Google: “Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn’t verified. We are designing this flow specifically to resist coercion, ensuring that users aren’t tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands.”
Thank god. I would’ve ditched Android for good if this went through, and while it sounds like it would be annoying for casual users to enable unverified apps, at least we can still install them.
Good news! But it doesn’t change the fact that Google tried to do this in the first place.
For now. You just wait. Evil corp is gonna evil corp it all up.
I miss the days when their slogan was “Don’t be evil”
Yeah, Google used to be the “Cool” company back then. I used to root for them.
No freaking way this was because of “feedback”. This was because the European Commission will keep escalating their fines if Google keeps at it with the monopoly bullshit.
The EU is just a bit behind being maliciously lobbied to death (eyeroll).
(See Digital Omnibus Act)
Google: "Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn’t verified.
And we will NEVER trust you again because we know you’ll retry this next year or so in a few smaller steps that all have cutesy innocent names that are supposed to lull us in a false sense of security
Fuck Google, stop paying them for anything, stop using their services wherever possible.
Wait, so Google listened to our feedback, and we’re still mad? What would a positive outcome have looked like?
Once user trust is burned it’s not coming back.
There are no positive outcomes available now - it’s time to abandon Google.
Linux phones arriving sooner? Hopefully that’s the silver lining.
Because no one believes that Google (Evil Corp) did this to deteer scammers, as they claim their reasoning was. If that was the case, they would take a much better care about the virus apps that gets released on Play Store, or the phishing ads that gets served through games.
This was always about monopoly.
I genuinely believe that it was motivated by the desire to deter scammers. What leads you to believe it’s not? There are many gullible people out there who will follow, precisely as you pointed out, phishing links that encourage them to sideload an unverified app.
No system is perfect, and I also believe that Google Play does a fair job of removing malicious apps.
I’m sorry to try to bring some nuance into this thread as I know that discourse isn’t welcome on Lemmy, but I’m just trying to wrap my head around the outrage. Providing a way to let experienced users continue to sideload apps while safeguarding the more gullible seems like a good idea and I still genuinely don’t understand what your preferred solution would be.
I understand that thoughtprocess, I really do because I’ve thought the same at one point. Most who are angry and frustrated at Google have.
To explain it a bit, it’s pretty much what I said before. If it really were to deteer scammers, they would implement better security and safety in their Play Store first. There’s also ways they could block phishing attempts through there, but instead they use a bulldozer to hammer a small nail to a wall when a hammer would do just fine. I’m sure if you do a search for articles there’ll be news covering this, and surely son statistic if you are more curious on numbers.
What they need is better checks in the very first step, because locking down sideloading won’t fix their inherently flawed Play store security and vetting. It’s like putting a patch of glue on a crack in the wall, but right next to it there’s already a gaping hole.
Ironically, in my attempts to find any kind of information about this, it only resulted in news articles reporting on the number of developer accounts banned and announcements from Google warning users about scams and providing recommendations to safeguard themselves.
I don’t agree that Google has taken a singular approach to this problem; there are numerous ways in which they are combating scams, of which this piece is just one.
I believe people in this thread are (deliberately or not) looking at this from a very narrow point of view and not seeing how (1) there is a risk that is mitigated by preventing gullible users from installing malware through sideloading, (2) Google has reconsidered this solution after hearing community feedback and (3) Google uses numerous mechanisms to eliminate bad actors from the Play store.
To touch on the last one, it seems many of those mechanisms are not done transparently as I’ve seen threads on /r/AndroidDev back before I left Reddit about individuals being lifetime banned even by association to a scammer.
At the risk of sounding insincere—such is the nature of an online discussion forum—I’d like to tap into the ways you see the safety and security of the Play store to be deficient. How are phishing attempts successful there? In the articles I’ve read about phishing through fake apps, they all went through the route of sideloading. One example was to get “special features” in WhatsApp by downloading an APK, and another was to enable developer mode to install an antivirus APK because “the device was infected.” While I found articles describing imposter apps, searching for those apps on Google Play didn’t surface any of them, so it seems from my spot checks that it’s working.
To me, this entire discussion is quite conflicting, because on one hand, we all recognize the risk of malware, but at the same time the community is furious about whatever Google attempts to do about it.
Call me naive, but my family and I are very content with our Android phones and have no qualms with the way Google Play functions today. I remain confused about why this comment section is so mad.
I think it was fairly obvious that the move was going to piss people off, they just misjudged to what extent. Modern business strategy is to claim to listen to customer feedback and just quietly plan to implement it anyway, just do it more subtly, more quietly, and more slowly.
I would understand the outrage if Google didn’t stick to their word, but unless I’ve missed something, they’ve not, have they? Are we now protesting that they reversed their decision? Wasn’t this what we wanted?
Are we now protesting that they reversed their decision?
…no? I’m not really protesting so much as offering what I think the other person is trying to say. I think they are saying that Google crossed a line, and walking it back doesn’t change that fact.
In my opinion, Google has crossed countless lines over the last 5-10 years. I’m looking for alternatives that meet my own needs. That search has accelerated over the last few years, when the things Google has done have been most egregious. This isn’t a protest. This is disillusionment. I’m abandoning ship.
That’s a unique perspective. Thanks for sharing.
It’s not sideloading, it’s installing. Stop giving into this idea that installing other apps is somehow bypassing normal methods!
Google: “Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn’t verified.
I’ve been side loading apks since I bought my first Android phones and am much more concerned about malware “safe” apps from Google’s Play store. Google’s quality control is shit.
Yes. I wonder how many people unknowingly updated Simple Mobile Tools apps after the new owner’s buy-in.
The number of apps that I’ve had to unistall because they got quietly sold and turned into malware is alarming.
Quality control is not the words. They are unethical garbage pieces of shit who make the world a worse place. These big companies buy smaller ones just so they have the good devs and no competition. Then they make everything in the market insufferable as fuck.
It’s still worse than before. Really need to break mobile away from Google and Apple. Preferably as close to standard Linux as possible
AOSP makes a lot more sense to me. We just need to adopt Graphene or Lineage en masse and start contributing to support more devices, grow that out into a real alternative with support for the already existing android app ecosystem, and real alternatives to Google Play services
Graphene doesn’t fix the problem because it’s only available on Pixel devices
Try reading what I said
That’s not good enough. They’re just going to keep lightly pushing against the bad publicity until everything not controlled by Google on your phone goes away.
We need an alternative made without googles shitty hands in the mix. This forced duopoly between Apple and Google sucks. No phone competition in the US also sucks. Overpriced Samsung or a Google phone, while companies Like Red Magic have fan and liquid cooled phones with huge batteries, more ram, and more storage, for less than a grand being sold around the rest of the world outside the US.
We are designing this flow specifically to resist coercion, ensuring that users aren’t tricked into bypassing these safety checks while under pressure from a scammer.
Translation: if they want scamware, it better be from Google Play, where Google gets a 30% cut. On top of the cut they got for the phishing link in Google Ads.
And if anything thinks I’m being hyperbolic, go on Google Play and search for pretty much anything. Or turn off your adblocker.
Helped a disabled pensioner recently with her phone that kept plaging loud obnoxious ads at her even while locked.
She had 4 different “virus scanners” that were all fake adware.
The fee is 15% below the first $1M of revenue and it should go without saying that app developers only pay that fee for paid apps, in-app purchases or digital subscriptions. It’s very unlikely that a scam app would be paid, or work off a subscription, and if those phishing ads are doing their conversions, you’ll never see the user again.
I doubt Google’s making more than a few cents off each of these scam apps.
Google gets a cut from the Google Ads click, which takes the user directly to the Play Store (or, if on desktop, the Chrome extension store).
If it’s some free shovelware app, they get a cut from the ads spammed onto the user’s screen. If it’s a sham subscription app, they get a cut of that. I see this a lot test clicking ads these days.
If its legit phishing, that’s a fair point; they don’t get a direct cut of the scam, other than the attention it drives towards their app stores and the data they collect for the user’s profile. But the point I’m trying to make is that it’s incredibly hypocritical to paint 3rd party apps (and indeed any competing app store) as a danger when they do such a poor job policing their own store. They may have a point, but it doesn’t really tackle scamware unless they change their moderation habits.
deleted by creator
Err, that’s not true on the last fee devices I’ve used, Pixels and a Fairphone. Installing apps from APK files doesn’t require me to enable dev options. In fact trying to install an APK from say Files brings me straight to the permission setting. It’s also per-app. It can be accessed under Settings > Apps > Special app access > Install unknown apps.
That’s not what the phrase “dark pattern” means.
On Samsung it’s: download APK, run it, see the warning, tap “allow third party installations”, flick a switch, tap “install”.
dark pattern
This is not what dark pattern means.
Also, I don’t think enabling developer options is required to install arbitrary APKs.
In some ROMs at least, unknown sources for specific apps is not in the developer options.
That’s not a dark pattern…
that warning was not at all prominent, and as others have said, t does not exist anymore on modern android
Easing is not removing.
Anything more than a warning and disclaimer popup is too much.
I’m OK with jumping through more hoops – once.
Once I told the device that I know what I’m doing, it shouldn’t be more than a pop-up per install.
I’d agree that the option is inportant to turn it off but one and done shouldn’t be the default cuz people fucking dumb, yo.
Eh, I’m probably gonna ditch that smartphone thing anyways, at least for a while. Android becoming a closed-off garden was the last straw and I was kinda looking forward trying to go without a phone to test if I can adapt. I started leaving the house without my phone more and more and I kinda like it.
Sure, it’s fun and convenient to have the Internet in my pocket. Heck, it’s even required in some cases, but this digital mess we are currently in is too much for me. I remember how I was looking forward having one back then; I was really looking forward having acces to the Interney wherever I was, but nowadays I kinda miss being less conected from all the bullshit especially when outside.
I guess I could get a linuxphone one day if I miss having a phone (if I somehow manage to completely remove the smartphone from my life in the first place).
Thank god. I would’ve ditched Android for good if this went through, and while it sounds like it would be annoying for casual users to enable unverified apps, at least we can still install them.
You would have ditched Android for ios if it were implemented?
At least the apple ecosystem all works. Androids full of shit that will never be fixed. Looking at Google cast in particular. There have been many others too.
Ive been using Android for more than a decade, fwiw
I would not have done so, but I think there’s a reasonable argument that if Apple and Google’s mobile platforms are indistinguishable in terms of user freedom and Google is going to try to be Apple, ya may as well just go with the better Apple
… continues to make Play Integrity an integral part of Android and making all the stupid banking and govt apps requiring having it on your phone thus making it harder to de-google.
still no… fuck you.
Degoogle now before they install their malware on your device(s).
If you can get your hands on a pixel, get grapheneOS. If not, get LineageOS or degoogle your phone. With LineageOS you’ll have to make do with internet banking instead of banking apps.
Depends on the bank.
This is what I’m struggling with. I use an app-only challenger bank, so I feel a bit stuck unless I change everything…
Aren’t there challenger banks that have website interfaces?
Yep. Monzo implemented an emergency-use website about 5 years ago, Revolut shortly after (and I think they have a desktop app now). I’m with neither (though I can SEE my accounts online, I cannot DO anything with them).
I’m just waiting for the moment Valve also decides to enter the mobile market :)
Well, they do have few mobile devices with Ryzen and QC chips, they have been investing heavily in Linux OS recently, so crossing fingers Libre phone would collaborate with them to release Libre Phone Black Magick to the gamers, that would sway a big chunk of Android enthusiasts to switch, and then apps would follow.
If they decide to make the Steam Deck 2 actually a Steam Phone with controller attachments that could be a way for them to enter the mobile hardware.
Not enough cooling. A better idea would be to release a Steam Deck 2 with the same form factor as the 1 and a Steam Deck Mini with a phone form factor and the same performance as the original Deck.
I like the sound of the Steam Deck Mini. Maybe it could be the return of the Sony Xperia style phone.
