this post was submitted on 01 May 2026
807 points (98.4% liked)

Privacy

9684 readers
1202 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 2 years ago
MODERATORS
iopq@lemmy.world
807
don't let google alter the deal (lemmy.blahaj.zone)
submitted 22 hours ago by not_IO@lemmy.blahaj.zone to c/privacy@lemmy.world
123 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] Quetzalcutlass@lemmy.world 103 points 21 hours ago* (last edited 21 hours ago) (3 children)

After massive pushback. Their original plan was basically full control. It still is, but they'll allow you to install something if you ask nicely first.

The other issue is the timing. They can claim this is for security all they want, but it was announced suspiciously close to the courts ruling that Google needed to open up their ecosystem to other app stores. This is a blatant attempt to keep control of the app ecosystem by forcing devs to go through Google regardless of where they intend to release.

[–] pfried@reddthat.com 2 points 13 hours ago* (last edited 13 hours ago)

They can claim this is for security all they want, but it was announced suspiciously close to the courts ruling that Google needed to open up their ecosystem to other app stores.

The courts ruled that users need to be able to install competing app stores without any warning, which is different from how it works today. Obviously allowing installation without any warning would be a boon to malware authors, so they added a way for third party app developers (including app store app developers) to verify themselves and distribute apps outside the Play Store without a warning on installation. Now Epic can verify with Google and distribute its app on its own website without needing to tell the user how to dismiss a scary warning, and the same is true for Safeway and Proton and other developers that might want to self distribute. On top of that, now GrapheneOS can implement its own verification system using the same OS-level APIs. Maybe app authors can distribute apps themselves for users of GrapheneOS by registering their repo with a verification system that runs an automated security audit on the repo and ensures reproducible builds.

Now that there is a way to distribute apps safely outside the system app store, that probably prompted them to look at what was causing malware problems, and they came up with that system. Saying it's some massive conspiracy won't force them to change their minds, especially since there aren't enough users who care to make a dent in their revenue. Proposing a less onerous way to stop malware and bringing that in front of a judge on behalf of the app developers who are harmed will.

[–] ColeSloth@discuss.tchncs.de 4 points 19 hours ago (2 children)

I still say fuck them and push back and that total control is there end goal.

However. I agree with what they're putting in place at this time. It's a one time 24 hour hold before you can install apks from unknown places.

Unfortunately, a lot of people are pieces of shit, and I know for pretty much a fact that making this move will prevent old people from getting scammed. Especially for more targeted attacks where you can use ai to fake one of their relatives voices. It pumps a brake on scammers getting people to grant access while under a panic.

So if you're tech savvy, you'll just have to wait an extra 24 hours before you can start side loading after a phone reset or new phone purchase. Not a big deal if it keeps my pops from having his bank account drained. The guy got in a panic when his Facebook billiards game lost his score data. The guy would have left his phone with someone for a week if they told him they could have gotten it back.

[–] Vocalize8711@lemmy.world 1 points 7 hours ago (1 children)

Security should not control us, we should control security. In other words, this is not the right solution.

[–] ColeSloth@discuss.tchncs.de -1 points 7 hours ago

There's a middle ground between complete disregard and complete lockdown. If you've got a better solution to scammers that isn't going to drain your battery, invade your privacy, or hog up resources, I'm all ears. Grow up a little and maybe stop being so "me" centric.

[–] XLE@piefed.social 9 points 19 hours ago (2 children)

This is clearly not designed to keep people secure. If it was, Google would not force you to make your device less secure to install apps of your choice.

[–] ColeSloth@discuss.tchncs.de 0 points 7 hours ago

Lol at what you call "proof". Also, no one said you had to leave it enabled. Also, also, dev options is a security risk BECAUSE it allows for side loading. Hahaha

[–] pfried@reddthat.com 1 points 17 hours ago* (last edited 17 hours ago) (1 children)

The only way it reduces security is by increasing the attack surface. There is no "now anybody can get root on your phone" vulnerability for enabling developer options, and if there were, Google would patch it. I always enable developer options as soon as I get a new device.

Because of this, the audit described in the more link is deprecated.

[–] XLE@piefed.social 1 points 17 hours ago

I always enable developer options as soon as I get a new device.

That's great for you, but you and I are not the targets that Google is supposedly trying to protect from supposed scams.

[–] pfried@reddthat.com 2 points 17 hours ago

Their original plan was basically full control

I'm not happy with the change, but let's at least get the facts straight, so we can argue our position better. Their original plan included a way to install apps from unknown sources, but it did not describe how that would work.