I can understand this workflow being created to protect the legions of people who are tricked into installing spyware.
It doesn’t remotely affect me because I use GrapheneOS and if this is an issue for you then you’re probably someone who should look at installing GOS or Lineage.
I don’t think Google should be able to do this and it is likely part of a longer-term strategy to strangle any competition. At the same time, I can understand how this change will save a lot of grandparents from clicking a link in a text from their ‘grandchildren’ and installing spyware that’ll steal all of their bank information.
GrapheneOS is built on AOSP, which is where the change is being made. Graphene and other custom ROMs will need to maintain a fork that cuts out the feature if they want to avoid. Google is also starting to close off Android to make that more difficult, so it’ll become a genuine project to maintain the fork well.
That’s better, at least. GrapheneOS users should be fine at least since there are extensive restrictions on Play. Other Android ROMs may have issues, though. Maybe not if they use MicroG.
I mean… This is kind of why I never let people use my phone.
I have installations from various sources enabled… Like my browser, because I know what I’m doing. But I wouldn’t trust anyone as the process is currently effortless…
If someone is trying to install spyware on you (like a partner or parent.) this might offer some notification and prevention.
I don’t really see the big deal. You do it once, enable it forever, and wipe up those tears.
I think a better way would just to have maybe like a biometric/pin confirmation upon installation. Simple. Clean.
they want to suppress the developers, not users. By making it so bothersome, so many people will just stop using sources from outside google play. First they do this and at some later time they will add more hoops to it.
If they manage to strangle any developers that make stuff, people will have nowhere to turn yet they cant complain either because google will have undeniable monopoly.
The delay is almost assuredly to prevent live scamming. Like a grandparent picking up a random call or text and being tricked into thinking they’re a family member/bank worker/etc.
I’ll admit it’s annoying, and could be used by Google later to do more annoying shit.
Taking their explanations in good faith and looking at it from an customer security point of view, I can see this cutting back on some common scam types. This is kind of like how, when you go to rustdesk.com there’s a giant ‘YOU’RE PROBABLY GETTING SCAMMED’ banner across the top of the page:
These little steps can seems pointless or annoying to us, as most of us are probably in the upper range of tech skills, but consider the average user and it starts to make a lot more sense.
The delay makes intuitive sense especially since it will give the target a chance to complain about it to their friends and family who will hopefully stop it from there.
However, I’m not sure if it’s worth it. I imagine this would stop exfiltration apps which scan the users device to useful data and maybe passive screenshots but this pales in comparison to apps with subscription dark patterns, gambling and apps that harvest and sell your data legally already. If this was a case of apps prompting the user to enter sensitive information into a form then they could just use a browser.
I don’t know. I think this is a good measure to prevent scams. I’m just uncomfortable about Google’s motivation.
Combined with the news that they’re going to start requiring developer age verification even in the alternate app repositories…
The biometrics part makes no sense, you can disable biometrics. You mean that you have to do a security confirmation however you’ve set it up.
Is this for all android systems because it is a huge rug pull if so
Pretty sure it’s a change to AOSP, the basis for every single Android ROM in existence.
I can understand this workflow being created to protect the legions of people who are tricked into installing spyware.
It doesn’t remotely affect me because I use GrapheneOS and if this is an issue for you then you’re probably someone who should look at installing GOS or Lineage.
I don’t think Google should be able to do this and it is likely part of a longer-term strategy to strangle any competition. At the same time, I can understand how this change will save a lot of grandparents from clicking a link in a text from their ‘grandchildren’ and installing spyware that’ll steal all of their bank information.
GrapheneOS is built on AOSP, which is where the change is being made. Graphene and other custom ROMs will need to maintain a fork that cuts out the feature if they want to avoid. Google is also starting to close off Android to make that more difficult, so it’ll become a genuine project to maintain the fork well.
As far as I understand the enforcement depends on privileged play services. https://xcancel.com/Metr0pl3x/status/1960329785277571420#m
That’s better, at least. GrapheneOS users should be fine at least since there are extensive restrictions on Play. Other Android ROMs may have issues, though. Maybe not if they use MicroG.
I mean… This is kind of why I never let people use my phone.
I have installations from various sources enabled… Like my browser, because I know what I’m doing. But I wouldn’t trust anyone as the process is currently effortless…
If someone is trying to install spyware on you (like a partner or parent.) this might offer some notification and prevention.
I don’t really see the big deal. You do it once, enable it forever, and wipe up those tears.
I think a better way would just to have maybe like a biometric/pin confirmation upon installation. Simple. Clean.
they want to suppress the developers, not users. By making it so bothersome, so many people will just stop using sources from outside google play. First they do this and at some later time they will add more hoops to it. If they manage to strangle any developers that make stuff, people will have nowhere to turn yet they cant complain either because google will have undeniable monopoly.
The delay is almost assuredly to prevent live scamming. Like a grandparent picking up a random call or text and being tricked into thinking they’re a family member/bank worker/etc.
I’ll admit it’s annoying, and could be used by Google later to do more annoying shit.
Taking their explanations in good faith and looking at it from an customer security point of view, I can see this cutting back on some common scam types. This is kind of like how, when you go to rustdesk.com there’s a giant ‘YOU’RE PROBABLY GETTING SCAMMED’ banner across the top of the page:
These little steps can seems pointless or annoying to us, as most of us are probably in the upper range of tech skills, but consider the average user and it starts to make a lot more sense.
The delay makes intuitive sense especially since it will give the target a chance to complain about it to their friends and family who will hopefully stop it from there.
However, I’m not sure if it’s worth it. I imagine this would stop exfiltration apps which scan the users device to useful data and maybe passive screenshots but this pales in comparison to apps with subscription dark patterns, gambling and apps that harvest and sell your data legally already. If this was a case of apps prompting the user to enter sensitive information into a form then they could just use a browser.
I don’t know. I think this is a good measure to prevent scams. I’m just uncomfortable about Google’s motivation.
Removed by mod
e: nm, mod got 'em