- Yaky@slrpnk.netEnglish6 hours
Who are these smooth-talking scammers that can guide a regular-ass user to jump through hoops in settings to install a malicious app?
Maybe I should ask them how they do it, because I cannot convince my family to download and use Signal. You know, the legit app from the official app store.
- 2 hours
People who can’t operate a computer will somehow become gods at following instructions if someone calls “from Microsoft”
- d00ery@lemmy.worldEnglish2 hours
Yes exactly this. I try and explain a computer thing to someone and get ignored. That same person talks to some sales rep in the electronics store and comes away “ohh they said I need to buy super expensive antivirus, that’ll solve my issue with my screen resolution being too low”. 🤦
- plyth@feddit.orgEnglish1 hour
The sales rep offered a solution to that person’s problem.
You want that person to be right which they perceive as you want to dominate them.
So they try to resist you while they are highly motivated to follow the instructions of the sales person.
- 20 hours
Just think of all the other things that could benefit from a “protective waiting period” to enhance your safety.
Turning off location tracking, using a web browser other than Chrome, using a mail server other than Gmail, visiting duckduckgo.com — if Google really cared about your privacy and security they’d add a 24-hour delay to all these dangerous activities.
1 day- enable developer options
- confirm that you are not tricked
- restart phone and re-authenticate
- wait one day
- confirm with biometrics that you know what you are doing
- decide if you only want unrestricted installs for 1 week or forever
- confirm that you accept the risks
- enjoy the few apps that still have developers motivated to develop for a user-base willing to put up with this
The biometrics part makes no sense, you can disable biometrics. You mean that you have to do a security confirmation however you’ve set it up.
- Squizzy@lemmy.worldEnglish23 hours
Is this for all android systems because it is a huge rug pull if so
- AHemlocksLie@lemmy.zipEnglish21 hours
Pretty sure it’s a change to AOSP, the basis for every single Android ROM in existence.
- FauxLiving@lemmy.worldEnglish24 hours
I can understand this workflow being created to protect the legions of people who are tricked into installing spyware.
It doesn’t remotely affect me because I use GrapheneOS and if this is an issue for you then you’re probably someone who should look at installing GOS or Lineage.
I don’t think Google should be able to do this and it is likely part of a longer-term strategy to strangle any competition. At the same time, I can understand how this change will save a lot of grandparents from clicking a link in a text from their ‘grandchildren’ and installing spyware that’ll steal all of their bank information.
I mean… This is kind of why I never let people use my phone.
I have installations from various sources enabled… Like my browser, because I know what I’m doing. But I wouldn’t trust anyone as the process is currently effortless…
If someone is trying to install spyware on you (like a partner or parent.) this might offer some notification and prevention.
I don’t really see the big deal. You do it once, enable it forever, and wipe up those tears.
I think a better way would just to have maybe like a biometric/pin confirmation upon installation. Simple. Clean.
- AHemlocksLie@lemmy.zipEnglish21 hours
GrapheneOS is built on AOSP, which is where the change is being made. Graphene and other custom ROMs will need to maintain a fork that cuts out the feature if they want to avoid. Google is also starting to close off Android to make that more difficult, so it’ll become a genuine project to maintain the fork well.
- nomadpxl@programming.devEnglish18 hours
As far as I understand the enforcement depends on privileged play services. https://xcancel.com/Metr0pl3x/status/1960329785277571420#m
- AHemlocksLie@lemmy.zipEnglish3 hours
That’s better, at least. GrapheneOS users should be fine at least since there are extensive restrictions on Play. Other Android ROMs may have issues, though. Maybe not if they use MicroG.
- ThirdConsul@lemmy.zipEnglish24 hours
I can understand this workflow being created to protect the legions of people who are tricked into installing spyware.
Then you’re stupid, as most people install third party spyware through the Google Play store.
- MountainMan@lemmy.zipEnglish18 hours
They will just redefine what 24h means!
Don’t think for a second that these companies are working in good faith, and would change their evil plans due to some pushback from the rabble. They will just find ways to circumvent things. They have everyone by the nads, there are no competitors.
- Fedditor385@lemmy.worldEnglish21 hours
Can we prevent this on the EU level? It really is just killing independent competition.
- Ganbat@lemmy.dbzer0.comEnglish1 day
In addition to the advanced flow we’re building free, limited distribution accounts for students and hobbyists. This allows you to share apps with a small group (up to 20 devices) without needing to provide a government-issued ID or pay a registration fee.
Fuck you sideways, Google.
They want developers to share their IDs to have their apps on the play store. The limited groups is so hobbyist developers can still share apps without having to jump through those hoops and so the users don’t need to go and enable sideloading, with the caveat that there’s a call on how many users you can send it to it looks like.
- dev_null@lemmy.mlEnglish23 hours
That’s already the case. The new thing is that they want developers to share their ID to have their apps be installable on Android in the first place, even if they don’t use the Play Store.
- Arcadeep@lemmy.worldEnglish19 hours
I wonder if this is a direct result of apps like ICE watch or ones that track billionaire planes and stuff
But the sideloading flow via dev options that they have revealed doesn’t require that and it’s easy to do…
Why is it called developer mode if it’s supposedly an advanced flow? That has a bad implication.
Okay but, installing an apk is not the kind of thing a scammer does. They’ll just install some standard off the shelf remote access software from the play store
This very much feels like they just needed to come up with a new justification for this process and opted for scammers for some reason. Even though they’re completely disconnected
- cecilkorik@piefed.caEnglish1 day
This very much feels like they just needed to come up with a new justification for this process
It feels that way because that’s exactly what happened.
I was hoping for at least something slightly believable, someone let Gemini write the justification I guess
- cecilkorik@piefed.caEnglish15 hours
They don’t even respect us enough to bother with trying to make their lies convincing anymore.
This would not have affected me since I use Lineage OS without Google Play Services, but I am now more seriously than ever looking into using a Linux phone like Postmarket OS.
- fluxx@mander.xyzEnglish23 hours
It would affect a lot of users, then it will indirectly affect you too, as a lot of devs won’t be as interested in maintaining their apps for so few users. But I hope it will at least give a bit of a push to developing postmarket os. I personally am sure going to get a second hand phone to install postmarketos too and hope I can contribute at least a little bit. I am prepared to suffer, at least a little bit for the right cause.
- Squizzy@lemmy.worldEnglish23 hours
- Camera
- Phone projection for cars
- Contactless pay/ wallet/pay alternative
Give me a device that can do these and I am in for ditching android. I only use browsers or off store apps that have linux support mainly anymore anyway.
- fluxx@mander.xyzEnglish23 hours
At least the last one won’t happen, as banks would have to be on board. And banks are not on your side with this one.
- Squizzy@lemmy.worldEnglish18 hours
To be honest this one is in hand, curve has an alternative product and a lot of banks across EU have nativr NFC. My country does not have those banks though. I hope revolut bring it in.
I do want something that takes me tickets for shows and flights and membership cards too though
- fluxx@mander.xyzEnglish18 hours
Yeah, im in a similar situation. Curve doesn’t work in my country and banks don’t have their own solution. And google pay won’t work on my grapheneos pixel.
- Squizzy@lemmy.worldEnglish9 hours
I got a pixel for graphene but had to go back for android auto and payments. The camera was lacking compared to pixelOS but that was fixable.
Sucks to be with google more than ever
- shrek_is_love@lemmy.mlEnglish1 day
They think this will take some of the heat off of them. Hopefully no one actually thinks this is a reasonable compromise. If I want to help an elderly family member install something on their phone during Thanksgiving dinner or a family reunion, I’m not gonna want to wait a day. Uncle Paul’s flying back to Florida tomorrow morning!
Thanksgiving was four months ago. Uncle Paul lives with you now.
- COASTER1921@lemmy.mlEnglish17 hours
If this is really as straightforward as it sounds then I’d consider this the best case scenario. Google could have gone full Apple style lockdown or even just have implemented this flow on a per app basis, but needing to wait 24hr one time to enable unverified app installation isn’t a bad idea from a security perspective. It prevents a bad actor with temporary access from being able to do much while not getting in the way of us power users after the initial 24hr period.
My bigger problem is how Google is leveraging their monopoly to implement this single-handedly and only for themselves. If they had instead gone through AOSP this perhaps could have been implemented in a better way to allow other parties than just Google to be the verifier, and that 24hr waiting period could be applied to any verifier that is not the phone’s default. I’d argue this would be an equally reasonable security measure considering how many scams are out there preying on those who aren’t technologically savvy, yet would maintain transparency.
I hate the fact that Android is open source only on paper. You can’t compile your own flavor and install it.
You absolutely can… Custom ROMs do just that.
Your phone has to support it. It’s not a Google wall. Your phone maker determines how difficult or easy this is. Google pixels make it rather easy to install Graphene on. Motorola is also going to support Graphene.
There’s also lineage and e/os/ and even non-AOSP-based postmarketOS(which is a Linux distro.)
Which is not as libre as a computer OS. What I mean is that Google has complete control and power over it as it’s not developed by the community and therefore doesn’t do its best interests
- Eximius@lemmy.worldEnglish17 hours
I’ve heard of security by obscurity being accepted, but never heard of security by obtuseness being accepted as valid.
And again, confirming that my current phone will be the last android device I own.
At this stage, I’m thinking one of the Motorola phones that will run Graphene out of the box.
Is that meant to be a “gotcha” or something?
My point is, this is the last time I let google control my phone.
- 1 day
I imagine since it’s not an official product of Google’s, it can’t legally be called “Android.” As such it’s something that is not Android, but is highly compatible with it since both are rooted in the AOSP.
- Lost_My_Mind@lemmy.worldEnglish1 day
Legally? Maybe not.
But Col Sanders left KFC after selling a business he created with his own secret reciepe. Then after he sold it, he watched the new owners use his image to sell an inferior chicken product.
So he started up another new chicken resteraunt using the original reciepe. Legally he couldn’t call it KFC, but that doesn’t change the fact that it was the original KFC reciepe.
Hows that phrase go? A rose by any other name would smell just as sweet.
Call things whatever word you want, it’s still the same thing in the end.
- Zetta@mander.xyzEnglish1 day
I use graphene on a pixel. Graphene is Android, albeit a much better version of Android.
I don’t care whether it’s technically android or not, I care that it’s not a tool to let google in to my life.
- Fetus@lemmy.worldEnglish1 day
I’m hoping it’s smaller than any of their current offerings. I really want to support a “factory” GrapheneOS phone, but can’t stand the size of current generation phones.
I want the opposite! I currently use a fold phone because phones are too small :P
Even sidegrading to an older mid-high range phone seems like a good idea at this point. I hate android 12 and everything after it with a passion. Moto have been decent in my experience though, hopefully HMD will follow suit with Graphene
March 2, 2026 https://motorolanews.com/motorola-three-new-b2b-solutions-at-mwc-2026/
That’s some good news indeed.
- toiletobserver@lemmy.worldEnglish1 day
Another option, an ESP32 radio. Surprisingly large mesh network in the greater Seattle area.
- Lost_My_Mind@lemmy.worldEnglish1 day
Yeah, but you guys don’t have any ghosts in your city! So…Who ya gonna call???
Fairphone with /e/os or Jolla phone with sailfishos (waiting for the reviews of their new preordered flagship phone coming out this fall.)
- Lost_My_Mind@lemmy.worldEnglish1 day
Well, that runs into a different problem with the same results.
Sure, GOOGLE can’t hinder you from installing apps, but the fact that nobody has heard of these OS’s before means your selection of available apps is what hinders your ability to install apps.
/e/ OS is just a degoogled Android (similar to Graphene, but not so security oriented). You can install the same apps - though some might not work properly.
Sailfish OS is Linux, but if I understand it correctly they have a compatibility layer enabling you to seamlessly install Android apps on it.
- Arcadeep@lemmy.worldEnglish19 hours
e/os and Sailfish are pretty popular alternative OSs (OSes? OSii?) and e/os is an android fork, with Sailfish having an android compatibility layer, so they work with standard Android apps.
Source: I use e/os.
Why are you in here arguing losing points with no reason or even knowledge about them?
/e/os is Android without Google proprietary stuff. It runs most Android apps.
- Tetsuo@jlai.luEnglish19 hours
While technically correct, it runs apps, it’s misleading because it won’t run the majority of apps from the playstore.
Google holds people captive with the playstore and the very sneaky google play services.
Only the most hardcore tinkerers and privacy oriented would run a pure AOSP phone.
I’ve tried it, and only ran into a couple apps that wouldn’t work with MicroG. I won’t pretend it’s painless, but it’s workable for someone with sufficient motivation.
These devices have replaced play services with things like micro g, so yes they will run pretty much any android app even Google ones would work but that would be defeating the purpose.
“Nobody has Heard of these os’” - wtf you talk about? They are gaining popularity here in EU as well as in Turkey. It’s getting popular to de-google/de-americanize. People are hating on the monopoly iOS and Android has on the industry. Better to do something than being a sheep about it, and just let thos mofos suck the data out of your life forever?
- halcyoncmdr@piefed.socialEnglish1 day
That exact issue killed Blackberry, the largest smartphone maker at the time. Even after they built a compatibility layer to run Android apps.
You think anywhere near enough people are going to go out of their way to try something that doesn’t have marketshare already to maintain an entire alternative hardware and software ecosystem? Where can I get wherever awesome shit you’re smoking?
When i was a kid, blackberries were more common than android. At least in my area it was the “in” thing to be on BBM
