- enable developer options
- confirm that you are not tricked
- restart phone and re-authenticate
- wait one day
- confirm with biometrics that you know what you are doing
- decide if you only want unrestricted installs for 1 week or forever
- confirm that you accept the risks
- enjoy the few apps that still have developers motivated to develop for a user-base willing to put up with this
Combined with the news that they’re going to start requiring developer age verification even in the alternate app repositories…
I can understand this workflow being created to protect the legions of people who are tricked into installing spyware.
It doesn’t remotely affect me because I use GrapheneOS and if this is an issue for you then you’re probably someone who should look at installing GOS or Lineage.
I don’t think Google should be able to do this and it is likely part of a longer-term strategy to strangle any competition. At the same time, I can understand how this change will save a lot of grandparents from clicking a link in a text from their ‘grandchildren’ and installing spyware that’ll steal all of their bank information.
GrapheneOS is built on AOSP, which is where the change is being made. Graphene and other custom ROMs will need to maintain a fork that cuts out the feature if they want to avoid. Google is also starting to close off Android to make that more difficult, so it’ll become a genuine project to maintain the fork well.
As far as I understand the enforcement depends on privileged play services. https://xcancel.com/Metr0pl3x/status/1960329785277571420#m
That’s better, at least. GrapheneOS users should be fine at least since there are extensive restrictions on Play. Other Android ROMs may have issues, though. Maybe not if they use MicroG.
I mean… This is kind of why I never let people use my phone.
I have installations from various sources enabled… Like my browser, because I know what I’m doing. But I wouldn’t trust anyone as the process is currently effortless…
If someone is trying to install spyware on you (like a partner or parent.) this might offer some notification and prevention.
I don’t really see the big deal. You do it once, enable it forever, and wipe up those tears.
I think a better way would just to have maybe like a biometric/pin confirmation upon installation. Simple. Clean.
they want to suppress the developers, not users. By making it so bothersome, so many people will just stop using sources from outside google play. First they do this and at some later time they will add more hoops to it. If they manage to strangle any developers that make stuff, people will have nowhere to turn yet they cant complain either because google will have undeniable monopoly.
Who are these smooth-talking scammers that can guide a regular-ass user to jump through hoops in settings to install a malicious app?
Maybe I should ask them how they do it, because I cannot convince my family to download and use Signal. You know, the legit app from the official app store.
People who can’t operate a computer will somehow become gods at following instructions if someone calls “from Microsoft”
Yes exactly this. I try and explain a computer thing to someone and get ignored. That same person talks to some sales rep in the electronics store and comes away “ohh they said I need to buy super expensive antivirus, that’ll solve my issue with my screen resolution being too low”. 🤦
The sales rep offered a solution to that person’s problem.
You want that person to be right which they perceive as you want to dominate them.
So they try to resist you while they are highly motivated to follow the instructions of the sales person.
Interesting explanation of the psychology and I don’t necessarily doubt it, But I also offered a solution. The solution I’ve offered fixes the problem, the salesman’s solution sounds like it solves the problem but does not.
You mean from ‘The Microsoft’
Okay but, installing an apk is not the kind of thing a scammer does. They’ll just install some standard off the shelf remote access software from the play store
This very much feels like they just needed to come up with a new justification for this process and opted for scammers for some reason. Even though they’re completely disconnected
This very much feels like they just needed to come up with a new justification for this process
It feels that way because that’s exactly what happened.
In addition to the advanced flow we’re building free, limited distribution accounts for students and hobbyists. This allows you to share apps with a small group (up to 20 devices) without needing to provide a government-issued ID or pay a registration fee.
Fuck you sideways, Google.
What? ID?
They want developers to share their IDs to have their apps on the play store. The limited groups is so hobbyist developers can still share apps without having to jump through those hoops and so the users don’t need to go and enable sideloading, with the caveat that there’s a call on how many users you can send it to it looks like.
That’s already the case. The new thing is that they want developers to share their ID to have their apps be installable on Android in the first place, even if they don’t use the Play Store.
But the sideloading flow via dev options that they have revealed doesn’t require that and it’s easy to do…
From what angle is it easy to do?
- Enable developer mode (using a hidden process where you have to know where to find it)
- Go through a scary form
- Restart the device
- Wait 24 hours?!
- Go to the settings again
- Do some more scary confirmations
- Check another scary checkbox
- And then… confirm again every single time you install an app
And you are telling me it’s easy to do? I can go publish a diet tracking app and Aunt Flo will happily go through this and I won’t lose customers?
I feel like if someone knows what an .apk is and where to download them, they’ll also know how to search for how to install them
Yeah, and currently you don’t need to know what an apk is to install them.
I’m just going to eradicate Google once SteamOS supports mobile devices. Fucking control freak douchebags.
Bruh what? You’re gonna be waiting a long time for that. Better to use one of the pre-existing alternatives than wait for an OS that probably won’t ever exist, and probably won’t support your hardware if it ever does.
Just think of all the other things that could benefit from a “protective waiting period” to enhance your safety.
Turning off location tracking, using a web browser other than Chrome, using a mail server other than Gmail, visiting duckduckgo.com — if Google really cared about your privacy and security they’d add a 24-hour delay to all these dangerous activities.
Not happening on /e/OS! You can join us here: https://e.foundation/
I hate how much more difficult my work or life has to be because some people shouldn’t have a smartphone.
Why is it called developer mode if it’s supposedly an advanced flow? That has a bad implication.
And again, confirming that my current phone will be the last android device I own.
What will you use instead though?
At this stage, I’m thinking one of the Motorola phones that will run Graphene out of the box.
Isn’t that Android?
I believe it’s a fork of android that is not managed by Google
It’s an Android fork that has been degoogled
…so it’s android.
I imagine since it’s not an official product of Google’s, it can’t legally be called “Android.” As such it’s something that is not Android, but is highly compatible with it since both are rooted in the AOSP.
Is that meant to be a “gotcha” or something?
My point is, this is the last time I let google control my phone.
How will this be accepted by the EU? Will it comply to the regulations?
Because they technically still allow sideloading after 24 hours so I don’t think it would violate EU laws
They think this will take some of the heat off of them. Hopefully no one actually thinks this is a reasonable compromise. If I want to help an elderly family member install something on their phone during Thanksgiving dinner or a family reunion, I’m not gonna want to wait a day. Uncle Paul’s flying back to Florida tomorrow morning!
spoiler
___either going back to cell phones or we all go for Linux phones
If graphene had Liquid Glass I’d unironically switch to it. I can’t stand flat looking UI.
Are you really trading off an aesthetic feature for no privacy?
Secondly, just install a liquid glass theme if you’re funny.
Thirdly, liquid glass theme is ugly anyway
