all it does is prevent sideloaded apps from having access to sensitive permissions by default, which is a good thing.
True, but if it’s good for users, it should be the rule for ALL apps
POV: You’re Google and think EU didn’t fine you enough lately.
“Cost of doing business”
Not really with the huge EU fines. Google eventually does what EU wants, though it takes a while because EU is fucking slow.
Sideloading is the only reason i use android over ios…
Ironically sideloading is pretty easy on iOS nowadays
But if you need notifications Gl and gl with apple removing the app
Same
This is why I decided to not use Google services this Graphene install. I have zero doubt Google is going to try and lock down the ability to use anything outside of the PlayStore in an IOS type move. Just hope a better Linux based phone gets done quickly because I’m not sure how many iterations of alternate Android OS generations will be able to exist as they lock things down.
I’m holding on to mine until a Linux phone comes Along. If not, you know what? Fuck it. I’m not replacing my phone with some spyware OS Android. Fuck that shit.
If Google is going to turn Android into iPhone, why tf I shouldn’t get an iPhone itself?
If Google is going to turn Android into iPhone,
It’s not. The change is definitively for the worse but still a far cry from Apple where you cannot just download an app off the internet and install it which you can even on Android 15, the permission management is just worse in such a case.
Also, surely community ROMs will probably change this.
why tf I shouldn’t get an iPhone itself?
Why TF would it be a benefit over Android? Still worse compatibility, still more expensive, still no innovation.
I don’t understand why you are being downvoted. that is simply the truth.
I have been using an iphone 12 pro for the past 3 weeks ,while my pixel 6 is getting its battery replaced and it’s been painful.
i’m missing a lot of apps, the ones I do find are limited or asking for monthly subscriptions.
i am unable to play a downloaded mp3 unless i go through hoops&hurdles .
i am no longer able to watch a youtube video without ads (unless I do 3 steps of passing them to adguard), or using sponsorblock ( i am on ios 18.2, otherwise I would have jail broken it to oblivion).
android is simpy better in terms of freedom. IF or when it’ll become a locked garden like ios, it’ll truly be a sad day for the mobile world.
i’m missing a lot of apps, the ones I do find are limited or asking for monthly subscriptions.
What apps? Are they all from the Play store?
i am unable to play a downloaded mp3 unless i go through hoops&hurdles .
You can download the MP3 and play it in VLC. It’s not difficult.
i am no longer able to watch a youtube video without ads
Brave browser on iOS will block YT ads, but I’m guessing you’re not using the official YT client on your android, so that’s a moot point.
android is simpy better in terms of freedom.
But not better in keeping your data private.
Also, is the shift key broken on your phone?
Android has been getting worse and worse every iteration. Are you asking me to wait until it is an identical clone of iOS?
Also, surely community ROMs will probably change this.
I don’t have time or desire to fiddle with it, just like mods for Bethesda games. It should not be acceptable to shrug at enshittification and hope some volunteers fix it.
Android has been getting worse and worse every iteration.
Android added seamless background updates from 3rd party sources a while back. That’s an objective improvement.
Are you asking me to wait until it is an identical clone of iOS?
I don’t ask anything of you. If you are such a big Apple fan, just get an iPhone and stop complaining.
If you are such a big Apple fan
I’m not but feels like Google is.
Triggered much?
Apple where you cannot just download an app off the internet and install it
You can though. I have multiple side loaded apps on my iPhone. Apple just makes it a pain in the butt.
Apple just makes it a pain in the butt.
And on Android it’s way easier, so claims that Android is becoming like iOS is baseless propaganda.
Though I understand the reason, I find this ironic given how invasive play store apps can be. My cars official app requires full location access all the time, otherwise it pops up asking for it every time you open it. Meanwhile some FOSS app that can be code reviewed and sideloaded is more difficult to give needed acess.
and FOSS apps that can be fully code reviewed and confirmed safe, unlike anything proprietary, will still cause banking apps to refuse to run on your unrooted device. I had to go back to carrying a physical key around with me. (the foss apps were there first)
Not to defend the shitty app, but it’s probably Google’s fault. Location access is needed to just query WiFi or do a hotspot. Probably features the app needs. They should’ve make that more granular.
They need it for 2 things I believe.
- They show a map where vehivle last parked compared to you.
- They could use it for their proprietary phone as key feature that doesn’t work and is unreliable compared to using UWB.
- Gonna add this one since its totally the reason, sell your data. They store the car data, why not get the phones location data so you can get them all the time!
Sure they sell the data…my point was just that they would probably need the permission even if they didn’t want your actual location.
I haven’t deved android since before all of the permission overhauls but I believe aprpximate would suffice for those cases, and I don’t think they are actually needed. Luckily with a little bit of work and someones open source project I was able to get a home assistant integration to use their API and give them 0 of those permission requests.
I’m no android pro Dev, so no absolute confidence in my point. You’re probably right. And good you managed to bring it into HA without the permissions.
I don’t think it’s quite a bad as the title implies, though I wonder how long this slow process of locking down Android will
containedcontinue for. Hopefully the EU demands from the likes of Epic will stop too much control being taken away from the user.Is control really taken away? It seems as though it simply added a couple steps to help people avoid giving default permissions to bad actors.
Yeah that’s the thing, as an isolated change it seems like a good step for security, but I’m concerned it could be part of a larger frog-boiling.
Anything short of “it’s your device, it obeys you” is theft.
Personally, I like the first one and wouldn’t use an option to automatically give those permissions to all apps.
Being a power user doesn’t make anyone immune from malware, it just needs to pass some sniff tests. It was by luck that that backdoor in the Linux kernel was found and it’s naive to believe every single malware app is going to be obvious with unrealistic promises and/or bad grammar and spelling. Permissions requests are a clue that an app is doing something it shouldn’t be. And Facebook is considered trusted by many despite an insider even confirming the “talk about something near your phone and fb will advertise it to you” being real.
When you download an app, unless you either wrote it yourself (including all libraries) or have checked the source for open source apps (again including libraries), you can only guess at what it is really doing. And just because an app does what it claims to do doesn’t mean it isn’t doing anything else, so the “well, it does work” test isn’t a great security test.
For the app developers being able to block side loading, it says it uses meta data to enforce that. Couldn’t modders just modify that meta data so that it doesn’t realize X’ app is actually a modified X app? It would need to do something more complex than a checksum or hash to detect it’s the same app.
I mean, I love “fuck Google” bandwagons, but either I’m missing something or this one doesn’t seem like that big of a deal.
despite an insider even confirming the “talk about something near your phone and fb will advertise it to you” being real
When was this‽
Sometime in the last couple of years iirc, though I’m having trouble finding it, what with all of the articles about “it might look like this is happening but Facebook insists it’s not”.
Let me know if you do find anything as I’m very keen to hear the inside scoop. It always seemed like nonsense to me as it would be so easy to prove (unexpected mic access, large amounts of data or CPU usage, actual recreation in test conditions) but all the claims (that I’ve seen) are very anecdotal.
Wait, am I to understand they’re intending on making it that you cannot just install any apk you choose because it’s your phone and your business? Is that going to be no longer possible?
If you were to read the article you’d find that sideloaded apps will have restricted permissions that the user will have to un-restrict one by one.
Ewww. Such fucking useless imposition of restrictions that should be the user’s decision. Like almost everything else in technology nowadays where control is being taken away from the user.
I’m only ever going to use devices that I can put whatever custom ROM I want on or that natively supports the options I want.
As long as the general public just bends over and accepts this shit, they’ll keep doing stuff like this.
Will the permissions still be allowable by goinv to the app info page from the settings, clicking the 3 dot menu in the corner and taping to allow restricted settings?
The pros for Android is sadly gone :(
For what it’s worth, iOS sure has a lot of cons.
- Camera app has icons at top of screen to control things like flash, but to adjust all the settings like “flash always on” you have to tap an arrow at the top, that then exposes another second flash control at the bottom with the same icon for the full menu.
- Music app has a checkbox in albums and playlists that when tapped brings up a menu to delete your music, wat?
- eSIM-only is terrible, cell service falls apart from time to time and you have to go deploy a new eSIM to make your phone be a phone again.
- Dual-SIM support is convoluted. You’ll find yourself accidentally calling people on the wrong SIM until you manually configure every. one. of. your. contacts. to use the line of your choosing.
- Touch is anemic, especially if using a screen protector. Try to take that photo? It will be zero or three photos, thanks!
- Their swipe UI is barbaric, difficult, and mostly stupid, twitch your finger wrong and you go directly back to the previous app, or go into app switcher view, or nothing happens. Trying to “go home” you’re basically trying to give it an orgasm with all the up-swipes.
- Missing common software buttons like Android’s back/app switch/home buttons means you’re constantly tapping at the very top, then the very bottom, or trying to use the back-swipe gesture, the UX is maddeningly inconsistent.
- Left/middle swipe brings down notification drawer, right swipe brings down control center. Not nearly as consistent a behavior as swipe down once, or twice, for the respective drawers in Android.
- New AI junk has added menus in settings for “Apple Intelligence & Siri” to every. single. app. that you have to switch 3 switches off per app to disable. Even if you don’t have their AI crap installed.
- The silly FaceID waste of space dent makes it so you can’t see all icons like “am I on a VPN or not? Gotta check one of those top drawers to find out.”
- Lack of in-screen fingerprint sensor and use of FaceID makes the phone unlock on you without intent if your face is near and it wakes for a notification, and also not unlock when you actually want to use it, in general.
- The screen randomly wakes during phone calls if you’re using a headset and nowhere near the phone and just stays on for the duration of your lock timeout unless you manually force it to sleep, and then it’ll just wake again.
- Trying to swipe out of active phone calls to get to the lock screen or apps will take multiple swipes dangerously close to the call hangup button, godspeed!
Those are just the things I can recall off the top of my head.
We need more mobile OSes. This duopoly is pure stagnation.
Extra cons:
Sidelining is not a option(yes you can do sideloady way but it will get deleted later the sideloaded and libre app support (like a invidious client for ios)
Now I’m actually glad I’m stuck on Android 13.
I’ve been an Android user since the HTC Desire in 2010.
I’m unsure what the author of the article is advocating, since the “raw deal” appears to be geared towards making the Android environment more secure.
The author laments that they now have to manually enable security bypass settings and that some (they call it developers, but I’m not sure if they’re referring to Application Development or Phone Platform Development) “developers” can lock down with further API checks.
I’ve been an ICT professional for over 40 years and security is always a balance. On the one end it looks like a phone in a locked room, inaccessible to anyone, on the other end it’s a free-for-all, open to anyone.
I’m not at all sure what the author wants, except for wanting to roll back time to something less secure.
Ultimately, the user should be able to decide for themselves how much security they are willing to compromise for power and flexibility. Whether this particular compromise is acceptable would depend on just how annoying it is in practice, but it’s a trend I’m not a fan of.
On the plus side, if this compromises third party app store usage even more, it may be more fuel for the anti-trust lawsuits aimed at Google (although who knows how that will play out given who is becoming president).
These new security features do not (and can not) apply to apps distributed outside of the Play Store, so it won’t compromise third party stores whatsoever.
They do apply to Apps only distributed Outside Play Store and certain Approved third Party stores, did you even read the article?
they do. that’s the definition of sideloading. or why do you think the opposite?
As someone who’s always been side loading apps and doing custom configs, it’s just so much harder compared to what it used to be. So many hidden settings. So many menus you have to go through in the right order. So many reverts that happen each update.
You say it’s in the name of security, but I don’t see it. Something is fundamentally broken here, if Google really believes this is the best path forward
Edit: and btw, I work in big tech too. I know how this update came to be. Some L6 looking for his packet decided to “decrease infected devices by 10%” by adding this friction, and everyone nodded along since the negative impact isn’t measurable.
Users are further forced to sacrifice their privacy to Google and Google Play rather than use something like F-droid.
It makes it frustrating to use, not secure. When installed program stops working after 30 or whatever days of me not using it because my great white master decided that it doesn’t need what was granted by me at installation is not security it’s just spitting in my face. I don’t care about what “developers” want why should anyone?
Removed by mod
Somehow No One needs that much Holding Hand or “Security” on the Computer, where No revenue streams of Google/Apple are affected
I’ve been the person people came to (and paid money to) when they installed something stupid on Windows XP in 2003. Quite a few people do need their hand held to use a computer effectively.
Until that era, app developers were generally considered trustworthy. Malware existed, but anything that openly advertised itself, that users would install intentionally was unlikely to work against their interests. “Spyware” was a new category. App permissions in smartphones represent a recognition that app developers do not necessarily share the users’ interests.
I certainly don’t want knowledgeable users locked out of making decisions for themselves (even bad ones), but arranging the UI so that someone with a limited understanding will have a hard time finding the dangerous settings isn’t a bad thing.
You have a very distorted view of security. The Apple computer ecosystem closely mirrors their phone and tablet system.
Microsoft Windows is an absolute shitshow and continues to get worse at every iteration.
I can Install on a Mac without any Roadblocks another Operating System, and I can Install Apps without the need for a Developer Account or a certificate unrestricted.
Otherwise I’m using GNU/Linux which also doesn’t try to “protect” me in the interest of some Corporation
Actually, no you cannot. You need to adjust and grant permissions for anything you install on a Mac OS system today.
Source: I own a Mac, it’s less than six months old. Installing stuff is full of permission requests.
As for Linux, I’ve used and installed it for over 25 years. It’s not ready for 3 billion home users and at the rate it’s going, it won’t ever get there.
Yes, I know, Android is Linux, well done, here’s an elephant stamp.
I’ve also been using Linux for a similar amount of time, and it’s only at work now I have to use Windows.
And as for home users using Linux? I have a few family members quite happy with Ubuntu / Firefox since all they need is a browser and VLC for their “PC”, so I don’t know where you got that “it’ll never get there” metric from.
Alright they don’t have a clue how Jellyfin works on that box, but they sure do appreciate and use it a lot these days now they’ve got used to it / dumping Netflix.
Of course you can Install Asahi Linux on a modern Mac, and you can Sideload Apps too. Both Things which are Not possible on iOS without Major Roadblocks
As an It professional I must disagree. Dumbing down the platform isn’t good. Let’s hope Magisk Deny list keeps working.
Happy to debate.
According to the article there are now more than 3 billion Android users. I have no information to the contrary.
How do you expect to attempt to secure that many devices by allowing the platform to continue as it was?
You call it dumbing down, which I understand, but how do you stop all the click-happy people from installing the next nefarious “game”, when they already have little to no chance to avoid email spam and SMS scams, let alone LLM generated “custom targeted” exploits.
I get that there are users who use this (now) vanishing functionality, but are they representative of the total user base, or edge cases? Neither you nor I have any hard data on that, but I know that as an ICT professional, I’m an outlier.
I’m no friend of Google’s business model, but I don’t believe that they’re purposefully shooting themselves in the foot,mind you, I’ll concede that it has a poor track record in the past few years.
Let’s progress the conversation.
How would you protect essentially computer and security illiterate users from malware in a scalable and sustainable manner?
As an aside, I’m a long term (25+ years) Linux user and have used pretty much everything since the 6502 was part of the picture. In my professional opinion we haven’t begun to figure out how to do this in the desktop world, Android is so far the closest we’ve managed and I’m not seeing anything here (yet) that makes me see this as a mistake.
I dont really have the time to participate in what looks like an interesting debate but I have a few notes on your post.
How do you expect to attempt to secure that many devices by allowing the platform to continue as it was?
Secure what? Against what type of threat? This type of vague question results in vague answers. If the threat is social engineering I would argue not many protection would be effective beside educating the user about that.
You call it dumbing down, which I understand, but how do you stop all the click-happy people from installing the next nefarious “game”, when they already have little to no chance to avoid email spam and SMS scams, let alone LLM generated “custom targeted” exploits.
You don’t stop them. You ask them and show them a disclaimer when they activate sideloading and that’s it. They are on their own. If the user doesn’t understand the risk after (skipping) the disclaimer. That’s their own fault. I don’t want to be put in prison just to make sure nothing bad ever happen to me. If a user purposefully disable protections they are on their own. But they should always be able to disable them.
I get that there are users who use this (now) vanishing functionality, but are they representative of the total user base, or edge cases? Neither you nor I have any hard data on that, but I know that as an ICT professional, I’m an outlier.
This is the openness of the OG Android. Welcoming as many users as possible even if they are not your mean average user. It doesn’t matter if these user are a minority. They should be able to override any security they want. As long as they have acknowledged that they understand the risk and will not sue Google for it. I don’t see the problem.
I have worked on a custom ROM based on AOSP and that’s the other trend that worries me. The fact that less and less of “Android” seems to go to AOSP was already a concern years ago. Google wants to close their OS to better compete with Apple. This means severing those annoying minority power users from the rest of the community.
I see a very paradoxical response from you coming from Linux. If you enjoy Linux for its openness why would you accept Google rhetoric like that is really surprising. Let users do complicated stuff on your software as long as they have signed a virtual “I AM IN DANGER” form that’s OK. If you remove these advanced settings features anyway then it’s not for the user, it’s a PR move to protect the perception of your software.
Sorry if this comment seems a bit aggressive. In my opinion you are arguing for Android to slowly transform into IOS and ad someone working on Linux for decades, this is very weird.
It appears that you think that I’m holding contradictory opinions. It’s possible.
The “ICT aware” population is not what I’m concerned about and whilst that likely excludes both of us, it’s the retired widow who needs a phone to track her diary and call an ambulance, it’s the pig farmer who uses 123456789 as their email password and uses internet banking to pay his employees, it’s the impatient mother of three who is running between venues to get her kids to drama, soccer and music lessons.
I have made house calls to these actual people and hundreds more who do not, will not, cannot, read warnings. They simply don’t have the context to understand their severity. They don’t understand why a camera has no requirement to read your address book or connect to the internet. They don’t understand what a calculator needs to keep your screen on, or not. They “don’t have anything to hide” and have no understanding how their address book and diary can be used to defraud them of their life savings.
I’ve spent a lifetime educating people like this. It’s a drop in the ocean and all that happens is I’m pissing in the wind getting wet.
Is locking down Android helpful for you and I, perhaps not. But if I don’t get a phonecall in the middle of the night because one of my clients just lost their life savings because their phone got “hacked”, I’m a happy little vegimite.
Linux isn’t ready for prime time because novice users have no chance to just do simple stuff like plug in a phone, download a video and tweak it, let alone open a spreadsheet or make a Christmas card and print it out.
You and I can do this, my partner cannot.
Another way to look at this is a 30 year academic with Mac and Windows experience who cannot figure out how to migrate to Linux.
Usually as an IT professional people assume I lost touch with the average people abilities with technology. I’m used to that by now.
I understand very well most people want a phone to be simple and easy to use.
This is not a justification to remove this advanced options for power users. None of the user you mention in your post will ever activate sideloading. This is just an option for that minority of people.
Android is not much more complicated to use than IOS if you stick to basic use; social networks, taking pics, picking up calls. That’s it.
You can do all of that without ever knowing about sideloading or advanced permissions and so on.
So thank you but I’m with well aware I shouldn’t use my perception of Android as the norm. But I’ll definitely say that the average user literally doesn’t ever go in those advanced settings so whether they exist or not doesn’t matter to them. But out of openness I think it’s important the power users can still have this OPTION available.
Also if you really want a simple phone and super easy to use. Get them an IPhone and call it a day it’s simple as that. Obviously if you can’t afford one then Android should still be fine anyway.
Somehow I doubt any less technology enthusiastic person would favor an Android phone over an Apple one to then complain that there is too many options available in the settings.
I don’t think anyone is advocating turning off the side loading features, unless I missed something, but the complaints here appear that you have to do extra work to bypass security, which is not something I understand.
The assumption I think is that Google ask for more and more work to use that feature. So you can either shrug it off or prepare for Google to remove this ability entirely.
I guess we will see.
we expect everyone to take the time to learn how to use anything else. We just use the same expectations for tech stuff.
deleted by creator
That’s not at all true. We no longer expect drivers to change sparkplugs (or batteries), even checking oil levels is beyond most, let alone using a manual gearbox or disabling airbags.
You have to understand that the fact that you’re here in this community participating in this discussion already puts you in a very small subset of humanity with technology skills not in evidence in the general public.
how to use their stuff. We don’t expect them to know what’s under the hood. But we do expect them to have knowledge of the rules of the road, what the traffic signs mean, the fact that driving at high speed into a wall is not desirable etc. Simple everyday stuff required to be able to use, not maintain, a car.
“read the stuff on screen and at least try to understand it” is the barest minimum. But we don’t even expect that of anyone anymore. Or even something as simple as if you see a red flashing sign saying “IF YOU DO THIS YOU WILL BE IN DANGER!”, at least try having a 2nd look
I’ve been writing software for a very long time. Users are essentially stupid and lazy. They don’t read what’s on a screen, even if it’s the only thing on the screen, even if you don’t give them any other options than clicking “Ok”.
When I say stupid, it’s not that they’re dumb, it’s that their mental model of the world doesn’t match the computer one, saying things like: “well, that’s stupid, it should be like this”, followed by a completely illogical and unimplementable world view of the problem they think is being solved.
For the majority of humanity, computers are magic and no amount of arguing here is going to change this in our lifetime. It’s why AI is welcomed with open arms and no thought to its reality.
Those “stupid and lazy” users own their phones, not you. They are the admins of their devices, not you. And as admins they should have full control over the security policy, not you.
deleted by creator
You call it dumbing down, which I understand, but how do you stop all the click-happy people from installing the next nefarious “game”, when they already have little to no chance to avoid email spam and SMS scams, let alone LLM generated “custom targeted” exploits.
That’s the neat Part, you don’t
Their choice, their consequences. There are enough warnings on the way there, they are free people and were informed about the risks
As an aside, I’m a long term (25+ years) Linux user and have used pretty much everything since the 6502 was part of the picture. In my professional opinion we haven’t begun to figure out how to do this in the desktop world
App Distribution via Flatpaks and Immutable OS are already pretty much there. Did you try a recent Fedora Version?
I just wish the system had a global setting for “I know what I am doing, stop trying to protect me”. Stop revoking permissions you think I don’t need. stop restricting everything. Just turn all of those things off by default. I only have a couple apps installed, let me be the judge of me. And stop having me reconfigure every app individually just so you’ll let it run for as long as I want it to.
Yeah, the author and people are fussing over without reason. Regular users do not understand the implication of sideloading apps. I have had people get their telegram/whatsapp hacked because someone sent them a malicious link and they sent their login credentials to that website/app.
Restricting sensitive permissions will mean such people are better protected from such mistakes. Advanced users can still bypass the requirements even though it may be slightly complicated.
One can justify it however they like but it’s going to end up making the experience worse for competent users anyway. Much like this Android 12 security change that made it permanently more annoying to manipulate files.
Yeah, this change (scoped storage) is annoying. You need adb, root or system level apps to bypass the requirement. File access is also slow. That’s the reason image loading and image deletion is slow in Google Photos app compared to the native gallery app of my smartphone.
Anyway, the trend is clear. More security for the end user. You can root, flash a custom rom, or use a linux based smartphone if you do not like the restrictions. It’s more friction but that’s not going to change for the better.
I’m not at all sure what the author wants, except for wanting to roll back time to something less secure.
I’m not sure what the author wants either because the article is written in such a both sides style.
I know what I want though, and it definitely includes access to “dangerous” permissions; I’ve had root on my smartphone pretty much as long as I’ve been using one. I don’t mind making those a bit awkward to turn on though, and it seems like that’s what’s going on here. If anything, I’d like to see that broadened to all apps rather than just installs outside app stores.
What I don’t want, and what I’m concerned about is that this is a stepping stone to is a system where some permissions are only available to apps from Google-approved app stores, or a scenario like iOS where apps can only be installed from stores or with Google-approved developer credentials.
I’m unsure what the author of the article is advocating, since the “raw deal” appears to be geared towards making the Android environment more secure.
“These tighter security measures protect average users from malicious apps but risk alienating power users, amateur developers, modders, and enthusiasts who depend on Android’s flexibility.”
The author acknowledges this in literally the second sentence.
