Comment by II2II

4 days ago

> Ruining Android for everyone to try to maybe help some rather technologically-hopeless groups of people is the wrong solution.

This isn't about how skilled a person is, it is about tackling social engineering. The article gave the example of someone posing as a relative, it could also be a blackmail scheme, but it could also be the carefully planned takeover of a respected open source project (ahem, xz).

What I am saying is this sort of crime affect anyone. We simply see more of it among the vulnerable because they are the low hanging fruit. Raising the bar will only change who is vulnerable. Society is simply too invested in technology to dissuade criminals. Which is why I don't think this will work, and why I think going nuclear on truly independent developers is going to do more damage than good.

7 comments

II2II

Reply
grishka  4 days ago

There's quite a gap between this sort of opportunistic scamming that's happening all over the world and targeted multi-year campaigns that probably require the resources of a nation state.

  • warkdarrior  4 days ago

    > targeted multi-year campaigns that probably require the resources of a nation state

    Ha ha ha, "resources of a nation state"! One could run phishing campaigns at scale over many years without breaking the bank. This was true before LLMs, it's probably even cheaper now.

    • grishka  4 days ago

      Sorry, I keep forgetting that LLMs are a thing. But I disagree because many people, especially tech-savvy people, can't possibly trust any communication that has the hallmarks of slop.

      2 replies →

  • II2II  4 days ago

    True, but that kinda misses the point.

    One way to look at it: there are many open source projects targeting Android, projects that gain some sense of legitimacy over being open source yet have few (if any) eyes vetting them. Or, perhaps, the project is legitimate but people are getting third-party builds. That is what F-Droid does. That is what the developer of a third-party ROM does. It would not require the resources of a nation state to compromise them. I am not trying to cast a shadow on open source projects or F-Droid here. I am simply using them as an example because I use said software and am familiar with that ecosystem. The same goes for any software obtained outside of the Play Store, and it's likely worse since there is no transparency in those cases. Heck, the same goes for software obtained through the Play Store (but we're probably talking about nation state resources on that front).

    Another way to look at it: we are only considering a specific avenue for exploitation here. If you close it off, the criminals will look for others. I would be surprised if they weren't looking for ways to bypass Google's checks. I would be surprised if they weren't looking for weaknesses in popular apps. Then there is social engineering. While convincing someone to install software is likely desirable, it certainly isn't the only approach.

    Either way, I don't think Google's approach is solving the problem and I think it is going to do a huge amount of damage. Let's face it: major corporations aren't a paragon of goodness, yet Google's shift is handing them the market.