Saagar JhaMar 22
My security hot take for this week is that Google’s changes for sideloading on Android seem to strike a good balance between security and usability. This gives me hope the team is putting thought into maintaining the original dream of the platform rather than making a worse iOS
Show threadSaagar JhaMar 22
Of course the jury is still out on how well this will work but the rationale seems pretty solid to me. Being tricked into installing blatant malware is, despite how you might feel about it, a major problem for Android. Historically efforts to combat this have badly hurt openness.
Show threadSaagar JhaMar 22
The general problem with security is identifying bad things is hard because often it will end up impacting desirable things too. In this case Google picks a very specific quality of scams and aims to target it specifically: urgency. I expect this to be very high signal!
Show threadSaagar JhaMar 22
By delaying 24 hours they dramatically reduce the capabilities of scammers while also minimally impacting legitimate sideloaded installs which rarely have the same requirements. This is a very clever choice and also one that seems nonobvious
Show threadClaudia
@saagar Scamming has been a highly specialized economy for a while. My prediction: switch-toggling-as-a-service evolves, framed as a giveaway (“remember, you’re about to claim your free money of your own free will, you’re not being coerced”.) Scammers are just going to hire those and go on about their scheme the next day as usual.
Mar 22 at 12:46pmWeb
Show threadSaagar JhaMar 24
@claudi I’m sure they’ll figure something out but I am hopeful this will help with the basic scams. Of course someone who is being targeted well will be isolated from people who can help but for less sophisticated instances 24 hours is time to rethink or find someone who can help
Show threadSaagar JhaMar 24
@claudi I feel like this is often not emphasized enough but people who are tricked into installing malware are, on average, just as as smart as you and I. Many meet a reasonable bar for computer literacy and recognize that malware exists
Show threadSaagar JhaMar 24
@claudi I think if you had someone who got scammed, made them forget what happened, and then told them the actions they took often they would quickly realize the red flags. The issue is that when you’re in the situation it can be easy to forget about these
Show threadClaudiaMar 24
@saagar I fully agree. Not too long ago, Jim Browning (who scambaits for a living) got scammed. If that doesn’t teach a lesson that we’re all susceptible in our weakest moments, then I don’t know what does.