0xedbGoogle details new 24-hour process to sideload unverified Android apps
https://android-developers.googleblog.com/2026/03/android-de...
At this point I'm convinced that there's something deeply wrong with how our society treats technology.
Ruining Android for everyone to try to maybe help some rather technologically-hopeless groups of people is the wrong solution. It's unsustainable in the long run. Also, the last thing this world needs right now is even more centralization of power. Especially around yet another US company.
People who are unwilling to figure out the risks just should not use smartphones and the internet. They should not use internet banking. They should probably not have a bank account at all and just stick to cash. And the society should be able to accommodate such people — which is not that hard, really. Just roll back some of the so-called innovations that happened over the last 15 years. Whether someone uses technology, and how much they do, should be a choice, not a burden.
This has nothing to do with keeping people safe. If it did then power users could continue to install their own software by being given that ability as a developer setting. The fact that some people are gullible enough to go into a hidden setting on their phone and enable that in order to install an app from a random Chinese website is not a good reason to take away everyone's freedom. Consolidation of power is all this is about.
This has nothing to do with keeping people safe.
...and...
some people are gullible enough to go into a hidden setting on their phone and enable that in order to install an app from a random Chinese website
are kind of contradictory.
It's not a contradiction. Removing that setting solves that problem, but it's not the only solution.
It also only solves that very specific problem. You don't need to side-load an app to scam someone. There's plenty of malware on the play store you can use. And, you don't need malware. There's plenty of legitimate apps you can use for scamming.
And, you don't need an app, I would imagine most scamming is done without an app.
So, really, we're solving a subset of a subset of a subset of a subset of the problem.
yes. Hence, "this isn't about keeping people safe".
The most effective means of hacking is social engineering. You can't solve that with any number of "security measures". If you require all the DNA sources in the world, a scammer will still charm a target into opening it up for them.
Exactly, it's about 'trusted computing' and that never meant your 'trust'.
There is immense pressure to stop online scams which are draining old people of their life savings. The whole flow from the article seems entirely based around letting power users install what they want while being able to break the flow of a scammer guiding a clueless person in to installing malware.
It is promising that Google has avoided just turning off sideloading but still put measures in place to protect people.
What can Bank X do to stop phone malware from scraping the user's session token from the Bank X app or website?
Yes, banks should (and sometimes do) double- and triple-check with you before allowing large transfers/withdrawals, but scammers know how to coach their victims past this. Speaking from experience.
(I also don't fully agree this is Google's responsibility, and I am not happy about this development. But there are legitimate points in favor of outsourcing the question of "will this software do nefarious things" to some kind of trusted signing authority.)
Don't do instant non-reversible transfers. Specially for a transaction that is highly likely to be fraud. I.e. person transfers to someone you haven't done business with before or foreign accounts. Also the fraud detection needs to go both ways.
>There is immense pressure to stop online scams which are draining old people of their life savings.
From who? I'd rather have this done by a regulated service like a bank than a private corporation with a perverse incentive. Frauds and scams are already illegal.
That't the similar narrative to "think of the children". They want to act as this middleman and secure their place, all while having unfettered access to people's data.
I've never seen any news about such scams with actual malware that can break through Android's sandbox system - as we're still assuming a rootless systems. In most cases it's pig butchering, phishing, cold calls that make the person use the official app to transfer money to an account they're told to.
This stops nothing of the sort.
Why can't a bank put a lock on large transfers or have an extra verification step? Or a cooldown period, so that if they see a large transfer from people above 60, let them go to a branch to verify/ack the transaction. Why is this the internet or operating systems problem to solve?
It's crazy. There have been news articles here where people have lost their whole account balance in one go and bank says they can't even do anything after the transfer is made. How is that different from Bitcoin then? People that have never done such huge transfer and the banks supposedly are monitoring transfers.
And since the customer was supposedly being careless, they won't get anything from the bank.
Well in many countries this is the case.
But it's an interesting thing to raise, because so often when they do enforce those controls - the outcry is 'bank won't let me do what I want with my money!'.
Not such a stones throw from - 'tech company won't let me do what I want with my device!'
Im not making any specific point. But perhaps thats indicative that the solution needs to be holistic, or just that security is hard XD.
It absolutely has to do with keeping people safe. You not caring isn't relevant.
If Google cared just the slightest bit about keeping people safe, they would stop hosting scam ads as core part of their business model.
Google is on the side of the scammers.
Total nonsense. Google is a large company with different teams that have different goals.
Not shilling, your points are just bad. I could just as easily say "You are one person who makes money, therefor you are always bad". Silly.
Your argument is basically "If the Android team cared about user safety then Google would shut down as a business to support them". It's nonsense.
Google restricts sideloading "for your safety", while their app store is full of scam apps and F-Droid has zero malware. Don't you find this slightly illogical?
Not really. No one targets F-Droid. If they did, there would be malware. F-Droid barely audits packages at all.