Comment by iamcalledrob
4 days ago
> Restart your phone and reauthenticate: This cuts off any remote access or active phone calls a scammer might be using to watch what you’re doing.
This is smart.
But putting my design hat on here: couldn't this be the whole approach? When enabling the "unverified apps" setting, the phone could terminate all running apps and calls before walking the user through the process.
Why do you even need the rest of the complexity -- if the fear is that non-savvy users are being coached into installing malware,then preventing comms while fiddling with the settings seems pretty OK?
You could even combine this with randomised UI, labels etc. so it's not possible to coach someone in advance about what to press.
> But putting my design hat on here: couldn't this be the whole approach?
No, because protecting users is just an excuse. The overreach is the goal.
Having worked in big tech, my money would be on Hanlon's Razor here -- "Never attribute to malice that which is adequately explained by incompetence"
It isn't adequately explained by incompetence. This is out of the playbook of boiling the frog. Nothing about this is new or unexpected. We have plenty of history about how these things go down. First they make installing device owner chosen software ridiculously laberous. Then they will remove the option altogether.
I don't understand how it makes any difference.
A scammer is going to be familiar with the flow and can also just... call again?
"Just follow x, y, z and I will call back to help you"