Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Zak 8 hours ago

I don't think Google should be changing Android this way at all, and fear that it will later be used for evil. That said, I thought of an improvement:

Allow a toggle with no waiting period during initial device setup. The user is almost certainly not being guided by a scammer when they're first setting up their device, so this addresses the concern Google claims is driving the verification requirement. I'll be pretty angry if I have to wait a day to install F-Droid and finish setting up a new phone.

Evil, for the record would mean blocking developers of things that do not act against the user's wishes, but might offend governments or interfere with Google's business model, like the article's example of an alternative YouTube client that bypasses Google’s ads. Youtube is within its rights to try to block such clients, but preventing my device from installing them when that's what I want to do is itself a malicious act.

silver_sun 7 hours ago | parent [-]

> Allow a toggle with no waiting period during initial device setup

I like this idea in principle but I think it could become a workaround that the same malicious entities would be willing to exploit, by just coercing their victims to "reset" their phones to access that toggle.

Zak 7 hours ago | parent | next [-]

That wipes all the data on the device and requires logging back in to accounts. It seems to me that's high enough friction to resist most coercion.

silver_sun 7 hours ago | parent [-]

Isn't app data, photos etc. usually synced with the Google account? Besides, Google claims that the scammers are using social engineering to create a feeling of panic and urgency, so I think the victim would be willing to reset and log in to the accounts again in such a frame of mind.

Zak 6 hours ago | parent [-]

Some is, some is optional, some isn't.

I'm sure there's a hypothetical scenario where someone successfully runs a scam that way, but there's also a hypothetical scenario where a 24 hour wait doesn't succeed at interrupting the scam.

silver_sun 6 hours ago | parent [-]

The perfect is the enemy of the good.

deaux 2 hours ago | parent [-]

Which applies just the same to the hypothetical option during initial device setup.

johnnyanmac 6 hours ago | parent | prev [-]

None of this is stopping a malicious entity. We keep trying to use tech (poorly thought out tech at that) to solve issues of social engineering. And no one is asking for a solution, either; it's being jammed in for control.

thedevilslawyer 4 hours ago | parent [-]

Such a silly statement. Of course tech can solve social engineering problem, we do so every day startign from UX design. This is a good solution to killing urgency.

johnnyanmac 4 hours ago | parent [-]

Ux is made for humans. Humans can learn to exploit UX. This is as useless a battle as fighting piracy: you will destroy your product before you solve the problem.