Comment by ravenstine
4 days ago
This has nothing to do with keeping people safe. If it did then power users could continue to install their own software by being given that ability as a developer setting. The fact that some people are gullible enough to go into a hidden setting on their phone and enable that in order to install an app from a random Chinese website is not a good reason to take away everyone's freedom. Consolidation of power is all this is about.
There is immense pressure to stop online scams which are draining old people of their life savings. The whole flow from the article seems entirely based around letting power users install what they want while being able to break the flow of a scammer guiding a clueless person in to installing malware.
It is promising that Google has avoided just turning off sideloading but still put measures in place to protect people.
Why can't a bank put a lock on large transfers or have an extra verification step? Or a cooldown period, so that if they see a large transfer from people above 60, let them go to a branch to verify/ack the transaction. Why is this the internet or operating systems problem to solve?
It's crazy. There have been news articles here where people have lost their whole account balance in one go and bank says they can't even do anything after the transfer is made. How is that different from Bitcoin then? People that have never done such huge transfer and the banks supposedly are monitoring transfers.
And since the customer was supposedly being careless, they won't get anything from the bank.
1 reply →
> Why is this the internet or operating systems problem to solve?
Exactly! I don't understand how account-draining transactions make it through, yet I get the third degree when I withdrawal a few thousand in cash to buy used equipment off craigslist.
Well in many countries this is the case.
But it's an interesting thing to raise, because so often when they do enforce those controls - the outcry is 'bank won't let me do what I want with my money!'.
Not such a stones throw from - 'tech company won't let me do what I want with my device!'
Im not making any specific point. But perhaps thats indicative that the solution needs to be holistic, or just that security is hard XD.
I've never seen any news about such scams with actual malware that can break through Android's sandbox system - as we're still assuming a rootless systems. In most cases it's pig butchering, phishing, cold calls that make the person use the official app to transfer money to an account they're told to.
This stops nothing of the sort.
Why is it on Google to stop this and not the banks?
What can Bank X do to stop phone malware from scraping the user's session token from the Bank X app or website?
Yes, banks should (and sometimes do) double- and triple-check with you before allowing large transfers/withdrawals, but scammers know how to coach their victims past this. Speaking from experience.
(I also don't fully agree this is Google's responsibility, and I am not happy about this development. But there are legitimate points in favor of outsourcing the question of "will this software do nefarious things" to some kind of trusted signing authority.)
2 replies →
Because they want to shake the image that the iPhone is for the average person while Android is for technical people who take the risk of malware and scams.
There are more grandmas who just want their banking secure than there are FOSS advocates wanting full system access.
>There is immense pressure to stop online scams which are draining old people of their life savings.
From who? I'd rather have this done by a regulated service like a bank than a private corporation with a perverse incentive. Frauds and scams are already illegal.
That't the similar narrative to "think of the children". They want to act as this middleman and secure their place, all while having unfettered access to people's data.
None involve installing an app from a non app store.
It absolutely has to do with keeping people safe. You not caring isn't relevant.
If Google cared just the slightest bit about keeping people safe, they would stop hosting scam ads as core part of their business model.
Google is on the side of the scammers.
Total nonsense. Google is a large company with different teams that have different goals.
5 replies →
This has nothing to do with keeping people safe.
...and...
some people are gullible enough to go into a hidden setting on their phone and enable that in order to install an app from a random Chinese website
are kind of contradictory.
There's much easier ways for gullible people to be scammed than convincing them to install an android app.
It's not a contradiction. Removing that setting solves that problem, but it's not the only solution.
It also only solves that very specific problem. You don't need to side-load an app to scam someone. There's plenty of malware on the play store you can use. And, you don't need malware. There's plenty of legitimate apps you can use for scamming.
And, you don't need an app, I would imagine most scamming is done without an app.
So, really, we're solving a subset of a subset of a subset of a subset of the problem.
2 replies →