Comment by lokar
1 month ago
I think what is missing here is the growing trend of scammers convincing people they are their bank (or whatever) and walking them through enabling side-loading and then installing malware (sometimes to address some urgent security issues with their account).
This is meant to counter an actual issues that is affecting many many users.
If you can convince the user your are their bank, can convince them to install software and walk them through how to do it and enable side loading, you can also convince them to input their logging into any webpage.
Somehow that’s not working for them, it would be simpler
If that was the only reason, they would proactively cooperate with alternative app-stores like F-Droid to allow them to provide a lesser friction flow for open source releases. My question would be why I they see themselves as the only possible trust anchor here. A high friction method to install a different app store, once, IMHO would be OK.
> This is meant to counter an actual issues that is affecting many many users.
No, that's an excuse. Google just wants a tighter grip on their software chain, which is understandable if they were Apple but they're not.
This is not simply an excuse. Android phones are prevalent in countries where smartphones offer the only realistic access to banking and cashless payments to the majority of the population. Scamming schemes targeting those users are also very frequent in many, if not most of these countries, and educating people about them is hard. Like it or not, this change is likely going to be a net positive for many people.
And in at lest one case Google is getting direct pressure from the government to do something
Should we whitelist the whole web for this reason too? Why does that trend use apps and not websites?
In the impacted nations people only use phones, and the local banking ecosystem is really focused on apps. I think most people would never think to use their bank website.
If someone is tricking you over the phone to sideload would a 'official' bank website really be a deal breaker?
You cannot save these people by technical means. They'll just fall for something else instead.
The only one who can protect them is a family member or appointed guardian.
Or maybe, just maybe, we start doing something about the criminals and those who protect them. It's ridiculous how these industrial-scale scam operations are allowed to exist.
I have no trust in a solution that mostly benefits the proposer.
By all means let people curate and use safe lists of software, but let's not pretend that making the life harder for the few registries containing solely open source and vetted software is in any way about making people safer.
This solution clearly mostly benefits the ignorant phone users of the world who are susceptible to scams. There is a minuscule number of people sideloading Android apps on their phones compared to the greater population.
Like I strongly believe that sideloading should be possible on phones, I don't even do it myself anymore but it can be very helpful and is part of what makes the Android platform fundamentally more open than iOS. I was VERY opposed to their original idea of closing off sideloading altogether, but having to mark it in your settings manually seems like a very good compromise.
This has been going on since the Internet became widespread and Windows users started regularly downloading random executables from random websites.
And many things have been done, including Windows telling you in bold red letters that this software is dangerous if it wasn't signed by a trusted signer with lots of installs.
And why are those not sufficient for Android?
6 replies →
Is the solution to make it harder? Or is the threat of scammers and the insecurity of the OS used as false flag to make installing software outside of the profitable walled garden much much harder?
I doubt that side-loading impacts revenue all that much. Alternate stores are the real, potential, risk to $.
I think the solution is to come up with a balance between the needs of different groups of users. People here see the phone as a general purpose computer they should be able to modify and use for all kinds of novel tasks. This is great, and should be fully supported.
But there are also many, many more people who see the phone as an important way to enable a higher standard of living. Giving them access to information, government services and banking for the first time. They are not technically sophisticated, and don't need or want a general purpose computer.
So, we need platform providers to come up with ways to work out who is who, and give each side what they need.
It seems you think what is missing here is some FUD, which is what I believe you are feeding us with here.
If there's anyone people need to be protected against, it's Alphabet and Apple and the entities they let in intentionally, rather than specter of "growing trend of scammers".
What do they use the app to do?
Steal banking credentials, I think
How though? Just did the vulnerabilities that allow that.
1 reply →