this post was submitted on 19 Mar 2026
190 points (99.0% liked)

Technology

82856 readers
3250 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
190
Google gives Android users a way to install unverified apps if they worked hard for it(including waiting 24 hours) (android-developers.googleblog.com)
submitted 1 day ago* (last edited 1 day ago) by Beep@lemmus.org to c/technology@lemmy.world
96 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] smeg@infosec.pub 41 points 20 hours ago (2 children)
  • enable developer options
  • confirm that you are not tricked
  • restart phone and re-authenticate
  • wait one day
  • confirm with biometrics that you know what you are doing
  • decide if you only want unrestricted installs for 1 week or forever
  • confirm that you accept the risks
  • enjoy the few apps that still have developers motivated to develop for a user-base willing to put up with this
[–] Squizzy@lemmy.world 4 points 18 hours ago (1 children)

Is this for all android systems because it is a huge rug pull if so

[–] AHemlocksLie@lemmy.zip 7 points 16 hours ago

Pretty sure it's a change to AOSP, the basis for every single Android ROM in existence.

[–] FauxLiving@lemmy.world -5 points 18 hours ago (3 children)

I can understand this workflow being created to protect the legions of people who are tricked into installing spyware.

It doesn't remotely affect me because I use GrapheneOS and if this is an issue for you then you're probably someone who should look at installing GOS or Lineage.

I don't think Google should be able to do this and it is likely part of a longer-term strategy to strangle any competition. At the same time, I can understand how this change will save a lot of grandparents from clicking a link in a text from their 'grandchildren' and installing spyware that'll steal all of their bank information.

[–] fallaciousBasis@lemmy.world 1 points 2 hours ago

I mean... This is kind of why I never let people use my phone.

I have installations from various sources enabled... Like my browser, because I know what I'm doing. But I wouldn't trust anyone as the process is currently effortless....

If someone is trying to install spyware on you (like a partner or parent.) this might offer some notification and prevention.

I don't really see the big deal. You do it once, enable it forever, and wipe up those tears.

I think a better way would just to have maybe like a biometric/pin confirmation upon installation. Simple. Clean.

[–] AHemlocksLie@lemmy.zip 5 points 16 hours ago (1 children)

GrapheneOS is built on AOSP, which is where the change is being made. Graphene and other custom ROMs will need to maintain a fork that cuts out the feature if they want to avoid. Google is also starting to close off Android to make that more difficult, so it'll become a genuine project to maintain the fork well.

[–] nomadpxl@programming.dev 2 points 13 hours ago

As far as I understand the enforcement depends on privileged play services. https://xcancel.com/Metr0pl3x/status/1960329785277571420#m