It appears that the “security wait” will be a one time thing when you first allow installing from unverified sources. After enabling it it will remain on indefiniately.
Not quite as bad as I was fearing, but will kinda annoying.
“Not quire as bad”? My dude, you have to ask for permission from a corporation to install an app on your phone that you supposedly own and paid for. On what planet is this not awful?
Yep, it’s pretty bad, it sets a bad precedent, and has me looking for alternatives.
When it was originally announced I got the impression that Google would soon be removing the ability to sideload apps altogether and as I almost entirely use apps installed from “untrusted” sources this would have been a nightmare for me.
So while I think this whole situation is shit, and will almost certainly lead to Google removing the ability to sideload apps in the future, for me the immediate anxiety has been lifted.
You do realize that what you’re saying might’ve been the goal all along? It’s literally an “I’m altering the deal, pray I don’t alter it further” vader moment and you’re saying you’re relieved. Make no mistake, you, me and every single Android user was just fucked over and it’ll only get worse.
I don’t think I made myself clear; I am relievd because I thought I was going to lose access to my apps in the next update cycle. The thought of that filled me with anxiety, but now I have more time to prepare.
I’m hoping that something like lineageOS will be unaffected and will be available for my device before Google remove sideloading altogether
It looks like a glorified ‘developer mode’ switch that has the 1 day wait to prevent someone from grabbing your phone, turning on sideloading, installing some hazardous app, and then having their way with your info.
This appears to be the best of both worlds.
Like when unlocking your bootloader wiped your info. Just do it first. not a year in to using your device, if thats your plan.
When has your imaginary scenario ever been a problem? Can you name a single example where that has happenned? Stop making excuses for corporations fucking over their users.
Lmfao. I’ll invent a better way and it will only take me negative 50 years to do it.
Passcode.
There is absolutely nothing positive about this. It is only nefarious, full stop. I could open a million dollar restaurant that served microwaved cat shit, but on the menu it’s called “Tbone Steak” and with your logic, people wouldn’t notice the difference.
I agree a day wait is bullshit, but you think a passcode is enough to keep someone from… anything? You can shoulder surf a passcode in no time at all. Hell, it’s not even difficult. Go to a bar, talk someone up, give a legit reason to use someone’s phone, intentionally lock and force a passcode and 99% of people at bars will put their pin in within eyesight, or tell you the code.
A passcode isn’t as big a deterrent as most people seem to think it is. It’ll keep you out of an unattended phone you found, but there are plenty of ways to socially engineer your way into having it for the vast majority of targets.
And yes, you likely wouldn’t give your passcode out. But this is how a number of ne’er-do-wells got unfettered access to hundreds of iPhones, and prompted Apple to put a semi similar 24 hour lock on certain security actions if you aren’t in a “known to the phone” location (somewhere you frequent like home or work).
Edit to note: passwords aren’t much better. One of my hobbies in college was shoulder surfing classmates passwords just to repeat it back to them later in the day. Though on a phone you have far fewer reasons to type in an associated accounts password.
When you couple what you just said with what they’re trying to do, your own argument can be made in my favor.
One of my hobbies in college was shoulder surfing classmates passwords just to repeat it back to them later in the day. Though on a phone you have far fewer reasons to type in an associated accounts password.
Never tell anyone else this again, and stop doing it. What an insane invasion of privacy.
My security should be my choice on my device end of story. My password/passcode plus encryption with easily accessible ways to put it into lockdown mode and have lockdown mode on a continuous timer is absolutely enough for my threat model.
I don’t need any else making any addition call on it, and I definitely don’t need someone that is willingly bragging about invading others privacy coaching me on what these companies are intending while actively trying to take my right to privacy away.
You call it an invasion of privacy, I call it fucking with friends while teaching them to be cognizant of who is watching what they do. You realize they can (and did) just immediately change their password right?
I’m also not sure how “the average person treats their passcodes and passwords like everyone is intentionally looking away” somehow strengthens “lock making the phone less secure behind a passcode” as an argument.
And yes, it 100% lowers the security of the phone. Which absolutely is your choice. Which I also do, and have done with my wife and kids phones. But the idea that a passcode is somehow a solution is just silly.
Not as silly as a 24 hour wait controlled by google, but still silly.
You said classmates. And hobby implies you did it a lot, and a lot extends beyond a few friends very quickly, so I do doubt it was limited to that, but I’ve got no choice but to take your word. Also I had thought you were the guy previously okaying this privacy nightmare in a trenchcoat, so ignore half of what I was saying.
Whatever it is or whatever it helps, if people want to opt into it, have at it. I will not be doing that. My solution protects me from everyone accept teams that have the funding and skill to get in through other means. I use biometrics, not perfect but it works. If I want those disabled until a password/code is in, it’s a tap away. No one sees me use it because I’m using biometrics until I don’t want to.
In what world do we expect companies that have decades long track records of fucking us for profit to stop after another empty promise?
Technically installing an app allows continuous spying instead of one-time offloading. It’s an actual consideration with spyware like Pegasus: it might’ve been used as a bug to listen to offline conversations.
Sure. Because as we know people grabbing your unlocked phone to sideload apps onto it is an almost daily occurrence. Which of us hasn’t had a stranger install a cryto miner while we looked away for a second.
Get real. This is an imaginary problem affecting the 0.01% they are using to tell you this action is justifiable. Getting more control is the aim of their game
Until you have to help someone install an app not available to them.
Xfinity stream for example is not on the Chromecast play store, even though an Android build exists on the Fire TV store. I had to guide my dad through this. In this case it wouldn’t be possible for 24 hours.
Had a similar issue with an app not available in a friend’s region.
I could live with the whole flow minus the delay. This is shit, just pure shit.
It appears that the “security wait” will be a one time thing when you first allow installing from unverified sources. After enabling it it will remain on indefiniately.
Not quite as bad as I was fearing, but will kinda annoying.
“Not quire as bad”? My dude, you have to ask for permission from a corporation to install an app on your phone that you supposedly own and paid for. On what planet is this not awful?
This is happening to PCs now too, eg. with the OS ‘age-gating’ laws that IMO only exist to quell competition for MS, Google, and Apple.
I sincerely doubt that will actually come into fruition. There’s no way to force all linux distros to have that. At least I hope there isn’t.
Systemd is pushing age-gating at the init level, which means the majority of Linux will be age-gated, whether they want to be or not.
Also, Amutable wants to add Android-style attestation to systemd, which means if they get their way, the majority of Linux will be as locked down as Android as far as telling you what and what not to install for apps.
Here’s the Lemmy post discussing Amutable.
So its time to move to a distro without systemd?
Yep, it’s pretty bad, it sets a bad precedent, and has me looking for alternatives.
When it was originally announced I got the impression that Google would soon be removing the ability to sideload apps altogether and as I almost entirely use apps installed from “untrusted” sources this would have been a nightmare for me.
So while I think this whole situation is shit, and will almost certainly lead to Google removing the ability to sideload apps in the future, for me the immediate anxiety has been lifted.
You do realize that what you’re saying might’ve been the goal all along? It’s literally an “I’m altering the deal, pray I don’t alter it further” vader moment and you’re saying you’re relieved. Make no mistake, you, me and every single Android user was just fucked over and it’ll only get worse.
I don’t think I made myself clear; I am relievd because I thought I was going to lose access to my apps in the next update cycle. The thought of that filled me with anxiety, but now I have more time to prepare.
I’m hoping that something like lineageOS will be unaffected and will be available for my device before Google remove sideloading altogether
And that is the tactic commonly used to slowly boil the frog.
It looks like a glorified ‘developer mode’ switch that has the 1 day wait to prevent someone from grabbing your phone, turning on sideloading, installing some hazardous app, and then having their way with your info. This appears to be the best of both worlds.
Like when unlocking your bootloader wiped your info. Just do it first. not a year in to using your device, if thats your plan.
When has your imaginary scenario ever been a problem? Can you name a single example where that has happenned? Stop making excuses for corporations fucking over their users.
Lmfao. I’ll invent a better way and it will only take me negative 50 years to do it.
Passcode.
There is absolutely nothing positive about this. It is only nefarious, full stop. I could open a million dollar restaurant that served microwaved cat shit, but on the menu it’s called “Tbone Steak” and with your logic, people wouldn’t notice the difference.
Okay, pump the breaks a second.
I agree a day wait is bullshit, but you think a passcode is enough to keep someone from… anything? You can shoulder surf a passcode in no time at all. Hell, it’s not even difficult. Go to a bar, talk someone up, give a legit reason to use someone’s phone, intentionally lock and force a passcode and 99% of people at bars will put their pin in within eyesight, or tell you the code.
A passcode isn’t as big a deterrent as most people seem to think it is. It’ll keep you out of an unattended phone you found, but there are plenty of ways to socially engineer your way into having it for the vast majority of targets.
And yes, you likely wouldn’t give your passcode out. But this is how a number of ne’er-do-wells got unfettered access to hundreds of iPhones, and prompted Apple to put a semi similar 24 hour lock on certain security actions if you aren’t in a “known to the phone” location (somewhere you frequent like home or work).
Edit to note: passwords aren’t much better. One of my hobbies in college was shoulder surfing classmates passwords just to repeat it back to them later in the day. Though on a phone you have far fewer reasons to type in an associated accounts password.
When you couple what you just said with what they’re trying to do, your own argument can be made in my favor.
Never tell anyone else this again, and stop doing it. What an insane invasion of privacy.
My security should be my choice on my device end of story. My password/passcode plus encryption with easily accessible ways to put it into lockdown mode and have lockdown mode on a continuous timer is absolutely enough for my threat model.
I don’t need any else making any addition call on it, and I definitely don’t need someone that is willingly bragging about invading others privacy coaching me on what these companies are intending while actively trying to take my right to privacy away.
You call it an invasion of privacy, I call it fucking with friends while teaching them to be cognizant of who is watching what they do. You realize they can (and did) just immediately change their password right?
I’m also not sure how “the average person treats their passcodes and passwords like everyone is intentionally looking away” somehow strengthens “lock making the phone less secure behind a passcode” as an argument.
And yes, it 100% lowers the security of the phone. Which absolutely is your choice. Which I also do, and have done with my wife and kids phones. But the idea that a passcode is somehow a solution is just silly.
Not as silly as a 24 hour wait controlled by google, but still silly.
You said classmates. And hobby implies you did it a lot, and a lot extends beyond a few friends very quickly, so I do doubt it was limited to that, but I’ve got no choice but to take your word. Also I had thought you were the guy previously okaying this privacy nightmare in a trenchcoat, so ignore half of what I was saying.
Whatever it is or whatever it helps, if people want to opt into it, have at it. I will not be doing that. My solution protects me from everyone accept teams that have the funding and skill to get in through other means. I use biometrics, not perfect but it works. If I want those disabled until a password/code is in, it’s a tap away. No one sees me use it because I’m using biometrics until I don’t want to.
In what world do we expect companies that have decades long track records of fucking us for profit to stop after another empty promise?
If they’re already into your phone there’s so many legitimate ways to extract your data. The ability to sideload an app won’t impact that.
Technically installing an app allows continuous spying instead of one-time offloading. It’s an actual consideration with spyware like Pegasus: it might’ve been used as a bug to listen to offline conversations.
The OS is the spyware, they’re ensuring you cannot remove it.
Sure. Because as we know people grabbing your unlocked phone to sideload apps onto it is an almost daily occurrence. Which of us hasn’t had a stranger install a cryto miner while we looked away for a second.
Get real. This is an imaginary problem affecting the 0.01% they are using to tell you this action is justifiable. Getting more control is the aim of their game
Oh yeah, because those guys seriously can’t wait a day
This has nothing to do with security
So this feature is disabled if you have a pin?
Until you have to help someone install an app not available to them.
Xfinity stream for example is not on the Chromecast play store, even though an Android build exists on the Fire TV store. I had to guide my dad through this. In this case it wouldn’t be possible for 24 hours.
Had a similar issue with an app not available in a friend’s region.
I could live with the whole flow minus the delay. This is shit, just pure shit.