- enable developer options
- confirm that you are not tricked
- restart phone and re-authenticate
- wait one day
- confirm with biometrics that you know what you are doing
- decide if you only want unrestricted installs for 1 week or forever
- confirm that you accept the risks
- enjoy the few apps that still have developers motivated to develop for a user-base willing to put up with this
Is this for all android systems because it is a huge rug pull if so
Pretty sure it’s a change to AOSP, the basis for every single Android ROM in existence.
Combined with the news that they’re going to start requiring developer age verification even in the alternate app repositories…
The biometrics part makes no sense, you can disable biometrics. You mean that you have to do a security confirmation however you’ve set it up.
I can understand this workflow being created to protect the legions of people who are tricked into installing spyware.
It doesn’t remotely affect me because I use GrapheneOS and if this is an issue for you then you’re probably someone who should look at installing GOS or Lineage.
I don’t think Google should be able to do this and it is likely part of a longer-term strategy to strangle any competition. At the same time, I can understand how this change will save a lot of grandparents from clicking a link in a text from their ‘grandchildren’ and installing spyware that’ll steal all of their bank information.
GrapheneOS is built on AOSP, which is where the change is being made. Graphene and other custom ROMs will need to maintain a fork that cuts out the feature if they want to avoid. Google is also starting to close off Android to make that more difficult, so it’ll become a genuine project to maintain the fork well.
As far as I understand the enforcement depends on privileged play services. https://xcancel.com/Metr0pl3x/status/1960329785277571420#m
That’s better, at least. GrapheneOS users should be fine at least since there are extensive restrictions on Play. Other Android ROMs may have issues, though. Maybe not if they use MicroG.
I mean… This is kind of why I never let people use my phone.
I have installations from various sources enabled… Like my browser, because I know what I’m doing. But I wouldn’t trust anyone as the process is currently effortless…
If someone is trying to install spyware on you (like a partner or parent.) this might offer some notification and prevention.
I don’t really see the big deal. You do it once, enable it forever, and wipe up those tears.
I think a better way would just to have maybe like a biometric/pin confirmation upon installation. Simple. Clean.
they want to suppress the developers, not users. By making it so bothersome, so many people will just stop using sources from outside google play. First they do this and at some later time they will add more hoops to it. If they manage to strangle any developers that make stuff, people will have nowhere to turn yet they cant complain either because google will have undeniable monopoly.
The delay is almost assuredly to prevent live scamming. Like a grandparent picking up a random call or text and being tricked into thinking they’re a family member/bank worker/etc.
I’ll admit it’s annoying, and could be used by Google later to do more annoying shit.
Taking their explanations in good faith and looking at it from an customer security point of view, I can see this cutting back on some common scam types. This is kind of like how, when you go to rustdesk.com there’s a giant ‘YOU’RE PROBABLY GETTING SCAMMED’ banner across the top of the page:
These little steps can seems pointless or annoying to us, as most of us are probably in the upper range of tech skills, but consider the average user and it starts to make a lot more sense.
The delay makes intuitive sense especially since it will give the target a chance to complain about it to their friends and family who will hopefully stop it from there.
However, I’m not sure if it’s worth it. I imagine this would stop exfiltration apps which scan the users device to useful data and maybe passive screenshots but this pales in comparison to apps with subscription dark patterns, gambling and apps that harvest and sell your data legally already. If this was a case of apps prompting the user to enter sensitive information into a form then they could just use a browser.
I don’t know. I think this is a good measure to prevent scams. I’m just uncomfortable about Google’s motivation.
Removed by mod
e: nm, mod got 'em
Just think of all the other things that could benefit from a “protective waiting period” to enhance your safety.
Turning off location tracking, using a web browser other than Chrome, using a mail server other than Gmail, visiting duckduckgo.com — if Google really cared about your privacy and security they’d add a 24-hour delay to all these dangerous activities.
Downloading Linux? Mandatory psych evaluation. For your protection.
Who are these smooth-talking scammers that can guide a regular-ass user to jump through hoops in settings to install a malicious app?
Maybe I should ask them how they do it, because I cannot convince my family to download and use Signal. You know, the legit app from the official app store.
People who can’t operate a computer will somehow become gods at following instructions if someone calls “from Microsoft”
Yes exactly this. I try and explain a computer thing to someone and get ignored. That same person talks to some sales rep in the electronics store and comes away “ohh they said I need to buy super expensive antivirus, that’ll solve my issue with my screen resolution being too low”. 🤦
The sales rep offered a solution to that person’s problem.
You want that person to be right which they perceive as you want to dominate them.
So they try to resist you while they are highly motivated to follow the instructions of the sales person.
Interesting explanation of the psychology and I don’t necessarily doubt it, But I also offered a solution. The solution I’ve offered fixes the problem, the salesman’s solution sounds like it solves the problem but does not.
A solution without demand is worthless. At first the demand has to be created. Some people value understanding and are thankful but that’s a small minority.
You mean from ‘The Microsoft’
Who are these smooth-talking scammers that can guide a regular-ass user to jump through hoops in settings to install a malicious app?
you would be extremely surprised. I think lemmy users fail to realize that not everyone has an IT job and is a sys admin.
Exactly… there are a ton of older people falling for scams everyday. It’s all over the news.
Can we prevent this on the EU level? It really is just killing independent competition.
There are some places one can contact:
https://competition-policy.ec.europa.eu/antitrust-and-cartels/contact_en
Email Digital Markets Act team: EC-DMA@ec.europa.eu
Contact DMA team: https://digital-markets-act.ec.europa.eu/contact-dma-team_en ↗
Contact your Member of the European Parliament directly: https://zeyus.com/contact-mep-representative ↗
Email Antitrust: COMP-GREFFE-ANTITRUST@ec.europa.eu
https://competition-policy.ec.europa.eu/antitrust-and-cartels/contact_en
I tried sending a message to one one, i forget which, and they essentially replied that they see nothing wrong with it, so more people need to complain.
https://keepandroidopen.org/ More infromation from here.
Vote for the Pirates
I’m just going to eradicate Google once SteamOS supports mobile devices. Fucking control freak douchebags.
Bruh what? You’re gonna be waiting a long time for that. Better to use one of the pre-existing alternatives than wait for an OS that probably won’t ever exist, and probably won’t support your hardware if it ever does.
They will just redefine what 24h means!
Don’t think for a second that these companies are working in good faith, and would change their evil plans due to some pushback from the rabble. They will just find ways to circumvent things. They have everyone by the nads, there are no competitors.
This would not have affected me since I use Lineage OS without Google Play Services, but I am now more seriously than ever looking into using a Linux phone like Postmarket OS.
It would affect a lot of users, then it will indirectly affect you too, as a lot of devs won’t be as interested in maintaining their apps for so few users. But I hope it will at least give a bit of a push to developing postmarket os. I personally am sure going to get a second hand phone to install postmarketos too and hope I can contribute at least a little bit. I am prepared to suffer, at least a little bit for the right cause.
- Camera
- Phone projection for cars
- Contactless pay/ wallet/pay alternative
Give me a device that can do these and I am in for ditching android. I only use browsers or off store apps that have linux support mainly anymore anyway.
At least the last one won’t happen, as banks would have to be on board. And banks are not on your side with this one.
To be honest this one is in hand, curve has an alternative product and a lot of banks across EU have nativr NFC. My country does not have those banks though. I hope revolut bring it in.
I do want something that takes me tickets for shows and flights and membership cards too though
Yeah, im in a similar situation. Curve doesn’t work in my country and banks don’t have their own solution. And google pay won’t work on my grapheneos pixel.
I got a pixel for graphene but had to go back for android auto and payments. The camera was lacking compared to pixelOS but that was fixable.
Sucks to be with google more than ever
Not happening on /e/OS! You can join us here: https://e.foundation/
Why is it called developer mode if it’s supposedly an advanced flow? That has a bad implication.
How will this be accepted by the EU? Will it comply to the regulations?
Because they technically still allow sideloading after 24 hours so I don’t think it would violate EU laws
What the fuck
If this is really as straightforward as it sounds then I’d consider this the best case scenario. Google could have gone full Apple style lockdown or even just have implemented this flow on a per app basis, but needing to wait 24hr one time to enable unverified app installation isn’t a bad idea from a security perspective. It prevents a bad actor with temporary access from being able to do much while not getting in the way of us power users after the initial 24hr period.
My bigger problem is how Google is leveraging their monopoly to implement this single-handedly and only for themselves. If they had instead gone through AOSP this perhaps could have been implemented in a better way to allow other parties than just Google to be the verifier, and that 24hr waiting period could be applied to any verifier that is not the phone’s default. I’d argue this would be an equally reasonable security measure considering how many scams are out there preying on those who aren’t technologically savvy, yet would maintain transparency.
I’ve heard of security by obscurity being accepted, but never heard of security by obtuseness being accepted as valid.
I hate the fact that Android is open source only on paper. You can’t compile your own flavor and install it.
You absolutely can… Custom ROMs do just that.
Your phone has to support it. It’s not a Google wall. Your phone maker determines how difficult or easy this is. Google pixels make it rather easy to install Graphene on. Motorola is also going to support Graphene.
There’s also lineage and e/os/ and even non-AOSP-based postmarketOS(which is a Linux distro.)
Which is not as libre as a computer OS. What I mean is that Google has complete control and power over it as it’s not developed by the community and therefore doesn’t do its best interests
Android used to be a little more diverse.
But it’s been limited to the launcher(shell) mostly.
What do you think are in the best interest of the community that Google isn’t doing? Do you have any less contentious examples? As a technical support specialist I’ve talked to numerous dipshits that were talked into installing a virus on their own Computer system or phone or other device.
Some people are really really really fucking gullible.
I don’t care, this is a massive win
Found the Google employee.
Bro did you want them to ban it? A one-time 24 hour wait is literally nothing compared to having 0 viable phones on the market where you can sideload.
Am I tripping? How is this not good news?
You purchased something. Then the company you purchased from announces they’re taking away features from you after the fact. Then they announce that they’ll give it back partially if you waste your time and do all sorts of steps.
You see this as a win? With attitudes like this, no wonder companies feel they can get away with anything.
I don’t give a shit about steps, I can follow steps. Nor do I give a shit about 24 hour cooldown when the flipside is having the phone completely neutered.
And don’t get me wrong, I’m infuriated that they even considered it. In my opinion side loading is a basic phone feature and not having it is disabling.
But… they’re not removing it, and they sure as fuck didn’t get away with it. They got immense backlash and now they’re listening to the community, as they should.
This is an enormous win for the future of sideloading (which, let me remind you, almost just got killed on every Android phone) and I’m happy it’s living to see another day.
What specifically is a massive win?
I bought an Android specifically because iPhone doesn’t allow sideloading. If Android bans sideloading, there’s no viable options left until Linux phone develops to a usable state.
The win is that they’re not banning sideloading, obviously. Personally I don’t gaf if I gotta wait 24 hours as long as you can do it.
that sideloading wasnt banned
deleted by creator
If graphene had Liquid Glass I’d unironically switch to it. I can’t stand flat looking UI.
Are you really trading off an aesthetic feature for no privacy?
Secondly, just install a liquid glass theme if you’re funny.
Thirdly, liquid glass theme is ugly anyway
Genuinely, can you link me to it? And not an icon pack,I want the entire system ui to be glossy and blurry.
Okay but, installing an apk is not the kind of thing a scammer does. They’ll just install some standard off the shelf remote access software from the play store
This very much feels like they just needed to come up with a new justification for this process and opted for scammers for some reason. Even though they’re completely disconnected
This very much feels like they just needed to come up with a new justification for this process
It feels that way because that’s exactly what happened.
I was hoping for at least something slightly believable, someone let Gemini write the justification I guess
They don’t even respect us enough to bother with trying to make their lies convincing anymore.
A man can dream
