Microsoft appeared to walk back Recall until they suddenly brought it back unannounced and doubled down. So I’ll believe it when I see it
So, we will have to enable developer mode for that? How long before banking and government apps refuse to run if you have “sideloaded” apps installed? This will be the same as not allowing the majority of people to sideload. No win in here, just an advanced strategy from google to make us conform
Riddle me this, why do people use banking apps on mobile devices in the first place? Why put all your financial data in an eggshell just waiting to get dropped or stolen?
Bank cards have had the whole tap to pay thing for quite a while now. I drop my phone, busted. I drop my bank card, it’s fine, I just pick it right back up, and it stays in my wallet unless in use, not in my hand where it’s infinitely more likely to get lost or stolen.
You want a banking app, do so from your home computer, not a fragile mobile device literally designed to fail if it so much as falls out of your hands.
Anyways, riddle me that…
This is already the case if the developer mode toggle is enabled for some. I have to turn it off any time I’m traveling for work because the app we have to use to file expense reports refuses to run with developer mode enabled.
At that point you should tell your work to get a work only device for you… I always refuse to use my phone for work shit. I used to explain to them why, now I just lie and say my device is too old to have anything installed on it.
Yeah, but I travel for work. I dont want to carry two phones, as the one colpany offers is a shitty samsung a-series and I use graphene on my Pixel
Yeah, totally understandable.
I mentioned to the other guy how my dad got a dual-sim phone (not a shitty one) just by sort of mentioning having to carry two phones. I guess some employers are nicer than others :D
lmao, no arguments here. My boss’s phone got bit by the construction site so I think we might finally be getting some movement on that front, at least for anyone who finds themselves in the field doing shit.
For what it’s worth, I don’t generally mind using my phone for work shit because it’s convenient to do so. MDM on android works in a container, so I don’t even care about that if they want to implement it.
Yeah I get the convenience of it.
My dad was complaining out loud to his boss, not requesting anything, just complaining about having to bring two phones with him when he was out and about. So his boss got him a dual-sim work phone lol. The convenience can work out that way as well :)
Or if you’re rooted, or run something other than your OEM image. I use grapheneos and I’m lucky that my bank doesn’t enforce that like some do. I still can’t use cards to tap with Google wallet because it’s not certified by Google.
But what if they starting requiring that you remove the sideloaded apps? We’re getting trapped
Yeah, if that process wouldn’t need developer mode (or stayed active after disabling it again) that wouldn’t be that bad (still annoying). But having to choose between the ability to install apps or use those apps that only work without developer mode certainly isn’t a win.
Huh I’m unfamiliar with this, but I’ve been running graphene for years and before that lineage
Making users wait 24 hours doesn’t improve security; it’s an anti-competitive change designed to make the Google Play store seem like less of a hassle in comparison.
I can actually see where it can improve security against scammers trying to scam elderly and non-tech savvy people.
- Scammer tries to get someone to install malware from their site
- Victim isn’t familiar with sideloading, but scammer instructs them
- Victim hits the first time 24 hour block and has to restart and wait
- The restart alone breaks contact with the scammer, scam thwarted
For the rest of us that know our way around Android, it’s just a one time annoyance, after completing all the steps to enable sideloading, you won’t have to wait 24 hours anymore.
Lets be real though, currently they already have to blow through 4 other warnings about installing unsigned APK and enabled the browser or file manager to be able to install applications. It’s almost certain if they are that far deep/commited, they are going to call the scammer back if the scammer left a number.
Yes this might allow for a time delay where the scammers number could be disabled if reported by enough people, or someone else to be like “yo this is a scam” if they mentioned it but, I don’t think this is as secure as they are saying it will be. The target audience for this is very unlikely to be thwarted by a time delay. Plus, the scammer will make some excuse about how the warning is just a safety percaucion and doesn’t need to be followed as this is a normal usage of the toggle, and then have them call back after the delay is done.
For clarification: the target audience doesn’t know about the scam, and all they care about is that someone is seemingly willing to assist with an issue or problem they have. Said person knows the solution and they just have to wait for the timer to be done to be able to do said solution. They have no reason of telling others about it (unless they were complaining about googles time delay) as they already got someone who is seemingly able to assist.
Honestly, having to have the user type “I agree that I have verified the application i am trying to install is genuine and not a fraudulent app” or a listbox of checkmarks to toggle in order to enable it would be far more efficient for this case.
Hell take the example image the article on the dev page has and make it into toggles instead and it would work far better than a timer does.
Honestly, having to have the user type “I agree that I have verified the application i am trying to install is genuine and not a fraudulent app”
Yeah, this would be the most promising approach IMO. Whenever I was forced to write something, I did pay more attention to what that said than if I ticked a box next to it.
Maybe even have them write “I am not instructed to install this app by someone else. I am aware that following instructions to install an app this way often have fraudulent intentions”.
(Also if the language was changed recently, it should ask to write it in all languages that were set within the last 14 days or so. Otherwise the scammer will have them switch the language so they don’t understand what they’re writing)
Sadly, there’s truth in everything you say. Scammers are gonna be scammers, and they’ll just find a new technique plus the long standing social engineering to continue their efforts to rip people off of whatever they can.
Still, it’s something in the middleground, to help grandma be less likely to get scammed, while also giving power users an out and way to keep using their devices the way they want.
I’d believe that if most Pig Butchering scams weren’t using apps from Google Play already.
Fair enough, you have a point. Although, I do think the developer verification thing will make it easier for Google to weed out bad actor developers altogether from the Play Store.
Sure there’s no perfect solution, but at least they’re trying to make it a lot more difficult for the scammers out there, while still leaving power users a path to keep using Android the way we want.
I think it is absolutely delusional to assume any of this actually has anything to do with security or safety of users. Google just wants more power and control over, well, everything they can get.
It’s going to be effective, but it’s a sad world where you have to create a total nanny state because there exist a subset of users who are INCREDIBLY stupid.
Is it still a subset when it’s the majority?
And to be honest, the level of effort scammers are willing to go through is shocking, and AI’s just making it easier for them.
Something about the smartest bears vs the dumbest humans.
Anything less than the whole is a subset, yes.
We will win when nobody can tell you what you can or can’t put in your own fucking device.
Counterpoint: my software allows you to access your banking needs. I’m financially on the hook if fraud occurs. Fraud occurs because your favorite “slap the monkey” game also installs a keylogger and network monitor. So I don’t allow my software to work if you have that installed.
I think you’re right that companies should not be able to tell you what software you can run, but users also can’t be trusted to keep their devices safe.
A lot of network, banking, and telephony protocols historically rely on trusting that there are no bad actors in the chain. Technology has added more links to the chain increasing the opportunities for bad actors to tap into it.
It’s a situation that needs better fixes. Maybe we just need to hand the current internet over to the bots and start a new one with security and privacy built in from the ground up.
Android runs apps sandboxed, so no app can access what you write in another like your banking app, or the unencrypted packages it sends.
Yea the argument stated works better for rooted environments than rootless environments or sideloading.
In a non-root scenario, you would need to specify a few permissions to give a keylogger that amount of access. I think that a big issue is people not understanding that there is a difference between a rooted device or root installed app, and a sideloaded application.
Just because you have a non-google device or a rooted device != you have a compromised device. Applications aren’t going to magically install running as root, every rom worth their salt keeps it a clear isolation between the layers, and some roms don’t even allow you to use the root environment after installing it.
In your standard google phone install? A keylogger wouldn’t be able to be installed without enabling an accessibility permission. It’s not like you can just “oops I just sideloaded a keylogger haha silly me” like described. Both google installed and side loaded applications would require prompting a warning page that very clearly states it allows logging of the screen for the logging part of it to work.
You’re liable if someone shares their credentials? Even if they did it accidentally by installing a keylogger, that seems like user error.
The square app will not run on a phone that has developer mode enabled. I turned developer mode on to disable annoying animations, so now I can’t take card payments unless I carry around a second phone.
If Google goes through with this, my payment phone won’t be able to run any third party apps.
As someone who occasionally goes to markets and pays someone using Square, I think I’m happy with that.
Now that you mention it I’m surprised single purpose phone isn’t required like needing dedicated Internet for registers. Or did they finally fix that to allow VLANs?
- enable developer options
- confirm that you are not tricked
- restart phone and re-authenticate
- wait one day
- confirm with biometrics that you know what you are doing
- decide if you only want unrestricted installs for 1 week or forever
- confirm that you accept the risks
- enjoy the few apps that still have developers motivated to develop for a user-base willing to put up with this
A classic case of making a ridiculously restrictive change, then “walking it back” to a merely semi-ridiculous change and having everyone sigh in relief.
Just like Anthropic and OpenAI’s willingness to kill people en masse, then walking it back to a nonexistent standard.
No we didn’t win. This is Google making it harder to install the programs you want, rather than the programs Google wants you to have.
“side loading” == installing
Still worse than it was before. There’s no win in that
This isn’t a win, this is Google making things shitty for the benefit of no one but themselves.
“Scammers” also exist on the Play Store. Google should start by cleaning it up.
Time for another OS. Android is over.
Postmarketos is looking pretty promising right now.
The year of the Linux phone is upon us brethren!
at best this is not losing at this very moment
I want an extra day added to the warranty of any device I purchase, as it will be useless during that time
