This will sadly still put a major damper on adoption of open source apps, while giving a false sense of security that apps from the Play store are safe.
Years down the road, the low usage of apps installed from outside the Play store will be used as an argument for removing the functionality completely.
Alternatives like GrapheneOS and Lineage are the way to go for right now, but I worry as things get more and more locked down that those options won't work with a lot of apps.
I am increasingly interested in a dual-prong approach of building a parallel world of OSS apps, platforms, etc, plus an adversarial inter-op project for duping and wrapping apps/services from the commercial/normie world. We have some solid bases with Android/Graphene, Linux more broadly, wine, and Android VMs like Waydroid. Even if things don't get a lot of users, if the users it has are highly technical on average things can probably chug along.
Google's decision to walk back the supposed freedom to run anything you like removes user choice from the marketplace and harms consumers.
jeduardo•2h ago
I wonder how this will play out in the phones coming out of the Motorola+GrapheneOS partnership.
lwkl•1h ago
branon•1h ago
Would welcome evidence to the contrary. Is this truly a threat model that's seen in the wild?
My gut says no because social engineering is about hijacking legitimate, first-party processes. Scammers attack login credentials, MFA flows, and use first-party apps to maintain access (think remote control software like TeamViewer). These apps come from the Play Store, not from meticulously curated collections like F-Droid, and not from somebody pressuring you to sideload an APK.
And if scammers decide to use sideloading as an attack vector -- then like all the other security gates that can be defeated via social engineering, I expect they will find an end-run around this one as well. Either on a technical basis, or by social-engineering users into bumbling past it and on to the next stage of the scam.
Build an idiot-proof system and society will build a better idiot. And yeah, the rest of us only wind up slightly annoyed, _for now_, until Google tightens their grip further on some other flimsy pretext.
jojobas•43m ago