Comment by scoofy

4 months ago

The point is "a warning" is not enough to communicate to people the gravity of what they are doing.

It is not enough to write "be careful" on a bag you get from a pharmacy... certain medications require you to both have a prescription, and also to have a conversation with a pharmacist because of how dangerous the decisions the consumer makes can be.

Normal human beings can be very dumb. It's entirely reasonable to expect society to try to protect them at some level.

OK so make the warning more annoying. Have a security quiz. Cooldown period of one day to enable. Require unlock via adb connected to laptop.

There are alternative solutions if the true goal is maintaining user freedom while protecting dumb users. But that is not the true goal of the upcoming changes.

  • > Require unlock via adb connected to laptop.

    Fine, just:

    - Don't reset it every 5 days / 5 hours / 5dBm blip in Wi-Fi strength, because this pretty much defeats end-user automation, whether persistent or event-driven. This is the current situation with "Wireless Debugging", otherwise cool trick for "rootless root", if it only didn't require being connected to Wi-Fi (and not just a Wi-Fi, but the same AP, breaking when device roams in multi-AP networks).

    - Don't announce the fact that this is on to everyone. Many commercial vendors, including those who shouldn't and those who have no business caring, are very interested in knowing whether your device is running with debugging features enabled, and if so, deny service.

    Unfortunately, in a SaaS world it's the service providers that have all the leverage - if they don't like your device, they can always refuse service. Increasingly many do.

  • Would that satisfy most commenters here?

    Prediction: Android will roll out a flow for “experienced users” that they promised in November with “in the coming months” (https://android-developers.googleblog.com/2025/11/android-de...), which will allow “experienced users to accept the risks of installing software that isn't verified”. And even then people will still complain Google is being too controlling by making the warnings too scary / the process too onerous, etc. (I don't expect installing apps from source via adb connected to laptop to go away!)

Sure, but I don't think decreasing chances of scam-by-app on Android by some minuscule amount is in any way comparable to prescription drugs.

  • I do? It's a trivially comparable thing? I'm not even talking about ALL prescription drugs. I'm talking about the fact that some have interactions that can kill you. Having "life savings gone" consequences from a random app install is that level of danger.

    A non-trivial number of people should probably have to go see a specialist before being able to unlock sideloading in my opinion... which means we probably all would have to. It's annoying, but I actually care about other people.

    • I have a hard time with this because it's the world we've lived in forever. Everyone knows installing an "app" installs an executable.

      Doesnt android require a specific permission to be user-accepted for an installed app to read notifications? I think it's separate from the post-notifications permission.

      This seems to be an issue of user literacy. If so, doesn't it make more sense for a user to have the option to opt into "I'm tech illiterate, please protect me" than destroy open computing as we know it?

      1 reply →