A popular Python library just became a backdoor to your entire machine
https://www.xda-developers.com/popular-python-library-backdoor-machine/
It's one of the most popular Python libraries for interacting with large language models [...] It has over 40,000 stars on GitHub, and it's an important dependency in a lot of AI tooling. It's also been compromised on PyPI, and the malicious versions are stealing everything they can find on your machine.
Sorry but... 🍿
Google obviously knows how user unfriendly it is to enable developer mode and how this will effectively make it impossible for the vast majority of non-technical users to access any third party app stores. This is as malicious as malicious compliance to EU law goes. I cannot think of a more aggressive roadblock they could have put up, even forcing some to choose between third party app stores like #FDroid or #IzzyOnDroid and banking apps.
There is no doubt about it, this is not about safety.
RE: https://chaos.social/@grote/116257002625921666
I quote boosted this before focusing on the 24h delay, but the worst part is having to enable developer options.
Fairphone: Settings -> About phone -> Build number (7 taps)
Samsung: Settings -> About phone -> Software information -> Build number (7 taps)
Given the steps differ per device it is impossible for any third party app store to give clear instructions. To top it off, the first 3 taps give *no feedback* at all.
Even worse, some apps refuse to run on devices with dev mode enabled.
Google has news on what you will need to do for still being able to sideload apps:
* enable developer options
* confirm that you are not tricked
* restart phone and re-authenticate
* wait one day
* confirm with biometrics that you know what you are doing
* decide if you only want unrestricted installs for 1 week or forever
* confirm that you accept the risks
* enjoy the few apps that still have developers motivated to develop for a user-base willing to put up with this
Khrys
Sutter
Crampi
Sylvia
Torsten Grote
Jasper Fox 
