Android developer verification: Early access starts

> In most cases, F-Droid couldn't know either.

F-Droid is quite restrictive about what kinds of app they accept, they build the app from source code themselves, and the source code must be published under a FLOSS license. They have some checks that have to pass for each new version of an app.

Although it's possible for a developer to transfer their accounts and private keys to someone shady, F-Droid's checks and open source requirements limit the damage the new developer can do.

https://f-droid.org/docs/Inclusion_Policy/

https://f-droid.org/docs/Anti-Features/

If an app updates to require new permissions, or to suddenly require network access, or the owner contact details change, Google Play should ideally stop that during the update review process and let the users know. But that wouldn't be good for business.

> F-Droid couldn't know either

F-Droid is not just a repository and an organization providing the relevant services, but a community of like-minded *users* that report on and talk about such issues.

> which is widely promoted as being good security practice

Maybe that's the mistake right there?

It is a good practice only as long as you can trust the remote source for apps. Illustration: it is a good security practice for a Debian distro, not so much for a closed source phone app store.

By using the distributor model, where a trusted 3rd party builds & distributes the apps. Like every Linux distro or like what F-droid does.

> I don't really see how you can both allow developers to update their apps automatically (which is widely promoted as being good security practice) and also defend against good developers turning bad.

These are not compatible, but only because the first half is simply false. Allowing a developer to send updates is not "good" but "bad" security practice.

The point here is that app developers have to identify themselves. Google has no intention to verify the content of sideloaded apps, just that it is signed by a real person, for accountability.

They don't know if the person who signed the app is the developer, but should the app happen to be a scam and there is a police investigation, that is the person who will have to answer questions, like "who did you transfer these private keys to?".

This, according to Google and possibly regulators in countries where this will be implemented, will help combat a certain type of scam.

It shouldn't be a problem for YouTube Vanced, at least in the proposed form. The authors, who are already idendified just need to sign their APK. AFAIK, what they are doing is not illegal or they would have been shut down long ago. It may be a problem for others though, and particularly F-Droid, because F-Droid recompiles apps, they can't reasonably be signed by the original author.

The F-Droid situation can resolve itself if F-Droid is allowed to sign the apps it publishes, and in fact, doing that is an improvement in security as it can be a guarantee that the APK you got is indeed the one compiled by F-Droid from publicly available source code.

That's true in theory. But as you can see in practice is that google does very little to protect their users, while F-Droid at least tries.

Which shows that the whole 'security' rigmarole by google is bullshit.

In many cases developer e-mail address changes, IP address changes, billing address changes, tax ID changes...

To be fair, on Google Play you have the option to transfer the app to someone else's account. People don't need to trade accounts...

Quite simple: Actual human review that works with the developers.

But this costs money, and the lack of it is proof google doesn't really care about user security. They're just lying.

> If "automatic updates" were optional and off-by-default then users would not be vulnerable to something like SimpleMobileTools

The problem is the vast majority of users want this on by default; they don't want to be bothered with looking at every update and deciding if they should update or not.

>I had to download a .pkg and basically sideload the app, which is not published on the Apple Store

You mean install the app? The fact that Apple and Google wish to suggest that software from outside their gardens is somehow subnormal doesn't mean other people need to adopt their verbiage.

Probably because they require APIs which cannot be used when publishing to the AppStore. The whole Microsoft Office Suite is available in the macOS App Store - but Microsoft Teams must be downloaded from their website and cannot be installed via the AppStore...

Your personal data will be kept safe on our servers, citizen, whether you like it or not.

> Why should apps have access to a user's SMS / RCS?

It could be an alternative SMS app like TextSecure. One of the best features of Android is that even built-in default applications like the keyboard, browser, launcher, etc can be replaced by alternative implementations.

It could also be a SMS backup application (which can also be used to transfer the whole SMS history to a new phone).

Or it could be something like KDE Connect making SMS notifications show up on the user's computer.

Yeah. I mean the irony is that the one advantage of having a controlled and monitored app store would be that the entity monitoring it enforces certain standards. Games don't need access to your contacts, ever. If Google Play would just straight up block games that requested unnecessary permissions, it might have value. Instead we have 10,000 match-three games that want to use your camera and read all your data and Google is just fine with that. If the issue was access to personal data, a large proportion of existing apps should just be banned.

Playstore is the one that contains majority of the malware and people get it only that way. I rarely know of people side-loading that have issues.

https://www.google.com/search?q=ars+technica+playstore+malwa...

re OTPs, there's a special permission-less way to request sms codes, with a special hash in the content so it's clearly an opt-in by both app and sender: https://developers.google.com/identity/sms-retriever/overvie...

so no, it's not necessary at all. and many apps identify OTPs and give you an easy "copy to clipboard" button in the notification.

but that isn't all super widely known and expected (partly because not all apps or messages follow it), so it's not something you can rely on users denying access to.

Because Tasker is fundamental for some. Those arguments are similar to "think of children".

I concur.

If they are concerned about malware then one of the obvious solutions would be safe guarding their play store. There is significant less scam on iphone because apple polices their app store. Meanwhile scam apps that i reported are still up on google play store.

> if the problem is indeed malware getting access to personal data, then the very obvious solution is to ensure that such personal data is not accessible by apps

Then you'd have the other "screaming minority" on HN show up, the "antitrust all the things" folks.

> Note also that while they are not completely removing sideloading (for now) they are introducing further restrictions on it, including gate-keeping by them.

This blog post is specifically saying there will be a way to bypass the gatekeeping on Google-blessed Android builds, just as we wanted.

> But that kind of privacy based security model is anathema to Google because its whole business model is based on violating its users' privacy.

Despite this, they sell some of the most privacy-capable phones available, with the Pixels having unlockable bootloaders. Even without unlocking the bootloader to install something like GrapheneOS, they support better privacy than the other mass market mobile phones by Samsung and Apple, which both admittedly set a low bar.

Its a fact even if you dont buy this

I can easily believe that Google's YouTube team would love to kill off such apps, if they can make a significant (say ≥1%) impact on revenue. (After all, being able to make money from views is an actual part of the YouTube product features that they promise to “creators”, which would be undermined if they made it too easy to circumvent.)

But having seen how things work at large companies including Google, I find it less likely for Google's Android team to be allocating resources or making major policy decisions by considering the YouTube team. :-) (Of course if Android happened to make a change that negatively affected YouTube revenue, things may get escalated and the change may get rolled back as in the infamous Chrome-vs-Ads case, but those situations are very rare.) Taking their explanation at face value (their anti-malware team couldn't keep up: bad actors can spin up new harmful apps instantly. It becomes an endless game of whack-a-mole. Verification changes the math by forcing them to use a real identity) seems justified in this case.

My point though was that whatever the ultimate stable equilibrium becomes, it will be one in which the set of apps that the average person can easily install is limited in some way — I think Google's proposed solution here (hobbyists can make apps having not many users, and “experienced users” can opt out of the security measures) is actually a “least bad” compromise, but still not a happy outcome for those who would like a world where anyone can write apps that anyone can install.

You’re still proving the point above, which is ignoring the fact that the restriction is specifically targeted at a small number of countries. Google is also rolling out processes for advanced users to install apps. It’s all in the linked post (which apparently isn’t being read by the people injecting their own assumptions)

Google is not rolling this out to protect against YouTube ReVanced but only in a small number of countries. That’s an illogical conclusion to draw from the facts.

yt-dlp's days are fairly numbered as Google has a trump card they can eventually deploy: all content is gated behind DRM. IIRC the only reason YouTube content is not yet served exclusively through DRM is to maintain compatibility with older hardware like smart TVs.

Too bad that I'm going iPhone if Google removes sideloading and now I know about revanced so they aren't getting any more than the zero dollars that youtube and youtube music are worth from me

If I'm going to live in a walled garden it's going to the fanciest

You would still be able to adb installs them. They wouldn't die.

It seems to me if you raise the difficulty enough, and lower the success rate enough, at some point a given scam stops being economical. https://news.ycombinator.com/item?id=45913529

A change google made to android earlier this year prevents you from allowing unknown sources and installing apks while you are on a phone call.

I'm surprised they didn't think of doing that sooner.

Consider whether your natural right argument might not stand in several other countries’ legal systems.

The era of United States companies using common sense United States principles for the whole world is coming to an end.

Yeah then you have the choice to not buy the locked down hardware, you don't have a right to get open hardware FROM Google.

Of course there are no good options for open hardware, but that is a related but separate problem.

This is correct. Our natural rights go much further than unnatural prohibitions from the government.

Do what you please and get enough people to do it with you, and no one can stop you.

Oh, so you're good with everyone having the "natural right" to turn handguns into automatic weapons simply because they find themselves in possession of the correct atoms? How about adding a 3rd story on the top of your house without needing a permit or structural evaluation?

Note that adding "full stop" pointlessly to the end of sentences does not strengthen your argument.

> Natural right, full stop.

You’re still missing the point the comment is making: In countries where governments are dead set on holding Google accountable for what users do on their phones, it doesn’t matter what you believe to be your natural right. The governments of these countries have made declarations about who is accountable and Google has no intention of leaving the door open for that accountability.

You can do whatever you want with the hardware you buy, but don’t confuse that with forcing another company to give you all of the tools to do anything you want easily.

I don't think it's illegal to do whatever you want with your phone. That doesn't mean google legally is required to make it easy or even possible. That being said I ethically they should allow it, and considering their near monopoly status they should be forced to keep things open. In fact there should be right to repair laws too.

I suppose you have the right to do whatever you want with it, including zapping it in the microwave or using it as a rectal probe. I am not sure that right extends are far as forcing companies to deliver a product to your specifications (open software, hardware, or otherwise)

Once they do it in one country, there will be much more pressure and incentives to do it everywhere.

> I'm not in any of those autocratic countries

Autocratic Albania banned by law ads on YouTube so if you are in Albania (or your VPN is - wink! wink!) you get to watch YouTube without ads legally

I, too, hate those autocratic countries were government act for the good of the people, instead of ruling in favour of greedy billionaires

> "Never enable software installation if someone asks you..."

Imagine a situation in which a frightened, stressed user sees such a message on their screen. Meanwhile, a very convincing fake police officer or bank representative is telling them over the phone that they must ignore this message due to specific dangerous emergency situation to save the money in their bank account. Would the user realize at that moment that the message is right and the person on the phone is a thief? I'm not so sure.

This is actually a good point, and something I've been wondering about too. What changed between the 90s and now, that Microsoft didn't get blamed for malware on Windows, but Google/Apple would be blamed now for malware on their devices? It seems that the environment today is different, in the sense that if (widespread) PCs only came into existence now, the PC makers would be considered responsible for harms therefrom (this is a subjective opinion of course).

Assuming this is true (ignore if you disagree), why is that? Is it that PCs never became as widespread as phones (used by lots of people who are likely targets for scammers and losing their life savings etc), or technology was still new and lawmakers didn't concern themselves with it, or PCs (despite the name) were still to a large extent "office" devices, or the sophistication of scammers was lower then, or…? Even today PCs are being affected by ransomware (for example) but Microsoft doesn't get held responsible, so why are phones different?

...and users want ̶c̶o̶n̶t̶r̶o̶l̶ convenience.

Seems more appropriate.

Android could have, for example, a 24 hour "cooling off" period for sideloading approval. Much like some bootloader unlocking - make it subject to a delay.

That immediately takes the pressure off people who are being told that their bank details are at immediate risk.

>It's not possible to provide a path for advanced users that a stupid person can't be coerced to use.

I actually think you might be wrong about this? Imagine if Google forced you to solve a logic puzzle before sideloading. The puzzle could be very visual in nature, so even if a scammer asked the victim to describe the puzzle over the phone, this usually wouldn't allow the scammer to solve it on the victim's behalf. The puzzle could be presented in a special OS mode to prevent screenshots, with phone camera disabled so the puzzle can't be photographed in a mirror, and phone call functionality disabled so a scammer can't talk you through it as easily. Scammers would tell the victim to go find a friend, have the friend photograph the puzzle, and send the photo to the scammer. At which point the friend hopefully says "wait, wtf is going on here?" (Especially if the puzzle has big text at the top like "IF SOMEONE ASKS YOU TO PHOTOGRAPH THIS, THEY ARE LIKELY VICTIM OF AN ONGOING SCAM, YOU SHOULD REFUSE", and consists of multiple stages which need to be solved sequentially.)

In addition to logic puzzles, Google could also make you pass a scam awareness quiz =) You could interleave the quiz questions with logic puzzle stages, to help the friend who's photographing the puzzle figure out what's going on.

I guess this could fail for users who have two devices, e.g. a laptop plus a phone, but presumably those users tend to have a little more technical sophistication. Maybe display a QR code in the middle of the puzzle which opens up scam awareness materials if photographed?

Or, instead of a "scam awareness quiz" you could could give the user an "ongoing scam check", e.g.: "Did a stranger recently call you on the phone and tell you to navigate to this functionality?" If the user answers yes, disable sideloading for the next 48 hours and show them scam education materials.

No, then the results of many google web searches would not put scam sites at the top over the official sites. Google is fine with people being scammed. As long as they get their cut. Large corporations don't have empathy.

From what I've seen, millions lost to scams are with social engineering; through cold calls masquerading as the authorities, phishing, pig butchering; plenty of scam apps on the Play store harvesting data as well, but not a single real life instance of malware installed outside the officially sanctioned platform.

The Play Store is full of of scam apps so obviouly they don't.

The same scams Google's ad network facilitates and Google in turn profits from?

> they'll need a legal framework for that

Not really. It should, but Google operate in a bunch of contries without proper rule of law.

Yes. The same goes with payment processing. I hate visa/mastercard as much as the next person. But if the court says they're accountable for people who buy drug/firearm/child porn, then it seems to be a quite reasonable reaction for them to preemptively limit what the users can buy or sell.

The government(s) have to treat the middlemen as middlemen. Otherwise they are forced to act as gatekeepers.

These two things are not the same. The GDPR afforded rights to common people. Those companies that would pull out are the ones that were abusing data that was never theirs and could no longer do so.

BTW, Stallman and FSF have been saying this the whole time - if you become the only gatekeeper, don't be surprised when government people show up and force you to ban apps or users from your platform.

Security isn't an absolute and this doesn't notably improve it

Oh! I thought I had found the crucial piece finally after ~500 words, but there's indeed better news in the section after that! Thanks, I can go sleep with a more optimistic feeling now :)

Also this will kill any impetus that was growing on the Linux phone development side, for better or worse. We get to live in this ecosystem a while longer, let's see if people keep damocles' sword in mind and we might see more efforts towards cross-platform builds for example

> We are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified

Sure, they'll keep building it forever — this is just a delay tactic.

That doesn't say that you can just build an APK and distribute it. I suspect this path _still_ requires you to create a developer console account and distribute binaries signed by it... just that that developer account doesn't have to have completed identity verification.

it's probably just gonna be under the Developer Options "secret" menu

Let me guess, a warning box that requires me to give permission to the app to install from third-party sources? Is that not clear enough confirmation that I know what I'm doing? /s

So.. all this drama over an alert(yes/no) box?

Wow, this really pulls back the veil. This Vendor (google) is only looking out for numero uno.

Sideloading should be called installing, and installing from the play store should be called jailloading.

>Sideloading has a negative vibe

Maybe you've just been drinking the propaganda? "Sideloading" to me rolls off the tongue no worse than "hotswapping" or "overclocking".

I call it installing. If it's from play store I'd say "Install from Play Store".

Exactly, this would greatly reduce the ability for scammers in "urgent" situations, but for power users who flip the switch on day one it would rarely be a problem. What would be terrible though ... is if Google made it require a network connection or Google approval.

1 day is not longish. That would greatly harm apps like F-Droid. You'd have to go through it every time you want to update your apps.

All Android devices require signed binaries and have done so since 1.0.

malware are good at getting users to click past scare screens unfortunately. this isn't a solved problem, even with desktop browsers.

Then i guess you can't publish apps? One of those issues where i should be "writing to my congressman" or whatever I guess. the problem is real and people like you are being obtuse, unwilling to find a solution or a compromise. Something as simple as number of installs is an invasion of privacy? how? it's a number, you increment a counter when someone hits download, that's it.

Yeah, if google gets to have rules over what happens by apps that have their seal of approval. that's how seals of approvals work. you're not entitled to these things. you don't have the right to publish to the android platform, if Google, wary of anti-trust suits allows a 3rd party app store, it can institute reasonable requirements.

If an appstore is willingly hosting malware, should Google still provide their seal of approval? That was supposed to be rhetoric, but I wouldn't be surprised if you told me that they should.

This is willful ignorance, I only hope you educate yourself on the harms caused by malware and malicious actors and consider taking a practical approach to finding solutions instead of dying on every single hill.

> Are they admitting that their app sandboxing is so weak that a malicious app can exfil data from other unaffiliated apps?

An app can read the content of notifications if the appropriate permissions are granted, which includes 2FA codes sent by SMS or email. That those are bad ways to provide 2FA codes is its own issue.

I want that permission to exist. I use KDE Connect to display notifications on my laptop, for example. Despite the name, it's not just for KDE or Linux - there are Windows and Mac versions too.

yes, they're admitting that their APIs are powerful enough to build accessibility tools (which often must read notifications) and many other useful things (e.g. Pushbullet) that are not possible on iOS.

powerful stuff has room for abuse. I didn't really think there's much of a way to make that not the case. it's especially true for anything that you grant accessibility-level access to, and "you cannot build accessibility tools" is a terrible trade-off.

(personally I think there's some room for options with taint analysis and allowing "can read notifications = no internet" style rules, but anything capable enough will also be complex enough to be a problem)

> Are they admitting that their app sandboxing is so weak that a malicious app can exfil data from other unaffiliated apps?

It's not news, both iOS and Android sandboxing are Swiss cheese compared to a browser.

People should only install apps from trusted publishers (and not everything from the store is trusted as the store just gors very basic checks)

Hey, sometimes the dumbest people it works on are also the ones with the decision making ability. What a world to live in.

BINGO! Google doesn't care at all about user security.

- Just yesterday there was a story on here about how Google found esoteric bugs in FFMPEG, and told volunteers to fix it.

- Another classic example, about how Google doesn't give a stuff about their user's security is the scam ads they allow on youtube. Google knows these are scams, but don't care because they there isn't regulation requiring oversight.

Making money and complying with the law. They are obligated to do both. In many countries laws are still enforced.

Protecting their app store revenues from competition exposes them to scrutiny from competition regulators and might be counter productive.

Many governments are moving towards requiring tech companies to enforce verification of users and limit access to some types of software and services or impose conditions requiring software to limit certain features such as end to end encryption. Some prominent people in big tech believe very strongly in a surveillance state and we are seeing a lot of buy in across the political spectrum, possibly due to industry lobbying efforts. Allowing people to install unapproved software limits the effectiveness of surveillance technologies and the revenues of those selling them. If legal compliance risks are pushing this then it is a job for voters, not Google to fix.

They absolutely eo completely ignore many security and privacy things because they're very selective in what they focus on, particularly around how those things might impact their ad revenue.

How much they spend is no indicator of how and where they spend it, so is hardly a compelling argument.

I'm not the OP but we know that SMS is not secure. Google should try banning that first.

What would they have to offer Google in return for being granted this status? Would they have to ban NewPipe, for example?

Yes, that possibility has occurred to me as well, and is potentially a reasonable compromise (depending on those requirements).

No, that's ridiculous. If I want to send an app to someone, now they have to wipe their phone to install it? That would kill installing non-Play apps far more than Google's original proposal.

I hadn't installed a non-Play Store app for something like 5 years until this year. I don't see why I should have been forced to factory reset my phone then.

Forgive my bluntness, but I hope you are never allowed on the Android team or near any significant UX decisions on any devices or apps I use or will use.

> Real sideloaders (F-Droid users, etc.)

When using F-Droid, I don't think of myself as a "sideloader". I'm using an app store (F-Droid), not installing some random APKs.

(Yes, the F-Droid store app had to be "sideloaded". Once. It updates itself. If or when Google allows alternate store apps in their store app, even that would no longer be necessary.)

But wiping your phone isn't "a little pain"

Great, at phone setup when many people don't know anything about the implications of the choice.

And factory reset when it's impossible to backup and restore everything, or anything at all without a Google account

EU digital markets mandates that you can install apps through f-droid... but doesn't mandate that those apps don't to comply with Google's signing policy.

Isn't Apple technically complying with this even while forcing notarization? Seems like Google could get away with the same scheme.

That's only if you don't want your users to have to jump through whatever hoops are needed to bypass the verification requirement.

But it's not mandatory anymore because people can install it without it being verified.

> Seriously though, can anyone tell me why the fuck banking apps try so hard to find any possible excuse to not run on customised devices?

As an early cyanogen mod adopter I really don’t want to lose ability to side load etc. but to answer your question this is probably for the lowest common denominators safety. Anecdotal example - a scammer tricked my parents into sideloading an apk which automatically forwarded all sms messages to the said scammer. This lead to 2FA code from bank go through and allowed them to perform some transactions. There were many red flags during this ‘call from a bank’ and I’d say some blame lies on my parents here, I guess this is the only way to lock down bad actors? I am not entirely sure it is.

Banks have stupid rules probably made by people who don't understand the matter. A relative recently got victim to phishing and gave away some of his banking details (fake e-banking login screen on a website). After locking the account, the bank said it would only unlock it after the phone got wiped, which obviously doesn't add anything in this situation.

Another pet peeve is that they prevent screenshots simply because they can, and it feels safer. I know, 3rd-party apps which can do screenshots etc., but this is fighting the threat the wrong way. And yes, it's partially the fault of the platform, which could just allow user-initiated screenshots. Or at least make it configurable.

It may not be banks themselves doing this.

For example, my bank here in Hungary, Erste Bank has announced that the central bank requested that they stop allowing their android app to run on "modified" devices.

They even have a workaround: switch to SMS-based 2FA and use their website (which works well on any screen and has all the features of the app except 2FA)

If you run a pentest, allowing rooted devices will almost certainly show up as a vulnerability. It'll be marked "low risk", but you'll also be told that you don't want to "accept risk" for too many "low risk" vulnerabilities.

So somebody then needs to say that this is not something they worry about rather than doing the easy thing and remediating it.

At most banks, the absolute control belongs to risk and regulation department. A bank must safeguard their license above all else, and it is very easy for them to loose it if the bank is found doing something it should not (though for the big ones, they sometimes operate in a gray zone, which means they manage to keep their licenses despite relatively steep fines). Even for the simplest ui/ux change, risk department has the final say. Source: I’ve been working 15+ years in the banking industry.

Probably because it makes it easier to observe and/or intercept API calls and other data exchange between the client and the server. It's trivial to disable things like SSL cert pinning, etc. on rooted devices.

Insurance, they don't want to be on the hook if you get robbed.

How useful is it to have a unique global ID, that the target willingly carries and manages, but doesn't have any meaningful control over?

It a projection of what they could do. ie. logical step

The whole SafetyNet and "secure chain" things are PITA, eg. ChatGPT app wouldn't work if the phone bootloader isn't signed by Google. Lots of banking app wouldn't work, HSBC banking app for instance wouldn't allow login if Android developer mode is enabled.

The digital ID e.g. eID is for example if you want to order a government document online. At the current time you need to print out your request and send a copy of your ID in the mail or go to the counter and show it. Same if you get a bank account or new phone contract although those usually let you scan your ID with your phone. A eID would make that more secure although people are already being tricked into doing face validations[1]...

Offline it would make it possible to verify your age at the self-checkout registers without having someone have to check in person.

In the future (if the law allows it, which it currently does not) it should be possible for you to purchase an item online completely anonymously, at least to the vendor. There would no longer be a possibility of leaked address, etc. as the vendor would not have it. All the vendor has are signed tokens. When they send a package they send it with a token to the post office and only the post office knows your address.

[1] https://www.srf.ch/sendungen/kassensturz-espresso/espresso/m...

They removed the "ICE" app and if the US government has an issue with other Apps they bend over and do it.

Switzerland is currently dealing with a 39% and Brazil with a 50% tariff because Trump has a personal problem with them. It would not be far fetched for an administration to have another states app removed.

Paranoia.

See the "Empowering experienced users" section.

They announced the $25 "verification" plan awhile ago. The new part in this article is that they're going to have it remain possible to install software that didn't do that "verification".

> Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified.

This is misleading though. There is simply no other choice if you want to use mainstream apps. It could be argued (successfully in my view) that any agreement is null and void due to its acceptance under duress.

Users have an inherent legal right to unconditionally access the full advertised functionality of devices they purchase. Any agreement after that is inherently suspect and I wouldn't be surprised to find out it was ruled unconscionable by some court if it came to that.

Then let me put my own software on the hardware I own then.

If there is an alternative software that can run on the device without going through extraordinary hoops, I may agree that it is licensed.

If there is no other alternative, buying hardware and licensing software are not two different steps. Its just buying a device.

Let's not shoot the messenger (edoceo)

Too many people are in denial about what they actually own, and seem to refuse to accept this battle isn't starting or coming up, we're already in the process of losing it.

Clinging to material ownership feels great on the moment, but that's absolutely not what we need to deal with right now. It's kinda like being so proud to be the registered owner of your car, while it's getting impounded and you'll be spending the next 10 years trying to get it back.

We need a free-as-in-freedom version of Android.

Which is an unacceptable loophole in our legal system that should be closed immediately as far as I'm concerned. If I buy a product, even if that product is software, then I own it, and I should have ultimate control my copy of it.

The idea that we allow companies to go "Yes, you paid for this product, but it's not really yours. We still control it and can do whatever we want with it regardless of what you want." is asinine.

I believe this only works this way on some android forks, iirc you are talking about Samsung. Stock android would show a warning "do you want to install apk from this app?" and lead you to a settings page that enables apk installs from this particular app. No need to separately enable the ability to install apks in general.

I always thought this is a very weird flow, it adds hoops yet accomplishes nothing because the hoops are all trivial and the same for every app.

Yes, education around these scams and their methods could be better, but there is also a reason they target the elderly and vulnerable. Unless something else terrible happens, I assume I will count in one or both of those groups eventually. I feel like when I get there, I would appreciate empathy rather than disdain, if I were ever taken advantage of.

Regardless, you do not actually need to enable developer settings to install APKs from unknown sources (at least, not on my Samsung). When you open an APK from within another app (e.g. Google Drive or WhatsApp), Android "helpfully" forwards you straight to the relevant security settings page, allowing you to immediately toggle the "Install unknown apps" permission for that specific app. It's a streamlined flow, only a couple of taps, no scrolling/searching/reading, therefore likely easy to coach a victim into performing.

So, I expect what the Android team is alluding to in the original post is to enable additional friction like you describe.

One does not need to enable developer mode to install a 3rd party APK.

eh, think this is a bit much to ask. Are we going to educate a majority of the baby boomers who just never got a feel for how technology works? Yeah, my Dad also just got scammed by a phishing scheme on his PC (and if a scammer had walked him through how to install an apk on his phone, he'd probably do that too).

In my humble opinion, in the design of a UI or any type of system, kind of have to go where the users take you to some degree. And Android, being an OS for consumer devices, should be geared toward the masses and the mistakes they'll make.

You don't need two phones to use ADB with Termux. Just put the ADB settings app on a split screen and it will work just fine. I used it several months ago.

aka "Trust us bros"

That would at least be an improvement to the current situation, were they wouldn't be able to operate at all.

If the flow is designed such the you only have to do it once for F-Droid and then the unsigned apps would be installable from there without friction, it wouldn't even be that bad.

That should be up to the bank to decide, and it already is. https://developer.android.com/privacy-and-security/safetynet...

None of my banks have complained to me because I'm running a patched YouTube app.

Yes we have banking websites but they are increasingly moving to an auth model where you have to enter an otp generated in the app but the app refuses to work on non-verified devices.

"For now."

I would think it is pretty silly if I needed some sort of verification to drive people I personally know around because other people were getting their car hijacked after choosing to pick up strangers they found on the highway.

Especially when they're continuing on the next 10 steps ASAP.

What is the non-evil phone platform? Aftermarket Android ROMs?

I'd agree because I'd feel the same :)

As to relevance to the article - I'm not cheering that much because if Google made "stock OS" even worse then maybe more users would flock to LineageOS/GrapheneOS which would be a great thing and make it harder to push Play Integrity.

I'm just presenting my exotic point of view - since that developer verification would only be needed to run apps on the "stock OS" (which I consider bad), then deliberately excluding it could promote using LineageOS/GrapheneOS which would be a good thing.

But of course I'm talking about non-commercial apps, but commercial app developers would already be on Google Play.