Comment by tadfisher

> I should have the right to […] use a "free" store that is not under control of Google

Yes, but we also need to stop thinking like we’re trying to please the ghost of Steve Jobs. There is no ”store”. There are installers. You distribute them how you see fit, probably through the web.

These ”alternative stores” angle is a controlled dissent corporate plan B, much like how recycling was propped up by the fossil fuel industry.

We deserve web installs without deep settings menu configurations, scare walls, or onerous processes.

The EU and every other nation with digital sovereignty concerns need to make this happen to both Apple and Google.

These are our devices. The giants are camping.

But unfortunately, it turns out that some people you interact with aren't actually your friend. That guy that seems totally legit and just wants your sister to install his fun little game/app that he wrote is actually trying to get her to install an app that's going to track your location and read all your messages and copy all your photos. To keep her safe from the "actually" bad people, of course.

I'm far from a Google apologist, but at the end of the day don't they have the right to write software however they want it? You have the right to build things the way you want to, fork Android, etc etc. If you're trying to say you have the right to tell Google what the code their employees write can do, well, I don't really agree with that. Sounds coercive, honestly. I wouldn't want them to do that to you and I don't want you to do that to them.

> It seems like they will still allow installs, just hide it behind some scare text.

This was already the case for enabling sideloading at system level: it warned you. Nobody really says having this toggle is a bad thing, basically the user shouldn't get an ad network installing apk's just browsing around the web without their informed consent (and android has been found to be vulnerable to popunder style confirmations in the past).

They also already had the PlayProtect scanning thing that scans sideloaded APK's for known malware and removes it. People already found this problematic since what's to stop them pulling off apps they just don't like, and no idea what if any telemetry it sends back about what you have installed. There have been a handful of cases where it proved beneficial pulling off botnet stuff.

Finally, they also have an additional permission per-application that needs to be enabled to install APK's. This stops a sketchy app from installing an APK again without user consent to install APK's.

The question is: How many other hurdles are going to be put in place? Are you going to have to do a KYC with Google and ping them for every single thing you want to install? Do you see how this gets to be a problem?

The whole point of TFA, if you read it, is that they SAID they would do that, but there has since been ZERO evidence that they actually will. This feature is not present in anything they have released since that statement.

Why is it reasonable that installing software is behind an "advanced flow" what ever that means? I find it not very reasonable at all that the only way to install software on my phone is by jumping through hoops. I don't think it reasonable that the Play Store is the only portal. I don't even find it reasonable to call installing software "sideloading". Downloading and installing software from a vendor's page has been the norm for decades before smart phones came along but all of a sudden when it is on a small screen the user can not be trusted? That's ridiculous and not at all reasonable.

No, because it isn't something that should be up to google's control.

> We are designing this flow specifically to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands.

I've lived through them locking down a11y settings "to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer", and it's a nightmare. It's not just some scare text, it's a convoluted process that explicitly prevents you from just opening the settings and allowing access. I'm not giving them the benefit of the doubt; after they actually show what their supposed solution is we can discuss it, but precedent is against them.

> Seems reasonable?

No. As I said before, any solution that disadvantages F-Droid compared to the less trustworthy Google Play is a problem.

> It seems like they will still allow installs, just hide it behind some scare text.

That describes the current (and long-established) behavior. App installation is only from Google's store by default and the user has to manually enable each additional source on a screen with scare text.

It's deliberately written to be vague and not say anything, and given the original intention, it's hard to believe that means it should be interpreted generously.

They aren't actually trying to solve any real problem.

There is no problem to solve, though.

“Sideloading” is disabled by default on all new android devices. You have to go through deliberate steps to enable installation from outside sources.

End users are ultimately responsible or their own devices and choosing what software to run and not run. That some people can get scammed by someone on the phone walking them through how to enable sideloading, and telling them to ignore all the warnings that currently pop up, is not a problem that Google, Apple, etc. need to solve. It is already solved, via the disabled by default setting and all of the warnings.

We don’t need further restrictions on creation and distribution of software. We need end users to step up and educate themselves on how to use and operate technology safely.