Eugen Rochko
Denzil Ferreira@Gargron the review process at Google can be a PITA, but for a good reason. Permissions to access more than an app really needs can be exploited for harvesting private information on a seemless update that most won't even notice. Side loaded apps downloaded from say APK mirror can have been tampered with using smali edits and you won't know. What Google should do is certified dev signing keys to trace and confirm if an APK is legit or not and coming from the actual dev, regardless of being side loaded.
Chickerino@denzilferreira @Gargron so why dont we do this on windows or linux then, both oses by default dont even have a permissions system and give applications near full access to the device
@Chickerino @Gargron that's not true, you do need to raise admin rights to install something not digitally signed on Windows, and admin credentials to install on Linux. On Linux you have Flatpaks that do have permissions in place, and the software runs on a sandbox with only access to what you allow. Windows does not do any of that - hence I'm not gonna even recommend it.
@denzilferreira @Gargron thats why i said "near" everything, for example on android you need to give permission for the app to be able to access your files outside of the app container, windows by default lets every app access every file that your user has access to, i think thats a bit stinky
@Chickerino @Gargron yes π
btw Google is doing exactly what I said: verification of dev certificate on the .APK allowing you to side load authentic apps. Only unverified .APK are blocked https://arstechnica.com/gadgets/2025/08/google-will-block-sideloading-of-unverified-android-apps-starting-next-year/
@denzilferreira @Gargron thats also stinky but for a different reason, unless the user can specifically override this requirement
BillieDenzil, nope. G****e demands you give them your private app signing keys, breaking any thrust chain this way.
@Billie we are talking about Google Certified devices here. Google is the root trust CA, and as a developer that wants to publish on the Play Store, you want people not to be able to side load malicious versions of your app. That's what this is about. If you put your own ROM, without GMS, nothing stops you from side loaded apks. It is the same for iPhones. This will affect and prevent the spread of malicious and randonsomware that scammers use.
Giving away your private signing keys breaks any thrust chain. It is just the opposite.
@Billie I guess Google only needs the pub key to verify your identity, true.
Kevin Karhan 
@Billie @denzilferreira except #Google.has no right to demand that control to begin with!
- They have forfeilt their control the moment a person ticks the "allow unverified app installations" setting in Android.
Remember: "Know Your Developer" IS the ilkicit activity!
JuMi@denzilferreira @Chickerino @Gargron it's still opening a door to censor whomever they decide is not an approved developer for whatever reason. It's still not justifiable to completely lock out users to do what they want with their devices.
@jumianr @Chickerino @Gargron I understand this. But we are a minority who want to tinker. For Google, the priority is to protect the large majority of Android users from installing apps that are not legitimately packaged by developers who did publish their app on the Play Store. Developers will be able to install their own apps on their devices if developer mode is enabled and via ADB. And a user will be able to adb install an app if compiled with debug keys. The thing here are release keys, which need to match the play store version of legit apps. This also attempts to prevent repackaging of apps with malware. This is the same on Apple devices. I think people are overreacting to be honest. EU also dictated alternative play stores are possible and pretty sure Google will not be able to enforce Play Store only verified apps to install.
@denzilferreira @jumianr @Gargron this is not a reasonable excuse to remove the freedom that users have to install whatever they want, i would be ok with this if and only if the user was given a clear warning before installing an application and given a choice to do so anyway
besides, apps on android are sandboxed, the damage they can cause (notwithstanding any security vulnerabilities) is limited to the permissions that the user gives, if theres any place this would make sense, i dont think its android, especially considering that mallicious apps or just data stealing apps are very common place on the play store anyway
@Chickerino @jumianr @Gargron and I do believe that will be the case. The only thing they are preventing is installing an app that the package matches what is available on the Play Store and signed with a verified developer account and the app you are trying to install has not been signed with the same certificate. You should be able to install the apks otherwise (no package match, nor verified developer). That does not sound bad to me.
@denzilferreira @jumianr @Gargron @Chickerino PRECISELY THAT!
- #Google of all companies (worse is only #StasiBook / #NSAbook) has no moral right given their business is based around data harvesting and microtargeting users.
@denzilferreira @Chickerino @Gargron @jumianr precisely!
- If you can't use a device against the manufacturer's will and/or intentions, then you don't own it!
Daniel Leigh@denzilferreira @Chickerino @Gargron on both windows and linux no additional permission is needed to install to a users home directory or simply run without installing. The permission model on both operating systems is more geared towards preventing the system configuration from getting messed up than preventing anything remotely malicious.
@denzilferreira @Chickerino @Gargron @danielleigh granted one could just remove users' ability to create/write files with executeable permissions or run
chmod +x but oitside of some hard-locked kiosk systems noone does that!
β Fish Id Wardrobe@denzilferreira @Chickerino @Gargron i don't have to pay to use admin rights, and neither does the developer, though. neither of us need linus's permssion to do itβ¦
Kg. Madee β
‘.@denzilferreira absolutely not true. Nothing short of very advanced security configuration prevents you from running any executable file from anywhere as long as you don't want to write into protected system directories.
And nothing prevents you from not doing that, either, so you can have your walled garden "security" if you so wish ...
And nothing prevents you from not doing that, either, so you can have your walled garden "security" if you so wish ...
@kgMadee2 yep, when there is a will, there is a way ;)
Ben S.@kgMadee2 @denzilferreira "installing" applications to your user home directory tree is actually becoming *more* common on Windows these days, including Microsoft apps.
Snooklalala@denzilferreira @Chickerino @Gargron
I've worked by myself for 30 years. Built all my own computers down the years, to keep me going and still can't do some things because I need permission from the Administrator !
Hey...
It's me.
Just me.
No one else works here.
Nope. Need the administrator.
I'm old now, not long to go.
Kitlith@denzilferreira
You can still run (potentially malicious) software without installing it. Lots of portable software out there on windows, AppImages or statically compiled binaries on Linux, etc. And you don't need admin permissions to ransom the user's documents, run a cryptominer, change the user's browser settings, adding itself to the user's startup applications, etc.
@Chickerino @Gargron
You can still run (potentially malicious) software without installing it. Lots of portable software out there on windows, AppImages or statically compiled binaries on Linux, etc. And you don't need admin permissions to ransom the user's documents, run a cryptominer, change the user's browser settings, adding itself to the user's startup applications, etc.
@Chickerino @Gargron
@denzilferreira @Chickerino @Gargron @kitlith espechally with all the #JavaScript bullshit and #Browser #permissions...
- #NSAbook literally spun up local #webservers on mobile devices to have persistent, cross-app - tracking functionality that breaks out of sandobxing even on #iOS!
Magnus Ahltorp@Chickerino @denzilferreira Did I dream I had to crack a Windows machine to install anything? I donβt think so.
Jake 
@Chickerino yeah, and even macOS lets you do that (there is an app permissions system, but it can be disabled with a terminal command (i forgot what it was though)
David Chisnall (*Now with 50% more sarcasm!*)Except that, it doesn't prevent malware. Note that this news article is from today. I went to find the most recent example of this and it turns out that I didn't even have to go back as far as yesterday.
Proper safety is done by reducing kernel attack surface, reducing the size of the TCB, and making it easy for applications to respect the principle of least privilege so that ones that don't stand out as things that obviously request more permissions than they should have.
@david_chisnall @Gargron yep, there is only so much that automated and human review of code can do to prevent or minimize malicious code.
@david_chisnall @Gargron @denzilferreira in fact all #malware that gets into #GooglePlay works with lies and deciet as in the original account and code submitted is all clean and onlynafterwards do they slowly "update" maliciois functionality.
- You can see this with fake minecraft clones / blatant copies that start out as #shovelware but also distinguish IP ranges between #Google's reviewers and genuine users, downloading different sets of files...
Stolen Minecraft Is Now More Popular Than Minecraft.
@kkarhan @david_chisnall @Gargron yep... it may be that with AI assistance, code could be analysed on every update to prevent or mitigate some of this backdoor malicious updates. Will it be perfect? No.
@denzilferreira @david_chisnall @Gargron not really.
Also "#AI" is wasteful computing that results in unmaintainable code and hallucinated solutions.
@kkarhan @david_chisnall @Gargron I meant to analyze the code for possible CVE or exploits at scale. Doing it manually with a lot of humans will take more resources if that is what you are comparing to (computers, electricity, etc). AI has it's place to help.
@denzilferreira @david_chisnall @Gargron
1. Google and Apple do that to an extent. Obviously they can't work against maliciois devs knowing that and thus detecting their sandbox-testing.
2. What you point out as "#AI" is at best a worse version of #VirusTotal.
@kkarhan @david_chisnall @Gargron yep, that's why I said before there are limits to what AI or humans can actually do π VirusTotal looks very interesting, thanks for sharing!