Weird that they want to do all the verification themselves and not just allow certificate signing using verified CAs. Oh well it’s not weird because we all know Google does this to fight back against third party stores and to get developers back to their shitty one and of course to better track them.
edit: this is an article from November, its not something new…
bullshit! if this is actually what the “new” rule is, the exact same thing was already part of their unacceptable original plans.
To accommodate educational and noncommercial development, Google will introduce a new limited developer account type aimed at students and hobbyists. These accounts will not undergo full identity verification but will instead allow app installations on a restricted number of registered devices.
no to any kind of accounts, to any kind of developer registration, and any kind of install limits! its none of google’s business what apps people install outside their store, and so they shouldn’t be able to enforce a global installation limit for any apps!
I fucking hate that word. It’s not ‘sideloading’ to install on my own device what I want to install, to use the apps I want to use; to not use the apps I don’t want to use. I am not ‘sideloading’ anything when I install programs on my PC. No different on my phone.
Fuck off with all these new bullshit terms that are only used to imply that what we’re doing (with our own devices) is somehow outside the norm, to justify the constant enshittifcation and the growing stranglehold these corporations want on our lives. It’s infuriating.
It’s not a “bullshit new term”, it’s three decades old and means transferring files locally from one device to another, instead of directly downloading or uploading from/to an external server.
The origin goes back to MP3.com and i-drive in late 90’s, but the most common sideloading people did was downloading music to their PC using services like iTunes, and transferring them to their mp3 players. As they did often with early PDA and smartphone apps, where the term for Android comes from - get the .apk on your computer, transfer it to your phone, and install it.
Sideloading.Okay, but Google uses it in a way where directly going to the server they host F-Droid.apk, downloading and installing it counts as sideloading.
If anything, using Google Play is sideloading by that definition, since I can’t just download a release from the originators’ server, they need to first transfer it into a secondary location, Google’s servers, and I can only install it from there.
@JohnEdwa @wide_eyed_stupid indeed. but it takes only a single incendiarily indignant but factually wrong mastodon post to force anyone left who’s still reading wikipedia to clarify forever, because the OP is being parroted until hell freezes over.
@JohnEdwa @wide_eyed_stupid the correct take would be “i should be free to sideload software to my devices in any way i please”.
@lritter @JohnEdwa @wide_eyed_stupid unfortunately the term has been anti-reclaimed by corpos for use to imply it’s outside the norm to have control over what runs on your own device
@zaire @wide_eyed_stupid @JohnEdwa it’s our term. just like the sparkles emoji. they can’t claim anything. it’s all ours. they can go to hell.
@wide_eyed_stupid @Gsus4
They’re “sideloading” our vocabularyI’m sure there’s something in the EULA about how it’s actually their device and we are just licensing it, just like software. I hate this tech feudalism so much.
You know, it’s very possible, because I’ve never actually read an entire EULA, I don’t think.
My entire job depends on such an app, so this is a bit of a relief.
Cool story, goog.
I’m just going to keep waiting for a linux/foss phone so that its features and capabilities are actually predictable year to year.
But maybe I’m just too picky about what features and capabilities I want. I admit I’ve gotten used to some pretty outlandish stuff like… lemme check my notes here… “the device does the things I tell it to do.” Real galaxy-brain shit!
Not trying to be pessimistic: But Good luck with the linux phone when carriers start doing whitelisting like ATT already does
(Unless you wanna dual-phone?)
Meanwhile the Play Store is full of scams. This isn’t about safety, it making sure they get a cut from the scam apps.
So this sucks obviously. Will this also affects apps from alternate appstores like F-Droid or only APK’s? I mean F-Droid already signs the apps, right? I’m a little confused.
It’s all about herding people by dictating the path of least resistance.
Fuck all of this tech bros enshittification surveillance bullshit. I’m going to Radio Shack and buy a Heath Kit! /s
The company says it is now developing an “advanced flow that allows experienced users to accept the risks of installing software that isn’t verified.” This installation flow will include safeguards to protect people who are being coerced into installing a dangerous app, or tricked by a scammer, along with “clear warnings to ensure users fully understand the risks involved.”
IIRC we already had to enable a setting and confirm a warning popup. What are they gonna do? Add more popups? A captcha-“puzzle”? Less easy to accept dialogs?
My guess is they’ll enforce a xiaomi-style thing where you have to login, wait, go through hoops, wait again,…
that would be fine, without the login and sim card requirement
Probably a captcha puzzle, or some other thing that requires you to connect to them and surrender your data for free for their commercial purposes.
how about a $20 development license!
Honestly a less easy to accept dialog would go a long way.
Just make it require ADB. Iv had my grandfather fall victim to a crypto scam that got him to install a app on his phone.
As much as we hate it, google is the only one who has any power to prevent abuse of the stupid, elderly and gullible. Someone has too.
There is a line of going to far to protect people that just makes things worse for everyone. But the reality is, our freedom comes at the expense of others freedom.
Finding the balance is hard.
As much as we hate it, google is the only one who has any power to prevent abuse of the stupid, elderly and gullible. Someone has too.
Not far enough. We should require a government agent to be with people to verify there isn’t any fraud before allowing any money transactions to happen.
Wanna buy food at the grocery store? Please wait for your assigned NSA agent to verify that you’re not being scammed.
(Is /s even needed?)
Hot take: We shouldn’t lock down devices by default to a point where they protect even the most vulnerable.
Child safety locks exist for a reason and can also be used for the elderly.
Prescription pill bottles are a perfect balance.
You can put the cap on one way to lock them in place to keep kids out, requiring the lid to be pressed down and twisted to open, or you can flip the lid over over to make the pills easily accessible by simply unscrewing it. I’d be 100% okay with a step on phone setup (that can also be run at any other time) that allows the phone to be set up similarly.
Nah screw needing adb, that absolutely kills free and open source software stores like fdroid, and fdroid have said as much that Google’s then planned signing requirements would lead fdroid to stop.
The only way I’d even be remotely OK with another adb requirement is if
- it’s a requirement to unlock the ability to install unsigned apps, ie it’s not to an install an app but set a flag
- #1 becomes a requirement for Google certification so all manufacturers have to allow it
- It doesn’t cause other types of attestation to fail that we see with unlocked, rooted and third party roms failing certain checks preventing some apps, most commonly banking ones from working
I think whatever is required for third party apps and stores should also be required for play store. No special treatment for their own files.
Eg: “Warning: Are you sure you trust GooglePlayStore.apk? This software might be harmful.”
I reckon that Google would magically get the messaging exactly right with that requirement.
At least with something like shizuku one can effectively adb to your own phone, so even if adb became required to install non-google-approved apps on one’s own phone… It will not block FOSS for long.
and how do you enable shizuku? you need a PC for that too
In today’s society everything needs to be baby proofed. Protect this protect that. People need to take responsibility for their actions.
Your grandpa got greedy and wanted to invest money to make more money. Now he got scammed and he learned his lesson. Next time guided by prior experience he should/will be more careful. If not he will loose more money until he realises he shouldn’t be clicking and installing everything he sees.
And that applies to everyone. You alone are responsible for your actions, not anybody else
Until he has early dementia and forgets the lessons learned, but of course he’ll forget he invested anything tomorrow and do it again!
I’m all for holding people personally responsible, but sometimes we gotta help each other out. Also blaming the victim for being scammed is not helpful. Scammers do so many underhand tactics its impossible for any us to keep track of it all alone.
I’m okay with more tools to help us protect people. Maybe instead of needing ADB, you have to boot into save mode, and can enable 3rd party sources from there? This way you can still enable it on the phone while preventing a script or app can’t automate enabling it. Oh and because there’s more scam shit on google play than Fdroid, we’ll need google play to be enabled via the same method too.
Í get what you are saying, I also have an elderly mother that is bad with technology. But she ask anything that is outside of her usual usage.
If she starts doing some stupid stuff and she isn’t aware of her problem then I’m responsible for her actions. Because its not only her problem then but all of ours family. And again usually I’m the one that is stuck with the problem.
Then when dialogue doesn’t help I’m locking the device and make sure she doesn’t do something stupid like that again.
I need the company to provide the necessary tools to prevent fraund so that I can use it.
Not that the company polices what I can or can’t do with my device that I paid
Billionaires doing what a billionaire does: feign a reason to kneecap a service, force complaints about its ineffectiveness, then use that as an excuse to dismantle it entirely. I am so tired of this.
I’m not worried about sideloading because I use GrapheneOS, but I’m worried that development for various apps might stop…
afaik this was the plan from the beginning, but nobody was reading any of the articles that they never clicked on
That’s why I posted this old article. I only heard about it from a hackaday podcast.
“side” loading is just normal loading for me. I have one single app from the google app store. (It’s cookie clicker 😂)
Even calling it side loading is an attempt to delegitimise the practice. To make it sound like you’re doing something dodgy by the side.
It’s just installing an app.
Nobody calls installing an app from outside the Microsoft store on their Windows PC “side loading”.
Likewise for Macs regarding their app store, or installing an app from outside your distro’s repository on Linux.
Do you use Fdroid or simply get apks online, like we all used to before these walled gardens?
Neither ! I use Obtainium, which allows you to get apps directly from the source, with the convenience of a normal app store for updating !
I usually look for apps on droid-ify, which is an alternative front end to f-droid, then whenever possible I copy the link of the source repo and install via Obtainium ; when I can’t I install the f-droid version via Obtainium as well (as a result, I have 0 apps installed by droid-ify, I only use it for search)
When I need an App Store exclusive app, I install it via Aurora Store (which downloads apps via shared anonymous accounts)
The only thing this system can’t get around is paid apps from the App Store. I have exactly one : Cookie Clicker. (I like the game in general so I paid to support the dev)
I use fdroid whenever possible, but I do use Google Play for most everything else. I do have a few apps that I install via APK, but built-in updaters are so uncommon on Android apps that it’s kind of a pain to maintain.
Obtainium can solve that. It will check websites for updates and then download the new apk and install it. I use it more than fdroid now, can get apk straight from the developers github repo usually.
Interesting, I’ll have to play around with that.
This framing still sucks. Google is blocking apps THEY don’t approve on YOUR phone.
Agreed. But one climb down means potentially more, as needed. 🤞🏻
Only if the protests continue with full force.
