| ▲ | ravenstine 13 hours ago |
| This has nothing to do with keeping people safe. If it did then power users could continue to install their own software by being given that ability as a developer setting. The fact that some people are gullible enough to go into a hidden setting on their phone and enable that in order to install an app from a random Chinese website is not a good reason to take away everyone's freedom. Consolidation of power is all this is about. |
|
| ▲ | SchemaLoad 11 hours ago | parent | next [-] |
| There is immense pressure to stop online scams which are draining old people of their life savings. The whole flow from the article seems entirely based around letting power users install what they want while being able to break the flow of a scammer guiding a clueless person in to installing malware. It is promising that Google has avoided just turning off sideloading but still put measures in place to protect people. |
| |
| ▲ | spaqin 4 hours ago | parent | next [-] | | I've never seen any news about such scams with actual malware that can break through Android's sandbox system - as we're still assuming a rootless systems. In most cases it's pig butchering, phishing, cold calls that make the person use the official app to transfer money to an account they're told to. This stops nothing of the sort. | |
| ▲ | bhhaskin 10 hours ago | parent | prev | next [-] | | Why is it on Google to stop this and not the banks? | | |
| ▲ | igregoryca 8 hours ago | parent | next [-] | | What can Bank X do to stop phone malware from scraping the user's session token from the Bank X app or website? Yes, banks should (and sometimes do) double- and triple-check with you before allowing large transfers/withdrawals, but scammers know how to coach their victims past this. Speaking from experience. (I also don't fully agree this is Google's responsibility, and I am not happy about this development. But there are legitimate points in favor of outsourcing the question of "will this software do nefarious things" to some kind of trusted signing authority.) | | |
| ▲ | bhhaskin 8 hours ago | parent [-] | | Don't do instant non-reversible transfers. Specially for a transaction that is highly likely to be fraud. I.e. person transfers to someone you haven't done business with before or foreign accounts. Also the fraud detection needs to go both ways. | | |
| ▲ | pas 6 hours ago | parent [-] | | they can wait. how would the clueless victim check anyway? |
|
| |
| ▲ | Gigachad 6 hours ago | parent | prev [-] | | Because they want to shake the image that the iPhone is for the average person while Android is for technical people who take the risk of malware and scams. There are more grandmas who just want their banking secure than there are FOSS advocates wanting full system access. |
| |
| ▲ | johnnyanmac 8 hours ago | parent | prev [-] | | >There is immense pressure to stop online scams which are draining old people of their life savings. From who? I'd rather have this done by a regulated service like a bank than a private corporation with a perverse incentive. Frauds and scams are already illegal. That't the similar narrative to "think of the children". They want to act as this middleman and secure their place, all while having unfettered access to people's data. |
|
|
| ▲ | staticassertion 7 hours ago | parent | prev | next [-] |
| It absolutely has to do with keeping people safe. You not caring isn't relevant. |
|
| ▲ | 12 hours ago | parent | prev | next [-] |
| [deleted] |
|
| ▲ | jrmg 12 hours ago | parent | prev [-] |
| This has nothing to do with keeping people safe. ...and... some people are gullible enough to go into a hidden setting on their phone and enable that in order to install an app from a random Chinese website are kind of contradictory. |
| |
| ▲ | asveikau 9 hours ago | parent | next [-] | | There's much easier ways for gullible people to be scammed than convincing them to install an android app. | |
| ▲ | zadikian 10 hours ago | parent | prev [-] | | It's not a contradiction. Removing that setting solves that problem, but it's not the only solution. | | |
| ▲ | array_key_first 9 hours ago | parent [-] | | It also only solves that very specific problem. You don't need to side-load an app to scam someone. There's plenty of malware on the play store you can use. And, you don't need malware. There's plenty of legitimate apps you can use for scamming. And, you don't need an app, I would imagine most scamming is done without an app. So, really, we're solving a subset of a subset of a subset of a subset of the problem. | | |
| ▲ | lyu07282 8 hours ago | parent | next [-] | | Exactly, it's about 'trusted computing' and that never meant your 'trust'. https://en.wikipedia.org/wiki/Trusted_Computing#Criticism | |
| ▲ | johnnyanmac 8 hours ago | parent | prev [-] | | yes. Hence, "this isn't about keeping people safe". The most effective means of hacking is social engineering. You can't solve that with any number of "security measures". If you require all the DNA sources in the world, a scammer will still charm a target into opening it up for them. |
|
|
|
