Comment by KJs6ZxELzQM37O
12 hours ago
There is a good solution. A big disclaimer and the user accepting the risk of running the software they want. The same solution they've been doing for years that did not need change. The new developer program is only here because it is more convenient to Google and governments.
We've known for literally decades that that doesn't actually work, for several reasons:
1. People are conditioned to ignore warnings. There are way too many benign warnings in the world; you can't read them all.
2. Even when people wouldn't ignore them, in cases where they are being tricked by scammers it's easy for the scammer to talk people into accepting them.
3. Those sorts of warnings aren't actionable. You're installing a new app. It appears legit. You want to use it. You get a warning like "this app hasn't been verified; it might be malware!". What can you do with the information? Absolutely nothing. 99.9999% of users have zero way of doing any deeper check to see whether it actually is malware. Their only options are to give up and go home, or just hope that the warning is wrong. Even I - a highly technical user - get zero value from things like Windows' smart screen. "The app you're running hasn't been signed! It might be malware!". Err yeah sure. I'm not going to reverse engineer it to check am I?
I think their solution of allowing you to disable the restriction with a one-time one-day delay is actually a really reasonable solution. As long as they don't go further than that - the risk is that it is just a temporary placation and they'll ditch that option in a few years.
There's already a restriction that requires going into the settings and flipping a toggle, with a warning. I think that's enough.
To be clear, enough does not mean that will stop every trojan/scam. People send Starbucks gift cards to callers claiming to be from the IRS calling to collect overdue taxes despite the obvious absurdity. Enough means that someone who doesn't know anything about computers but who reads and believes the warning label has sufficient information to know that it's a potentially dangerous decision. Some people will make the dangerous decision anyway, but it's on them at that point.
It's 2026. This technology has been out for how long?
We can't keep catering to the lowest common denominator of user. We have lost many computing freedoms over the decades as a result of this. Sorry, but its unacceptable.
If they really want such locked down experience to be the default, they could also just as easily put out a ROM everyone else can flash that has no restrictions. You still get to cater to the lowest common denominator but without taking freedoms away from anyone else that wants to keep them, with official support. No scammer is going to convince someone to plug their phone into their laptop and flash a new ROM in order to scam them. If they can, there's no protections that would have helped in the first place.
The problem is easy to solve by making 99% of all apps normal apps that don't get any special privileges and don't require any developer certification, and having a certified developer program with heavily locked down run mode for the 1% of high security apps like banking and payment apps. It's not hard to attest unambiguously to the user in some way whether they are running one of these rare secure apps or a normal one, a restricted API suffices but you could also just add an LED for it.
You can't possibly convince me that Google couldn't develop something like that if they wanted to.
>and having a certified developer program with heavily locked down run mode for the 1% of high security apps like banking and payment apps.
How do you determine/enforce whether an app is a "payment app" without a centralized developer program? They don't require any special privileges. After all, most banking apps have web equivalents.
How does Android know if an apk that nobody has ever seen before is a payment or banking app?
You could probably restrict "risky" APIs like draw-over-other-apps, but tbh I think that would be a worse solution than just making people wait 24 hours once.