this post was submitted on 19 Mar 2026
212 points (99.1% liked)

Technology

82856 readers
3172 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
212
Google gives Android users a way to install unverified apps if they worked hard for it(including waiting 24 hours) (android-developers.googleblog.com)
submitted 1 day ago* (last edited 1 day ago) by Beep@lemmus.org to c/technology@lemmy.world
108 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] COASTER1921@lemmy.ml 3 points 18 hours ago (2 children)

If this is really as straightforward as it sounds then I'd consider this the best case scenario. Google could have gone full Apple style lockdown or even just have implemented this flow on a per app basis, but needing to wait 24hr one time to enable unverified app installation isn't a bad idea from a security perspective. It prevents a bad actor with temporary access from being able to do much while not getting in the way of us power users after the initial 24hr period.

My bigger problem is how Google is leveraging their monopoly to implement this single-handedly and only for themselves. If they had instead gone through AOSP this perhaps could have been implemented in a better way to allow other parties than just Google to be the verifier, and that 24hr waiting period could be applied to any verifier that is not the phone's default. I'd argue this would be an equally reasonable security measure considering how many scams are out there preying on those who aren't technologically savvy, yet would maintain transparency.

[–] tired_n_bored@lemmy.world 2 points 13 hours ago (1 children)

I hate the fact that Android is open source only on paper. You can't compile your own flavor and install it.

[–] fallaciousBasis@lemmy.world 3 points 7 hours ago* (last edited 7 hours ago) (1 children)

You absolutely can... Custom ROMs do just that.

Your phone has to support it. It's not a Google wall. Your phone maker determines how difficult or easy this is. Google pixels make it rather easy to install Graphene on. Motorola is also going to support Graphene.

There's also lineage and e/os/ and even non-AOSP-based postmarketOS(which is a Linux distro.)

[–] tired_n_bored@lemmy.world 2 points 4 hours ago* (last edited 4 hours ago)

Which is not as libre as a computer OS. What I mean is that Google has complete control and power over it as it's not developed by the community and therefore doesn't do its best interests

[–] Eximius@lemmy.world 2 points 17 hours ago

I've heard of security by obscurity being accepted, but never heard of security by obtuseness being accepted as valid.