| ▲ | 2OEH8eoCRo0 13 hours ago |
| Seems like a very reasonable compromise. What's the catch? |
|
| ▲ | volkercraig 13 hours ago | parent | next [-] |
| They'll just remove the "Advanced" ability in a few years once they've frog boiled people into jumping through hoops to use their phone the way they want. |
|
| ▲ | fsh 13 hours ago | parent | prev | next [-] |
| I don't find it reasonable that Google wants to make me wait 24h to install software on a device I own. |
| |
| ▲ | ygjb 12 hours ago | parent | next [-] | | Meh. I get the annoyance, but it's a one time cost for a small subset of their users. I would prefer if there was a flow during device setup that allowed you to opt into developer mode (with all the attendant big scary warnings), but it's a pretty reasonable balance for the vast majority of their users. (I suspect the number of scammers that are able to get a victim to buy a whole new device and onboard it is probably very low). | | |
| ▲ | jcul 10 hours ago | parent | next [-] | | Good point, having a once off advanced option to completely bypass this at device setup would be good. Also, other commenters have mentioned that adb is unaffected by this which makes it seem like less of a problem, to me at least. Still inconvenient that even if you adb install fdroid you can't install apps directly from it. | |
| ▲ | izacus 11 hours ago | parent | prev [-] | | Note that adb won't have the 24 hour cooldown if you're in such a hurry. |
| |
| ▲ | barnacs 12 hours ago | parent | prev [-] | | Get with the newspeak, it's called "sideloading" now and your corporate overlords get to dictate the terms. |
|
|
| ▲ | janice1999 13 hours ago | parent | prev | next [-] |
| Developers, including non-US citizens, are forced to give Google their government ID to distribute apps. This enables Google to track and censor projects, like NewPipe, an alternative open source Youtube frontend, by revoking signing permissions for developers. |
| |
| ▲ | codethief 13 hours ago | parent | next [-] | | This. Side loading being restricted is only one part of the problem; the other is mandatory developer verification for apps distributed through the Play Store. | |
| ▲ | MishaalRahman 12 hours ago | parent | prev | next [-] | | >Developers, including non-US citizens, are forced to give Google their government ID to distribute apps. Developers can choose to not undergo verification, thereby remaining anonymous. The only change is that their applications will need to be installed via ADB and/or this new advanced flow on certified Android devices. Either way, you can still distribute your apps wherever you want. If you verify your identity, then there are no changes to the existing installation flow from a user perspective. If you choose not to verify your identity, then the installation will still be possible but only through high-friction methods (ADB, advanced flow). These methods are high-friction so anonymous scammers can't easily coerce their victims into installing malicious software. | | |
| ▲ | Evidlo 11 hours ago | parent | next [-] | | My friend's little kid likes to make games that he and his friends can play. As far as I am aware, these apps don't require any permissions. Are apps like this more dangerous than browsing to a website? I thought they were entirely sandboxed from the rest of the device? | | |
| ▲ | Aachen 8 hours ago | parent [-] | | Not quite. You can do a lot of stuff that requires no permissions, or at least not ones that the user has to confirm (e.g. you get internet permission, sensor access, always run in the background etc. by default, but you do need to declare this in the manifest file iirc), which isn't possible on websites like that (a website will ask before it lets a site do limited things while you think the tab is closed) Depending on your threat model, it might be mostly harmless |
| |
| ▲ | codethief 3 hours ago | parent | prev [-] | | > Developers can choose to not undergo verification, thereby remaining anonymous. The only change is […] "The only change" – with all due respect, are you even listening to yourself? The "only change" is that you, as a developer, will be completely excluded from publishing apps in the Play Store and that people effectively won't be able to install your app anymore! (Unless you were targeting only e.g. F-Droid users to begin with, which very few apps do.) In essence, you are cutting down on the privacy of tens of thousands of honest developers around the world in the name of protecting users from scammers and you're pretending that 1) it's a nothingburger and 2) developers have a choice. |
| |
| ▲ | occz 12 hours ago | parent | prev | next [-] | | That's not correct - the flow described in the post outlines the requirements to install any apps that haven't had their signature registered with Google. That means those apps still keep on existing, they are just more of a hassle to install. | |
| ▲ | izacus 11 hours ago | parent | prev | next [-] | | This is downright wrong. | | |
| ▲ | Aachen 8 hours ago | parent [-] | | Care to elaborate then? It's in line with the announcements I've heard |
| |
| ▲ | 2OEH8eoCRo0 13 hours ago | parent | prev [-] | | I don't see that on the page | | |
| ▲ | janice1999 13 hours ago | parent | next [-] | | They already announced it. Here they only mention the special case where it does not apply: > In addition to the advanced flow we’re building free, limited distribution accounts for students and hobbyists. This allows you to share apps with a small group (up to 20 devices) without needing to provide a government-issued ID or pay a registration fee. i.e. Government-issued ID and fees are needed for more than 20 devices, e,g, every app on F-Droid | | |
| ▲ | ai-inquisitor 12 hours ago | parent | next [-] | | Enforcement of the device restriction would also mean they also are collecting information from your device about the app. | |
| ▲ | Evidlo 11 hours ago | parent | prev [-] | | Isn't this a huge loophole? Couldn't a scammer just make many variants of their malware? | | |
| ▲ | Aachen 8 hours ago | parent [-] | | If there were a reliable way of identifying people making multiple accounts, it wouldn't be anonymous now would it? This not a loophole but inherent to an anonymous system The trouble is, the accounts aren't meant to be anonymous. Pseudonymous at best, depending also on the country (a lot of places require government ID before you can assign a phone number, or have a central government querying system for mapping IP addresses and timestamp to the name and address of the subscriber that used it at the time). It's not like they let you create infinite Google accounts without supplying an infinite amount of fresh phone numbers or IP addresses. You also agree to the general Google privacy policy, which allows them to do anything for any purpose last I checked (a few years ago) unless you're a business customer (but then you've got a payment method in use, and they don't accept cash in the mail), such as fingerprinting as part of reCaptcha |
|
| |
| ▲ | codethief 13 hours ago | parent | prev [-] | | https://developer.android.com/developer-verification Note that the OP is about side loading, i.e. installing apps from non-Play Store sources and thereby circumventing developer verification. |
|
|
|
| ▲ | hermanzegerman 13 hours ago | parent | prev [-] |
| That I have to wait 24 Hours on my own device to install software? |
