dwa
Lars Marowsky-Brée 😷RE: https://chaos.social/@grote/116257002625921666
Google obviously has been hijacked by The Onion.
Henryk Plötz@larsmb Interestingly, I find this compromise not totally off the charts. I'm doing consulting in mobile-banking-adjacent spaces and before that wouldn't believe the hoops scammers can get their victims to jump through. A combination reboot-cooldown-"this will decrease security" does seem sensible.
For power users this mostly means doing this dance early on, once, to get the waiting time out of the way.
(I wonder if it might be possible to just integrate that into the device set up flow.)
@larsmb On the security engineering side this of course now means that "unsigned apk" is no longer the easiest way to get the scamware installed, so the scammers will move over to just stealing developer certificates/using mules, and this will happen fast.