping the install button.
> Specifically it means installing from a non-first party source
What "first-party" source? Apple invented out of thin air the notion of a "first-party" software source or that computer users can only install software approved by a central authority.
before phones that was just called installing software
The idea the manufacturer of a product is a "first party" is BS.
You are the first party. If I own the device, I am the first party.
The manufacturer is now a second or third party after you own the device, and for most ideas, a third party, especially if they don't truly offer real support of the device.