May I purchase a non-certified android device now? Because frankly, fuck you.
A 24 hour wait like this can sometimes be the result of a security team not knowing what else to do. There are all sorts of weird threat models when you think hard about how devices are used, like partners who have legit access to a phone at a certain point in time.
You are just a child to them. Not powerful enough to stick up for yourself. Ripe for abuse. The difference is society has decided not to step in to protect you from your abusive parents.
However i also understand the challenges google has. They/vendors are selling consumer devices with a consumer OS on it. Not everybody is tech savvy and a fair bit of people are too easy to trick into installing things.
An alternative could be to offer two versions(perhaps on phone activation). A business like version where a business(and people on HN) get full access. MDM and all. And average Joe mamas version that comes with more guard rails activated.
I can personally live with that 24 hour wait once, if it helps protect the average people from scammers etc.
Are these multibillion companies so incompetent to not think about it?
I would have added it here, but i don't want hn to be label my account as spam
and AFAIK this also affects only unverified developers, though hard to imagine why would someone install app from verified dev outside the play store, for the record I don't have gapps in my phone and use Aurora
That's an interesting way of selling this.
People should by default not trust a developer or store or OS for that matter that is scaring you into doing something.
The big question here is where on the balance scale we care about "protecting users against scammers" vs "protecting users against enshittification, closed ecosystems, and possible future power grabs". One side is very tangible and easy to understand, the other more abstract, and most consumers simply don't understand it well enough to make educated choices about it. This uncertainty is being used by powers that benefit from pushing towards the "lock-down" extreme of the scale. Peter Thiel said so himself.
It is also worth noting that it is these security guys' job at Google to invent security schemes. All in all they did their job as engineers, and ignoring personal responsibility to engineer solutions that balance needs not only technical but also social, they did everything right. In a larger society there should be people who take on the job of setting boundaries for these technical solutions. Just like you need technical people to push back on technical demands from non-technical people within a company, we people who push back on this sort of stuff in our society. Us technical folks are best suited to do this job.
TL;DR: The political question boils down to how many grandmas are we as a society happy with getting scammed in the name of protecting consumer freedoms? In the extreme and hyperbolic case, are we happy with an infinite number of grandmas being sacrificed? Where on the line do we want to be? And what other measures can we put into place to make the problem easier to solve without sacrificing basic freedoms? If you are technical you should probably consider taking more space in the public debate.
taspeotis•1h ago
https://news.ycombinator.com/item?id=47442690
dfordp11•1h ago
RicoElectrico•1h ago
riedel•1h ago
The baseline for a usable solution for me is still that I can keep my banking apps and that I am able to use fdroid trusted builds from source, can install builds from other open source CI builds, install builds from my students I know personally without needing them to verify with a foreign entity and publishing their personal data.
Practically the law will require me to buy another 'developer phone' the for work. Actually allowing more profiles like the work or hidden profile would allow users to at least chose per profile and could at least put their banking apps into a sandbox where they work (requirement would be that Google wallet can also run from such a profile) . I actually would be very happy to run the main profile without any Google play services like Graphene does: I guess a lot of data protection risks would be solved by this.
dfordp11•58m ago
I have asked the admin to update this with the latest blog, as i can't update it myself nor i can remove the submission