Comment by Taterr
12 hours ago
None of the comments here seem to discuss or even mention how this situation looks from googles perspective? I feel like HN readers are not aware of the scale of the problem they face or their motivation behind these changes.
If you look at the rate of growth of the call/text scam industry I think it's entirely possible that android owners are getting scammed out of more money than google themselves makes on the android platform as a whole. It's at least not that far off. Which doesn't even account for the humanitarian issues which they probably feel partially responsible for.
Google’s perspective is that they don’t want people to install NewPipe so that the CEO can buy more yachts.
I would bet the amount of people getting scammed is probably higher than those installing NewPipe.
The difference is that Google doesn’t mind scam apps being on the Play Store.
Because we hear so many stories where the scammer directed their target to install an app so that their scam works
I know a lot more people that install newpipe than people that got scammed by any means, and have never heard of anyone being asked to install an app by a scammer
1 reply →
I don't find the assertion credible that people are getting scammed out of more money than the entire platform is worth. But given that Google does not make the revenue for Android public, what kind of numbers do you think you're talking about here?
Also, I think it's disingenuous to say that scams are predominantly powered by sideloading. I think the vast majority of the scams that are perpetrated use apps directly from the Play Store.
Google's perspective is that they want full control on Android.
If they really care about scams, the first result when I search for chatgpt is a fake app with a fake logo. Maybe they should start by tackling the scams on the play store as the play store is the far west.
Their solution to every problem is to take away more control of the smartphones each time from the users who own them. Meanwhile, I have much less problems with scam and security issues and more freedom with software off FDroid. Makes you wonder if the actual problem is perhaps the one coming up with these solutions and their malevolent intentions behind a thin veil of laughable PR. Besides, I don't get people's habit of justifying trillion dollar corporations that can't seem to come up with any non-dystopian solutions.
Why does nobody ever think of the poor megacorporation?
I mean maybe you're even right and they care a little bit about people being scammed. But if you believe that the scamming thing is any more than a pretense for further establishing Google's absolute control over the Android ecosystem, that is just very naive.
Their goal is to make money. Apps installed outside of Google mean less money for them. Ergo, consumer's right to install what they want on their devices must go.
I understand usually the megacorporation is simply being anti-consumer with these kinds of changes, and who knows maybe this is the same. But I think this might be an actual exception. They seem to be actually implementing a lot of high effort scam protection features recently in android so unless they did all of that just as an excuse to make side loading harder then they've fooled me.
https://security.googleblog.com/2026/02/strengthening-androi... https://blog.google/innovation-and-ai/technology/safety-secu...
For more context, the the "reason" they're increasing the friction in sideloading is to prevent one extremely specific scam where someone instructs you over the phone to download a malicious android app, which then steals your banks 2 factor verification code from your notifications and sends it to the scammers. The 24 hour limitation does seem specifically designed to prevent that so I'm inclined to believe them.
You don't need to side load a specific app with malware. All you do is tell the person to go to the Google Play Store and install any Anydesk. Heck, even the reviews for that app point out that people that are scamming you often tell you to install it. Kelly Walters' review from '23 has 215,000 upvotes for warning people about this.
> They seem to be actually implementing a lot of high effort scam protection features recently in android
This all happened recently because a court case was recently decided that broke Google's monopoly on play store money flows (Google must now allow alternate play stores). These recent changes are simply to try to prop up as much of their play store profit center as they can by restricting what you can do with the computer you purchased.
Do you also believe mass surveillance is necessary to protect children?
2 replies →
It's pretty easy to make up a reasonable sounding excuse for something you do for your own profit as a company. If they don't even provide any statistic on how frequent these scams are, it can be just words
Also, if your bank 2fa code is in your notifications, you should switch 2fa methods to something other than sms, or switch banks.
2 replies →
I wouldn't be surprised if the people at google implementing this genuinely believe this to be the case. It was the same thing with AMP, the people doing it really seemed to believe it was entirely a good thing and there were no negative consequences whatsoever. But it doesn't really matter when the thing also blatantly concentrates power within themselves that can later be used to their own interests.
(Here's another reason it's a bad idea: scammers tend to be very good at navigating the roadblocks you put in to do a thing, often moreso than the people who legitimately want to do the thing, so I wouldn't be surprised if the scammers still have a healthy supply of malicious apps now signed by google. If they can't keep malware off of the play store where they see the malicious code, why do they think they can stop scammers registering as developers to sign their malware?)
There will always be scammers who through human engineering get people to transfer money or hand over their jewellery.
(My bank doesn't use SMS by the way everything goes through the official app with biometrics).
my bias former android and java dev....
Google choose an OS using a VM by design is insecure by default....
ITS NOT US USERS FAULT!
That may be, but I think you are missing the point of the outrage: this solution is not good.
So let's discuss a good solution instead of this boring repetitive outrage.
First we need to understand what the root cause of the problem really is then we can discuss solutions. All we've been told is that "Android users are getting scammed, we are going to make side loading impossible". There is no clear cause and effect established, no data shared with the public on what percent of scams were caused by sideloaded apps and how the scams actually operate for us to be able to accept the solution.
3 replies →
Look at the attack vectors that are actually being used, and address them specifically, with minimally invasive measures.
If the problem is apps that allow remote control of your device, that people can be socially engineered into installing, put up barriers to gaining just that permissions. That approach would actually help motivate the problem (as scammers can now just use Google-approved apps for such things).
If the problem is ads that are pushing scams, Google could start with eradicating them from their own network. They seem to be the primary source. And, god forbid, perhaps even offer an ad blocker integrated in Android. (Yeah, I know.)
If the problem is scammers pretending to be a friend or family member in need of help though social apps, Google could force these apps to help users identify these cases (using local privacy friendly heuristics is course) for inclusion in the Play Store. And no, they wouldn't be able to demand the same from apps installed from elsewhere, but that should be firmly outside of their sphere of responsibility. And casual users would be extremely like to stick with the default app store anyhow.
Note that all three of these proposals provide a measure of safety from the problems they are addressing much larger than what Google is attempting by banning all non-Google-authorized applications.
5 replies →
The problem with that thought is that Goole isn't creating a good solution, it's creating this specific one.