Comment by astra1701
4 days ago
This is going to hurt legitimate sideloading way more than actually necessary to reduce scams:
- Must enable developer mode -- some apps (e.g., banking apps) will refuse to operate and such when developer mode is on, and so if you depend on such apps, I guess you just can't sideload?
- One-day (day!!!) waiting period to activate (one-time) -- the vast majority of people who need to sideload something will probably not be willing to wait a day, and will thus just not sideload unless they really have no choice for what they need. This kills the pathway for new users to sideload apps that have similar functionality to those on the Play Store.
The rest -- restarting, confirming you aren't being coached, and per-install warnings -- would be just as effective alone to "protect users," but with those prior two points, it's clear that this is just simply intended to make sideloading so inconvenient that many won't bother or can't (dev mode req.).
>- Must enable developer mode -- some apps (e.g., banking apps) will refuse to operate and such when developer mode is on, and so if you depend on such apps, I guess you just can't sideload?
Hi, I'm the community engagement manager @ Android. It's my understanding that you don't have to keep developer options enabled after you enable the advanced flow. Once you make the change on your device, it's enabled.
If you turn off developer options, then to turn off the advanced flow, you would first have to turn developer options back on.
>- One-day (day!!!) waiting period to activate (one-time) -- the vast majority of people who need to sideload something will probably not be willing to wait a day, and will thus just not sideload unless they really have no choice for what they need.
ADB installs are not impacted by the waiting period, so that is an option if you need to install certain unregistered applications immediately.
I don't think Google should be changing Android this way at all, and fear that it will later be used for evil. That said, I thought of an improvement:
Allow a toggle with no waiting period during initial device setup. The user is almost certainly not being guided by a scammer when they're first setting up their device, so this addresses the concern Google claims is driving the verification requirement. I'll be pretty angry if I have to wait a day to install F-Droid and finish setting up a new phone.
Evil, for the record would mean blocking developers of things that do not act against the user's wishes, but might offend governments or interfere with Google's business model, like the article's example of an alternative YouTube client that bypasses Google’s ads. Youtube is within its rights to try to block such clients, but preventing my device from installing them when that's what I want to do is itself a malicious act.
> Allow a toggle with no waiting period during initial device setup
I like this idea in principle but I think it could become a workaround that the same malicious entities would be willing to exploit, by just coercing their victims to "reset" their phones to access that toggle.
11 replies →
That's an interesting idea wrt to enabling the advanced flow during initial device setup! I'll pass it along.
> It's my understanding that you don't have to keep developer options enabled after you enable the advanced flow. Once you make the change on your device, it's enabled.
Ok, but why is this advertised to applications in the first place? It's quite literally none of their business that developer options are enabled and it's a constant source of pain when some government / banking apps think they're being more "secure" by disallowing this.
> ADB installs are not impacted by the waiting period, so that is an option if you need to install certain unregistered applications immediately.
Someone is just going to make a nice GUI application for sideloading apks with a single drag-and-drop, so if your idea is that ADB is a way to ensure only "users who know what they're doing" are gonna sideload, you've done nothing. This is all security theatre.
> “For a lot of people in the world, their phone is their only computer, and it stores some of their most private information,” Samat said.
Not applying the policy to adb installs makes a lot more sense if the people this is trying to protect don't have a computer
6 replies →
The scammers don't even need to make a GUI, they just need to get you to enable adb-over-tcp and bridge that to their network somehow - an ssh client app would do the trick.
4 replies →
scrcpy can already do that.
Why do you keep harping on about ADB installs. That's not helpful. It doesn't help me install open source apps from FDroid. It's ridiculous that you think booting up a computer and using ADB is a reasonable workaround. It isn't.
If you enable the advanced flow as described in the Android Developers Blog, then you can install unregistered apps regardless of source. That includes apps from sources like F-Droid.
1 reply →
You would be able to install f droid and it's apps without going through this flow.
2 replies →
The only reason I run android over iOS is the freedom to install things I want on it. A waiting period is unacceptable as Android has proven that it can't be trusted not to tighten the grip further.
Reconsider.
If you prefer to keep your freedom when Android removes it, you may want to try GNU/Linux phones. Sent from my Librem 5.
The only reason I use an Android instead of an Apple phone is that I can install two apps off of github. I am actively making a certain number of very quantifiable sacrifices already at this very moment by not stepping into the orchard.
If you go forward with this, I am not coming back. I will never again in my life trust you. And believe me - I still have boycotts on-going 20 years later. Including microsoft. It is surprisingly easy to avoid you "Ubiquitous" companies once you get your mind into it.
Why don’t you create an option to bypass this whole thing permanently on adb then? You can even add your 24h delay.
I’m not convinced this is really to protect users from being hurt by scammers, it is really about protecting the users from doing what hurts your company interests.
>Why don’t you create an option to bypass this whole thing permanently on adb then? You can even add your 24h delay.
When you enable the advanced flow and choose the 'indefinite' option, that allows you to install unregistered apps 'permanently', which is effectively what you're asking for, no?
(I've gotten questions on whether this setting can be restored after a factory reset or when setting up a new device - I'll have to get back to you on that if you're wondering.)
2 replies →
At what point will you draw the line between "the user wants to do this because of his/her free will" and "the user wants to do this because someone else told them to"? Where will you stop?
All of this is just a bandaid, so why not stop at the state we are at _right now_, without some kind of 24h-long process to enable sideloading and let people be people? Yes, people make mistakes. But that is not your responsibility, especially if it comes at the cost of freedom. The most secure android device would probably be a brick, but you won't sell these, right?
Please instead take these resources and invest them into the app verification process in the play store. Way too many scams are right under your nose, no need to search in places where people are happy with the status quo.
So... we're just going to move the scam into convincing the end user to run an application on their PC to ADB sideload the Scam App. Got it, simple enough. It's not hard to coach a user into clicking the "no, I'm not being coached" button, too, to guide them towards the ADB enable flow.
I think this is a "don't let the perfect be the enemy of the good thing". It's technically possible to get around, but adding more speed bumps in the way of scammers tends to drastically reduce the number of people who get scammed.
2 replies →
Will third party apps like bank apps be able to detect whether advanced mode is enabled or not, like how they currently detect if developer options is enabled?
That I'm not currently sure of.
> I'm the community engagement manager
On a scale from "not worried" to "let them eat shit", how is the product team thinking about the breakage you'll get from people moving off platform?
> ADB installs are not impacted by the waiting period, so that is an option if you need to install certain unregistered applications immediately.
if that's the case, why would the new flow help reduce fraud and scams? These are meant to be roadblocks, which the ADB bypass will just...you know, by pass it? Why can't the scammer coach the victim to use this instead then?
Can you answer this question:
If you install F-Droid via ADB, can F-Droid then install the apps from its catalog?
If you enable the advanced flow as described in the linked Android Developers Blog, then you can install any unregistered app, which includes those distributed by app stores like F-Droid.
1 reply →
I don't want to install via ADB at all. This is MY phone.
So give me a way to completely disable this nonsense via ADB.
This is hot garbage. Eliminating third party app stores like F-Droid defeats the whole purpose many of us even bother running Android instead of locked down Apple stuff.
I see the chosen language of "certain unregistered applications" (I suppose company mandated) already hints on the goal of control aspect. I want to deploy apps on my device. They are my apps, it’s my device, and I should not be required to ask for permission to do so.
May I use ADB or Developer mode to disable the one-day period?
Yes, ADB disables the 1-day period.
1 reply →
Can apps detect whether the advanced flow for sideloading is enabled or not?
Do I need to be signed in to Google play to get the sideloading exception turned on? I don't sign in to it because I don't want to have my phone associated with a Google account. But I can't uninstall play completely on the devices I have.
It says something about 'restart your phone and reauthenticate' that's why I'm asking. What do you autenticate?
> ADB installs are not impacted by the waiting period, so that is an option if you need to install certain unregistered applications immediately.
Um yeah but then do I have to install every update via adb? I want to just use F-Droid.
I think the authentication is doing your face/fingerprint/passcode unlock?
1 reply →
>It says something about 'restart your phone and reauthenticate' that's why I'm asking. What do you autenticate?
You're authenticating that you're the device owner (via your device's saved biometrics or PIN/pattern/password).
>Um yeah but then do I have to install every update via adb? I want to just use F-Droid.
No, once you go through the advanced flow and choose the option to allow installing unregistered apps indefinitely, you can both install and update unregistered apps without going through the flow again (or using ADB).
2 replies →
> ADB installs are not impacted by the waiting period
"If you don't like the food we're serving, you can always buy a farm"
Every single one of these steps are blatantly an attack on user freedom. The steps to unlocking the bootloader and install a different rom are not nearly as onerous. The only thing I will accept as reasonable, is a complete abandonment of this policy. Google has destroyed all trust I could have in it, and these weaselly worded concessions are based on a bullshit premise.
Thank you so much for clarifying! That is most definitely not as bad as I had feared.
I still feel, though, that having to go ahead and proclaim “I am a developer!” just to enable sideloading is a bit much, as almost certainly the vast majority of sideloaders aren’t developers. Nonetheless, it does keep sideloading as an option, and I do see why, from Google’s perspective, using the already-existing developer mode to gate the feature would be convenient in the short term. Perhaps the announcement should specify this -- I suspect a number of people who read it also noticed the lack of that clarification.
And yes, good point on ADB. That does make this less inconvenient for developers or power users, though doesn’t help non-developers very much.
> - Must enable developer mode -- some apps (e.g., banking apps) will refuse to operate and such when developer mode is on, and so if you depend on such apps, I guess you just can't sideload?
What apps are those? I've yet to run into any of my banking apps that refuse to run with developer mode enabled. I've seen a few that do that for rooted phones but that's a different story. I've been running android for a decade and a half now with developer mode turned on basically the whole time and never had an app refuse to load because of it.
Wero in Europe. It's really insane. They make wero to make us less dependent on US tech and then hamstring it in this way.
I can use Wero just fine in my banking app. Can't try the app that's called Wero in the Play store because it just directs me to my banking app. But I can open it at least ...
I enable developer mode on every android phone to at least change the animation durations to twice the speed. I also have never run into an issue fwiw
Philippines' most popular e-wallet app GCash outright closes when the developer mode is enabled with the popup saying that the device has "settings [enabled] that are not secure".
RBC in Canada for instance, just having developer mode enabled blocks it here
Just summarizing the apps below it seems to mostly be banking/payment and government apps specifically outside the US that break under developer mode and sometimes even accessibility access.
I wonder what makes them less trustful of Android security. AFAIK there are still pretty hard limits to what you can do inside apps you did not create. US companies at least seem comfortable with their security even with Developer or accessibility apps enabled.
Brazil government app refuses to operate with developer mode on
All the banking and payment apps in India refuse to open if you have developer mode on
One of my banking apps didn't even run if I had accessibility settings turned on. I've since closed my account with them, just because of that.
The amount of control we've given corporations over our computers is incredibly disappointing.
Was this in EU/US? This sure has to break some disability act to discriminate visually imparied in such way.
2 replies →
TrueMoney is a Thai e-wallet/fintech app which refuses to open if Developer Mode is enabled, it actively checks for developer mode on each start.
SumUp won't let you use your phone to accept contactless payments while developer mode is enabled. You can still use an external card reader though.
The one-day waiting period is so arbitrary. Have they demonstrated any supporting data? We know google loves to flaunt data.
Something like Github's approach of forcing users to type the name of the repo they wish to delete would seem to be more than sufficient to protect technically disinclined users while still allowing technically aware users to do what they please with their own device.
> The one-day waiting period is so arbitrary.
Scammers aren't going to wait on the phone for a day with your elderly parent.
Brother, there's an entire genre of scamming where the scammers spend months building rapport with their victims, usually without ever asking for anything, before "cashing out". One day is nothing.
3 replies →
Scammers already will spend multiple days on a scam call. Watch some Kitboga videos, he'll strings them along for a week.
"Google will call you again tomorrow to get you your refund."
There, we've successfully circumvented all of Google's security engineering on this "feature."
2 replies →
I think the more important aspect is that people will have 24h to slow down, think, and realize that they are being scammed. Urgency and pressure is one of the top tactics used by scammers.
Scammers will definitely call back the next day to continue. But it is quite possible that by then the victim has realized, or talked to someone who helped them realize that they are being scammed.
6 replies →
Right, this friction makes it much harder for a scammer to get away with saying something like, "wire me $10,000 right now or you won't see your child ever again!" as the potential victim is forced to wait 24 hours before they can install the scammer's malicious app, thus giving them time to think about it and/or call their trusted contacts.
4 replies →
Sure, but what about a 30 minute delay? 1 hour? 2 hour?
24 is just so long.
But also, my expectation is that a scammer is going to just automate the flow here anyways. Cool, you hit the "24 hour" wait period, I'll call you back tomorrow, the next day, or the next day and continue the scam process.
It might stop some less sophisticated spammers for a little bit, but I expect that it'll just be a few tweaks to make it work again.
6 replies →
Have you watching literally ANY scamming video in your life? Even if you were bon yesterday.
Have you ever watched Kitboga? Scammers call people back all the time. They keep spreadsheets of their marks like a CRM. It takes time to build trust and victimize someone, and these scammers are very patient.
2 replies →
they wouldn't wait an hour either.
To paste code into the chrome dev console you just need to type “allow pasting”
> This is going to hurt legitimate sideloading way more than actually necessary to reduce scams
Isn't that the objective? "Reducing scams" is the same kind of argument as "what about the children"; it's supposed to make you stop thinking about what it means, because the intentions are so good.
This is clearly anticompetitive. Hope regulators will figure out, then we won't have it eg not in the EU. However, Google is also abusing their power to e.g. deinstall apps without any option to decide using 'play protect' and blocks whole alternative stores through 'safe browsing' flags. I posted this play protect incident about IzzyOnDroid a few days ago, because I was so outraged: https://news.ycombinator.com/item?id=47409344
You have to wait one day only once, when enabling the feature. I agree that enabling developer mode could be a problem but mostly because it's buried below screens and multiple touches. As a data point, I enabled developer mode on all my devices since 2011 and no banking app complained about it. But it could depend by the different banking systems of our countries.
You don't use the HSBC or Citibank app then I assume?
They don't operate in my county AFAIK. However that reinforces my idea that the endgame will be a pristine Android phone in a drawer at home with the banking apps required for accessing their sites with 2FA and another phone in my pocket for daily use.
2 replies →
That is working as intended. Google wants to kill side loading.
Google wants to kill installing apps outside of playstore.
Installing apps manually or through another store app is not "sideloading".
Sideloading is the new jaywalking, a newish word to pretend that a pretty normal action would be in any way illegal, dangerous or harmful.
their goal is to make software installation as painful as possible without being outright impossible : ‘sideloading’ is only ever a euphemism for ‘illegitimate’.
> some apps (e.g., banking apps) will refuse to operate and such when developer mode is on
And you blame Google for this? First of all, banks chose to make apps work this way, not Google. Moreover, they chose this likely due to scams. That proves scamming on android IS an issue that needs some technical solution.
>And you blame Google for this
Why does google allow apps to access this info?
Medical apps (such as those that talk to insulin pumps) also refuse to run when developer mode is turned on.
We'll see when this rolls out, but I don't foresee the package manager checking for developer mode when launching "unverified" apps, just when installing them. AFAICT the verification service is only queried on install currently.
Googler here (community engagement for Android) - I looked into the developer options question, and it's my understanding that you don't have to keep developer options enabled after you enable the advanced flow. Once you make the change on your device, it's enabled.
If you turn off developer options, then to turn off the advanced flow, you would first have to turn developer options back on.
Why can't stores take over the "verification" process (like they do already)? Why do app developers have to be verified themselves, why does the verification have to be done by google? There are so many options, why choose google of all companies? Just laziness?
If I understand correctly, the F-Droid store itself would be possible to install without waiting period, as it's an app from a verified developer.
Would apps installed from F-Droid be subject to this process, or would they also be exempt? Could that be a solution that makes everyone happy? Android already tracks which app store an app originates from re: autoupdating.
Also: Can I skip the 24h by changing the my phone's clock?
2 replies →
One of the first things I do when I buy a new Android phone, like day one, is to enable developer mode. I usually use that simply for the ability to speed up animations so the phone feels a bit more snappy. In all the years I've engaged in this behavior, I've never had an application refuse to work. A rooted phone? Yes. Definitely. But just having developer mode enabled, no.
That said, it may be that I've simply been lucky and have an encountered that yet. So I'll be keeping an eye out for it.
> some apps (e.g., banking apps) will refuse to operate and such when developer mode is on
JFC. Why would an app be allowed to know this? Just another datapoint for fingerprinting.
Yes, it is really dumb that some of these settings are exposed to all apps with no permission gating [0]. But it will likely always be possible to fingerprint based on enabled developer options because there are preferences which can only be enabled via the developer options UI and (arguably) need to be visible to apps.
0: https://developer.android.com/reference/android/provider/Set...
What might help better is having permissions that you can set separate settings that can be read for different apps (including the possibility to return errors instead of the actual values), even if they can be read by default you can also change them per apps. (This has other benefits as well, including possibility of some settings not working properly due to a bug, you can then work around it.)
It's always boggled my mind what native apps are allowed to know versus the same thing running in a browser on the same device.
Because estimates suggest Americans lose about $119 billion annually to financial scams, which is a not insignificant fraction of our entire military budget, or more than 5% of annual social security expenditures.
Banks do these things to check security boxes, not to prevent scams.
In this case, they don't want users to reverse-engineer their app or look at logs that might inadvertently leak information about how to reverse-engineer their app. It is pointless, I know, but some security consultant has created a checkbox which must be checked at all costs.
What do scams have to do with having developer options enabled?
This isn't a rhetorical question. There's no big red warning on the developer options screen saying it's dangerous. I haven't heard about real-world attacks leveraging developer settings. I suppose granting USB debug to an infected PC is dangerous, but if you're in that situation, you're already pwned.
Is there a real vulnerability nobody talks about?
2 replies →
That is unrelated to apps installed outside of the playstore (which by the way is full of malware).
It is like mandating that people use rainjackets in the rain to avoid getting cancer.
So put a disclaimer in... Same way tons of other stuff works...
2 replies →
[flagged]
3 replies →
As described developer mode is only required at install time. Remains to be seen in the actual implementation, but as described in the post developer mode can be switched off after apps have been side loaded.
> some apps (e.g., banking apps) will refuse to operate and such when developer mode is on
Enable dev mode, sideload the apk, then disable dev mode. I'd argue that it is poor security practice to keep developer mode enabled long-term on a phone that is used for everyday activities, such as banking.
I don't know. I've been silently outraged and disappointed by this whole forbidding of unverified apps, but also hopeful it wouldn't affect me much as a user of grapheneos.
But this process seems pretty reasonable to me.
I'd like to think it is due in part to the efforts of F-Droid and others.
Waiting a day, once, to disable this protection doesn't seem like a big deal to me. I'd probably do it once when I got a phone and then forget about it.
I happen to have developer mode enabled right now, for no good reason other than I never disabled last time I needed it. Haven't had any issues with any apps.
I actually think these protections could help mitigate scammers.
It's not directly a big issue for us technical people and our own individual usage. Telling people about F-Droid, NewPipe (& forks) or secuso apps will be a pain. People will find free software / software not approved by Google complicated or suspicious. It is a huge issue, and even for us in the end because it hurts the software we love.
>the vast majority of people who need to sideload something will probably not be willing to wait a day
I disagree with this. Won't somebody who need to sideload something will just try again the next day...
Didn't Google already lose a case over making it hard to install alternative app stores? How is this not going to get them hit again? This is way worse than what Epic sued over.
I wouldn’t be fully optimistic about the one-day waiting period. Almost certain there will be a pop up showing up with: Process failed try again in 23:59:59.
Another take: People are not getting scammed because of side-loading (or not knowing your demographics/biometrics). People are getting scammed because of ignorance & stupidity & lack of common sense. In a way, its just nature running its course. If I'm able to scam you successfully, don't you deserve it at that point? Doesn't matter what we do, if you are scammable, you will get scammed.
Have these companies sent out their people to old age homes to teach old people how to use their tech and how avoid scams? If you lock the system down at max level, scams will just move offline again or find another way. Same if they build backdoors into encryption or make chats data available to gov agents: all illicit comms will just move off the network or find another smarter way. Its just how nature works, we are seeing tech-evolution in realtime.