• lmmarsano@lemmynsfw.com
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    15
    ·
    edit-2
    21 days ago

    I don’t understand why you can’t read: (1) developer verification can be disabled, bypassed, or worked with, (2) you called it sideloading removal, which it isn’t.

    You just don’t like the extra steps that limit the ease for ignorant users to install software known to be malicious that could have been blocked. I don’t like handholding my dumbass folks through preventable IT problems they created.

    • Mr. Satan@lemmy.zip
      link
      fedilink
      English
      arrow-up
      12
      ·
      21 days ago

      This does fuck all for “security”. It’s targeting, mainly, power users and puts just more hoops for developers. This has nothing with security (they should purge malware from Play store first) and everything to do with consolidating power over users.

      It’s a blatant power grab and I’m surprised to see this interpreted as anything else. Arguing about semantics just helps Google fuck everyone over.

    • sidelove@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      21 days ago

      So let me buy a goddamn phone that I can install what I want in it. Again, I do not give a shit about any phone manufacturers that want to make a walled garden out of their Android installations. I agree, it’s perfect for the grandmas of the world. But Google is forcibly doing this to every goddamn phone, phone manufacturer, and Android enthusiast.

      The only silver lining is that whenever Google decides that unregulated social media services like Lemmy are not family-safe I won’t have to listen to your malicious horseshit.

      • lmmarsano@lemmynsfw.com
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        17 days ago

        Seems you don’t care about grandmas & gen z.

        forcibly doing this to every goddamn phone, phone manufacturer, and Android enthusiast

        They can manage.

        whenever Google decides that unregulated social media services like Lemmy are not family-safe I won’t have to listen to your malicious horseshit

        So casual users can get wrecked, yet I’m malicious? Maybe think of users other than yourself, weigh the potential losses to them by successful attacks, and consider whether OS designers have a legitimate claim in preventing exposure of known threats to casual users while still allowing power users to bypass those checks.

        You’re assuming I use an Android app (trash) to get on here, and not a proper workstation or web browser. You’re welcome to this “malicious horseshit” for eternity.

    • khannie@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      20 days ago

      developer verification can be disabled, bypassed, or worked with

      In reality this is useless given the technical capabilities (or access to the technology necessary) of nearly every android user. What percentage of them do you think has the capacity and capability to use ADB?

      you called it sideloading removal, which it isn’t.

      Strictly it ticks the box, however effectively it is sideloading removal. Arguing otherwise honestly makes me think you work for them. It’s such obvious marketing bullshit “Oh, we left this tiny window open to tick the box which people can use, but almost certainly not you and even if you are capable, it’s a pain in the arse”. There are lots of intelligent people in my house. I’m the only one capable of using ADB without enormous effort, making it a deliberately huge barrier and even I’m not going to do it to install a trusted open source app.

      Let’s be clear; the only reason they left that little window open was to have people like you say “no, sideloading is still possible” to cover their arses legally and also for actual developers, not because they care about an open ecosystem.

      • lmmarsano@lemmynsfw.com
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        edit-2
        17 days ago

        What percentage of them do you think has the capacity and capability to use ADB?

        All of them: they can follow procedures, plug a cable, and push buttons if they really want to. Most won’t bother: capacity isn’t willpower.

        it’s a pain in the arse

        That’s the idea: welcome to an effective deterrent.

        even I’m not going to do it to install a trusted open source app

        Good, then it’ll deter as designed.

        the only reason

        Nah, the use cases are legitimate:

        • It will actually deter installation of malicious software once it’s been identified & flagged that way in their system.
        • It also verifies install packages haven’t been tampered (possibly maliciously) from their original releases.

        Malicious software on devices connected to everything including highly sensitive information poses high-cost risks that you & casual users overlook because muh inconvenience 😭. If casual users can’t bother with a straightforward procedure as you say, then how prepared are they to handle the real challenges of a successful attack?

        From a security perspective, it makes sense for OS designers to choose to limit exposure to that threat to power users who can be expected to at least have a better idea of what they’re getting themselves into.

        • khannie@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          17 days ago

          Google employee confirmed. Absolute trash reasoning verging on trolling it’s so ridiculous. Wild that you arguing so vehemently in favour of reduced access to use your hardware the way you want.

          All of them

          Laughable. You’ve obviously never worked in any kind of customer support role.

          Most people are going to melt at the steps necessary to use adb.

          capacity isn’t willpower.

          By capacity I meant access to hardware. There are so many people in poorer countries out there that don’t have a laptop, permission to start using one for installing adb on it but also have an android phone.

          welcome to an effective deterrent.

          I don’t want an effective deterrent that effectively kills fdroid and the like. That’s the whole point. I’ve favoured android because it’s more open. The talking points in favour of it pale in comparison to the loss of freedom.

          If casual users can’t bother with a straightforward procedure

          Honestly just jog on. Please. It is not a straightforward procedure and my threat model shouldn’t need to include the steps you outline. There are already barriers in place that put off casual users.

          The fact that you want people to stop installing open source apps that they trust is honestly deranged. Deranged.