this post was submitted on 19 Apr 2026
-16 points (13.6% liked)
Progressive Politics
4601 readers
1424 users here now
Welcome to Progressive Politics! A place for news updates and political discussion from a left perspective. Conservatives and centrists are welcome just try and keep it civil :)
(Sidebar still a work in progress post recommendations if you have them such as reading lists)
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That might explain the difference, what browser are you using?
DDG, strict permissions management.
What does happen for me is I often fat-finger, to hit one icon and get the neighboring one. But I have never seen anything remotely similar to that. At all. I wonder if it's asking you to install the app?
Ah, yeah DDG uses the google browser engines. That could easily explain the different behavior.
It appears to be trying to force the download of the tiktok .apk directly - I haven't compared the hashes but at least that's what the names indicate. But the download, and the inserting random strings into my clipboard, happens without interaction a few seconds after the page loads. It's very odd behavior to see from a legit site.
From your screenshot, you had the choice to reject. I don't know what Chinese law is about stuff like that, so I'm not going to speak on it, other than to say that firstly, I imagine it's the Chinese version of tiktok, and secondly, almost every popular social US social media, not to mention website do it, including banking sites. I don't like it, and I'm not saying it's a legitimate way of doing business, but it's certainly not any different than US websites.
I think there's confusion about what we're talking about:
Yeah, but that it's a rejectable download isn't really the issue here. That it's, unprompted, trying to get me to sideload a random .apk at all and hijacking my clipboard is the problem.
I'm curious what western social media apps have attempted to directly download the .apk onto your device - I've had plenty that throw up splash pages that redirect me to google play store, but no legitimate site has ever unprompted served me a raw .apk before. That's behavior you find on the AI slop sites that are just long strings of search terms to try and get you to click on them.
I usually get "open in app" dialogue.
Oh, very different thing. When that happens it's just asking permission for an applink query - which is just a flag that tells the user's OS to check and see if any currently installed apps are associated with a given URL and then passes it to that app if there is one.
It's very different from trying to get the user to sideload an entire app. "Open in app" is not really a threat vector, but installing random unverified .apk is the threat itself.
Google Play very much is a large threat vector. And I see it no differently than the photo you showed. At least on f-droid, the code for apps is examinable, where even if one isn't a programmer/hobbiest, they have the option of asking someone they trust to audit the code. On Google Play, you get the developer's "lol trust me, bro!"
As an example, one app consistently has hundreds of tracking attempts by a notorious, very intrusive website, and I'm extremely grateful I can see that and block it; and uninstall the app because NOT Google and NOT that (sneaky, evil, in disclosing) dev told me. Another dev of a different app did.
So the difference is, you were pre-asked and had the option to refuse.
I'm sorry, I don't think I understand what you mean here.
I kind of figured you wouldn't, based on prior interchanges, but tried anyway. No worries, enjoy your day/night.
No, it's that nobody was talking about the google play store, and while I'm certain you're trying to disagree with me you're making very salient points in my favor about the dangers of unverified closed-source apps.
You seem to understand exactly that what that site is doing is dangerous and broad strokes on why, but you're using that to... excuse their behavior.
I already said
And
/Disengage
But you... then explicitly go on to explain how it's different from US websites. Like you understand this, so I'm not sure why we're disagreeing here. It's fundamentally different, you even explain how it's different, we're not... disagreeing here.
It's disappointing you seem to only remember the time you were abusive and proved wrong in your accusations, but not the multiple extremely civil/pleasant interactions we've had since then.
This isn't a DB0 community - and even if it was, this wouldn't be a valid use of the disengage rule. see: "For a disengage call to be valid, it must not be accompanied by other arguments on the existing topic. A disengage is not meant to be a trump card to have the last word."
Don't regress these interactions and start being a dick for no reason. Seriously, this has been plenty civil until you started to get defensive about your unfamiliarity with the topic.
You are extremely disingenuous. We see it differently.
For a third time
You very clearly explained exactly whats wrong with that site's (and other sites) behavior, but pivoted to that somehow excusing what they did.
I dunno why you keep posting that, it clearly doesn't mean much to me beyond, uncharitably, showing that you're still holding a grudge? But I like to think I'm not so petty as to hang on to that.