Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
ayaros 2 days ago

Both Apple and Google should just bite the fucking bullet and let people install whatever they want.

Apple, for their part, should have just buried the option to "sideload" deep in the settings. They could have put up a dialog, or maybe 5 dialogs in a row, each one scarier than the last, warning the user that if someone told them to do this, they are being scammed. They could have done it every time someone installs an app from outside the App Store. Make the user wait 10 seconds or a minute between each dialog. Put the option behind their passcode, or their Apple ID password. Void AppleCare if they do it, for all I care. They could have done any of this. Anyone actually concerned about their security would have avoided it anyway.

This is what they should have done. Now it looks like regulators are going force their hand. Why Google is doing this now, of all times, is beyond me. Have they read the news lately?

The regulation should be for phones, computers, and game consoles too.

I know this isn't an unpopular opinion... whatever. I gotta vent somewhere.

Squid_Tamer 2 days ago | parent | next [-]

For real. They could even gate sideloading behind a 10 question multiple-choice-answer quiz on the consequences of sideloading. That's how we license dangerous abilities in the 'real world' - demonstrated competence via standardized test.

It feels so transparent that their concern isn't actually user safety here.

laweijfmvo 2 days ago | parent | prev [-]

I actually don’t want this, especially for non tech savvy older relatives. Someone calls them and gets them to allow remote access to their PC, easily. Ever heard of the Android UI (bugs) that allowed apps to hijacking dialogs etc? I’d rather they just had a phone where security was the only option.

ayaros a day ago | parent | next [-]

This is a very real problem, and I understand it well... I have my fair share of relatives who are technologically incompetent.

The solution is to integrate sideloading into the parental controls. There are already existing permissions in iOS to restrict the installation and deletion of apps, so adding a sideloading permission should be straightforward. (They can still leave it disabled by default and bury it a bit behind a few menus and dialogs...) If a family member is really so technologically inept they can't be trusted with their own phone, then you should already be making use of parental controls in some fashion. Set a pin for them which you know and they don't know. It's as simple as that.

Perhaps that's a bit harsh, but we should not be sacrificing these freedoms at all, let alone at a time when there are already existing solutions for protecting those who are vulnerable.

(The relative simplicity of this solution is yet another piece of evidence this issue is not really about the security of users.)

const_cast a day ago | parent | prev | next [-]

Doesn't matter, most malware is on the playstore.

Play integrity doesn't protect anything, disallowing side loading has no security benefits. Thats just a lie, a convenient piece of propaganda to convince you to advocate against yourself.

There is no security on the play store. Can apps ask for way too many permissions? Yes. Are they open source? No. Are builds reproducible? No. Does Google check the code? No. Is it almost all adware and spyware? Why, yes!

Google does not give a flying fuck about the quality of the play store and anyone who disagrees is legitimately delusional. Have we looked at the play store? Seen what's recommended?

I mean, for fucks sake you can't download a goddamn calendar app without it asking for phone permissions and showing you popup ads.

Look - Google allows malware on the playstore because they have to. They make money off of ads sold on the playstore and advertisments in apps. Google has ZERO incentive to stamp malware. But they have every incentive to prop it up.

I don't need Grandma to download an unsigned binary from the internet to compromise her. Get fucking real dude. I call her, ask her to install anydesk, and remote control her device, all Google approved.

reorder9695 a day ago | parent | prev [-]

Why not have it so you could choose to have it like that, but also choose to run whatever you want? No reason this is impossible