0xedbGoogle details new 24-hour process to sideload unverified Android apps
https://android-developers.googleblog.com/2026/03/android-de...
At this point I'm convinced that there's something deeply wrong with how our society treats technology.
Ruining Android for everyone to try to maybe help some rather technologically-hopeless groups of people is the wrong solution. It's unsustainable in the long run. Also, the last thing this world needs right now is even more centralization of power. Especially around yet another US company.
People who are unwilling to figure out the risks just should not use smartphones and the internet. They should not use internet banking. They should probably not have a bank account at all and just stick to cash. And the society should be able to accommodate such people — which is not that hard, really. Just roll back some of the so-called innovations that happened over the last 15 years. Whether someone uses technology, and how much they do, should be a choice, not a burden.
> Ruining Android for everyone to try to maybe help some rather technologically-hopeless groups of people is the wrong solution.
This isn't about how skilled a person is, it is about tackling social engineering. The article gave the example of someone posing as a relative, it could also be a blackmail scheme, but it could also be the carefully planned takeover of a respected open source project (ahem, xz).
What I am saying is this sort of crime affect anyone. We simply see more of it among the vulnerable because they are the low hanging fruit. Raising the bar will only change who is vulnerable. Society is simply too invested in technology to dissuade criminals. Which is why I don't think this will work, and why I think going nuclear on truly independent developers is going to do more damage than good.
True, but that kinda misses the point.
One way to look at it: there are many open source projects targeting Android, projects that gain some sense of legitimacy over being open source yet have few (if any) eyes vetting them. Or, perhaps, the project is legitimate but people are getting third-party builds. That is what F-Droid does. That is what the developer of a third-party ROM does. It would not require the resources of a nation state to compromise them. I am not trying to cast a shadow on open source projects or F-Droid here. I am simply using them as an example because I use said software and am familiar with that ecosystem. The same goes for any software obtained outside of the Play Store, and it's likely worse since there is no transparency in those cases. Heck, the same goes for software obtained through the Play Store (but we're probably talking about nation state resources on that front).
Another way to look at it: we are only considering a specific avenue for exploitation here. If you close it off, the criminals will look for others. I would be surprised if they weren't looking for ways to bypass Google's checks. I would be surprised if they weren't looking for weaknesses in popular apps. Then there is social engineering. While convincing someone to install software is likely desirable, it certainly isn't the only approach.
Either way, I don't think Google's approach is solving the problem and I think it is going to do a huge amount of damage. Let's face it: major corporations aren't a paragon of goodness, yet Google's shift is handing them the market.
F-Droid has a build farm, they don't just host apks uploaded by developers, so it can't be attacked in that way. https://f-droid.org/en/docs/FAQ_-_App_Developers/#will-my-ap...