Comment by SchemaLoad
4 days ago
There is immense pressure to stop online scams which are draining old people of their life savings. The whole flow from the article seems entirely based around letting power users install what they want while being able to break the flow of a scammer guiding a clueless person in to installing malware.
It is promising that Google has avoided just turning off sideloading but still put measures in place to protect people.
Why can't a bank put a lock on large transfers or have an extra verification step? Or a cooldown period, so that if they see a large transfer from people above 60, let them go to a branch to verify/ack the transaction. Why is this the internet or operating systems problem to solve?
It's crazy. There have been news articles here where people have lost their whole account balance in one go and bank says they can't even do anything after the transfer is made. How is that different from Bitcoin then? People that have never done such huge transfer and the banks supposedly are monitoring transfers.
And since the customer was supposedly being careless, they won't get anything from the bank.
Defeats the whole purpose of having a bank right? Might as well use the piggy bank under the couch...
> Why is this the internet or operating systems problem to solve?
Exactly! I don't understand how account-draining transactions make it through, yet I get the third degree when I withdrawal a few thousand in cash to buy used equipment off craigslist.
Well in many countries this is the case.
But it's an interesting thing to raise, because so often when they do enforce those controls - the outcry is 'bank won't let me do what I want with my money!'.
Not such a stones throw from - 'tech company won't let me do what I want with my device!'
Im not making any specific point. But perhaps thats indicative that the solution needs to be holistic, or just that security is hard XD.
I've never seen any news about such scams with actual malware that can break through Android's sandbox system - as we're still assuming a rootless systems. In most cases it's pig butchering, phishing, cold calls that make the person use the official app to transfer money to an account they're told to.
This stops nothing of the sort.
Why is it on Google to stop this and not the banks?
What can Bank X do to stop phone malware from scraping the user's session token from the Bank X app or website?
Yes, banks should (and sometimes do) double- and triple-check with you before allowing large transfers/withdrawals, but scammers know how to coach their victims past this. Speaking from experience.
(I also don't fully agree this is Google's responsibility, and I am not happy about this development. But there are legitimate points in favor of outsourcing the question of "will this software do nefarious things" to some kind of trusted signing authority.)
Don't do instant non-reversible transfers. Specially for a transaction that is highly likely to be fraud. I.e. person transfers to someone you haven't done business with before or foreign accounts. Also the fraud detection needs to go both ways.
1 reply →
Because they want to shake the image that the iPhone is for the average person while Android is for technical people who take the risk of malware and scams.
There are more grandmas who just want their banking secure than there are FOSS advocates wanting full system access.
>There is immense pressure to stop online scams which are draining old people of their life savings.
From who? I'd rather have this done by a regulated service like a bank than a private corporation with a perverse incentive. Frauds and scams are already illegal.
That't the similar narrative to "think of the children". They want to act as this middleman and secure their place, all while having unfettered access to people's data.
None involve installing an app from a non app store.