I, as the owner of my device, don’t want to wait 24h.
I hope this will popularize the ROM community again. It gradually faded out due to mainstream ROMs having every perk of the custom ROMs but now the custom ROMs can start offering freedom, which no official ROM will offer.
Is there a tap to pay system that works on custom ROMs? I thought those really required SafetyNet/PlayIntegrity/Whatever-it-is-now.
I would rather not give up tap to pay but I will if I have to. It seems like trying to Magisk my way into getting Google Wallet to work would be a PITA.
I, as the owner of my device, don’t want to wait 24h.
then dont. adb is instant
Why would I need a computer to do something that the computer that I already have in my hand can and should do?
bec malware. people get hacked on android and make google look bad.
Because google is so productive about eliminating malware from the play store and all of its scam advertising. This is not about protecting the vulnerable, this is about control and forcing people into their ecosystem.
“side loading” == installing
Yes. It is the same thing. Google is just trying to gaslight people.
No we didn’t win. This is Google making it harder to install the programs you want, rather than the programs Google wants you to have.
Making users wait 24 hours doesn’t improve security; it’s an anti-competitive change designed to make the Google Play store seem like less of a hassle in comparison.
I can actually see where it can improve security against scammers trying to scam elderly and non-tech savvy people.
- Scammer tries to get someone to install malware from their site
- Victim isn’t familiar with sideloading, but scammer instructs them
- Victim hits the first time 24 hour block and has to restart and wait
- The restart alone breaks contact with the scammer, scam thwarted
For the rest of us that know our way around Android, it’s just a one time annoyance, after completing all the steps to enable sideloading, you won’t have to wait 24 hours anymore.
It’s going to be effective, but it’s a sad world where you have to create a total nanny state because there exist a subset of users who are INCREDIBLY stupid.
It’s sad, but this is the world we live in. It’s constantly disappointing.
But I do want to push back a bit, the people getting scammed are not incredibly stupid, they’re incredibly vulnerable. They’re often people who are generally less tech savvy, but also they’re people who don’t have a lot to lose, it’s a bit counterintuitive, but it’s easier to scam people who take money very seriously.
Is it still a subset when it’s the majority?
And to be honest, the level of effort scammers are willing to go through is shocking, and AI’s just making it easier for them.
Anything less than the whole is a subset, yes.
Strictly mathematically even the whole world is a subset of the whole world.
And to be honest, the level of effort scammers are willing to go through is shocking
Is it? If you live in a country like India, then a single successful scam will be able to pay for years of living expenses
Evidence that any significant percentage of people, never mind the majority, is getting scammed? Then how many of them via app installs?
I’d believe that if most Pig Butchering scams weren’t using apps from Google Play already.
Fair enough, you have a point. Although, I do think the developer verification thing will make it easier for Google to weed out bad actor developers altogether from the Play Store.
Sure there’s no perfect solution, but at least they’re trying to make it a lot more difficult for the scammers out there, while still leaving power users a path to keep using Android the way we want.
I think it is absolutely delusional to assume any of this actually has anything to do with security or safety of users. Google just wants more power and control over, well, everything they can get.
The problem with this is that most of the apps used in scams are already on the play store. I haven’t ever seen a scam which requests the user to download a third party app, although I’m sure it’s happened on occasion.
My point is that this won’t stop most scams, and primarily cause annoyance for actual power users.
This is only the first step, they will keep adding more bullshit like this in the name of security till you end up with a device that’s nothing more than a advertisement terminal for google
Scammers almost always install remote desktop app from play store. This is just anti competitiveness…
Do not redeem
Solution in search of a problem?
I have never seen a scam call involving sideloading an app on a phone… Why would they whenTeamViwer is in the Google app store?
Fuck I dunno, I haven’t used the Play Store since Covid lockdown. I rather prefer to sideload most apps and avoid Google for the most part anyways.
Lets be real though, currently they already have to blow through 4 other warnings about installing unsigned APK and enabled the browser or file manager to be able to install applications. It’s almost certain if they are that far deep/commited, they are going to call the scammer back if the scammer left a number.
Yes this might allow for a time delay where the scammers number could be disabled if reported by enough people, or someone else to be like “yo this is a scam” if they mentioned it but, I don’t think this is as secure as they are saying it will be. The target audience for this is very unlikely to be thwarted by a time delay. Plus, the scammer will make some excuse about how the warning is just a safety percaucion and doesn’t need to be followed as this is a normal usage of the toggle, and then have them call back after the delay is done.
For clarification: the target audience doesn’t know about the scam, and all they care about is that someone is seemingly willing to assist with an issue or problem they have. Said person knows the solution and they just have to wait for the timer to be done to be able to do said solution. They have no reason of telling others about it (unless they were complaining about googles time delay) as they already got someone who is seemingly able to assist.
Honestly, having to have the user type “I agree that I have verified the application i am trying to install is genuine and not a fraudulent app” or a listbox of checkmarks to toggle in order to enable it would be far more efficient for this case.
Hell take the example image the article on the dev page has and make it into toggles instead and it would work far better than a timer does.
Honestly, having to have the user type “I agree that I have verified the application i am trying to install is genuine and not a fraudulent app”
Yeah, this would be the most promising approach IMO. Whenever I was forced to write something, I did pay more attention to what that said than if I ticked a box next to it.
Maybe even have them write “I am not instructed to install this app by someone else. I am aware that following instructions to install an app this way often have fraudulent intentions”.
(Also if the language was changed recently, it should ask to write it in all languages that were set within the last 14 days or so. Otherwise the scammer will have them switch the language so they don’t understand what they’re writing)
Sadly, there’s truth in everything you say. Scammers are gonna be scammers, and they’ll just find a new technique plus the long standing social engineering to continue their efforts to rip people off of whatever they can.
Still, it’s something in the middleground, to help grandma be less likely to get scammed, while also giving power users an out and way to keep using their devices the way they want.
Honestly, having to have the user type “I agree that I have verified the application i am trying to install is genuine and not a fraudulent app”
Ask Other Linus how well that sort of thing (“Yes, do as I say!”) works, LOL!
I agree with you that Google’s anti-competitive time delay BS is likely to be ineffective for its claimed purpose, but frankly, I don’t think any other reasonable (i.e. non-rights-infringing) strategies would be effective either. Honestly, there’s a limit to how much effort you should go through to save idiots from themselves – and how much annoyance you impose on everyone else in the process! – and I think we’ve already hit it.
I have never seen that page before, but that’s hilarious. I somewhat hope that he did that as a demonstration of, hey, someone may do this because it’s hard for me to wrap my head around someone who uses a computer for a living, doing something like that.
Being said, I think that prompt went above and beyond what was needed. At some point you just need to let the user touch the hot stove top… It stated what it was going to do, stated that it was going to be potentially dangerous and unlikely what the user wanted, and then reiterated that it was core essential packages needed for it to run… I don’t know what else they could do there. I would definitely be against adding further restrictions though. If he was willing to type that in, I don’t know what would stop him from doing that, to be honest, Maybe a…" I acknowledge this would break my system…" instead of it being yes-do as I say. But I don’t know.
Being said hard agree there is zero reason that a package like steam should be able to uninstall your desktop., That was definitely a bug or a misconfiguration with the steam package. That was unexcusable. I just think they gave more than enough information of what that would do and he did it anyway.
I firmly agree at some point the ends don’t justify the means and Android has definitely got to that point with unsigned packages prior to making this change., And I don’t think the ends justify the means to implement such a system. And I definitely think there is ulterior motives for implementing it.
I somewhat hope that he did that as a demonstration of, hey, someone may do this because it’s hard for me to wrap my head around someone who uses a computer for a living, doing something like that.
Nope, he genuinely didn’t bother to understand the warning before typing it. He may use computers for a living, but that just means he has a lot of very ingrained Windows bad habits to un-learn.
It was some pretty big Internet drama when it happened and he’s still trying to defend himself from the near-universal lambasting he got for it. Although I included the link just in case, I’m kinda surprised you (being a person tech-savvy enough to be posting on Lemmy) didn’t already hear of it.
He’s actually making a second attempt to switch to Linux right now (four years later), initially picked Pop!_OS again, and had some more problems with it. 🤦 He has a second channel where he posts clips from his podcast, and he keeps whining about how the other people doing it with him are having little to no trouble and he’s just cursed, LOL.
Yeah, I had never heard of it, I generally stray away from video based mediums, but I am a little surprised I didn’t come across articles for it, I can only assume that none of the creators I followed covered it.
Although it was kind of funny to see the beginning of that second video, him still trying to do damage control, it looked for a second like he was going to agree that he had screwed up that install because he said it was 100% his fault and then he Backtracked and said that it wasn’t his fault and I’m like so close lol.
I don’t care if it’s android or anything else, the moment my phone does that is the moment I switch to something else.
Yup, I got a pixel 10a that I will be putting graphene on as soon as it releases.
What if both android and iOS do this?
Is there a non-lemmy.ml variant?
I mean it’s been around the longest and has the most subscribers. Most people only look at that, and I feel like arbitrarily splitting communities is actively harmful to the fediverse. Competing communities confuse and drive away new users.
lol one of the first things I read here, after making my account, was that everyone should block .ml apparently because communism? I dunno, its all very confusing and new for me.
No, because the people there are generally obnoxious, trolls, tankies, or all three. Nothing to do with their views on government economic policy.
Yeah people are weird about it. I’ve never had any systematic issue from .ml
Usually takes a few decades after a world war for systematic issues to arise from that stuff.
Huehuehue.
Still worse than it was before. There’s no win in that
This isn’t a win, this is Google making things shitty for the benefit of no one but themselves.
Its seems fine, other than the whole “coaching” thing. Like, nobody knows how to do this today, so someone will have to “coach” them through it, even if it’s Google themselves.
But I would wait and see exactly how it’s implemented before calling off the resistance.
Nah, American companies cannot be relied upon by definition. Even if the people running one are fine (and many are), they are still based in what is essentially a pro-crime, pro-corruption jurisdiction.
Time for another OS. Android is over.
The year of the Linux phone is upon us brethren!
Postmarketos is looking pretty promising right now.
You can’t sideload on Linux…
Software freedom or demise. While Google is capable of imposing anything then Android is already dead to me.
What do they mean reauthenticate after 24h? I can’t authenticate as I don’t have a Google account. Although I do unfortunately have Google play installed, my phones can’t have it removed.
Whatever you use to login, password / pin / pattern / body part.
If the process doesn’t include any phone home stuff, and is just a one-time cool off period to prevent scammers, this is acceptable to me. That should be enough to get potential victims to self-question, ask more knowledgeable people of what’s going on to avoid being unknowingly hacked, without being naggy everytime for users that want to do what they want.
Making a software “foolproof” will probanly invent a bigger better, fool hoping for some sort of free crypto app jumping through these hoops, but this should weed out most of the basic scams.
No the scammer will simply point out that the warning is about scammers and not him, your friendly MS tech that called to help solve a problem you didn’t have.
Scams don’t rely on tech.
The scammer is not going to be on the phone with the victim for 24 hours continuously.
He doesn’t need to.
It still sets your phone in a state that marks it as security compromised. This could lead i.e. to banking apps not working. I’m not so sure about the “acceptable” state of things here.
Yeah, I take issue with that, but I don’t think it would be used if people complain to banks that reading the flag bricks the app.
Sounds to me like you’re willing to give up liberties in exchange for comforts, that’s always a bad idea
I tend to favour privacy over big tech control, but I recognize we have to at least consider the cost-benefit of these tradeoffs, to live in a society. Of course I’d prefer a phone with no warnings, no nagging, if you get scammed that’s my fault and I will keep my phone that way if it means I will stay off Android 15 and de-Google my next phone. But Google’s plan is within the realm of an acceptable compromise to me because sideloading is still available to everyone without registration with Google. Each person will feel differently about it.
Taking your position to the extreme, if trading liberty for comfort is “always” a bad idea with no exceptions, you can turn off your phone and do without the comfort of it. (Only saying this because always is the word you chose to use.) To accept cellular and home internet services to communicate in the public realm requires you to give up some level of privacy, though of course it can be possible to stop a lot of the unnecessary surveillance that happens along with the necessary tradeoff.
- enable developer options
- confirm that you are not tricked
- restart phone and re-authenticate
- wait one day
- confirm with biometrics that you know what you are doing
- decide if you only want unrestricted installs for 1 week or forever
- confirm that you accept the risks
- enjoy the few apps that still have developers motivated to develop for a user-base willing to put up with this
A classic case of making a ridiculously restrictive change, then “walking it back” to a merely semi-ridiculous change and having everyone sigh in relief.
Just like Anthropic and OpenAI’s willingness to kill people en masse, then walking it back to a nonexistent standard.
- Fuck that, keep an old phone and don’t update it
- When it breaks, buy a Linux phone. Or a dumbphone.
- Only way to win? Don’t play their game
- enjoy the few apps that still have developers motivated to develop for a user-base willing to put up with this
You win by disabling software updates at Android 15.
Not if it’s implemented in the Google Play Services, then every device will refuse to install unverified apps after the deadline, even if it’s not on the newest Android versions.
