| ▲ | Lammy 5 hours ago |
| Google have their own reasons too. They would love to kill off YouTube ReVanced and other haxx0red clients that give features for free which Google would rather sell you on subscription. Just look at everything they've done to break yt-dlp over and over again. In fact their newest countermeasure is a frontpage story right beside this one: https://news.ycombinator.com/item?id=45898407 |
|
| ▲ | svat 5 hours ago | parent | next [-] |
| I can easily believe that Google's YouTube team would love to kill off such apps, if they can make a significant (say ≥1%) impact on revenue. (After all, being able to make money from views is an actual part of the YouTube product features that they promise to “creators”, which would be undermined if they made it too easy to circumvent.) But having seen how things work at large companies including Google, I find it less likely for Google's Android team to be allocating resources or making major policy decisions by considering the YouTube team. :-) (Of course if Android happened to make a change that negatively affected YouTube revenue, things may get escalated and the change may get rolled back as in the infamous Chrome-vs-Ads case, but those situations are very rare.) Taking their explanation at face value (their anti-malware team couldn't keep up: bad actors can spin up new harmful apps instantly. It becomes an endless game of whack-a-mole. Verification changes the math by forcing them to use a real identity) seems justified in this case. My point though was that whatever the ultimate stable equilibrium becomes, it will be one in which the set of apps that the average person can easily install is limited in some way — I think Google's proposed solution here (hobbyists can make apps having not many users, and “experienced users” can opt out of the security measures) is actually a “least bad” compromise, but still not a happy outcome for those who would like a world where anyone can write apps that anyone can install. |
| |
| ▲ | Zak 4 hours ago | parent [-] | | I would like a world where buying something means you get final say over how it operates even if you might do something dangerous/harmful/illegal. | | |
| ▲ | miki123211 2 hours ago | parent | next [-] | | I would like a world where I have the final say over whether I should have a final say. One way to achieve this is to only allow sideloading in "developer mode", which could only be activated from the setup / onboarding screen. That way, power users who know they'll want to sideload could still sideload. The rest could enjoy the benefits of an ecosystem where somebody more competent than their 80-year-old nontechnical self can worry about cybersecurity. Another way to do this would be to enforce a 48-hour cooldown on enabling sideloading, perhaps waived if enabled within 48 hrs of device setup. This would be enough time for most people to literally "cool off" and realize they're being scammed, while not much of an obstacle for power users. | | |
| ▲ | vrighter 38 minutes ago | parent | next [-] | | You can sideload, I mean INSTALL, software on any linux desktop. Yet there are still tons of people saying that desktop linux has gotten good enough for most of everyone's grandma to daily-drive. | |
| ▲ | HumanOstrich 2 hours ago | parent | prev [-] | | I'm not sure I like the idea of "you have to wait 48 hours now for sideloading in case you are an idiot". Most idiots will then have sideloading on after 48 hours and still get hit with the next scam anyway. |
| |
| ▲ | 3 hours ago | parent | prev [-] | | [deleted] |
|
|
|
| ▲ | khannn 7 minutes ago | parent | prev | next [-] |
| Too bad that I'm going iPhone if Google removes sideloading and now I know about revanced so they aren't getting any more than the zero dollars that youtube and youtube music are worth from me If I'm going to live in a walled garden it's going to the fanciest |
|
| ▲ | Aurornis 5 hours ago | parent | prev | next [-] |
| You’re still proving the point above, which is ignoring the fact that the restriction is specifically targeted at a small number of countries. Google is also rolling out processes for advanced users to install apps. It’s all in the linked post (which apparently isn’t being read by the people injecting their own assumptions) Google is not rolling this out to protect against YouTube ReVanced but only in a small number of countries. That’s an illogical conclusion to draw from the facts. |
| |
| ▲ | unsungNovelty 5 hours ago | parent | next [-] | | Its my device. Not google's. Imagine telling you which NPM/PIP packages you can install from your terminal. Also, its not SIDE loading. Its installing an app. | | |
| ▲ | freefaler 4 hours ago | parent | next [-] | | Well... it would be good if this was true, but read the ToS and it looks more like a licence to use than "ownership" sadly :( | | |
| ▲ | AnthonyMouse an hour ago | parent [-] | | "Android" is really a lot of different code but most of it is the Apache license or the GPL. Google Play has its own ToS, but why should that have to do with anything when you're not using it? |
| |
| ▲ | xnx 4 hours ago | parent | prev | next [-] | | I agree, but I don't see why Google gets more critical attention than the iPhone or Xbox. | | |
| ▲ | AnthonyMouse an hour ago | parent | next [-] | | If you tell people you have a closed platform and then you have a closed platform, people who want an open platform will have a lower preference for your products and obsequious fawns will defend you by telling people who don't like it to use the open platform instead. When you claim to have an open platform and then try to close it, the treachery is transparent even to knuckleheads and you can't fob people off by telling them to use the open platform when you're supposed to be the open platform. Even some of the apple-polishers won't like you because you're breaking their alibi. It's the same reason nobody cares about Xbox but Microsoft signaling that they want to do the same thing with Windows 11 has people gathering pitchforks and installing Linux. | |
| ▲ | _blk an hour ago | parent | prev [-] | | iPhone has always been that way (try installing an .ipa file that's not signed with a valid apple developer certificate). For Google forced app verification is a major change. Xbox I don't know.. |
| |
| ▲ | da_chicken 4 hours ago | parent | prev [-] | | Yeah, let's ask the Debian team about installing packages from third party repos. I'm not on the side of locking people out, but this is a poor argument. | | |
| ▲ | cookiengineer 4 hours ago | parent [-] | | > Yeah, let's ask the Debian team about installing packages from third party repos. Debian already is sideloaded on the graciousness of Microsoft's UEFI bootloader keys. Without that key, you could not install anything else than MS Windows. Hence you don't realize how good of an argument it is, because you even bamboozled yourself without realizing it. It gets a worse argument if we want to discuss Qubes and other distributions that are actually focused on security, e.g. via firejail, hardened kernels or user namespaces to sandbox apps. | | |
| ▲ | Ms-J 2 hours ago | parent [-] | | "Debian already is sideloaded on the graciousness of Microsoft's UEFI bootloader keys. Without that key, you could not install anything else than MS Windows." This is only true if you use Secure boot. It is already not needed and insecure so should be turned off. Then any OS can be installed. | | |
| ▲ | cookiengineer 9 minutes ago | parent | next [-] | | Now tell me how Turning off UEFI secure boot on a PC to install another "unsecure distribution" vs. Unlocking fastboot bootloader on Android to install another "unsecure ROM" ... is not the exact same language, which isn"t really about security but about absolute control of the device. The parallels are astounding, given that Microsoft's signing process of binaries also meanwhile depends on WHQL and the Microsoft Store. Unsigned binaries can't be installed unless you "disable security features". My point is that it has absolutely nothing to do with actual security improvements. Google could've invested that money instead into building an EDR and called it Android Defender or something. Everyone worried about security would've installed that Antivirus. And on top of it, all the fake Anti Viruses in the Google Play Store (that haven't been removed by Google btw) would have no scamming business model anymore either. | |
| ▲ | Lammy an hour ago | parent | prev | next [-] | | I agree with you and run with it disabled myself, but some anti-cheat software will block you if you do this. Battlefield 6 and Valorant both require it. | |
| ▲ | HumanOstrich an hour ago | parent | prev [-] | | While it's possible to install and use Windows 11 without Secure Boot enabled, it is not a supported configuration by Microsoft and doesn't meet the minimum system requirements. Thus it could negatively affect the ability to get updates and support. > It is already not needed and insecure so should be turned off. You know what's even less secure? Having it off. | | |
| ▲ | Lammy an hour ago | parent [-] | | The name “Secure Boot” is such an effective way for them to guide well-meaning but naïve people's thought process to their desired outcome. Microsoft's idea of Security is security from me, not security for me. They use this overloaded language because it's so hard to argue against. It's a thought-terminating cliché. Oh, you don't use <thing literally named ‘Secure [Verb]’>?? You must not care about being secure, huh??? Dear Microsoft: fuck off; I refuse to seek your permission-via-signing-key to run my own software on my own computer. | | |
| ▲ | Ms-J an hour ago | parent [-] | | Agreed. Also Secure boot is vulnerable to many types of exploits. Having it enabled can be a danger in its self as it can be used to infect the OS that relies on it. |
|
|
|
|
|
| |
| ▲ | Aeolun 2 hours ago | parent | prev [-] | | A small number of countries now. The rest of the world in 2027 and beyond. |
|
|
| ▲ | ashleyn 3 hours ago | parent | prev | next [-] |
| yt-dlp's days are fairly numbered as Google has a trump card they can eventually deploy: all content is gated behind DRM. IIRC the only reason YouTube content is not yet served exclusively through DRM is to maintain compatibility with older hardware like smart TVs. |
| |
| ▲ | potwinkle 3 hours ago | parent [-] | | All levels of Widevine are cracked, but only the software-exclusive vulnerabilities are publicly available. It's only used for valuable content though (netflix/disney+/primevideo), so it might still work out for YouTube as no one will want to waste a vulnerability on a Mr. Beast slop video. | | |
| ▲ | AnthonyMouse 30 minutes ago | parent [-] | | The reason they have different levels is that the DRM pitchmen got tired of everyone making fun of their ineffective snake oil, so they tried to make a version that was harder to break at the cost of not supporting most devices. Naturally that got broken too, and even worse, broken when it's only supported by a minority of devices and content, because the more devices and content it's used for the easier it is to break and the larger the incentive to do it. If you tried to require that for all content then it would have to be supported by all devices, including the bargain bin e-waste with derelict security, and what do you expect to happen then? |
|
|
|
| ▲ | charcircuit 5 hours ago | parent | prev [-] |
| You would still be able to adb installs them. They wouldn't die. |
| |
| ▲ | gdulli 5 hours ago | parent | next [-] | | Developers of these apps would have little motivation if the maximum audience size was cut down to the very few who would use adb. The ecosystem would die. | | |
| ▲ | userbinator 4 hours ago | parent [-] | | Or someone comes up with an easy adb wrapper and now it becomes the go-to way to install apps. | | |
| |
| ▲ | gblargg 5 hours ago | parent | prev | next [-] | | Somehow I think having to use ADB instead of something like F-Droid with automatic updates would put a damper on things. | |
| ▲ | AuthError 5 hours ago | parent | prev | next [-] | | how many people ll do this though? i would expect sub 1% conversion from existing users if they had to do that | |
| ▲ | 5 hours ago | parent | prev [-] | | [deleted] |
|
