I highly doubt this is your "top" priority. Or if it is then you're gotten there by completely ignoring Google account security.
> intercepts the victim's notifications
And who controls these notifications and forces application developers to use a specific service?
> bad actors can spin up new harmful apps instantly.
Like banking applications that use push or SMS for two factor authentication. You seem to approve those without hesitation. I guess their "top" priority is dependent on the situation.
Protecting their app store revenues from competition exposes them to scrutiny from competition regulators and might be counter productive.
Many governments are moving towards requiring tech companies to enforce verification of users and limit access to some types of software and services or impose conditions requiring software to limit certain features such as end to end encryption. Some prominent people in big tech believe very strongly in a surveillance state and we are seeing a lot of buy in across the political spectrum, possibly due to industry lobbying efforts. Allowing people to install unapproved software limits the effectiveness of surveillance technologies and the revenues of those selling them. If legal compliance risks are pushing this then it is a job for voters, not Google to fix.
- Just yesterday there was a story on here about how Google found esoteric bugs in FFMPEG, and told volunteers to fix it.
- Another classic example, about how Google doesn't give a stuff about their user's security is the scam ads they allow on youtube. Google knows these are scams, but don't care because they there isn't regulation requiring oversight.
Fixed that for you. Google's public service was both entirely appropriate and highly appreciated.
How much they spend is no indicator of how and where they spend it, so is hardly a compelling argument.
> And who controls these notifications and forces application developers to use a specific service?
Am I alone in being alarmed by this? Are they admitting that their app sandboxing is so weak that a malicious app can exfil data from other unaffiliated apps? And they must instead rely on centralized control to disable those apps after the crime? So.. what’s the point of the sandboxing - if this is just desktop level lack of isolation?
Glossing over this ”detail” is not confidence inspiring. Either it’s a social engineering attack, in which case an app should have no meaningful advantage over traditional comms like web/email/social media impersonation. Or, it’s an issue of exploits not being patched properly, in which case it’s Google and/or vendor responsibility to push fixes quickly before mass malware distribution.
The only legit point for Google, to me, is apps that require very sensitive privileges, like packet inspection or OS control. You could make an argument that some special apps probably could benefit from verification or special approvals. But every random app?
An app can read the content of notifications if the appropriate permissions are granted, which includes 2FA codes sent by SMS or email. That those are bad ways to provide 2FA codes is its own issue.
I want that permission to exist. I use KDE Connect to display notifications on my laptop, for example. Despite the name, it's not just for KDE or Linux - there are Windows and Mac versions too.
The buried lede:
> a dedicated account type for students and hobbyists. This will allow you to distribute your creations to a limited number of devices without going through the full verification
So a natural limit on how big a hobby project can get. The example they give, where verification would require scammers to burn an identity to build another app instead of just being able to do a new build whenever an app gets detected as malware, shows that apps with few installs are where the danger is. This measure just doesn't add up
> We are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified
Also this will kill any impetus that was growing on the Linux phone development side, for better or worse. We get to live in this ecosystem a while longer, let's see if people keep damocles' sword in mind and we might see more efforts towards cross-platform builds for example
Wow, this really pulls back the veil. This Vendor (google) is only looking out for numero uno.
The angry social media narratives have been running wild from people who insert their own assumptions into what’s happening.
It’s been fairly clear from the start that this wasn’t the end of sideloading, period. However that doesn’t get as many clicks and shares as writing a headline claiming that Google is taking away your rights.
There may have been exaggerations in some cases but these hand wavy responses like "you can still do X but you just can't do Y and Z is now mandatory" or "you can always use Y" is how we got to this situation in the first place.
This is just the next evolution of SafetyNet & play integrity API. Remember how many said use alternatives. Not saying safetynet is bad but I don't believe their intentions were to stop at just that.
A simple yes/no alert box is not "[...] specifically to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer". In fact, AFAIK we already have exactly that alert box.
No, what they want is something so complicated that no muggle could possibly enable it, either by accident or by being guided on the phone.
there cannot exist an easy way for a typical non-technical user to install “unverified apps” (whatever that means), because the governments of countries where such scams are widespread will hold Google responsible.
Meanwhile this very fact seems fundamentally unacceptable to many, so there will be no end to this discourse IMO.
Just look at everything they've done to break yt-dlp over and over again. In fact their newest countermeasure is a frontpage story right beside this one: https://news.ycombinator.com/item?id=45898407
Of course I would be much happier if I didn't need to use Shizuku in the first place.
[0]: https://play.google.com/store/apps/details?id=moe.shizuku.pr...
Google is not rolling this out to protect against YouTube ReVanced but only in a small number of countries. That’s an illogical conclusion to draw from the facts.
Also, its not SIDE loading. Its installing an app.
I'm not on the side of locking people out, but this is a poor argument.
Debian already is sideloaded on the graciousness of Microsoft's UEFI bootloader keys. Without that key, you could not install anything else than MS Windows.
Hence you don't realize how good of an argument it is, because you even bamboozled yourself without realizing it.
It gets a worse argument if we want to discuss Qubes and other distributions that are actually focused on security, e.g. via firejail, hardened kernels or user namespaces to sandbox apps.
But having seen how things work at large companies including Google, I find it less likely for Google's Android team to be allocating resources or making major policy decisions by considering the YouTube team. :-) (Of course if Android happened to make a change that negatively affected YouTube revenue, things may get escalated and the change may get rolled back as in the infamous Chrome-vs-Ads case, but those situations are very rare.) Taking their explanation at face value (their anti-malware team couldn't keep up: bad actors can spin up new harmful apps instantly. It becomes an endless game of whack-a-mole. Verification changes the math by forcing them to use a real identity) seems justified in this case.
My point though was that whatever the ultimate stable equilibrium becomes, it will be one in which the set of apps that the average person can easily install is limited in some way — I think Google's proposed solution here (hobbyists can make apps having not many users, and “experienced users” can opt out of the security measures) is actually a “least bad” compromise, but still not a happy outcome for those who would like a world where anyone can write apps that anyone can install.
You’re still missing the point the comment is making: In countries where governments are dead set on holding Google accountable for what users do on their phones, it doesn’t matter what you believe to be your natural right. The governments of these countries have made declarations about who is accountable and Google has no intention of leaving the door open for that accountability.
You can do whatever you want with the hardware you buy, but don’t confuse that with forcing another company to give you all of the tools to do anything you want easily.
The era of United States companies using common sense United States principles for the whole world is coming to an end.
Of course there are no good options for open hardware, but that is a related but separate problem.
Do what you please and get enough people to do it with you, and no one can stop you.
This is the unsurprising consequence of trying to hold big companies accountable for the things people do with their devices: The only reasonable response is to reduce freedoms with those devices, or pull out of those countries entirely.
This happened a lot in the early days of the GDPR regulations when the exact laws were unclear and many companies realized it was safer to block those countries entirely. Despite this playing out over and over again, there are still constant calls on HN to hold companies accountable for user-submitted content, require ID verification, and so on.
The government(s) have to treat the middlemen as middlemen. Otherwise they are forced to act as gatekeepers.
Moreover, it's not possible to provide a path for advanced users that a stupid person won't use by accident, either.
These are what drive many instances of completely missing paths for advanced users. It's not possible to stop coercion or accidents. It is literally impossible. Any company that doesn't want to take the risk can only leave advanced users completely out of the picture. There's nothing else they can do.
Google will fail to prevent misuse of this feature, and advanced users will eventually be left in the dust completely as Google learns there's no way to safely provide for them. This is inevitable.
That immediately takes the pressure off people who are being told that their bank details are at immediate risk.
And, to prevent the scammer from simply calling back once the 24 hours are gone, make it show a couple of warnings (at random times so they can't be predicted by the scammer) explaining the issue, with rejecting these warnings making the cooling off timer reset (so a new attempt to enable would need another full 24 hours).
But that kind of privacy based security model is anathema to Google because its whole business model is based on violating its users' privacy. And that's why they have come with such convoluted implementation that further give them control over a user's device. Obviously some government's too may favour such an approach as they too can then use Google or Apple to exert control over their citizens (through censorship or denial of services).
Note also that while they are not completely removing sideloading (for now) they are introducing further restrictions on it, including gate-keeping by them. This is just the "boil the frog slowly" approach. Once this is normalised, they will make a move to prevent sideloading completely, again, in the future.
It could be an alternative SMS app like TextSecure. One of the best features of Android is that even built-in default applications like the keyboard, browser, launcher, etc can be replaced by alternative implementations.
It could also be a SMS backup application (which can also be used to transfer the whole SMS history to a new phone).
Or it could be something like KDE Connect making SMS notifications show up on the user's computer.
> One of the best features of Android is that even built-in default applications like the keyboard, browser, launcher, etc can be replaced by alternative implementations.
When sideloading is barred all that can easily change. If you are forced to install everything from the Google Play Store, Google can easily bar such things, again in the name of "security" - alternate keyboards can steal your password, alternate browsers can have adware / malware, alternate launcher can do many naughty things etc. etc.
And note that if indeed giving apps access to SMS / RCS data is really such a desirable feature, Google could have introduced gate-keeping on that to make it more secure, rather than gate-keeping sideloading. For example, their current proposal says that they will allow sideloading with special Google Accounts. Instead of that, why not make it so that an app can access SMS / RCS only when that option is allowed when you have a special Google Account?
The point is that they want to avoid adding any barriers where a user's private data can't be easily accessed.
You can also view this as a "tragedy of the commons" situation. Unverified apps and sideloading is actively abused by scammers right now.
> Meanwhile this very fact seems fundamentally unacceptable to many, so there will be no end to this discourse IMO.
I get that viewpoint and I'm also very glad an opt-out now exists (and the risk that the verification would be abused is also very real), but yeah, more information what to do against scammers then would also be needed.
security = 1/convenience
security = 1/freedom or agencyThis argument is FUD at this point.
Sovereign governments have ways to make clear what they want: they pass laws, and there needs to be no back deal or veiled threats. If they intend to punish Google for the rampant scams, they'll need a legal framework for that. That's exactly how it went down with the DMA, and how other countries are dealing with Google/Apple.
Otherwise we're just fantasizing on vague rumors, exchanges that might have happened but represent nothing (some politicians telling bullshit isn't a law of the country that will lead to enforcement).
This would be another story if we're discussing exchanges with the mafia and/or private parties, but here you're explicitely mentionning governments.
But of course I'm talking about non-commercial apps, but commercial app developers would already be on Google Play.
As to relevance to the article - I'm not cheering that much because if Google made "stock OS" even worse then maybe more users would flock to LineageOS/GrapheneOS which would be a great thing and make it harder to push Play Integrity.
> 13. For a period beginning on the Effective Date through June 30, 2032, Google will [...] and will continue to permit the direct downloading of apps from developer websites and third-party stores without any fees being imposed for those downloads unless the downloads originate from linkouts from apps installed/updated by Google Play (excluding web browsers).
6 days ago the court expressed skepticism as to the proposal and announced that they'd have a hearing, with testimony from expert witnesses, as to whether it would prevent the market harms that the original injunction was trying to cure [2].
Today Google announces this, effectively confirming that they're backing down from their requirement that third party app developers pay google prior to distributing their apps.
Nothing (yet) is explicitly tying these together, but I can't help but suspect that this move is in large part being made to convince the court that they're actually intending to honour this portion of the proposed injunction even though Epic would have little reason to enforce it.
[1] https://storage.courtlistener.com/recap/gov.uscourts.cand.36...
[2] https://storage.courtlistener.com/recap/gov.uscourts.cand.36...
They announced the $25 "verification" plan awhile ago. The new part in this article is that they're going to have it remain possible to install software that didn't do that "verification".
> Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified.
Users have an inherent legal right to unconditionally access the full advertised functionality of devices they purchase. Any agreement after that is inherently suspect and I wouldn't be surprised to find out it was ruled unconscionable by some court if it came to that.
If there is no other alternative, buying hardware and licensing software are not two different steps. Its just buying a device.
I'm not too worried. My employer should be, though.
If it's a one time unlock, eg like developer mode then hopefully it'll just work.
If it's a big long flow per install... Yikes, that's not much better than adb install
Real sideloaders (F-Droid users, etc.) know at setup time that that's how they'll be using their phone, so it works for them. But ordinary users who are targets for sideloading malware will become a lot less attractive if attackers must convince them to wipe their phone to complete the coercive instructions.
Aliexpress has a similar approach to protect their accounts from takeovers. If you change or forget your password, all your saved payment methods are erased. This makes the account less valuable to an attacker, at the cost of a little pain to authentic account holders.
However, I think there are other things they should do as well (in addition to the other things) if they want to improve the safety, such as looking at the apps in Google Play to check that they are not malware (since apparently some are; however, it says they do have some safeguards, so hopefully that would help), and to make the permission system to work better (e.g. to make it clear that it can intercept notificatinos; there are legitimate reasons to do this but it should require an explicit permission setting to make this clear).
So they haven't actually changed anything yet, but they say that they will "in the coming months."
Google mentions about being on a call, and being tricked into handing over codes. So why not use signals and huristics to decide?
If user is on a call, block any ability to install a shady app. Implement a cool down before that functionality is restored (say 24 hours). It can also detect where the user is based to add additional protection (such as mandating the use of play protect to scan the app before it's activated and add another cool down regardless).
There's lots of ways to help protect the user but it's wrong to ultimately control them. The real world is full of scary dangers that technology is trying to solve but is actively making things worse (such as computerized safety systems in cars).
Ultimately, the user is responsible and whilst it's palpable Google would want to reduce harm in this specific way, we know authoritarian governments would also love to be able to dictate what software people can run. The harm to democracy is simply too great in favor of saving a few people's money.
* "Android Developer Verification Proposed Changes" by agnostic-apollo (https://github.com/agnostic-apollo), Termux app (https://github.com/termux/termux-app) developer: https://issuetracker.google.com/issues/459832198 via https://old.reddit.com/r/termux/comments/1ourtxj/android_dev... (old.reddit.com/r/termux/comments/1ourtxj/android_developer_verification_discourse/)
* Search for "Smartphone-1 to Smartphone-2" "adb tcpip 5555" in "Motorola moto g play 2024 smartphone, Termux, termux-usb, usbredirect, QEMU running under Termux, and Alpine Linux: Disks with Globally Unique Identifier (GUID) Partition Table (GPT) partitioning": https://old.reddit.com/r/MotoG/comments/1j2g5gz/motorola_mot... (old.reddit.com/r/MotoG/comments/1j2g5gz/motorola_moto_g_play_2024_smartphone_termux/)
* Search for "termux-adb" in "Motorola moto g play 2024 Smartphone, Android 14 Operating System, Termux, And cryptsetup: Linux Unified Key Setup (LUKS) Encryption/Decryption And The ext4 Filesystem Without Using root Access, Without Using proot-distro, And Without Using QEMU": https://old.reddit.com/r/MotoG/comments/1jkl0f8/motorola_mot... (old.reddit.com/r/MotoG/comments/1jkl0f8/motorola_moto_g_play_2024_smartphone_android_14/)
this is a misleading title. they only allow side-loading unverified apps only on fewer devices.
Do the changes here do anything for F-Droid?
So if I want to release a free android game my options are.
A: Hope Google doesn't change course again.
B: Give Google a copy of my apartment lease,
Would be too hard for them to ya know actually implement sandboxing which would prevent this.
Anything aside from full bootloader access means I'm renting my device.
Too late now though.
/Old man laughing at "cloud" that is my baremetal.
Lets not celebrate prematurely and let us wait for more details on whats actually changing both technically and process wise. We should demand more clarity and should not wait to discover it after the implementation at which point it is hard and nearly impossible to push back against.
We don't want to be in a situation where they technically make it possible but make it practically impossible to install apps outside playstore.
Other schemes include impersonating sex workers to lure victims into nude video chats, then persuading them to install an app that harvests private content and contacts for blackmail.
If someone tricks you into handing over the keys to the kingdom, the solution isn't to remove your door.
As long as this is a one-time flow: Good, great, yes, I'll gladly scroll through as many prompts as you want to enable sideloading. I understand the risks!
But I fear this will be no better than Apple's flow for installing unsigned binaries in macOS.
Please do better.
That seems like a severe security bug in Android APIs or sandboxing or something else.
> bad actors can spin up new harmful apps instantly
Why are harmful apps possible at all?
Google goes on to say how taking away one of your last remaining rights is good for you, if you like it or not.
It is clear to everyone why Google is partnering with governments around the world to remove our rights to installing apps. Laws are not on your side and must be reevaluated on an individual level to move forward. You decide your own terms, you have the power.
Only we can stop this together.
erohead•3h ago
Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified. We are designing this flow specifically to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands. We are gathering early feedback on the design of this feature now and will share more details in the coming months.
silisili•2h ago
Still, it seems like good news, so I'll take it.