Google: “Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn’t verified. We are designing this flow specifically to resist coercion, ensuring that users aren’t tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands.”
Thank god. I would’ve ditched Android for good if this went through, and while it sounds like it would be annoying for casual users to enable unverified apps, at least we can still install them.
It’s not sideloading, it’s installing. Stop giving into this idea that installing other apps is somehow bypassing normal methods!
I heard that if you don’t get your groceries via Walmart+ delivery, then it’s smuggling.
Great analogy
Transporting?
So I just read what they are going to do and this article is just clickbait. Basically they still want you to dox yourself but it’ll still work like iOS Test Pilot. Google is still full of shit and lies but hey at least you don’t have to pay them money until enough users download your app if you want more.
So it’ll basically still kill apps like F-Droid or you downloading an app from the internet to run on your phone. You’ll basically have to signup to install third party apps on your device per app in general and alot of the convenience and developer community will still just leave android as a whole.
All in all really bad decision on Google’s part while also extending this to things like fireOS or whatever the fuck the Quest 2 and 3 will run as a skin of android. This will make sure they would be forever stuck on older versions of android; lest they have to contend with the new upcoming android features that will enforce this that will be baked into the operating system next year. Even without Google Play Services like I read.
Personally I don’t think developers should have to sign up to Google and provide ID cards to basically have a limited amount of users use their specific app outside the app store.
Google obviously is feeling threatened by better apps that more people are using on platforms like F-Droid compared the outright subscription based shitware and adware on the playstore. Which is why they are doing this. But like platforms before like inturn Symbian. I personally think it’ll fuck them over so hard that’ll they’ll never recover while China or whomever else makes a new platform for you to run android apps on for a time before going all proprietary fucked up Linux. Just like Android again.
They’ll probably also release a new API to allow apps to check if user have enabled sideloading. Then overzealous apps like fucking mcdonalds will throw a hissy fit about it and refuse to work unless you turn it off. Also your bank too, just to really make it as hard as possible to include sideloaded apps. Sideloading will remain available, but so painful, most people just give up.
Just recently mcdonalds app stopped working when installed in a secondary profile. Long history of them trying to detect root hiding methods too. Fuck them. Once this sideload block thing arrives, mcdonalds would be the first to block it.
Why the fuck would a McDonald’s app care?
Who knows. Maybe they have that one dev on the app team that’s on a crusade to detect every single abnormality.
He might also be following the rooting/magisk scene. Back then whenever magisk updates its root hiding system and successfully bypasses apps, mcdonalds are the first to detect it again. He’s so fast that back when I was still using a rooted phone, I’ve never successfully bought a meal with the app.
Now they’re blocking work profiles on non-rooted phones, which is a native android feature and not a security risk. But they’re still blocking it anyway because it’s slightly abnormal lol.
Let em all shut me down. If they don’t need my business, I don’t need theirs. I just found out that Casio makes a g-shock with Bluetooth and you can screw with it using python and an unlisted API.
One more nail in the coffin for my smartphone footprint. I just want an 8" linux tablet, a watch that can give me messages from signal and a battery powered access point.
The biggest problem are the banking apps. If you’re standing at checkout and your payment app says
“Unverified apps have been detected on your phone. Please uninstall and try again.”
99% of people will delete FDroid and never sideload anything ever again.
With every credit card in existence, supporting Tap to pay these days. We have a pretty decent alternative.
Please tell me there is a video about this that is not on youtube.
To be honest, it’s probably the last thing that doesn’t exist properly on YouTube.
But like 99.999% of everything else, it’s not on peertube either.
If you hit a Google search, there are probably a handful of projects for Bluetooth, Casio, Python.
There are a bunch of videos of people reviewing the watch, but they’re watch reviewers. Other than the Android or iOS app, they hardly touch that it supports anything.
You know it’s kinda funny that I can’t even run the MC Donalds app without doing some fuckery. But my banking app will throw a hissy fit if I try to sign into my account without a rooted or custom ROMed phone because that’s how they know it’s me apparently. Also shame that my banking app stopped supporting Android 8.0 a few years back. I miss my LG V20.
Google also extending this to things like fireOS
it would not, because fireos was based on ancient versions of android like android 11 or earlier, and the block is enforced via google play services which isn’t present on there.
but new fireos doesn’t run android apps at all. New devices temporarily run android apps on a VM hosted on AWS servers and then stream the video, but only if those apps are distributed on the amazon appstore, and it’s a stopgap until the devs make their apps compatible with the new OS.
And old fireos devices will start to gradually uninstall “dangerous” sideloaded apks
You’ll basically have to signup to install third party apps on your device per app in general and alot of the convenience and developer community will still just leave android as a whole.
Leave android and go where?
Incentivizes developing for linux phones, ppl choose android for the freedom
Who do we donate to?
If android goes the way it’s going, then iPhone is the obvious choice.
Not really an option considering it’s even more locked down.
Hope Valve comes up with something eventually, after all they’ve been getting into x86 emulation for mobile ARM chips lately. Granted, it was for VR, but still.
Hope Valve comes up with something eventually
That could be interesting. I want to see how SteamOS goes, but the potential is grand.
In terms of the iPhone being locked down, I’m not sure what you’re looking to do but I personally managed to get ad-free Reddit, YouTube and YouTube music ad-free (+sponsorblock) just using apps from the App Store. All of them free or one-time payment of 3 euros. It was actually easier to do than with Android where I had to “sideload” stuff from GitHub since Android is owned by google and all frontends to their programs are banned.
As long as you get yourself an email that isn’t iCloud you can also take all your contacts and email with you wherever you want. Then you can install KDE Connect as you would on Android and can send files freely between you phone and Pc.
This is all to say, I don’t feel more locked down on the iPhone than on Android, which was a surprise for me.
Straight from the playbook. Announce something terrible, then back off with something bad. Everyone calls it a win.
See: Wizards if the Coast, Unity
And 5 years they’ll try it again.
Do terrible thing A to test the sentiment, probe the reaction, backpedal a bit, admit caveats and facilitate pre-planned option B, try again after a few days and gocus on it died down.
At one point we’ll need diff monitoring on the TOC and all other legal imprints :|
Rockstar too
For now. You just wait. Evil corp is gonna evil corp it all up.
I miss the days when their slogan was “Don’t be evil”
Yeah, Google used to be the “Cool” company back then. I used to root for them.
Lots of companies feel the need to serve their users on their way up.
Once they feel they got much or most of the market on lock, they no longer need to justify themselves to their users, and a cycle of pure valueless exploitation begins, aka enshittification.
Right, that meant “be slightly better than Microsoft”. They never tried to “do no evil”, no sirree, that’s far too difficult.
Don’t consider this a win, guys, this is more of an ‘Oh shit, we’re screwed if we follow through with this right now’ moment, there’s nothing stopping them from walking this back at a later, less turbulent date when no one’s paying attention, and locking Android down anyways, as this directly reminds me of the situation which caused WEI to be scrapped.
Also, the EU pushing Chat Control through the back door might embolden Google to both try an Android lockdown just like was going to roll out before, and try WEI again, and get both actually pushed through somehow.
I wouldn’t even be surprised if MS were emboldened to try to lock down PCs… Again…
I mean, sure, but there was never anything stopping them from doing this in the first place except public pressure. Large companies changing tracks due to public demand is a good thing, and definitely a win.
I think its better to simply realize that a win doesn’t mean the fight is over. It’s okay to be happy about a success. Just don’t let up on the pressure.
deleted by creator
Err, that’s not true on the last fee devices I’ve used, Pixels and a Fairphone. Installing apps from APK files doesn’t require me to enable dev options. In fact trying to install an APK from say Files brings me straight to the permission setting. It’s also per-app. It can be accessed under Settings > Apps > Special app access > Install unknown apps.
That’s not what the phrase “dark pattern” means.
On Samsung it’s: download APK, run it, see the warning, tap “allow third party installations”, flick a switch, tap “install”.
In some ROMs at least, unknown sources for specific apps is not in the developer options.
dark pattern
This is not what dark pattern means.
Also, I don’t think enabling developer options is required to install arbitrary APKs.
That’s not a dark pattern…
that warning was not at all prominent, and as others have said, t does not exist anymore on modern android
Google: "Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn’t verified.
And we will NEVER trust you again because we know you’ll retry this next year or so in a few smaller steps that all have cutesy innocent names that are supposed to lull us in a false sense of security
Fuck Google, stop paying them for anything, stop using their services wherever possible.
Wait, so Google listened to our feedback, and we’re still mad? What would a positive outcome have looked like?
If you think that Google listened and did the right thing out of the goodness of their heart, then I have a bridge to sell you
Google cancelled because of the backlash but they WILL be back for more, they always do
Trust has been broken and that won’t come back. Software companies, in the end, are all the same, they all enahittify over time and always will talk pretty to lull you into a sense of security. I’m not buying it
Because no one believes that Google (Evil Corp) did this to deteer scammers, as they claim their reasoning was. If that was the case, they would take a much better care about the virus apps that gets released on Play Store, or the phishing ads that gets served through games.
This was always about monopoly.
I genuinely believe that it was motivated by the desire to deter scammers. What leads you to believe it’s not? There are many gullible people out there who will follow, precisely as you pointed out, phishing links that encourage them to sideload an unverified app.
No system is perfect, and I also believe that Google Play does a fair job of removing malicious apps.
I’m sorry to try to bring some nuance into this thread as I know that discourse isn’t welcome on Lemmy, but I’m just trying to wrap my head around the outrage. Providing a way to let experienced users continue to sideload apps while safeguarding the more gullible seems like a good idea and I still genuinely don’t understand what your preferred solution would be.
I understand that thoughtprocess, I really do because I’ve thought the same at one point. Most who are angry and frustrated at Google have.
To explain it a bit, it’s pretty much what I said before. If it really were to deteer scammers, they would implement better security and safety in their Play Store first. There’s also ways they could block phishing attempts through there, but instead they use a bulldozer to hammer a small nail to a wall when a hammer would do just fine. I’m sure if you do a search for articles there’ll be news covering this, and surely son statistic if you are more curious on numbers.
What they need is better checks in the very first step, because locking down sideloading won’t fix their inherently flawed Play store security and vetting. It’s like putting a patch of glue on a crack in the wall, but right next to it there’s already a gaping hole.
Ironically, in my attempts to find any kind of information about this, it only resulted in news articles reporting on the number of developer accounts banned and announcements from Google warning users about scams and providing recommendations to safeguard themselves.
I don’t agree that Google has taken a singular approach to this problem; there are numerous ways in which they are combating scams, of which this piece is just one.
I believe people in this thread are (deliberately or not) looking at this from a very narrow point of view and not seeing how (1) there is a risk that is mitigated by preventing gullible users from installing malware through sideloading, (2) Google has reconsidered this solution after hearing community feedback and (3) Google uses numerous mechanisms to eliminate bad actors from the Play store.
To touch on the last one, it seems many of those mechanisms are not done transparently as I’ve seen threads on /r/AndroidDev back before I left Reddit about individuals being lifetime banned even by association to a scammer.
At the risk of sounding insincere—such is the nature of an online discussion forum—I’d like to tap into the ways you see the safety and security of the Play store to be deficient. How are phishing attempts successful there? In the articles I’ve read about phishing through fake apps, they all went through the route of sideloading. One example was to get “special features” in WhatsApp by downloading an APK, and another was to enable developer mode to install an antivirus APK because “the device was infected.” While I found articles describing imposter apps, searching for those apps on Google Play didn’t surface any of them, so it seems from my spot checks that it’s working.
To me, this entire discussion is quite conflicting, because on one hand, we all recognize the risk of malware, but at the same time the community is furious about whatever Google attempts to do about it.
Call me naive, but my family and I are very content with our Android phones and have no qualms with the way Google Play functions today. I remain confused about why this comment section is so mad.
I wouldn’t say that you’re naive, you’re just asking questions about something you want more information on since the info you have seen doesn’t match up with the general opinion.
I found some articles, both in favour of Googles security and some that are not so you can read through them and decide for yourself if this can be considered Google being lax or if they are doing their best:
https://edition.cnn.com/2023/07/11/tech/google-ai-lawsuit
https://en.wikipedia.org/wiki/Criticism_of_Google
https://www.creativefuture.org/google-scandal-timeline/
My own opinion: Google takes action sometimes, but as some of these articles says, many ads from scammers came through apps installed on the Play Store. Not by side loading or third parties. They do take action, but some may argue that they often don’t do that until it’s already widespread and argue about the morality of the company itself, but I’m going to focus on our original question - the side loading issue. After reading through these articles, I still find myself questioning why Google would block side loading and blame scammers, when it’s already a problem in the Play Store itself. The only reasonable answer I can think of is to keep their monopoly and remove projects like Aurora Store, microG, ReVanced and so on. Especially since it is well known that Google does not care about its users, only about its profits.
An sort of TLDR maybe, or side discussion - many does not trust that google do something with the intent of being good. Their history has been anything but good so far, and therefore oppose it out of fear of the actual intent behind their decisions. Blocking side loading takes away freedom to install whatever we want, and Google seems to blame malicious actors using third party sources when malicious apps already exist in the Play Store and their security gets bypassed.
Once user trust is burned it’s not coming back.
There are no positive outcomes available now - it’s time to abandon Google.
Linux phones arriving sooner? Hopefully that’s the silver lining.
I think it was fairly obvious that the move was going to piss people off, they just misjudged to what extent. Modern business strategy is to claim to listen to customer feedback and just quietly plan to implement it anyway, just do it more subtly, more quietly, and more slowly.
I would understand the outrage if Google didn’t stick to their word, but unless I’ve missed something, they’ve not, have they? Are we now protesting that they reversed their decision? Wasn’t this what we wanted?
Are we now protesting that they reversed their decision?
…no? I’m not really protesting so much as offering what I think the other person is trying to say. I think they are saying that Google crossed a line, and walking it back doesn’t change that fact.
In my opinion, Google has crossed countless lines over the last 5-10 years. I’m looking for alternatives that meet my own needs. That search has accelerated over the last few years, when the things Google has done have been most egregious. This isn’t a protest. This is disillusionment. I’m abandoning ship.
That’s a unique perspective. Thanks for sharing.
because they haven’t? We don’t want any changes to our ability to install software. This would still kill f-droid, and the “flow” they talked about isn’t a system wide setting. You have to do it per app. And you, the owner of the divice who just wants to install something on your device, would have to register. So if too many people install the app, the dev would be forced to register as well.
How is any of that “listening to user feedback”?
No freaking way this was because of “feedback”. This was because the European Commission will keep escalating their fines if Google keeps at it with the monopoly bullshit.
Quite some time ago, the messaging I was getting from Microsoft was that Windows 10 security updates were going to end this year. I didn’t really keep up with the news on that front, but I did notice that there was some kind of law suit in the EU that from what I recall basically came down to the fact that MS would have to continue to provide security updates to Win 10 free of charge for EU users.
Literally within the last week, a buddy of mine asked me to look at his computer and see if I could upgrade it to Win 10. I could not, as it doesn’t have a supported processor. But what I noticed is that MS now offers the option to extend security updates until 2026 with the click of a button.
So, thanks EU folks! Already knew ya’ll were awesome, but I assume this change of heart from Microsoft was a result of that suit. I appreciate it.
The EU is just a bit behind being maliciously lobbied to death (eyeroll).
(See Digital Omnibus Act)
That’s not good enough. They’re just going to keep lightly pushing against the bad publicity until everything not controlled by Google on your phone goes away.
We need an alternative made without googles shitty hands in the mix. This forced duopoly between Apple and Google sucks. No phone competition in the US also sucks. Overpriced Samsung or a Google phone, while companies Like Red Magic have fan and liquid cooled phones with huge batteries, more ram, and more storage, for less than a grand being sold around the rest of the world outside the US.
Stop it. You’re reminding me why I want to move my family out of the US. Its not just phones, everything is a facade here.
Oneplus had great success but then enshittified. Raised prices to match Samsung and Google, outsourced support to some place that didn’t sound like they were even in the same dimension as any English speakers and took away their ability to help customers even by accident and finally quality of their phones went to shit.
They could’ve sucked the Chinese government subsidy tit for another few years and would’ve established themselves as legit competition, but that would only delay inevitable enshittification by a few years.
They’re a descent phone right now with their OnePlus 15. Huge battery, good and bright screen, top of the line processing and 16GB of the fastest ram you can get in a phone, and less than $1,000.
My issues with it are that their potential unlocking and rooting is a bit up in the air, and that they only offer up to a 512GB with no SD card.
I’d buy a damned Red Magic 11 pro if they didn’t block root and supported band 71.
Nah, I’m not doing back to OP. I hate to say it, but If you’re going to use android, nothing beats pixels. Not even close.
If GrapheneOS manages to actually work with a decent hardware maker to get a phone to the market, I’ll get that next, but only if Android auto and banking apps work. Phone’s useless to me without those.
Only reason I’d give those up is if I can get another Linux phone as polished as Nokia N9. Still the best phone I’ve ever owned.
Not a popular opinion, but if those two options are unavailable, I’d rather switch to iPhone than use a non pixel android.
It’s looking like pixel may be planning on locking down root access as well, soon. Really, pixel has never done anything very great. No SD card, ok, screen, ok apu, pretty good cameras, meh battery, and meh storage and ram. Never anything special. Sony phones had potential but they’re always priced high and their software support sucks. I wish LG had kept making phones
I completely agree, but despite OP or Samsung looking better on paper, overall experience is just so much smoother. Shit just works. And at some point I began to value that over specs.
Just for some perspective, I’m basing what I’m saying on OP 3T, 5T and 8Pro, Samsung S21 and Pixel 8 pro and currently 9 pro fold.
You chose poorly for Samsung. I’m still holding onto and using my Note 20 ultra. Their last great phone.
We need an alternative made without googles shitty hands in the mix. This forced duopoly between Apple and Google sucks.
That goes for MS and Apple on the desktop too, and allegedly Google is trying to enter that space as well for the umpteenth time.
At least as far as PCs are concerned, they’re still unlocked at the bootloader level, despite MS’ attempts to lock that down, and there’s nothing stopping you from installing Linux or BSD on your PC still. Mobile devices outside a handful which aren’t locked down, unfortunately don’t have that luxury.
Yep. I’m running Linux on all but one of my machines. You at least have the option with most any PC. There’s a very quickly dwindling option to do the same with phones.
Google: “Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn’t verified.
I’ve been side loading apks since I bought my first Android phones and am much more concerned about malware “safe” apps from Google’s Play store. Google’s quality control is shit.
Yes. I wonder how many people unknowingly updated Simple Mobile Tools apps after the new owner’s buy-in.
The number of apps that I’ve had to unistall because they got quietly sold and turned into malware is alarming.
Quality control is not the words. They are unethical garbage pieces of shit who make the world a worse place. These big companies buy smaller ones just so they have the good devs and no competition. Then they make everything in the market insufferable as fuck.
… continues to make Play Integrity an integral part of Android and making all the stupid banking and govt apps requiring having it on your phone thus making it harder to de-google.
still no… fuck you.
Degoogle now before they install their malware on your device(s).
If you can get your hands on a pixel, get grapheneOS. If not, get LineageOS or degoogle your phone. With LineageOS you’ll have to make do with internet banking instead of banking apps.
Depends on the bank.
This is what I’m struggling with. I use an app-only challenger bank, so I feel a bit stuck unless I change everything…
Well some thing is going to change no matter your struggles. :(
So true. I’m loathed to lose the interest rate, but needs must when the devil drives, and boy is he driving right now.
I had one bank like that but when I called them they were able to disable the app challenge and use text/email instead. The catch was that if I ever opened the app again it was re-enabled.
It’s literally ONLY got an app. No web, no branches. They’ve become quite common and popular in the UK (like Revolut).
Aren’t there challenger banks that have website interfaces?
Yep. Monzo implemented an emergency-use website about 5 years ago, Revolut shortly after (and I think they have a desktop app now). I’m with neither (though I can SEE my accounts online, I cannot DO anything with them).
Not to be that kind of guy, and I upvoted your comment, but isn’t it ‘make due’? I might be wrong, however.
I’m glad banks around these parts don’t require an app to function.
It’s still worse than before. Really need to break mobile away from Google and Apple. Preferably as close to standard Linux as possible
AOSP makes a lot more sense to me. We just need to adopt Graphene or Lineage en masse and start contributing to support more devices, grow that out into a real alternative with support for the already existing android app ecosystem, and real alternatives to Google Play services
Aosp makes more sense as a short term strategy, but google is making developing graphene harder, linux mobile is a much better long term strategy
The second I hear about a Linux mobile operating system that has even decent screen reader support, I will be switching.
Magnification in Linux desktops in particular has not been that difficult, but screen readers are a whole different can of worms.
I figure Linux Mobile will be able to do magnification properly as they do it fine on desktop and they can just copy the gestures from Android if nothing else.
It doesn’t matter, you fork into something else entirely. It’s a hell of a lot easier to leverage the android ecosystems in a diverging fork than it is to build a whole new niche platform
Linux mobile will be harder to build but in the long run will be vastly better, but it’s admittedly a very long run.
This makes no sense. Anything you can build Linux into, you can do the same to android
That’s true, but android has some pretty fundamental issues that would take some massive rewrites to fully resolve, not to mention that if we switched to linux patches wouldn’t have to be written for multiple operating systems.
Graphene doesn’t fix the problem because it’s only available on Pixel devices
Not for long. They’re going to start working with their own OEM.
Try reading what I said
What about Play Integrity / Safetynet?
Yeah when are Linux phones going to be compatible
Waydroid doesn’t intend on supporting it. It’s a piece of code that checks for evidence of “tampering” (such as an unlocked bootloader, or root access), and sends those bits of data off to Google’s servers for verification
It’s antithetical to Waydroid and device freedom, and is used by banking apps for “security” reasons, as well as media apps for piracy reasons
And is a massive pain for anyone who root’s their devices
Right… So what was your point again?
Easing is not removing.
Anything more than a warning and disclaimer popup is too much.
I’m OK with jumping through more hoops – once.
Once I told the device that I know what I’m doing, it shouldn’t be more than a pop-up per install.
I’d agree that the option is inportant to turn it off but one and done shouldn’t be the default cuz people fucking dumb, yo.
Uh-huh, sure, just about protecting the users. Nevermind that actual malware is regularly found on play store, and exactly 0 times – on f-droid they’re “protecting” the users from.
Check your sources, we have had issues on F-Droid. Better than google play store though, because the average F-doid user is more tech savvy than the average GPlay user.
Haven’t heard of it, personally, except the case with introducing a vulnerability similar to the case with the xz backdoor that wasn’t merged. Would appreciate the link, tho
We are designing this flow specifically to resist coercion, ensuring that users aren’t tricked into bypassing these safety checks while under pressure from a scammer.
Translation: if they want scamware, it better be from Google Play, where Google gets a 30% cut. On top of the cut they got for the phishing link in Google Ads.
And if anything thinks I’m being hyperbolic, go on Google Play and search for pretty much anything. Or turn off your adblocker.
Helped a disabled pensioner recently with her phone that kept plaging loud obnoxious ads at her even while locked.
She had 4 different “virus scanners” that were all fake adware.
The fee is 15% below the first $1M of revenue and it should go without saying that app developers only pay that fee for paid apps, in-app purchases or digital subscriptions. It’s very unlikely that a scam app would be paid, or work off a subscription, and if those phishing ads are doing their conversions, you’ll never see the user again.
I doubt Google’s making more than a few cents off each of these scam apps.
Google gets a cut from the Google Ads click, which takes the user directly to the Play Store (or, if on desktop, the Chrome extension store).
If it’s some free shovelware app, they get a cut from the ads spammed onto the user’s screen. If it’s a sham subscription app, they get a cut of that. I see this a lot test clicking ads these days.
If its legit phishing, that’s a fair point; they don’t get a direct cut of the scam, other than the attention it drives towards their app stores and the data they collect for the user’s profile. But the point I’m trying to make is that it’s incredibly hypocritical to paint 3rd party apps (and indeed any competing app store) as a danger when they do such a poor job policing their own store. They may have a point, but it doesn’t really tackle scamware unless they change their moderation habits.
