fatby 👀1d ago
Torsten Grote

Google has news on what you will need to do for still being able to sideload apps:

* enable developer options
* confirm that you are not tricked
* restart phone and re-authenticate
* wait one day
* confirm with biometrics that you know what you are doing
* decide if you only want unrestricted installs for 1 week or forever
* confirm that you accept the risks
* enjoy the few apps that still have developers motivated to develop for a user-base willing to put up with this

https://goo.gle/advance-flow

Mar 19 at 5:24pmWeb
Show threadTorsten Grote1d ago
They even have a video up where they try to make this all sound nice and positive:
Show threadLioh1d ago
@grote so is not so bad in the end.
Show threadRadomír Žemlička1d ago
@Lioh @grote Well, the 24-hour wait basically means that for a whole day, you're banned from using the device that you own however you like. What's stopping them from extending it to a week? Or a month?
Show threadLioh1d ago
@Razemix sorry, I have waited three month to unlock my Xiaomi. 24hrs is a blessing! @grote
Show threadOzzelot 1d ago
@Lioh
24 hrs is less assholery than 3 months, but it is still assholery.
@Razemix @grote
Show threadLioh1d ago
@ozzelot less asshole is the new nice @Razemix @grote
Show threadAtrapado🌴🍫1d ago
@grote i want to stop using inoperative systems like android or ios, that's it
Show threadFrenezul0_o1d ago
@oatrapado @grote Europeans might come to the rescue in the coming years with creations like FairPhone and Jolla Phone. Maybe if the donations start flooding in, Pine64 might be convinced to put more effort into the PinePhone.
Show threadAtrapado🌴🍫1d ago
@Frenezul0_o @grote those chinese/european phones are just obsolete and overprized, pinephone another archeological piece at a high price.
Show threadThomas Dorr1d ago
@oatrapado
Let's be fair its a pocket tablet that can also make phone calls, and the calls are often not the primary purpose any longer
@Frenezul0_o @grote
Show threadaerique1d ago
@oatrapado @Frenezul0_o @grote 🫩
Show threadsyn1d ago
@grote maybe bro should build an advanced flow for keeping the microphone a consistent distance from his mouth
Show threadroughnecks1d ago

@grote

https://www.youtube.com/watch?v=guZbgOu-qqI

Comicità all'Italiana: L'allenanore nel pallone - Mi avete preso per un coglione

YouTube
Show threadPavel Machek1d ago
@grote Yeah, "committed to openness", what an ugly lie.

And "one time 24 hour wait" ... I bet that will be a lie, too. I'm pretty sure this will hit me more than once :-(.

Google is evil.
Show threadparadox1d ago
@grote
Not watching it. Thank you
Show threadKouki Matsumoto1d ago

@grote ok, what's freaking funny is this act is required UPON TURNING ON DEVELOPER MODE. Imagine if you need to do this every time you need to turn off developer mode because some banking apps check for developer mode. THIS IS HORRIBLE.

If you want to limit app installation, don't limit developer mode. Adb is borderline not ok but still, something else. Maybe this is only required if you need to enable app install from untrusted sources apk.

Show threadzeroase  1d ago
@grote "For power users, we think this is a fair trade-off." Now go and ask the power users.
Show threadLyubomir Ganev 1d ago
@grote he lost me first when calling it that made up term instead of installing. Then lost me again by holding a microphone in his fingers in a video.... I find this trend so distracting and silly lol.
Show threadsoc1d ago

@luboganev @grote Lol, I was more confused why that guy was wearing two watches ... 😆

At least the video didn't have this disturbing happy-background-music melody.

Show threadPieter1d ago
@grote "sideloading unregistered apps", also known as "installing" on Windows and Linux
Show threadRobot16h ago
@superblox @grote also on macos
Show threadPieter8h ago

@robot @grote Apple is stricter about installing uncertified software: https://support.apple.com/guide/mac-help/open-a-mac-app-from-an-unknown-developer-mh40616/mac

Still not as strict as Android though, which is saying a lot.

Open a Mac app from an unknown developer

If you try to open an app by an unknown developer and you see a warning dialog on your Mac, you can override your security settings to open it.

Apple Support
Show threadCalicosine18h ago
@grote Gaslight, Gatekeep, Girldroid
Show threadLEdoian13h ago

@grote wow that wording feels so much bullshitty

removing all the bullshit would probably leave you with “… a … a … a …” removing also spaces would summarise my feelings about this: aaaaaaaaaaaaaaaaaaaaaaa!

Show threadTim Ward ⭐🇪🇺🔶 #FBPE1d ago
@grote But what about companies that develop their own internal apps to interface with their own internal systems to be installed on company-supplied devices?
Show threadTorsten Grote1d ago
@TimWardCam That's not my main concern, but I think there's exceptions for device management solutions. Also they could just register with Google if needed.
Show threadBubu 1d ago
@grote @TimWardCam maybe it's time to revive the device owner privileged extension at that point 🤔🙈.
Show threadTed Mielczarek1d ago
@grote @TimWardCam Google has a whole "Managed Google Play" as part of Enterprise Android support: https://support.google.com/work/android/answer/9495634?hl=en
I don't think companies doing such things will be fussed by this at all. A company using Android devices but not using enterprise management would already be in a pretty self-inflicted state of badness.
Edit: https://developer.android.com/developer-verification/guides/faq explicitly says this doesn't affect enterprise apps.
Distribute private apps - Android Enterprise Help

Private apps are automatically approved for distribution via all EMM bindings associated with the same Google Workspace or Cloud Identity account when they're published. They can be distributed just l

Show threadTim Ward ⭐🇪🇺🔶 #FBPE1d ago
@tedmielczarek @grote I'm thinking of a small company with a dozen or so developers who have one Android app that talks to their back end, for use by a few dozen installation crews. Anything with "enterprise" in its name would be *vastly* too expensive to be of any use to a company like that.
Show threadTed Mielczarek1d ago
@TimWardCam @grote I feel like you're inventing a weird fictional scenario here to be mad about, but Google Play already has support for limited distribution of apps for internal testing without requiring all of the steps required to publish an app in the Play Store: https://support.google.com/googleplay/android-developer/answer/9845334?hl=en
Set up an open, closed, or internal test - Play Console Help

  Important: Developers with personal accounts created after November 13, 2023, must meet specific testing requirements before they can make their app available on Google Play. Read

Show threadTorsten Grote1d ago
@tedmielczarek My weird fictional scenario is normal people using @fdroidorg to get their apps. They have apps that are downloaded millions of times per week. A hobbyist exception to distribute one app to 20 people who need to first opt-in doesn't cut it for those. Also your link goes to Google Play testing, so you may not have understood the issue.
Show threadTed Mielczarek1d ago
@grote @fdroidorg sorry, that was directed at Tim, not you. I understand and appreciate what F-Droid provides and agree that this sucks badly. I just also think that people have a tendency to get off in the weeds instead of focusing on the things that matter.
Show threadTim Ward ⭐🇪🇺🔶 #FBPE1d ago
@tedmielczarek @grote No, it was a real job I had at a real company. I just wondered whether people would still be able to do that.
Show threadderptron1d ago

@TimWardCam @tedmielczarek @grote Looks to me like you'd disable this silly stuff on all the phones you manage and call it good...you're just back to the situation as it exists.

The real pain here is that people install fdroid from the play store thinking they can then install apps but they won't be able to without "disabling security". Other than that it seems like it's a one time annoyance -- less than if you just load lineage or something to begin with.

Show threadmatejrokos1d ago
@TimWardCam @tedmielczarek @grote I think it opens opportunity for linux phones. Purism, Jolla, Volla, postmarketOS... Apps work both on desktop and phones, saving costs all around.
Show threadStephan Weller1d ago
@grote I guess anyone willing to jump through all those hoops has already installed Graphene or Lineage or whatever.
Show threadZiClaud1d ago
*Cries in Redmi phones* (they're not allowing me to unlock the bootloader 💀)
Show threadNazo1d ago

@ziclaud That's definitely going to be one of the biggest problems going forward. It's 100% legal pretty much across the world for providers and OEMs to lock the bootloader and not let the users unlock them. Now Google is going to have incentive eventually to do their own part to lock them even further. (All they have to do is remove the OS option to unlock and it will require jumping through major hoops again — the unlocking function going through the OS was supposed to be a protection mechanism, but that will be gone again...)

It's going to be a real mess.

We may reach a point that the only way to get something third party onto a smartphone involves finding and utilizing hardware exploits and such.

Show thread7heo1d ago

@ziclaud

You need to make a xiaomi account and bind it to your device. It has a 24+h wait, allegedly. I have no idea how it works, though, I have never done it.

I'd recommend using something else than a phone. 🫠

Show threadAlexTECPlayz1d ago

@ziclaud depends on the device. My Redmi Note 11 took two attempts before I could finally unlock the bootloader, I had to wait 2 weeks because I clicked twice on the Mi Unlock tool.

You need a Xiaomi account, insert a SIM card into your phone, use that phone number for the Xiaomi account, then you can start the verification process. It's horrible, but it can be done.

Show threadZiClaud1d ago
@alextecplayz yeah, I did it with an older phone a few months ago to test it, a redmi note 8T, but my current redmi note 13 with HyperOS is wayy worse somehow. They say it's "bugged"...
Show threadAlexTECPlayz1d ago

@ziclaud oh god HyperOS, that one is a nightmare to try and unlock compared to MIUI. My condolences.

You need a 30-day old Mi Account, the Xiaomi Community App and have a Global device. CN devices running HyperOS can't be unlocked anymore, because phone unlocking is illegal in mainland China since 2022 when the government passed a decision to outlaw it.

And with it is the "quota reached" bug that requires you to apply for unlocking at midnight Beijing time. Hell, now you have to run some Python script or whatever, from a brief look through XDA Forums.

Show threadLook What The Cat Dragged In1d ago
@ziclaud I hope one day we'll reach a stage when locked bootloaders will be considered illegal
Show threadeestileib (she/hers)1d ago

@stw @grote

Pretty much yeah, I grabbed a Pixel 10a for graphene and that'll probably be my last one.

Show threadMartin Owens 1d ago

@eestileib @stw @grote

I'm still using my S5. I'm aiming to use it until it's old enough to drink. Not long now!

Show threadDequei 1d ago
@stw @grote Yeah, just start using linux phones, like the #Jolla and done
Show threadSnosrapkungfu (They/them)1d ago
@Dequei @stw @grote i'm on the FLX1S from furios and not looking back.
Show threadTerminal Tilt1d ago

@grote

The irony of the biometric requirement.

In many jurisdictions, a PIN is "content of the mind" (legal protection), but your fingerprint is "physical evidence." By forcing biometrics into the sideloading, they are pushing users toward a security method with weaker legal safeguards.

Show threadGender David Copperfield1d ago

@terminaltilt yeah, i don't like that. i don't even give my phone my fingerprints in the first place.

@grote

Show threadVal Packett 🧉1d ago
@old_angry_queer @terminaltilt @grote the screenshot literally says "or device PIN"
Show threadTerminal Tilt1d ago

@valpackett @old_angry_queer @grote

You're right. I totally missed that.

Show threadbarefootstache1d ago

@terminaltilt @valpackett @old_angry_queer @grote

Am I missing a new Android feature, can one sign into the device with biometrics after rebooting?

Show threadVal Packett 🧉1d ago
@barefootstache @terminaltilt @old_angry_queer @grote no, of course not. they also usually "expire" every once in a while and you have to enter the password if you've only been using biometrics for a couple days
Show threadEllie 🏴🏳️‍⚧️1d ago
@terminaltilt for the average person it's probably much more likely that someone's going to try to look over your shoulder or that one of the infinite surveillance cameras captures you entering your pin than it is that the cops force their finger on the fingerprint scanner. In that way biometrics are more secure and people should use them. Biometrics should just also be very easy to disable in moments where that threat is present
Show threadshivvr1d ago
@31113 @terminaltilt
Cops and goons can take your phone and hold it up to your face very easily. Thankfully it’s pretty easy to disable face for unlock, but continue to use it for everything else.
Show threadEllie 🏴🏳️‍⚧️1d ago
@shivvr but how often does that happen to you vs how often do you unlock your phone in the presence of other people or cameras who could see what you're typing?