Comment by MishaalRahman
4 days ago
>- Must enable developer mode -- some apps (e.g., banking apps) will refuse to operate and such when developer mode is on, and so if you depend on such apps, I guess you just can't sideload?
Hi, I'm the community engagement manager @ Android. It's my understanding that you don't have to keep developer options enabled after you enable the advanced flow. Once you make the change on your device, it's enabled.
If you turn off developer options, then to turn off the advanced flow, you would first have to turn developer options back on.
>- One-day (day!!!) waiting period to activate (one-time) -- the vast majority of people who need to sideload something will probably not be willing to wait a day, and will thus just not sideload unless they really have no choice for what they need.
ADB installs are not impacted by the waiting period, so that is an option if you need to install certain unregistered applications immediately.
I don't think Google should be changing Android this way at all, and fear that it will later be used for evil. That said, I thought of an improvement:
Allow a toggle with no waiting period during initial device setup. The user is almost certainly not being guided by a scammer when they're first setting up their device, so this addresses the concern Google claims is driving the verification requirement. I'll be pretty angry if I have to wait a day to install F-Droid and finish setting up a new phone.
Evil, for the record would mean blocking developers of things that do not act against the user's wishes, but might offend governments or interfere with Google's business model, like the article's example of an alternative YouTube client that bypasses Google’s ads. Youtube is within its rights to try to block such clients, but preventing my device from installing them when that's what I want to do is itself a malicious act.
> Allow a toggle with no waiting period during initial device setup
I like this idea in principle but I think it could become a workaround that the same malicious entities would be willing to exploit, by just coercing their victims to "reset" their phones to access that toggle.
That wipes all the data on the device and requires logging back in to accounts. It seems to me that's high enough friction to resist most coercion.
6 replies →
None of this is stopping a malicious entity. We keep trying to use tech (poorly thought out tech at that) to solve issues of social engineering. And no one is asking for a solution, either; it's being jammed in for control.
3 replies →
That's an interesting idea wrt to enabling the advanced flow during initial device setup! I'll pass it along.
> It's my understanding that you don't have to keep developer options enabled after you enable the advanced flow. Once you make the change on your device, it's enabled.
Ok, but why is this advertised to applications in the first place? It's quite literally none of their business that developer options are enabled and it's a constant source of pain when some government / banking apps think they're being more "secure" by disallowing this.
> ADB installs are not impacted by the waiting period, so that is an option if you need to install certain unregistered applications immediately.
Someone is just going to make a nice GUI application for sideloading apks with a single drag-and-drop, so if your idea is that ADB is a way to ensure only "users who know what they're doing" are gonna sideload, you've done nothing. This is all security theatre.
> “For a lot of people in the world, their phone is their only computer, and it stores some of their most private information,” Samat said.
Not applying the policy to adb installs makes a lot more sense if the people this is trying to protect don't have a computer
I've seen a few apps that run locally on Android and hook into the ADB connection over loopback networking to do certain things.
This just adds the step of "download Cool ABD Installer from the play store" to the set of directions I would think.
1 reply →
You can run adb install locally without a computer
3 replies →
The scammers don't even need to make a GUI, they just need to get you to enable adb-over-tcp and bridge that to their network somehow - an ssh client app would do the trick.
How many people do you suspect are gullible enough to fall for these scammers but also competent enough to install an SSH client and enable port-forwarding for an ADB proxy? Like fifteen people worldwide?
3 replies →
scrcpy can already do that.
Why do you keep harping on about ADB installs. That's not helpful. It doesn't help me install open source apps from FDroid. It's ridiculous that you think booting up a computer and using ADB is a reasonable workaround. It isn't.
If you enable the advanced flow as described in the Android Developers Blog, then you can install unregistered apps regardless of source. That includes apps from sources like F-Droid.
Don't be mistaken, it's the delay I'm complaining about, not how to instal F-Droid or apps through it.
It is not reasonable to advocate for ADB if the 24 hour wait is too long.
I'll copy what I wrote elsewhere. Fraud uses social tactics and legitimate tools in the vast majority of cases. Developer verification will have absolutely no effect on that.
Impinging on my property rights cannot and will not protect or help fraud victims.
You would be able to install f droid and it's apps without going through this flow.
How? Reading this it seems like only verified developers can skip this process. Most Fdroid developers won't be verified. I don't see where it says Fdroid would be exempt from this requirement. Would Fdroid be a verified developer?
No. F-Droid builds the apps on their server, and they cannot sign the apps with the developer's keys because that would require them to have access to the developers' Google accounts
The only reason I run android over iOS is the freedom to install things I want on it. A waiting period is unacceptable as Android has proven that it can't be trusted not to tighten the grip further.
Reconsider.
If you prefer to keep your freedom when Android removes it, you may want to try GNU/Linux phones. Sent from my Librem 5.
The only reason I use an Android instead of an Apple phone is that I can install two apps off of github. I am actively making a certain number of very quantifiable sacrifices already at this very moment by not stepping into the orchard.
If you go forward with this, I am not coming back. I will never again in my life trust you. And believe me - I still have boycotts on-going 20 years later. Including microsoft. It is surprisingly easy to avoid you "Ubiquitous" companies once you get your mind into it.
Why don’t you create an option to bypass this whole thing permanently on adb then? You can even add your 24h delay.
I’m not convinced this is really to protect users from being hurt by scammers, it is really about protecting the users from doing what hurts your company interests.
>Why don’t you create an option to bypass this whole thing permanently on adb then? You can even add your 24h delay.
When you enable the advanced flow and choose the 'indefinite' option, that allows you to install unregistered apps 'permanently', which is effectively what you're asking for, no?
(I've gotten questions on whether this setting can be restored after a factory reset or when setting up a new device - I'll have to get back to you on that if you're wondering.)
> When you enable the advanced flow and choose the 'indefinite' option, that allows you to install unregistered apps 'permanently', which is effectively what you're asking for, no?
Is it a process that you do once and applies to any unregistered app I install now or in the future? Or do you have to repeat it for installing or upgrading different apps?
If it is the former then yes, it is effectively the same.
1 reply →
At what point will you draw the line between "the user wants to do this because of his/her free will" and "the user wants to do this because someone else told them to"? Where will you stop?
All of this is just a bandaid, so why not stop at the state we are at _right now_, without some kind of 24h-long process to enable sideloading and let people be people? Yes, people make mistakes. But that is not your responsibility, especially if it comes at the cost of freedom. The most secure android device would probably be a brick, but you won't sell these, right?
Please instead take these resources and invest them into the app verification process in the play store. Way too many scams are right under your nose, no need to search in places where people are happy with the status quo.
So... we're just going to move the scam into convincing the end user to run an application on their PC to ADB sideload the Scam App. Got it, simple enough. It's not hard to coach a user into clicking the "no, I'm not being coached" button, too, to guide them towards the ADB enable flow.
I think this is a "don't let the perfect be the enemy of the good thing". It's technically possible to get around, but adding more speed bumps in the way of scammers tends to drastically reduce the number of people who get scammed.
It's adding more speedbumps because one drunk person a few years ago ran into a tree. it still won't stop that, but now everyone suffers.
What good?
Will third party apps like bank apps be able to detect whether advanced mode is enabled or not, like how they currently detect if developer options is enabled?
That I'm not currently sure of.
> I'm the community engagement manager
On a scale from "not worried" to "let them eat shit", how is the product team thinking about the breakage you'll get from people moving off platform?
> ADB installs are not impacted by the waiting period, so that is an option if you need to install certain unregistered applications immediately.
if that's the case, why would the new flow help reduce fraud and scams? These are meant to be roadblocks, which the ADB bypass will just...you know, by pass it? Why can't the scammer coach the victim to use this instead then?
Can you answer this question:
If you install F-Droid via ADB, can F-Droid then install the apps from its catalog?
If you enable the advanced flow as described in the linked Android Developers Blog, then you can install any unregistered app, which includes those distributed by app stores like F-Droid.
Sorry if I wasn't clear, my question was about using adb so I don't have to do this process (so I don't have to wait 24h).
Buy a new phone, install F-Droid via adb, install F-Droid apps (the same day): is that possible?
I don't want to install via ADB at all. This is MY phone.
So give me a way to completely disable this nonsense via ADB.
This is hot garbage. Eliminating third party app stores like F-Droid defeats the whole purpose many of us even bother running Android instead of locked down Apple stuff.
I see the chosen language of "certain unregistered applications" (I suppose company mandated) already hints on the goal of control aspect. I want to deploy apps on my device. They are my apps, it’s my device, and I should not be required to ask for permission to do so.
May I use ADB or Developer mode to disable the one-day period?
Yes, ADB disables the 1-day period.
How do you know this? It's been confirmed that you can use adb to temporarily bypass verification on a per-app basis, yes, but from what I can see, there's no indication that sideloading one app over adb will also skip the 1-day period.
This matters if you're sideloading an app store like F-Droid, because sideloaded app stores still have to go through PackageInstaller [1], which probably still enforces verification checks for adb-sideloaded apps?
[1] https://developer.android.com/reference/android/content/pm/P...
Can apps detect whether the advanced flow for sideloading is enabled or not?
Do I need to be signed in to Google play to get the sideloading exception turned on? I don't sign in to it because I don't want to have my phone associated with a Google account. But I can't uninstall play completely on the devices I have.
It says something about 'restart your phone and reauthenticate' that's why I'm asking. What do you autenticate?
> ADB installs are not impacted by the waiting period, so that is an option if you need to install certain unregistered applications immediately.
Um yeah but then do I have to install every update via adb? I want to just use F-Droid.
I think the authentication is doing your face/fingerprint/passcode unlock?
Correct.
>It says something about 'restart your phone and reauthenticate' that's why I'm asking. What do you autenticate?
You're authenticating that you're the device owner (via your device's saved biometrics or PIN/pattern/password).
>Um yeah but then do I have to install every update via adb? I want to just use F-Droid.
No, once you go through the advanced flow and choose the option to allow installing unregistered apps indefinitely, you can both install and update unregistered apps without going through the flow again (or using ADB).
This part I don't understand. I want to allow for a couple minutes, the time to install a unregistered app, and then go back to deny. I don't want to allow "for 7 days" or "indefinitely". In the text and screenshot of the announcement I see that you can switch these feature "on", but can they be switched "off"?
Ah thanks I'm glad I don't need a Google account to enable this.
> ADB installs are not impacted by the waiting period
"If you don't like the food we're serving, you can always buy a farm"
Every single one of these steps are blatantly an attack on user freedom. The steps to unlocking the bootloader and install a different rom are not nearly as onerous. The only thing I will accept as reasonable, is a complete abandonment of this policy. Google has destroyed all trust I could have in it, and these weaselly worded concessions are based on a bullshit premise.
Thank you so much for clarifying! That is most definitely not as bad as I had feared.
I still feel, though, that having to go ahead and proclaim “I am a developer!” just to enable sideloading is a bit much, as almost certainly the vast majority of sideloaders aren’t developers. Nonetheless, it does keep sideloading as an option, and I do see why, from Google’s perspective, using the already-existing developer mode to gate the feature would be convenient in the short term. Perhaps the announcement should specify this -- I suspect a number of people who read it also noticed the lack of that clarification.
And yes, good point on ADB. That does make this less inconvenient for developers or power users, though doesn’t help non-developers very much.