real_username56This is Android's new 'advanced flow' for sideloading apps without verification, includes one-day waiting period
SanctusA one day wait period to install an app on your mobile pocket computer. Fucken bullshit.
Nester“Not quire as bad”? My dude, you have to ask for permission from a corporation to installa an app on your phone that you supposedly own and paid for. On what planet is this not awful?
007AceIt looks like a glorified ‘developer mode’ switch that has the 1 day wait to prevent someone from grabbing your phone, turning on sideloading, installing some hazardous app, and then having their way with your info. This appears to be the best of both worlds.
Like when unlocking your bootloader wiped your info. Just do it first. not a year in to using your device, if thats your plan.
Sure. Because as we know people grabbing your unlocked phone to sideload apps onto it is an almost daily occurrence. Which of us hasn’t had a stranger install a cryto miner while we looked away for a second.
Get real. This is an imaginary problem affecting the 0.01% they are using to tell you this action is justifiable. Getting more control is the aim of their game
If they’re already into your phone there’s so many legitimate ways to extract your data. The ability to sideload an app won’t impact that.
Technically installing an app allows continuous spying instead of one-time offloading. It’s an actual consideration with spyware like Pegasus: it might’ve been used as a bug to listen to offline conversations.
CileTheSaneWhat % of users side load apps vs what % of users had someone else install a bug on their phone?
It’s a situation that statistically doesn’t happen, and now every legitimate user is being inconvenienced to stop it? This if like agree verification laws being sold as “protecting children” as an excuse to spy on and control people.
Oh really, so the Pegasus attacks on Galina Timchenko and dozens of other people, including Jamal Khashoggi, never happened?
Google could’ve implemented better measures to circumvent bugging, like iPhones’ ‘lockdown’ mode, but claiming that infecting with spyware never happens on Android is plain disingenuous and idiotic.
The Pegasus spyware attack on Meduza
Meduza speaks to Access Now tech-legal counsel Natalia Krapiva and Citizen Lab senior researcher John Scott-Railton about the Pegasus spyware attack on Meduza co-founder and CEO Galina Timchenko.
“statistically doesn’t happen” is not equivalent to “has never happened”. It means the number of times it has happened is such a statistically insignificant % of the user base that it does not pass the smell test for being the reason to inconvenience every user.
That’s nice. Now please evaluate the statistical utility of the CEO of an independent opposition-aligned media outlet, like Galina Timchenko, or journalist like Jamal Khashoggi, against an average phone user.
Perhaps a CEO of an independent opposition-aligned media outlet should be using more strict security measures far above what is necessary or even accessible to an average phone user.
Oh indeed, all journalists around the world should receive NSA training, then no regular user would ever suffer inconvenience to ensure their security: they would simply be cannon fodder for the police tracking their location around the clock.
The average user does not need the same level of device security and lock down as a CEO of an independent opposition-aligned media outlet. It’s absurd that you seem to be arguing otherwise.
Lmfao. I’ll invent a better way and it will only take me negative 50 years.
Passcode.
There is absolutely nothing positive about this. It is only nefarious, full stop. I could open a million dollar restaurant that served microwaved cat shit, but on the menu it’s called “Tbone Steak” and with your logic, people wouldn’t notice the difference.
KairuByteOkay, pump the breaks a second.
I agree a day wait is bullshit, but you think a passcode is enough to keep someone from… anything? You can shoulder surf a passcode in no time at all. Hell, it’s not even difficult. Go to a bar, talk someone up, give a legit reason to use someone’s phone, intentionally lock and force a passcode and 99% of people at bars will put their pin in within eyesight, or tell you the code.
A passcode isn’t as big a deterrent as most people seem to think it is. It’ll keep you out of an unattended phone you found, but there are plenty of ways to socially engineer your way into having it for the vast majority of targets.
And yes, you likely wouldn’t give your passcode out. But this is how a number of ne’er-do-wells got unfettered access to hundreds of iPhones, and prompted Apple to put a semi similar 24 hour lock on certain security actions if you aren’t in a “known to the phone” location (somewhere you frequent like home or work).
When you couple what you just said with what they’re trying to do, your own argument can be made in my favor.
One of my hobbies in college was shoulder surfing classmates passwords just to repeat it back to them later in the day. Though on a phone you have far fewer reasons to type in an associated accounts password.
Never tell anyone else this again, and stop doing it. What an insane invasion of privacy.
My security should be my choice on my device end of story. My password/passcode plus encryption with easily accessible ways to put it into lockdown mode and have lockdown mode on a continuous timer is absolutely enough for my threat model.
I don’t need any else making any addition call on it, and I definitely don’t need someone that is willingly bragging about invading others privacy coaching me on what these companies are intending while actively trying to take my right to privacy away.
You call it an invasion of privacy, I call it fucking with friends while teaching them to be cognizant of who is watching what they do.
I’m also not sure how “the average person treats their passcodes and passwords like everyone is intentionally looking away” somehow strengthens “lock making the phone less secure behind a passcode” as an argument.
And yes, it 100% lowers the security of the phone. Which absolutely is your choice. Which I also do, and have done with my wife and kids phones. But the idea that a passcode is somehow a solution is just silly.
Not as silly as a 24 hour wait controlled by google, but still silly.
You said classmates. And hobby implies you did it a lot, and a lot extends beyond a few friends very quickly, so I do doubt it was limited to that, but I’ve got no choice but to take your word. Also I had thought you were the guy previously okaying this privacy nightmare in a trenchcoat, so ignore half of what I was saying.
Whatever it is or whatever it helps, if people want to opt into it, have at it. I will not be doing that. My solution protects me from everyone accept teams that have the funding and skill to get in through other means. I use biometrics, not perfect but it works. If I want those disabled until a password/code is in, it’s a tap away. No one sees me use it because I’m using biometrics until I don’t want to.
In what world do we expect companies that have decades long track records of fucking us for profit to stop after another empty promise?
Other people not knowing how to secure their devices is not an excuse for my device that I own to block me from using it the way I want to.
When has your imaginary scenario ever been a problem? Can you name a single example where that has happenned? Stop making excuses for corporations fucking over their users.
DFX4509BThis is happening to PCs now too, eg. with the OS ‘age-gating’ laws that IMO only exist to quell competition for MS, Google, and Apple.
I sincerely doubt that will actually come into fruition. There’s no way to force all linux distros to have that. At least I hope there isn’t.
userdb: add birthDate field to JSON user records by dylanmtaylor · Pull Request #40954 · systemd/systemd
Stores the user's birth date for age verification, as required by recent laws in California (AB-1043), Colorado (SB26-051), Brazil (Lei 15.211/2025), etc. The xdg-desktop-portal project is addi...
Infernal_pizzaSo its time to move to a distro without systemd?
Yeah I think I will. This change alone isn’t actually that bad but it shows an eagerness to comply which I can’t accept. I’m not sure which distro to choose though, it’s probably between Gentoo, Artix and Void
If you’re already on Arch, Artix will be easier to move to while you’re starting from scratch with a new distro with Void.
Thanks, I think I probably will end up on Artix eventually. I’m going to try Gentoo first just because it interests me though!
Yep, it’s pretty bad, it sets a bad precedent, and has me looking for alternatives.
When it was originally announced I got the impression that Google would soon be removing the ability to sideload apps altogether and as I almost entirely use apps installed from “untrusted” sources this would have been a nightmare for me.
So while I think this whole situation is shit, and will almost certainly lead to Google removing the ability to sideload apps in the future, for me the immediate anxiety has been lifted.
You do realize that what you’re saying might’ve been the goal all along? It’s literally a “I’m altering the deal, pray I don’t alter it further” vader moment and you’re saying you’re relieved. Make no mistake, you, me and avery single Android user was just fucked over and it’ll only get worse.
I don’t think I made myself clear; I am relievd because I thought I was going to lose access to my apps in the next update cycle. The thought of that filled me with anxiety, but now I have more time to prepare.
I’m hoping that something like lineageOS will be unaffected and will be available for my device before Google remove sideloading altogether
to be fair, this is not “asking for permission”. that’s what xiaomi is doing, but not this. on xiaomi phones, to be able to unlock the bootloader or grant higher permissions to adb, you have to insert a live sim card, log in with an “mi account”, and have the server decide whether you are allowed doing that. for unlocking you additionally have to wait for several days, if you can get the approval process started that is, and hopefully you will be allowed.
unless it turns out this requires internet connection, a sim card, or a google account, this is just a safety procedure. and it’s hard to say but this world is so full of incredibly dumb people that all both need and want to use shiny smartphones for all that convenience and social media addiction, that a safeguard like this is needed.
to be fair, this is not “asking for permission”. that’s what xiaomi is doing, but not this. on xiaomi phones, to be able to unlock the bootloader or grant higher permissions to adb, you have to insert a live sim card, log in with an “mi account”, and have the server decide whether you are allowed doing that. for unlocking you additionally have to wait for several days, if you can get the approval process started that is, and hopefully you will be allowed.
unless it turns out this requires internet connection, a sim card, or a google account, this is just a safety procedure. and it’s hard to say but this world is so full of incredibly dumb people that all both need and want to use shiny smartphones for all that convenience and social media addiction, that a safeguard like this is needed.