I don't buy this argument at all that this specific implementation is under pressure from the government - if the problem is indeed malware getting access to personal data, then the very obvious solution is to ensure that such personal data is not accessible by apps in the first place! Why should apps have access to a user's SMS / RCS? (Yeah, I know it makes onboarding / verification easy and all, if an app can access your OTP. But that's a minor convenience that can be sacrificed if it's also being used for scams by malware apps).

But that kind of privacy based security model is anathema to Google because its whole business model is based on violating its users' privacy. And that's why they have come with such convoluted implementation that further give them control over a user's device. Obviously some government's too may favour such an approach as they too can then use Google or Apple to exert control over their citizens (through censorship or denial of services).

Note also that while they are not completely removing sideloading (for now) they are introducing further restrictions on it, including gate-keeping by them. This is just the "boil the frog slowly" approach. Once this is normalised, they will make a move to prevent sideloading completely, again, in the future.

Google have their own reasons too. They would love to kill off YouTube ReVanced and other haxx0red clients that give features for free which Google would rather sell you on subscription.

Just look at everything they've done to break yt-dlp over and over again. In fact their newest countermeasure is a frontpage story right beside this one: https://news.ycombinator.com/item?id=45898407

I bought the hardware, therefore I have the right to modify and repair. Natural right, full stop. That right ends are your nose, as the saying goes.

> there cannot exist an easy way for a typical non-technical user to install “unverified apps” (whatever that means), because the governments of countries where such scams are widespread will hold Google responsible.

You can also view this as a "tragedy of the commons" situation. Unverified apps and sideloading is actively abused by scammers right now.

> Meanwhile this very fact seems fundamentally unacceptable to many, so there will be no end to this discourse IMO.

I get that viewpoint and I'm also very glad an opt-out now exists (and the risk that the verification would be abused is also very real), but yeah, more information what to do against scammers then would also be needed.

Then let them do that for those countries. Not for everyone. I'm not in any of those autocratic countries. Or offer an opt out in the countries where this isn't a thing. Using adb is not really great for doing updates.

And also, I'm the owner of my device. Not my country.

If nobody pushed back on anything we'd all be subjected to the laws of the worst country on earth, because big tech companies want to do business there, and putting an if/else around the user's country takes effort.

> because the governments of countries where such scams are widespread will hold Google responsible.

This is the unsurprising consequence of trying to hold big companies accountable for the things people do with their devices: The only reasonable response is to reduce freedoms with those devices, or pull out of those countries entirely.

This happened a lot in the early days of the GDPR regulations when the exact laws were unclear and many companies realized it was safer to block those countries entirely. Despite this playing out over and over again, there are still constant calls on HN to hold companies accountable for user-submitted content, require ID verification, and so on.

> there cannot exist an easy way for a typical non-technical user to install “unverified apps” (whatever that means), because the governments of countries where such scams are widespread will hold Google responsible.

What, the same way they hold Microsoft responsible for the fact that you can install whatever you want in Windows?

Obviously, there can exist an easy way for a non-technical user to install unverified apps, because there has always been one.

It's not possible to provide a path for advanced users that a stupid person can't be coerced to use.

Moreover, it's not possible to provide a path for advanced users that a stupid person won't use by accident, either.

These are what drive many instances of completely missing paths for advanced users. It's not possible to stop coercion or accidents. It is literally impossible. Any company that doesn't want to take the risk can only leave advanced users completely out of the picture. There's nothing else they can do.

Google will fail to prevent misuse of this feature, and advanced users will eventually be left in the dust completely as Google learns there's no way to safely provide for them. This is inevitable.

> the governments of countries where such scams are widespread will hold Google responsible.

This argument is FUD at this point.

Sovereign governments have ways to make clear what they want: they pass laws, and there needs to be no back deal or veiled threats. If they intend to punish Google for the rampant scams, they'll need a legal framework for that. That's exactly how it went down with the DMA, and how other countries are dealing with Google/Apple.

Otherwise we're just fantasizing on vague rumors, exchanges that might have happened but represent nothing (some politicians telling bullshit isn't a law of the country that will lead to enforcement).

This would be another story if we're discussing exchanges with the mafia and/or private parties, but here you're explicitely mentionning governments.

That's a disingenuous argument though: they are in that position because they chose to make themselves the only way that a 'normal' user is able to install software on these devices. If not for that these governments wouldn't have a point to apply pressure on in the first place.

this is an unresolvable issue

  security = 1/convenience

  security = 1/freedom  or agency

Or maybe Google just has empathy for people losing millions to scams?

And of course: you need an account, rather than simply allowing you to tell your OS that yes, you know what you're doing.

But see also the next section ("empowering experienced users"):

> We are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified

It's not super clear from the post, but if I read it correctly there are two modifications suggested.

   - 1: Separate verification type for "student and hobbyist"
   - 2: "advanced flow" for "power users" that allows sideloading of unverified apps - I imagine this is some kind of scare-screen, but we'll see.

> Google can then require highlighting things like number of downloads and developer reputation by 3rd party appstores

F-droid doesn't want to track number of installs because that is an invasion of privacy.

> require developer verification, but also allow third party appstores like f-droid that don't require verification

Now you've moved the problem from Google gatekeeping apps to Google gatekeeping app stores. We don't want either.

Does this allow unsigned binaries like today? Or is this now requiring you have a binary signed by a android developer account but just one without full identity verification.

What if it imposed a longish (one time) cooldown period? A day?

> > intercepts the victim's notifications

> And who controls these notifications and forces application developers to use a specific service?

Am I alone in being alarmed by this? Are they admitting that their app sandboxing is so weak that a malicious app can exfil data from other unaffiliated apps? And they must instead rely on centralized control to disable those apps after the crime? So.. what’s the point of the sandboxing - if this is just desktop level lack of isolation?

Glossing over this ”detail” is not confidence inspiring. Either it’s a social engineering attack, in which case an app should have no meaningful advantage over traditional comms like web/email/social media impersonation. Or, it’s an issue of exploits not being patched properly, in which case it’s Google and/or vendor responsibility to push fixes quickly before mass malware distribution.

The only legit point for Google, to me, is apps that require very sensitive privileges, like packet inspection or OS control. You could make an argument that some special apps probably could benefit from verification or special approvals. But every random app?

Their top priority is making money.

Only a few things in life are for sure. Death, taxes, and corpospeak.

this is an absurd rant. they invest, like, billions into security. It's not as perfect as you want it to be but "completely ignoring" is a joke. if you've got actual grievances you should say what they are so that we can actually get on your side instead of rolling our eyes

If I were designing the advanced flow, I'd require the decision to be made at phone setup time. Changing your mind later requires a factory reset.

Real sideloaders (F-Droid users, etc.) know at setup time that that's how they'll be using their phone, so it works for them. But ordinary users who are targets for sideloading malware will become a lot less attractive if attackers must convince them to wipe their phone to complete the coercive instructions.

Aliexpress has a similar approach to protect their accounts from takeovers. If you change or forget your password, all your saved payment methods are erased. This makes the account less valuable to an attacker, at the cost of a little pain to authentic account holders.

There's a second path, whereby F-Droid registers as an "alternative app store", which is a new category of app created in the fallout of Epic Games v. Google [0]. This is interesting because it applies to all regions and will necessarily need more elevated permissions than the typical REQUEST_INSTALL_PACKAGES permission used today. No idea what requirements Google will impose on such apps.

[0]: https://en.wikipedia.org/wiki/Epic_Games_v._Google

If F-Droid is no longer part of the android community, then neither will I.

I'm not too worried. My employer should be, though.

It all depends on how the flow is implemented.

If it's a one time unlock, eg like developer mode then hopefully it'll just work.

If it's a big long flow per install... Yikes, that's not much better than adb install

Correct me if I'm wrong but doesn't the EU digital markets act mandate this?

I'm a little nervous about what this advanced flow is going to look like, given that sideloading already requires jumping through a bunch of hoops to enable and even that apparently wasn't enough to satisfy Google.

I'm cautiously optimistic though. I'm generally okay with nanny features as long as there's a way to turn them off and it sounds like that's what this "advanced flow" does.

> Sounds like they're rolling back the mandatory verification flow

absolutely no. this is for the user side. but if you're a developer who is planning to publish the app in alternative play store/from your website, you have to do verification flow. please read the full text.

I feel like if safety was really their top priority, they would have done this long ago and not bothered with this mandatory signing nonsense to begin with...

Still, it seems like good news, so I'll take it.

It's a device you own, sure. But you've licensed the software.

Android Debug Bridge (https://developer.android.com/tools/adb) using two Android smartphones and Termux (https://github.com/termux/termux-app):

* Search for "Smartphone-1 to Smartphone-2" "adb tcpip 5555" in "Motorola moto g play 2024 smartphone, Termux, termux-usb, usbredirect, QEMU running under Termux, and Alpine Linux: Disks with Globally Unique Identifier (GUID) Partition Table (GPT) partitioning": https://old.reddit.com/r/MotoG/comments/1j2g5gz/motorola_mot... (old.reddit.com/r/MotoG/comments/1j2g5gz/motorola_moto_g_play_2024_smartphone_termux/)

* Search for "termux-adb" in "Motorola moto g play 2024 Smartphone, Android 14 Operating System, Termux, And cryptsetup: Linux Unified Key Setup (LUKS) Encryption/Decryption And The ext4 Filesystem Without Using root Access, Without Using proot-distro, And Without Using QEMU": https://old.reddit.com/r/MotoG/comments/1jkl0f8/motorola_mot... (old.reddit.com/r/MotoG/comments/1jkl0f8/motorola_moto_g_play_2024_smartphone_android_14/)

Did we read the same thing? I think Google here said there would be a $25 fee per developer (for those who can't fit in their limited distribution category). I suppose it's much better than a fee per paid install but it's not nothing.

This is exactly what I do. Works pretty well. I've never needed to restrict the play store. I just tell them not to use it.

I wonder if MDM can do that.

LineageOS is based on AOSP and works well. I don't understand the banking app thing either. I suspect it's a regional issue. I can log in to my credit union account via any browser, and if something needs MFA it should be able to use TOTP which works on anything.

Android in practice is full of proprietary blobs, stuck on old kernel versions, and the hardware is barely supported. Lots of downstream crap from the vendors not playing nice. Most devices running Android are instantly doomed to be e-waste. You can look through devices postmarketOS supports, and anything without mainline kernel support and most stuff working is basically e-waste unless someone puts in a lot of work for that particular device. It's a little bit like how modern GPUs don't work without blobs in the kernel anymore and you have to go back to Haswell era or older for things to work with all free software, but the state of smartphones is a few steps worse than that due to their locked down nature.

Pretty much any OnePlus device (other than ones still too new) seems to be a good bet for decent software support (both LineageOS and pmOS). Though annoyingly stuff like the 3G shutdown makes a lot of the earlier models unusable as actual phones these days. At least they can still be computers. Not quite e-waste.

Well, would the community be willing to respond to AI-submitted CVEs without funding?

What's the Android situation there? Last I heard Google didn't license Android there and they were using Chinese app stores with forked AOSP Android. Which would seem to put the sideloading decision in the hands of the forked OS.

Why should that mean anyone else should lose control of their device? Maybe at some point you have to accept that it's the user's responsibility? Maybe empower users to be aware of what the apps they install are doing, without take their control away?

This is how loss of autonomy always happens in every sphere: make an argument that it's for their own safety that individuals are losing autonomy, and the entity gaining control is superior in knowing what's best, and is taking control only out of the goodness of their heart.

These unfortunately gullible people would be tricked in many different other ways throughout their daily lives even if it wasn't for the ability to install something on a device that you paid for and outright own.

We don't cater the most stupid in society.

Yes, this is called malware and isn't the fault of being able to install software on your device.

If someone tricks you into handing over the keys to the kingdom, the solution isn't to remove your door.

I can only imagine that allowing "unverified" apps to run would also disable payment/banking apps. Just in case, you know. For your own good.

it's not

> "Google come to their senses on this"

it's

> "Google was forced to their senses on this"

> That seems like a severe security bug in Android APIs or sandboxing or something else.

No, this is the permissioned API that makes KDE Connect work, which makes Apple's Continuity look like a toy and that also lets me programmatically filter notifications.

As soon as a platform gives control to the fullscreen, harmful apps are possible.

See for example Apple detecting if a user is typing on a keyboard while in a fullscreen website, and then blocking the website. Yes it's as crazy as it's sounds.

I worry that the overton window has shifted so much after over a decade and a half of most downloads being mediated by "app stores" that most people don't realize or have the means to vocalize or understand what they're missing.

So they can be less evil to more people rather than pushing people to a non-evil platform.

Sadly, less evil is still evil.

I still remember when I could give my friends an exe of the stupid little games I made, worry free.

I guess that makes me a cybercriminal, doesn't it.

i think your opinion is pretty dated.

The issue is that of network effects. Making it harder to sideload for example f-droid makes the already small market for it even smaller, leading to less apps. It also forces people developing Apps that they don't want to reveal to be developing for completly valid reasons (Imagine developing a porn app in saudi arabia or an abortion support app in the USA) to validate against google aka the US Government.

Ask yourself how relevant and interesting you'd find this comment if someone else had posted it.