0xedbGoogle details new 24-hour process to sideload unverified Android apps
https://android-developers.googleblog.com/2026/03/android-de...
At this point I'm convinced that there's something deeply wrong with how our society treats technology.
Ruining Android for everyone to try to maybe help some rather technologically-hopeless groups of people is the wrong solution. It's unsustainable in the long run. Also, the last thing this world needs right now is even more centralization of power. Especially around yet another US company.
People who are unwilling to figure out the risks just should not use smartphones and the internet. They should not use internet banking. They should probably not have a bank account at all and just stick to cash. And the society should be able to accommodate such people — which is not that hard, really. Just roll back some of the so-called innovations that happened over the last 15 years. Whether someone uses technology, and how much they do, should be a choice, not a burden.
> People who are unwilling to figure out the risks just should not use smartphones and the internet.
Sounds great in theory, but just today I was reminded how impossible this is when walking back from lunch, I noticed all the parking meters covered with a hood, labelled with instructions on how to pay with the app.
https://www.cbc.ca/news/canada/saskatchewan/city-of-regina-r...
What do you mean by impossible in this case? Can't you just have the coin-operated parking meters back? Where I live, in EU, parking meters even take cards.
EDIT: I guess "just" is doing some heavy-lifting, so I won't argue this further, but "impossible" isn't the word I would use either. The city could revert this decision, definitely if enough people wanted them to (that's... I know, the hardest part). I just agree with the OP that we technically could go back to slightly less-digital society.
There are places in EU too where parking meters have disappeared and payments are only done through apps. And I am talking about public space in the street, not private parkings.
no way will they go back to coin-operated. That would mean they have to pay employees to walk up and down to collect coins.
And worst of all, the momey you pay isn't tied to your license plate. If you overpay, someone else can park for free!!
The other problem, in the US at least, is that cash is very low value (inflation), and dollar coins never caught on. I'm not trying to carry around $6 in quarters to park for 2 hours. And that's a pretty inexpensive parking spot.
...are you implying that digital money is worth more than digital?
because I doubt anyone who spends cash regularly is holding much of it long enough to lose value to the digital ones in their checking account.
No, they're implying that you need a lot of coins to pay for parking.
If you need $6 to pay for parking, and the largest commonly available coin is a quarter, that means you need 24 coins to pay. If the value of currency was such that the parking only costed $3, or if dollar coins were more common, you'd need less coins to pay.
Place where I park my car for work (Gosford, Australia) just got rid of cash payment, they now take card payment only (apparently there is also going to be an app, but they haven’t launched it yet). I think the number one reason is they are upgrading to a new system, and the parking technology vendor doesn’t provide cash payments as a standard option-probably they could implement a custom integration to enable it if they thought it was essential, but cash payments are so rare, it would be a difficult decision to justify. The carpark is owned and operated by the local government, so they need to justify their decisions, either as commercially viable, or else as producing substantial public benefit, but I think both arguments would be difficult to sustain in this case.
It’s kinda easy to justify though from a financial standpoint. If the parking meters take cash, you need all the hardware to accept and secure the cash. Then you need somebody to go around at some point and actually physically collect the cash. Then someone has to reconcile the cash, etc.
So at least from that angle I see it as an easy “government is actually trying to be more efficient” argument.
As a user cash is a pain in the ass. I have to count it out, keep it in my pockets, etc. So much easier to just tap my phone or my card. But yeah that’s a tradeoff in the classic “You’re trading X for convenience”.
And then you have kids and junkies sticking twigs and gum in the coin mechanism. A card only system can be a single solid slate with minimal upkeep.
Combined with the fact almost no one uses cash in Australia.
Even then with cards they may still need to consider fraud via skimmers, or that the equipment can be vandalized. Going app-only (or vastly reducing the availability of payment machines) means less upkeep for them, but it also moves the kind of fraud to where people have replaced the information or QR codes to scan. It seems like a parallel to what google and whatever entities are pushing them to make these changes are trying to do, at some point someone has to put in work to keep the system working securely and everyone wants to delegate it to someone else.
At least in Australia, skimmers haven’t really been an issue for a long time. Everyone uses paywave / nfc payments. The ticket machines I’ve seen installed lately don’t even have a way to insert the card or a pin pad.
They are in theory still possible to destroy but it’s a lot harder and the little electronics left are cheaper to repair.
Don't pay and when you get a fine take them to court and state you don't have a bank card. There's jo wat a council can legally require you to enter into an agreement with a bank to use council run facilities, it's likely nobody's challenged them on it though.
Every council I've lived in has still taken cash for every type of council fee, despite their "official" statement being they don't.
> There's jo wat a council can legally require you to enter into an agreement with a bank to use council run facilities, it's likely nobody's challenged them on it though.
Is there some law saying they can’t?
This is a carpark. If you own a car, you are legally required to hold a CTP insurance policy as a condition of registration-so to be able to use the facility, you legally need to be customer of one type of private financial institution; given that, is it really problematic if council requires you to be a customer of a second kind as well, when close to 100% of the population are?
I parked in a garage in downtown Tacoma, Washington. The only option to pay was via an app. So I downloaded the app (by walking outside to where there was cell service, because I was, you know, underground in a garage) at which point it threw an internal server error when adding my card. There was no attendant on duty, and no way to pay with a credit card. So I left - just drove out of the garage. Then a few months later I got a fine for $75 for not paying. Then I called them to dispute it, and they offered to waive most of it, but it was still more than if I had been able to pay the fee initially.
I'm sure it was sold to the garage as a way to "maximize revenue and unlock operational efficiency". And sure enough, look, the revenue number is up and to the right. Working as designed.
Just ignore it and never park there again. Change your plate if you really want to pay someone for something.
Seriously, I don't understand why these stories have to so often end with someone just giving in and paying. Our society is so disenfranchised. I understand that doing it the right way by sending them written notice that it's an invalid debt takes time and effort, but there are options between that and just giving in and validating their nonsense.
You're right, I pasted this into Claude and it seems to think that there are many avenues. And Claude even named the parking operator by name because they're facing a class action for this very thing:
Claude wrote:
> The broader trend is in your favor. App-only parking companies are facing a wave of legal action nationally. A major class action lawsuit against Metropolis Technologies (one of the largest app-based parking operators) alleges they violated consumer protection laws by failing to provide adequate means to pay for parking and then penalizing consumers for not paying. Lanier Law Firm Tennessee's Attorney General secured a nearly $9 million settlement against Metropolis for similar practices, requiring them to implement clear signage, maintain staffed customer support, and automatically issue refunds when their technology malfunctions.
It's just so exhausting to deal with this kind of thing, I've been super busy and it's not worth it to me to fight over $30, which is exactly the bet these scummy companies are making. I think LLMs lower the cost of drafting serious sounding letters to the point where that should be my first impulse rather than giving up and paying them, which rewards the behavior.
> Where I live, in EU, parking meters even take cards.
Unfortunately, a more accurate way of putting it is: stuff takes cards in lieu of coins. Like, where I live (also EU), ticket machines in buses and trams have gradually been upgraded over the past decade to accept cards, and then to accept only cards.
It's a ratchet. Hidden inflation striking again. Cashless is cheaper to maintain than cash-enabled, so it pretends to be a value-add at first, but quickly displaces the more expensive option. Same with apps, which again, are cheaper to maintain than actual payment-safe hardware.
It's near impossible to reverse this, because to do that, you have to successfully argue for increasing costs - especially that inflation quickly eats all the savings from the original change, so you'd be essentially arguing to make things more expensive than the baseline.
a few years ago the vending machines in my office building started accepting credit and debit cards for an extra fee of $0.35 per transaction. just recently they stopped accepting bills and coins leaving cards as the only option, but are still charging the extra fee.
Not advocating for cashless only, but cash also has costs: banks charge for deposits and coinrolls, and you need to protect against robbery
That, + logistics and logistics security in general. I agree, the costs are real; in general, anything physical with mass = costs. So the cost savings are real too - my point is that those are instantly eaten by inflation, so going from cash to cashless and then back to cash isn't a no-op; rather, the first leg quickly turns into a no-op, then the second leg would be increasing costs.
I feel like this kind of glosses over the fact that a lot of people (I'd say an overwhelming majority) prefer the cashless options anyway.
I don't know if I have any friends who miss carrying coins and cash, or who miss carrying individual bus/subway tickets, but if they do, they're awfully quiet about it compared to the friends who happily say they can't remember using cash.
I'd say that if anything, cashless things are catching up to the general public.
Personally, I'm in favor of keeping things cash-friendly because people shouldn't be forced to be cash-free, but that's only to support a small minority of people.
Overwhelming majority prefers shit[0] - people pick from what is made available to them, not from what could possibly exist, and they don't have direct say whether or when what's available changes.
These cashless solutions are just another thing[1] being pushed from top down; the passengers only notice when they suddenly find themselves unable to buy a ticket for coins, but by that point, the decision has long been made, so people only get to whine and complain, or otherwise express opinions that are not actually listened to by anyone with power to change things.
This is not saying that all those solutions are bad or inferior. Just that nobody is actually checking with people whether they want it or not; technology is deployed as fait accompli, and regular people just find ways to cope.
--
[0] - Like flies, I suppose. There's millions of them, they can't be wrong!
[1] - Like most technology, really, both software and hardware.
I also live in EU. In Sweden. Most places don't even have parking meters anymore. You're just expected to use your phone.
And cashless is the default.
This cuts both ways. Since smartphones are becoming such an essential necessity, we should never ever remove the possibility to adjust these devices for our own requirements
I'm reading this discussion, and allow me to give you my two cents. It's not a matter of being impossible, but rather how much the rest of society is willing to pay to maintain such infrastructure (either through higher taxes when dealing with the government, or through more expensive goods/services when dealing with corporations, since companies need to maintain old infrastructure that most people don't use).
For example, I read that Switzerland voted to guarantee the use of physical cash, even enshrining it in the constitution, which clearly points toward preserving older infrastructure. However, if you have cash but no one accepts it, it becomes useless. So it would probably require more—something like requiring businesses and the government to accept that form of payment.
As many things in life, not impossible: but is society willing to pay for that?
Right, and builders now build homes with Ring cameras pre-installed. Surveillance chills aside it's about building rent-seeking into every corner of the economy, and that's a top-down goal of modern capitalism. Requiring a smart-phone to park is just part of it, and it goes back to the parent comment that there is something deeply wrong with how our society treats technology.
To me it proves that Google's steps to lock down phones isn't really about security. To them the scams that happen are acceptable losses. The scammed will still use Android and still click on ads and still let themselves be tracked and marketed to as before. But if Google can use the excuse of security to edge out alternative apps and app stores they will spend plenty of money and time to do it.
This isn't security, it's sealing a hole in the sales funnel.
I was always under the impression security was a red herring and the real reason was control. Google wants to own the device and rent it to users with revocable terms the same way SaaS subscription software works. Locking down what can run is a key step in that process
I worked at a bank on the backend for architecture and security.. and I've posted this attestation here before, but the sheer volume of fraud and fraud attempts in the whole network is astonishing. Our device fingerprinting and no-jailbreak-rules weren't even close to an attempt at control. It was defense, based on network volume and hard losses.
Should we ever suffer a significant loss of customer identity data and/or funds, that risk was considered an existential threat for our customers and our institution.
I'm not coming to Google's defense, but fraud is a big, heavy, violent force in critical infrastructure.
And our phones are a compelling surface area for attacks and identity thefts.
Then don't issue an app. Issue people cards to pay with and let them come to the bank for weird transactions.
This 100%. I don't understand why everything needs to be an app nowadays. Some things are best done in person and without to technology. No, I won't install some shitty app that requests location and network access to order lunch. If a venue does not provide a paper menu and accept cash, they have just lost my custom.
Revolut seems to work without physical presence.
And the website and app of my bank with offices is ... how should I put it ... a bit Kafkaesque.
The obvious thing banks should be doing is putting fucking restrictions on these accounts by default and let people ask for exceptions.
And of course if regulations don't encourage them to pick social-engineering-proof defaults then things won't improve.
You can even use the chip on the card together with some cheap HW device to authorize the transactions made with the app.
This actually exists [1] for quite some time but seems to be mostly limited to Germany. But this and the use of other HW tokens systems is on decline. Banks increasingly use apps now, increasingly without any meaningful second factor, not even offering better options. They want this and are fully to blame.
[1] https://en.wikipedia.org/wiki/Transaction_authentication_num... (This is a bit outdated, nowadays it works via QR codes instead of those flickering barcodes but the concept stays the same)
Go find a bank without an app.
Do you allow customers to log in to their account with a web browser on a windows machine?
Web browsers are secure fingerprinted as well, on a sliding scale of access requests, from login to "initiate a wire transfer for $1M".
I wish we had technical solutions that offered both. For example, a kernel like SeL4, which could directly run sandboxed applications, like banking apps. Apps run in this way could prove they are running in a sandbox.
Then also allow the kernel to run linux as a process, and run whatever you like there, however you want.
Its technically possible at the device level. The hard part seems to be UX. Do you show trusted and untrusted apps alongside one another? How do you teach users the difference?
My piano teacher was recently scammed. The attackers took all the money in her bank account. As far as I could tell, they did it by convincing her to install some android app on her phone and then grant that app accessibility permissions. That let the app remotely control other apps. They they simply swapped over to her banking app and transferred all the money out. Its tricky, because obviously we want 3rd party accessibility applications. But if those permissions allow applications to escape their sandbox, and its trouble.
(She contacted the bank and the police, and they managed to reverse the transactions and get her her money back. But she was a mess for a few days.)
> (She contacted the bank and the police, and they managed to reverse the transactions and get her her money back. But she was a mess for a few days.)
And this almost certainly means that the bank took a fraud-related monetary loss, because the regulatory framework that governs banks makes it difficult for them to refuse to return their customer's money on the grounds that it was actually your piano teacher's fault for being stupid with her bank app on her smartphone (also, even if it were legal to do so, doing this regularly would create a lot of bad press for the bank). And they're unlikely to recover the losses from the actual scammers.
Fraud losses are something that banks track internally and attempt to minimize when possible and when it doesn't trade-off against other goals they have, such as maintaining regulatory compliance or costing more money than the fraud does. This means that banks - really, any regulated financial institution at all that has a smartphone app - have a financial incentive to encourage Apple and Google to build functionality into their mass-market smartphone OSs that locks them down and makes it harder for attackers to scam ordinary, unsophisticated customers in this way. They have zero incentive to lobby to make smartphone platforms more open. And there's a lot more technically-unsophisticated users like your piano teacher than there are free-software-enthusiasts who care about their smartphone OS provider not locking down the OS.
I think this is a bad thing, but then I'm personally a free-software-enthusiast, not a technically-unsophisticated smartphone user.
For me the answer is separate devices. I have an iphone which is locked down and secure. I have my banking and ID apps on it but I can't mod it however I want. Then I have a steam deck and raspberry pi I have entertainment and whatever I want on. I can customise anything. And if it gets hacked, nothing of importance is exposed.
> And this almost certainly means that the bank took a fraud-related monetary loss, because the regulatory framework that governs banks makes it difficult for them to refuse to return their customer's money on the grounds that it was actually your piano teacher's fault for being stupid with her bank app on her smartphone
In which country? This happened in Australia. The rules are almost certainly different from the US.
> As far as I could tell, they did it by convincing her to install some android app on her phone and then grant that app accessibility permissions.
Did she make it through the non-google play app install flow?
I think all the software the scammers used was in the google play store. I don't think they sideloaded anything.
But I'm not entirely sure. I wasn't there, and she's not tech literate. She was so rattled when I spoke to her about it that it was hard to get a clear story out of her about what happened.
Yes, sandboxing is a technological protection, but once you have important data flowing we often don't have technological protections to prevent exfiltration and abuse. The global nature of the internet means that someone who publishes an app which abuses user expectations (e.g. uses accessibility to provide command and control to attackers) is often out of legal reach.
You also have so much grey area where things aren't actual illegal, such as gathering a massive amount of information on adults in the US via third party cookies and ubiquitous third party javascript.
Thats why platforms created in the internet age are much more opinionated on what API they provide to apps, much more stringent on sandboxing, and try to push software installation onto app stores which can restrict apps based on business policy, to go beyond technological and legal limitations.
The problem is it's quite easy to poke holes in a sandbox when you're outside the sandbox looking in, especially when the user is granting you special permissions they don't understand. These apps aren't doing things like manipulating the heap of the banking app, they are instead just taking advantage of useful but powerful features like screen mirroring to read what the app is rendering.
> . For example, a kernel like SeL4, which could directly run sandboxed applications, like banking apps. Apps run in this way could prove they are running in a sandbox. ... Then also allow the kernel to run linux as a process, and run whatever you like there, however you want.
This won't work. It's turtles all the way down and it will just end up back where we are now.
More software will demand installation in the sandboxed enclave. Outside the enclave the owner of the device would be able to exert control over the software. The software makers don't want the device owners exerting control of the software (for 'security', or anti-copyright infringement, or preventing advertising avoidance). The end user is the adversary as much as the scammer, if not more.
The problem at the root of this is the "right" some (entitled) developers / companies believe they have to control how end users run "their" software on devices that belongs to the end users. If a developer wants that kind of control of the "experience" the software should run on a computer they own, simply using the end user's device as "dumb terminal".
Those economics aren't as good, though. They'd have to pay for all their compute / storage / bandwidth, versus just using the end user's. So much cheaper to treat other people's devices like they're your own.
It's the same "privatize gains, socialize losses" story that's at the root of so many problems.
Good point. I didn't think of that.
It may still be an improvement over the situation now though. At least something like this would let you run arbitrary software on the device. That software just wouldn't have "root", since whatever you run would be running in a separate container from the OS and banking apps and things.
It would also allow 3rd party app stores, since a 3rd party app store app could be a sandboxed application itself, and then it could in turn pass privileges to any applications it launches.
It's what we have now.
I can run an emulator in the browser my phone and run whatever software I want. The software inside that emulator doesn't get access to cool physical hardware features. It runs at a performance loss. It doesn't have direct network access. Second class software.
Its not what we have now, for the reasons you list. Web software runs slowly and doesn't have access to the hardware.
SeL4 and similar sandboxing mechanisms run programs at full, native speed. In a scheme like I'm proposing, all software would be sandboxed using the same mechanism, including banking apps and 3rd party software. Everything can run fast and take full advantage of the hardware and all exposed APIs. Apps just can't mess with one another. So random programs can't mess with the banking app.
Some people in this thread have proposed using separate devices for secure computing (eg banking) and "hacking". That's probably the right thing in practice. But you could - at least technically - build a device that let you do both on top of SeL4. Just have different sandboxed contexts for each type of software. (And the root kernel would have to be trusted).
I'm not familiar with SeL4 other than in the abstract sense that I know it's a verified kernel.
I interpreted your statement "Then also allow the kernel to run linux as a process, and run whatever you like there, however you want." as the Linux process being analogous to a VM. Invoking an emulator wasn't really the right analogy. Sorry about that.
For me it comes down to this:
As long as the root-of-trust in the device is controlled by the device owner the copyright cartels, control-freak developers, companies who profit end users viewing ads, and interests who would create "security" by removing user freedom (to get out of fraud liability) won't be satisfied.
Likewise, if that root-of-trust in the device isn't controlled by the device owner then they're not really the device owner.