Google: “Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn’t verified. We are designing this flow specifically to resist coercion, ensuring that users aren’t tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands.”
Thank god. I would’ve ditched Android for good if this went through, and while it sounds like it would be annoying for casual users to enable unverified apps, at least we can still install them.
I understand that thoughtprocess, I really do because I’ve thought the same at one point. Most who are angry and frustrated at Google have.
To explain it a bit, it’s pretty much what I said before. If it really were to deteer scammers, they would implement better security and safety in their Play Store first. There’s also ways they could block phishing attempts through there, but instead they use a bulldozer to hammer a small nail to a wall when a hammer would do just fine. I’m sure if you do a search for articles there’ll be news covering this, and surely son statistic if you are more curious on numbers.
What they need is better checks in the very first step, because locking down sideloading won’t fix their inherently flawed Play store security and vetting. It’s like putting a patch of glue on a crack in the wall, but right next to it there’s already a gaping hole.
Ironically, in my attempts to find any kind of information about this, it only resulted in news articles reporting on the number of developer accounts banned and announcements from Google warning users about scams and providing recommendations to safeguard themselves.
I don’t agree that Google has taken a singular approach to this problem; there are numerous ways in which they are combating scams, of which this piece is just one.
I believe people in this thread are (deliberately or not) looking at this from a very narrow point of view and not seeing how (1) there is a risk that is mitigated by preventing gullible users from installing malware through sideloading, (2) Google has reconsidered this solution after hearing community feedback and (3) Google uses numerous mechanisms to eliminate bad actors from the Play store.
To touch on the last one, it seems many of those mechanisms are not done transparently as I’ve seen threads on /r/AndroidDev back before I left Reddit about individuals being lifetime banned even by association to a scammer.
At the risk of sounding insincere—such is the nature of an online discussion forum—I’d like to tap into the ways you see the safety and security of the Play store to be deficient. How are phishing attempts successful there? In the articles I’ve read about phishing through fake apps, they all went through the route of sideloading. One example was to get “special features” in WhatsApp by downloading an APK, and another was to enable developer mode to install an antivirus APK because “the device was infected.” While I found articles describing imposter apps, searching for those apps on Google Play didn’t surface any of them, so it seems from my spot checks that it’s working.
To me, this entire discussion is quite conflicting, because on one hand, we all recognize the risk of malware, but at the same time the community is furious about whatever Google attempts to do about it.
Call me naive, but my family and I are very content with our Android phones and have no qualms with the way Google Play functions today. I remain confused about why this comment section is so mad.