"Sideloading" is the rentseeker word for "being able to run software of your choosing on a computing device you purchased". There is no reasonable case for an operating system developer having a say over what programs you run on your hardware.
Auf YouTube findest du die angesagtesten Videos und Tracks. Außerdem kannst du eigene Inhalte hochladen und mit Freunden oder gleich der ganzen Welt teilen.
I agree in spirit, but man... Its only 50% rentseeking... My elderly parents and computer illiterate siblings and coworkers would get in trouble fast if they weren't constrained by 3 software platforms: mint software manager, android play, and MS whatchamacallit. I have pounded it into their heads: never download software candy from strangers. (I live in an anti-apple pocket of the world)
But then, i guess all three of those do let you do your own thing to varying degrees.
@TrimTab no one is saying you can't use an app store and must sideload. Just that there be a choice. It's reasonable to default sideloading to off, but the setting must be user-controlled.
@TrimTab Yes, people seem unable to keep in mind two things at once: 1. Apple and Google are somewhat protecting users by locking them in to “approved” apps. 2. By financially placing themselves between the users and the apps, their incentives are in the wrong place, which hurts users.
@davidbcohen Proof that microsoft is bad at software. Several generations of computers users have been brain damaged with deplorable op-sec habits.
Srsly what kind of software company would ever think auto running code on USB thumb drives was ever smart? Only the dumbest developers who failed their comp sci classes...
@TrimTab @davidbcohen it was a carryover from auto run on CDs, because putting in an installation disc and have a screen show up felt futuristic or something.
It has always been a stupid idea though, I completely agree with you.
@adventure_tense My best friend migrated his parents to Linux (20 y ago). The separation of admin and user accounts actually worked, software did not assume you were admin all the time, and he could let his parents only install software from trusted repositories. There is absolutely a case to be made for locking down the system. Don't forget, this is a pretty technically minded echo chamber we are in, what works for us is bad for others. But I agree: It should be possible to do stuff!
@kkarhan @drchaos @adventure_tense I only know how it works on GrapheneOS, currently. It doesn't ask credentials for me upon install. It just wants me to allow alternative app stores or the Files app (for downloaded APK files) as an installation source for "unknown apps". It also asks that for the Play Store, given that that is a third-party optional app on GrapheneOS. The "install unknown apps from source" permission doesn't have anything to do with who signed the app, just seems to have to do with the fact that it's not a bundled/default app installer like GrapheneOS App Store is on GrapheneOS.
This is about a platform mandating DRM, to control/manipulate revenue streams.
I think Google (and Apple) are fully capable to manage platform security without gatekeeping access to our devices. They could improve OS immutability, or better admin rights without root privileges.
As irritating as they can be, even the banks have developed secure financial platforms that still allow us to purchase WHAT we want, from WHO we want.
Imagine buying something from a local store instead of amazon was called "sideshopping" and there's a massive campaign to delegitimize buying items from stores not approved by amazon. Completely absurd. Why accept that exact ideology when it comes to installing software on your phone?
@StaticR perhaps because the little local store also sells nuclear weapons, gives free drug samples to kids, has a ready supply of DIY biological warfare kits, tracks your wife 24/7 without her knowledge, and has borrowed your banking credentials. Apart from that, they do have some other cool things though.
the review process at Google can be a PITA, but for a good reason. Permissions to access more than an app really needs can be exploited for harvesting private information on a seemless update that most won't even notice. Side loaded apps downloaded from say APK mirror can have been tampered with using smali edits and you won't know. What Google should do is certified dev signing keys to trace and confirm if an APK is legit or not and coming from the actual dev, regardless of being side loaded.
@denzilferreira so why dont we do this on windows or linux then, both oses by default dont even have a permissions system and give applications near full access to the device
@Chickerino that's not true, you do need to raise admin rights to install something not digitally signed on Windows, and admin credentials to install on Linux. On Linux you have Flatpaks that do have permissions in place, and the software runs on a sandbox with only access to what you allow. Windows does not do any of that - hence I'm not gonna even recommend it.
@denzilferreira thats why i said "near" everything, for example on android you need to give permission for the app to be able to access your files outside of the app container, windows by default lets every app access every file that your user has access to, i think thats a bit stinky
@Chickerino yes 😅 btw Google is doing exactly what I said: verification of dev certificate on the .APK allowing you to side load authentic apps. Only unverified .APK are blocked arstechnica.com/gadgets/2025/0…
@Billie we are talking about Google Certified devices here. Google is the root trust CA, and as a developer that wants to publish on the Play Store, you want people not to be able to side load malicious versions of your app. That's what this is about. If you put your own ROM, without GMS, nothing stops you from side loaded apks. It is the same for iPhones. This will affect and prevent the spread of malicious and randonsomware that scammers use.
@denzilferreira @Chickerino it's still opening a door to censor whomever they decide is not an approved developer for whatever reason. It's still not justifiable to completely lock out users to do what they want with their devices.
@jumianr @Chickerino I understand this. But we are a minority who want to tinker. For Google, the priority is to protect the large majority of Android users from installing apps that are not legitimately packaged by developers who did publish their app on the Play Store. Developers will be able to install their own apps on their devices if developer mode is enabled and via ADB. And a user will be able to adb install an app if compiled with debug keys. The thing here are release keys, which need to match the play store version of legit apps. This also attempts to prevent repackaging of apps with malware. This is the same on Apple devices. I think people are overreacting to be honest. EU also dictated alternative play stores are possible and pretty sure Google will not be able to enforce Play Store only verified apps to install.
@denzilferreira @jumianr this is not a reasonable excuse to remove the freedom that users have to install whatever they want, i would be ok with this if and only if the user was given a clear warning before installing an application and given a choice to do so anyway
besides, apps on android are sandboxed, the damage they can cause (notwithstanding any security vulnerabilities) is limited to the permissions that the user gives, if theres any place this would make sense, i dont think its android, especially considering that mallicious apps or just data stealing apps are very common place on the play store anyway
#Google of all companies (worse is only #StasiBook / #NSAbook) has no moral right given their business is based around data harvesting and microtargeting users.
@denzilferreira You can still run (potentially malicious) software without installing it. Lots of portable software out there on windows, AppImages or statically compiled binaries on Linux, etc. And you don't need admin permissions to ransom the user's documents, run a cryptominer, change the user's browser settings, adding itself to the user's startup applications, etc. @Chickerino @Gargron
#NSAbook literally spun up local #webservers on mobile devices to have persistent, cross-app - tracking functionality that breaks out of sandobxing even on #iOS!
@denzilferreira @Chickerino on both windows and linux no additional permission is needed to install to a users home directory or simply run without installing. The permission model on both operating systems is more geared towards preventing the system configuration from getting messed up than preventing anything remotely malicious.
@denzilferreira @Chickerino @danielleigh granted one could just remove users' ability to create/write files with executeable permissions or run chmod +x but oitside of some hard-locked kiosk systems noone does that!
@denzilferreira Except that, it doesn't prevent malware. Note that this news article is from today. I went to find the most recent example of this and it turns out that I didn't even have to go back as far as yesterday.
Proper safety is done by reducing kernel attack surface, reducing the size of the TCB, and making it easy for applications to respect the principle of least privilege so that ones that don't stand out as things that obviously request more permissions than they should have.
@david_chisnall @denzilferreira in fact all #malware that gets into #GooglePlay works with lies and deciet as in the original account and code submitted is all clean and onlynafterwards do they slowly "update" maliciois functionality.
Auf YouTube findest du die angesagtesten Videos und Tracks. Außerdem kannst du eigene Inhalte hochladen und mit Freunden oder gleich der ganzen Welt teilen.
@kkarhan @david_chisnall yep... it may be that with AI assistance, code could be analysed on every update to prevent or mitigate some of this backdoor malicious updates. Will it be perfect? No.
@kkarhan @david_chisnall I meant to analyze the code for possible CVE or exploits at scale. Doing it manually with a lot of humans will take more resources if that is what you are comparing to (computers, electricity, etc). AI has it's place to help.
@denzilferreira @david_chisnall 1. Google and Apple do that to an extent. Obviously they can't work against maliciois devs knowing that and thus detecting their sandbox-testing.
2. What you point out as "#AI" is at best a worse version of #VirusTotal.
@kkarhan @david_chisnall yep, that's why I said before there are limits to what AI or humans can actually do 😄 VirusTotal looks very interesting, thanks for sharing!
Once you’ve bought the hardware, it’s yours, not a lease where the vendor still dictates your choices. Calling it sideloading makes it sound like something shady, when it’s just freedom to install what you want.
Google is selling the sideloading-ban as a measure to enhance security. But would this “security measure” also affect app stores that are already more secure than Google’s Play Store, like @fdroidorg ?
I feel sorry for young developers these days, those just starting out at say 11/12 learning coding at home.
When I was that age or maybe more 13/14 I had a friend a year or two below me, who as we both had zx spectrums, he was working on a little address book project in basic, so once saved to tape, he could give that to me, I could take home and test, then give feedback.
All this was possible because we could write what we wanted and just use / test it.
These days, it seems much easier to learn to write software but whenit comes to running software people have to go through more hoops. I am not an expert but If I want a friend to just test something it seems there are more and more barriers to them doing that. How can programs improve without testing.
The important thing with what I went through was that it was peer testing, if he had put that program in the hands of a professional developer (even late 80s / early 90s) would they have been as helpful. So these days we can put programs on repositories so more can see, but if the person looking at yout code
... Show more...
I feel sorry for young developers these days, those just starting out at say 11/12 learning coding at home.
When I was that age or maybe more 13/14 I had a friend a year or two below me, who as we both had zx spectrums, he was working on a little address book project in basic, so once saved to tape, he could give that to me, I could take home and test, then give feedback.
All this was possible because we could write what we wanted and just use / test it.
These days, it seems much easier to learn to write software but whenit comes to running software people have to go through more hoops. I am not an expert but If I want a friend to just test something it seems there are more and more barriers to them doing that. How can programs improve without testing.
The important thing with what I went through was that it was peer testing, if he had put that program in the hands of a professional developer (even late 80s / early 90s) would they have been as helpful. So these days we can put programs on repositories so more can see, but if the person looking at yout code does not know how old you are, they may not account for age / experience factors.
I think this is why it is important to have communities where younger people and young developers can learn / develop and test but be supported, encouraged by older developers but who take in to account their age and experience.
This is where projects such as Mission Libre come in by hopefully providing that.
the whole case of why I've always had an Android phone: I'm a dev, if I want something I can write and install it.
I almost never do of course, but it's completely fucked up for Google to expect me to register an account with their service to receive their blessed key material in order to install my stupid side project on my own device
Thanks for the explanation as I had no idea what this mean,I think we need to remember when you buy devices they are NOT your devices, you buy hardware, and a license to run the OS that dictates how the people who write the OS want you to do things.
And if you install another OS such as LinuxMint over windows 11 or 10, cash converters in Torquay told me that invalidates the Warranty. It seems better plan than installing the latest Windows 11 update which breaks ssd.
Google is actually brilliant here. Unlike Apple, they don't need to manufacture all the devices. They can just create a software walled garden on anything running their OS.
@nazokiyoubinbou i didn’t know microsoft did anti-software choice tactics in windows (although that’s definitely something they aren’t above doing to their users)
I like Samsung's Auto Blocker. It runs my phone in pure mode with everything locked down and secure. But with flip of a switch and fingerprint scan, I can use Dev tools or sideload apps. Then flip it back and all of it still works. I'd be furious if this was the only way.
@zeri yeah, that’s the stupidest court ruling ever. ignoring the fact that the modern internet is intolerable without an adblocker, that ruling’s “logic”, if applied to other things, would mean that using inspect element is a copyright violation, or using tracker blockers is a copyright violation, or cutting ads out of a newspaper with scissors is a copyright violation. it’s just absurd
on one side, how different is what Google is proposing from what Mozilla has been doing with side-loaded extensions, which they have to certificate even if you host them yourself?
on the other side, why did I see no one complaining about the Mozilla stance on this?
I'd argue there's a critical reason besides rent-seeking: security.
It's a genuine conflict between user rights and the need to protect the average person. Phones hold our banking apps, 2FA tokens, mics, cameras, and countless secrets.
When a sideloaded app steals data, the user doesn't say, "My sideloaded app failed." They say, "My Android/iPhone got hacked." The OS developer takes the blame.
Android's approach—allowing it, but behind a clear security warning—seems like a decent compromise in this difficult balancing act.
Seeing this proposition it seems more scary. First for folks from Brazil, Indonesia, Singapore, and Thailand, rest of the world is more complicated. Interesting if in Brazil, Indonesia, Singapore and Thailand this will become legal requirement.
Here it is more than security, I would say that hampering user owners rights isn't biggest issue, but this seems as a way to limit free speech. Because Google may be informed by government of some country that they forbid app like Signal, so Google should not allow signing of Signal. Still if there will be legal requirement they will need to do it. So it may be first step in killing cryptography.
Amen! And then there's my cars infotainment center that I can't even sideload!
Edit: I'm sure there are some absurdly smart people here who could tear apart the dash board and hard wire into the computers pinout to do it. But that's a little beyond my capabilities.
I agree: if someone buys a "computer" or a general purpose device, your point certainly holds.
But on the other side of a fine line I imagine (perhaps older) game consoles: when the original Nintendo came out, that company was not expected to help you run Atari software on their hardware.
They'd not prevent it - if you could figure out it, good on you. But Nintendo shouldn't be expected to make that work.
Not-supporting versus actively-preventing is the key difference for me.
I did not know of this word. It sounds a bit like the word ”jaywalking” which was invented by car companies to shame pedestrians into getting out of the way.
This is crazy because even on iPhones it's perfectly possible to install applications that are not approved by Apple in any way, by regular users with no privileges. It's a hassle (at least initially) and it has limitations, but the fact that you can and you won't be able to do the same on Android is crazy.
There's also no reasonable case for an OS developer or app developer to have a say over whether I can have root access to my own device. Yet there are a whole shit-load of things I can't do on my phone because it is rooted.
As someone who developed operating systems for 50 years I know that there are reasonable cases; but, as none are relevant to Google’s latest behavior, I will not elaborate.
Since a mobile device is mostly a general purpose system you should be able to run any software that doesn’t violate laws and it’s not the OS vendor’s responsibility to enforce laws except those regulating the radios in the device.
IMO the only long-term solution to this is Android getting completely separated from Google. The "annoy users into submission" approach they take with Play Protect right now is already very much overstepping.
and in the longer run, our society desperately needs a technology to modify modern microelectronics at home or at least at a well-equipped repair shop.
It is known that sideloading is a real risk for most of Android users*
*The bad guy comes to your home, enable ADB debug, you let him connect your phone, you give him your pin, you let him few moment to load a naughty apk (bring coffees) and VOILÀ ! 🔥
BTW I had today to clean a fully stock up to date Android (you even can install bank app on) because of a "legit" Play Store bloatware setup'd lots of other adware apks 👍
Those who make these decisions have goals to make as much profit as possible. And in fact we get a regression. Debian is the friendliest system for civil society.
This list of replies is a hilarious string of people pretending that they’ve never looked at someone’s Windows machine *so completely fucked up with malware and viruses that the owner just blithely clicked on and installed* that the only solution was to nuke it from space and *buy a whole new computer*
For a good fifteen years the number one reason for tossing perfectly good hardware and buying a newer Win PC was virus/malware infestation. Might still be, I have no idea.
at this point I just want a fucking slab that lets me call from Linux.
I want postmarketOS on an AMD Ryzen with only 64bits (dump the 32, make a bloody atom ryzen you cowards), and a pure-64 Steam build. I want a slab that lets me play anime games if I bloody want to. And deploy a Linux fleet management solution. AND JUST LET ME DO MY THING.
Ma and Pa _need_ some form of sandbox. Sandboxing should be optional. But some form of sandboxing should exist when non-tech people will use computers.
I remember when the ability to run a wide variety of programs on a given piece of hardware was actually strong selling point. Like with my first computer, a Commodore 128 - you could run BASIC AND CP/M.
Especially as this newest move of Google is redundant: play protect is already built in all Google play services using phones.
It already flashed and remains suspicious Appa and known malware from all sources.
So how exactly is locking down the signing keys for apps that are allowed to run at all and connecting them with government ID for developers helping security?
counter-point: run your software outside this rentseekers sandbox then. it’s absolutely a bad look for them if something happens to you while in their ecosystem (randsomware, malware, identity theft, etc.)
just because you own the physical memory registers doesn’t mean you’re ever making use of them without this rentseekers work and IP.
@Kdude nah, they’re doing nothing about apple weaponizing notarization to keep control over what is allowed on iOS, and they’ll definitely take no action against this
exactement , a croire qu'ils veulent tous faire des systèmes totalement fermé et intrusifs. Je me demande parfois s'il ne cherchent pas a dévelloper le hacking autour de leur Os ..
sideloading is a bullshit word made up to make doing what you want with what you own sound more scary. Let's call it what it has always been called on PC.
Quincy ⁂
in reply to Eugen Rochko • • •bananabob 🇺🇦 🇵🇸
in reply to Eugen Rochko • • •Feyter
in reply to Eugen Rochko • • •Isocat
in reply to Eugen Rochko • • •J. R. DePriest :EA DATA. SF:
in reply to Eugen Rochko • • •- YouTube
youtu.beIvan Todorov
in reply to Eugen Rochko • • •TrimTab 🇺🇦
in reply to Eugen Rochko • • •I agree in spirit, but man... Its only 50% rentseeking... My elderly parents and computer illiterate siblings and coworkers would get in trouble fast if they weren't constrained by 3 software platforms: mint software manager, android play, and MS whatchamacallit. I have pounded it into their heads: never download software candy from strangers. (I live in an anti-apple pocket of the world)
But then, i guess all three of those do let you do your own thing to varying degrees.
Kevin Karhan reshared this.
Nathan A. Stine
in reply to TrimTab 🇺🇦 • • •@TrimTab no one is saying you can't use an app store and must sideload. Just that there be a choice. It's reasonable to default sideloading to off, but the setting must be user-controlled.
@Gargron
Magnus Ahltorp
in reply to TrimTab 🇺🇦 • • •1. Apple and Google are somewhat protecting users by locking them in to “approved” apps.
2. By financially placing themselves between the users and the apps, their incentives are in the wrong place, which hurts users.
Kevin Karhan
in reply to Magnus Ahltorp • • •David Cohen
in reply to TrimTab 🇺🇦 • • •TrimTab 🇺🇦
in reply to David Cohen • • •@davidbcohen
Proof that microsoft is bad at software. Several generations of computers users have been brain damaged with deplorable op-sec habits.
Srsly what kind of software company would ever think auto running code on USB thumb drives was ever smart? Only the dumbest developers who failed their comp sci classes...
JuMi
in reply to TrimTab 🇺🇦 • • •@TrimTab @davidbcohen it was a carryover from auto run on CDs, because putting in an installation disc and have a screen show up felt futuristic or something.
It has always been a stupid idea though, I completely agree with you.
⊥ᵒᵚ Cᵸᵎᶺᵋᶫ∸ᵒᵘ ☑️
in reply to JuMi • • •Kevin Karhan
in reply to ⊥ᵒᵚ Cᵸᵎᶺᵋᶫ∸ᵒᵘ ☑️ • • •ℛ𝑜𝒷
in reply to Eugen Rochko • • •AdventureTense
in reply to Eugen Rochko • • •Even the term "Side loading", makes it sound non-standard and risky. Which of course, it doesnt have to be.
#AOSP #OpenSource #GrapheneOS
Kevin Karhan reshared this.
Joe W
in reply to AdventureTense • • •But I agree: It should be possible to do stuff!
tranquil_cassowary
in reply to Joe W • • •Kevin Karhan
in reply to tranquil_cassowary • • •Joe W
in reply to Kevin Karhan • • •Kevin Karhan
in reply to Joe W • • •@drchaos @tranquil_cassowary @adventure_tense I kniw and it pisses me.off as well!
Being greedy assholes wanting to monopolize shit is NOT a legitimate reason.
tranquil_cassowary
in reply to Kevin Karhan • • •I only know how it works on GrapheneOS, currently.
It doesn't ask credentials for me upon install. It just wants me to allow alternative app stores or the Files app (for downloaded APK files) as an installation source for "unknown apps". It also asks that for the Play Store, given that that is a third-party optional app on GrapheneOS.
The "install unknown apps from source" permission doesn't have anything to do with who signed the app, just seems to have to do with the fact that it's not a bundled/default app installer like GrapheneOS App Store is on GrapheneOS.
AdventureTense
in reply to AdventureTense • • •This is about a platform mandating DRM, to control/manipulate revenue streams.
I think Google (and Apple) are fully capable to manage platform security without gatekeeping access to our devices. They could improve OS immutability, or better admin rights without root privileges.
As irritating as they can be, even the banks have developed secure financial platforms that still allow us to purchase WHAT we want, from WHO we want.
#OpenSource #NoDRM #DeGoogle #GrapheneOS #DeApple #AOSP
Kevin Karhan
in reply to AdventureTense • • •@adventure_tense OFC this is a matter if #control and #monopolization.
The #Enshittification of #Android is not a law of nature, but strategy!
Kevin Karhan reshared this.
ꓤɔᴉʇɐʇS
in reply to Eugen Rochko • • •Elena ``of Valhalla'' likes this.
reshared this
Leo Bistmans, sotolf, Rokosun, blaue_Fledermaus, Armin Hanisch, GunChleoc, L'égrégore André ꕭꕬ, Blippy the Wonder Slug 🇩🇪, Rune Jensen ✅ 🇳🇴, Olfred and Kevin Karhan reshared this.
Kevin Karhan
in reply to ꓤɔᴉʇɐʇS • • •Marcus Bointon
in reply to ꓤɔᴉʇɐʇS • • •Denzil Ferreira
in reply to Eugen Rochko • • •Chickerino
in reply to Denzil Ferreira • • •Denzil Ferreira
in reply to Chickerino • • •Chickerino
in reply to Denzil Ferreira • • •Denzil Ferreira
in reply to Chickerino • • •Google will block sideloading of unverified Android apps starting next year
Ryan Whitwam (Ars Technica)Billie
in reply to Denzil Ferreira • • •@denzilferreira
Denzil, nope. G****e demands you give them your private app signing keys, breaking any thrust chain this way.
Denzil Ferreira
in reply to Billie • • •Billie
in reply to Denzil Ferreira • • •@denzilferreira
Giving away your private signing keys breaks any thrust chain. It is just the opposite.
Denzil Ferreira
in reply to Billie • • •Kevin Karhan reshared this.
Kevin Karhan
in reply to Denzil Ferreira • • •@Billie @denzilferreira except #Google.has no right to demand that control to begin with!
Remember: "Know Your Developer" IS the ilkicit activity!
JuMi
in reply to Denzil Ferreira • • •Kevin Karhan
in reply to JuMi • • •@denzilferreira @Chickerino @jumianr precisely!
Denzil Ferreira
in reply to JuMi • • •Chickerino
in reply to Denzil Ferreira • • •@denzilferreira @jumianr this is not a reasonable excuse to remove the freedom that users have to install whatever they want, i would be ok with this if and only if the user was given a clear warning before installing an application and given a choice to do so anyway
besides, apps on android are sandboxed, the damage they can cause (notwithstanding any security vulnerabilities) is limited to the permissions that the user gives, if theres any place this would make sense, i dont think its android, especially considering that mallicious apps or just data stealing apps are very common place on the play store anyway
Kevin Karhan
in reply to Chickerino • • •@denzilferreira @jumianr @Chickerino PRECISELY THAT!
Kitlith
in reply to Denzil Ferreira • • •You can still run (potentially malicious) software without installing it. Lots of portable software out there on windows, AppImages or statically compiled binaries on Linux, etc. And you don't need admin permissions to ransom the user's documents, run a cryptominer, change the user's browser settings, adding itself to the user's startup applications, etc.
@Chickerino @Gargron
Kevin Karhan
in reply to Kitlith • • •@denzilferreira @Chickerino @kitlith espechally with all the #JavaScript bullshit and #Browser #permissions...
Daniel Leigh
in reply to Denzil Ferreira • • •Kevin Karhan
in reply to Daniel Leigh • • •chmod +xbut oitside of some hard-locked kiosk systems noone does that!David Chisnall (*Now with 50% more sarcasm!*)
in reply to Denzil Ferreira • • •@denzilferreira
Except that, it doesn't prevent malware. Note that this news article is from today. I went to find the most recent example of this and it turns out that I didn't even have to go back as far as yesterday.
Proper safety is done by reducing kernel attack surface, reducing the size of the TCB, and making it easy for applications to respect the principle of least privilege so that ones that don't stand out as things that obviously request more permissions than they should have.
Malware-ridden apps made it into Google's Play Store, scored 19 million downloads
Iain Thomson (The Register)Denzil Ferreira
in reply to David Chisnall (*Now with 50% more sarcasm!*) • • •Kevin Karhan reshared this.
Kevin Karhan
in reply to Denzil Ferreira • • •@david_chisnall @denzilferreira in fact all #malware that gets into #GooglePlay works with lies and deciet as in the original account and code submitted is all clean and onlynafterwards do they slowly "update" maliciois functionality.
- YouTube
www.youtube.comDenzil Ferreira
in reply to Kevin Karhan • • •Kevin Karhan
in reply to Denzil Ferreira • • •@denzilferreira @david_chisnall not really.
Also "#AI" is wasteful computing that results in unmaintainable code and hallucinated solutions.
Denzil Ferreira
in reply to Kevin Karhan • • •Kevin Karhan
in reply to Denzil Ferreira • • •@denzilferreira @david_chisnall
1.Google and Apple do that to an extent. Obviously they can't work against maliciois devs knowing that and thus detecting their sandbox-testing.2.What you point out as "#AI" is at best a worse version of #VirusTotal.Denzil Ferreira
in reply to Kevin Karhan • • •Mojo ♻️
in reply to Eugen Rochko • • •Once you’ve bought the hardware, it’s yours, not a lease where the vendor still dictates your choices. Calling it sideloading makes it sound like something shady, when it’s just freedom to install what you want.
#freesoftware #digitalrights
Christopher Paun
in reply to Eugen Rochko • • •But would this “security measure” also affect app stores that are already more secure than Google’s Play Store, like @fdroidorg ?
Elric
in reply to Eugen Rochko • • •Bold of you to assume that your phone is really "yours". I'm sure that by buying one Google owns your soul and that of your firstborn.
We need more competition in the Mobile OS market, and Google needs to be hit with a big enough antitrust suit to cripple them for a couple of decades.
Paul Sutton
in reply to Elric • • •I feel sorry for young developers these days, those just starting out at say 11/12 learning coding at home.
When I was that age or maybe more 13/14 I had a friend a year or two below me, who as we both had zx spectrums, he was working on a little address book project in basic, so once saved to tape, he could give that to me, I could take home and test, then give feedback.
All this was possible because we could write what we wanted and just use / test it.
These days, it seems much easier to learn to write software but whenit comes to running software people have to go through more hoops. I am not an expert but If I want a friend to just test something it seems there are more and more barriers to them doing that. How can programs improve without testing.
The important thing with what I went through was that it was peer testing, if he had put that program in the hands of a professional developer (even late 80s / early 90s) would they have been as helpful. So these days we can put programs on repositories so more can see, but if the person looking at yout code
... Show more...I feel sorry for young developers these days, those just starting out at say 11/12 learning coding at home.
When I was that age or maybe more 13/14 I had a friend a year or two below me, who as we both had zx spectrums, he was working on a little address book project in basic, so once saved to tape, he could give that to me, I could take home and test, then give feedback.
All this was possible because we could write what we wanted and just use / test it.
These days, it seems much easier to learn to write software but whenit comes to running software people have to go through more hoops. I am not an expert but If I want a friend to just test something it seems there are more and more barriers to them doing that. How can programs improve without testing.
The important thing with what I went through was that it was peer testing, if he had put that program in the hands of a professional developer (even late 80s / early 90s) would they have been as helpful. So these days we can put programs on repositories so more can see, but if the person looking at yout code does not know how old you are, they may not account for age / experience factors.
I think this is why it is important to have communities where younger people and young developers can learn / develop and test but be supported, encouraged by older developers but who take in to account their age and experience.
This is where projects such as Mission Libre come in by hopefully providing that.
@missionlibre
jwz
in reply to Eugen Rochko • • •wall-e
in reply to Eugen Rochko • • •the whole case of why I've always had an Android phone: I'm a dev, if I want something I can write and install it.
I almost never do of course, but it's completely fucked up for Google to expect me to register an account with their service to receive their blessed key material in order to install my stupid side project on my own device
Jonathan Downie
in reply to Eugen Rochko • • •Paul Sutton
in reply to Eugen Rochko • • •eddie
in reply to Paul Sutton • • •Paul Sutton
in reply to eddie • • •Darius Kruythoff
in reply to Eugen Rochko • • •Justin
in reply to Eugen Rochko • • •JackPearse
in reply to Eugen Rochko • • •Jake
Unknown parent • • •1a1nC
in reply to Eugen Rochko • • •yaoi gagarin
in reply to Eugen Rochko • • •but Eugen, developers will continue to be free to distribute their apps off of Google Play and sideloading remains unaffected!
(as long as the apps are signed by Google shhhhhhhh don't tell the regulators, the whole walled garden thing has been going so well for Apple)
Martin Hamilton (39C3 rehab)
in reply to Eugen Rochko • • •Nick reshared this.
RejZoR
in reply to Eugen Rochko • • •Simon Lucy
Unknown parent • • •@jakeyounglol @zeri
Reading is a copyright violation.
Jake
Unknown parent • • •Gustavo
in reply to Eugen Rochko • • •on one side, how different is what Google is proposing from what Mozilla has been doing with side-loaded extensions, which they have to certificate even if you host them yourself?
on the other side, why did I see no one complaining about the Mozilla stance on this?
Saupreiss #Präparat500 🗽
in reply to Eugen Rochko • • •jchkoch
in reply to Eugen Rochko • • •przemelek
in reply to Eugen Rochko • • •I'd argue there's a critical reason besides rent-seeking: security.
It's a genuine conflict between user rights and the need to protect the average person. Phones hold our banking apps, 2FA tokens, mics, cameras, and countless secrets.
When a sideloaded app steals data, the user doesn't say, "My sideloaded app failed." They say, "My Android/iPhone got hacked." The OS developer takes the blame.
Android's approach—allowing it, but behind a clear security warning—seems like a decent compromise in this difficult balancing act.
Navi
in reply to przemelek • • •przemelek
in reply to Navi • • •@navi OK, now I get it.
In original comment I didn't saw info about this announcement from yesterday (android-developers.googleblog.…)
Seeing this proposition it seems more scary.
First for folks from Brazil, Indonesia, Singapore, and Thailand, rest of the world is more complicated.
Interesting if in Brazil, Indonesia, Singapore and Thailand this will become legal requirement.
Here it is more than security, I would say that hampering user owners rights isn't biggest issue, but this seems as a way to limit free speech. Because Google may be informed by government of some country that they forbid app like Signal, so Google should not allow signing of Signal.
Still if there will be legal requirement they will need to do it. So it may be first step in killing cryptography.
A new layer of security for certified Android devices
Android Developers BlogCM Thiede
in reply to Eugen Rochko • • •TheGoodWalker
in reply to Eugen Rochko • • •Amen! And then there's my cars infotainment center that I can't even sideload!
Edit: I'm sure there are some absurdly smart people here who could tear apart the dash board and hard wire into the computers pinout to do it. But that's a little beyond my capabilities.
Bernd Paysan R.I.P Natenom 🕯️
in reply to Eugen Rochko • • •Jesse McClure
in reply to Eugen Rochko • • •I agree: if someone buys a "computer" or a general purpose device, your point certainly holds.
But on the other side of a fine line I imagine (perhaps older) game consoles: when the original Nintendo came out, that company was not expected to help you run Atari software on their hardware.
They'd not prevent it - if you could figure out it, good on you. But Nintendo shouldn't be expected to make that work.
Not-supporting versus actively-preventing is the key difference for me.
echt jetz?
in reply to Eugen Rochko • • •Eugen Rochko
in reply to echt jetz? • • •Daniel Django (Akkoma) likes this.
echt jetz?
in reply to Eugen Rochko • • •lele
in reply to Eugen Rochko • • •Sparkwave
in reply to Eugen Rochko • • •Erik Sandblom 🌻
in reply to Eugen Rochko • • •I did not know of this word. It sounds a bit like the word ”jaywalking” which was invented by car companies to shame pedestrians into getting out of the way.
en.m.wikipedia.org/wiki/Jaywal…
term used to criminalize a pedestrian crossing the road outside of the authorized passage and time limit
Contributors to Wikimedia projects (Wikimedia Foundation, Inc.)Olfred reshared this.
Piko Starsider
in reply to Eugen Rochko • • •stux⚡️
in reply to Eugen Rochko • • •Steve Hill 🏴🇪🇺
in reply to Eugen Rochko • • •Marty Fouts
in reply to Eugen Rochko • • •As someone who developed operating systems for 50 years I know that there are reasonable cases; but, as none are relevant to Google’s latest behavior, I will not elaborate.
Since a mobile device is mostly a general purpose system you should be able to run any software that doesn’t violate laws and it’s not the OS vendor’s responsibility to enforce laws except those regulating the radios in the device.
The Animal and the Machine
in reply to Eugen Rochko • • •I like the term “rent seeker”.
Like Jaywalker is the rent seeker for car companies.
Gregory
in reply to Eugen Rochko • • •Daniel Django (Akkoma) likes this.
Gregory
in reply to Gregory • • •Marty Fouts
Unknown parent • • •@OrionKidder Those aren’t the laws I am talking about. I mean things like the laws governing the use of radio frequency and radio power.
So no, I am not missing the point.
Rexx Deane 🏳️🌈
in reply to Eugen Rochko • • •Optimistic Moron
in reply to Simon Lucy • • •That’s right!
All books should be burned before reading.
Simon Lucy
in reply to Optimistic Moron • • •@OptimisticMoron @jakeyounglol @zeri
Then the flames need to be prosecuted as they lick the pages.
Stéphane Calonnec 🗿
in reply to Eugen Rochko • • •It is known that sideloading is a real risk for most of Android users*
*The bad guy comes to your home, enable ADB debug, you let him connect your phone, you give him your pin, you let him few moment to load a naughty apk (bring coffees) and VOILÀ ! 🔥
BTW I had today to clean a fully stock up to date Android (you even can install bank app on) because of a "legit" Play Store bloatware setup'd lots of other adware apks 👍
ElectroFetish
in reply to Eugen Rochko • • •Debian is the friendliest system for civil society.
Marty Fouts
Unknown parent • • •@OrionKidder Maybe you need to read my first post again. I specifically mentioned radio software in the last sentence.
HTH HAND
tripleman, a 🇨🇦 in 🇩🇪
in reply to Eugen Rochko • • •This list of replies is a hilarious string of people pretending that they’ve never looked at someone’s Windows machine *so completely fucked up with malware and viruses that the owner just blithely clicked on and installed* that the only solution was to nuke it from space and *buy a whole new computer*
For a good fifteen years the number one reason for tossing perfectly good hardware and buying a newer Win PC was virus/malware infestation. Might still be, I have no idea.
cybik
in reply to Eugen Rochko • • •at this point I just want a fucking slab that lets me call from Linux.
I want postmarketOS on an AMD Ryzen with only 64bits (dump the 32, make a bloody atom ryzen you cowards), and a pure-64 Steam build. I want a slab that lets me play anime games if I bloody want to. And deploy a Linux fleet management solution. AND JUST LET ME DO MY THING.
Hari Prakash
in reply to Eugen Rochko • • •Francis Augusto Medeiros
in reply to Eugen Rochko • • •yes, but...
Ma and Pa _need_ some form of sandbox. Sandboxing should be optional. But some form of sandboxing should exist when non-tech people will use computers.
It's a dangerous world.
Ratsnake Games 🔞
in reply to Francis Augusto Medeiros • • •Jonathan Lamothe
in reply to Francis Augusto Medeiros • • •Michal 🇨🇿
in reply to Eugen Rochko • • •Jake
Unknown parent • • •Steve Dallape
in reply to Eugen Rochko • • •Wink and the Broken Robot
in reply to Eugen Rochko • • •iamdtms
in reply to Eugen Rochko • • •rat (determined empirically)
in reply to Eugen Rochko • • •Sideloading as a word was coined in 1990
en.m.wikipedia.org/wiki/Sidelo…
Please stop spreading lies to make people angry
Transferring files between local devices
Contributors to Wikimedia projects (Wikimedia Foundation, Inc.)Andreas K
in reply to Eugen Rochko • • •Especially as this newest move of Google is redundant: play protect is already built in all Google play services using phones.
It already flashed and remains suspicious Appa and known malware from all sources.
So how exactly is locking down the signing keys for apps that are allowed to run at all and connecting them with government ID for developers helping security?
This purely an anticompetitive measure.
2¢
in reply to Eugen Rochko • • •VulcanTourist
in reply to Eugen Rochko • • •Full Metal Archaeopteryx
in reply to Eugen Rochko • • •Thibaultmol 🌈
in reply to Full Metal Archaeopteryx • • •arstechnica.com/gadgets/2025/0…
Google will block sideloading of unverified Android apps starting next year
Ryan Whitwam (Ars Technica)The pigtailed girl likes this.
Sean
in reply to Eugen Rochko • • •Jacob
in reply to Eugen Rochko • • •counter-point: run your software outside this rentseekers sandbox then. it’s absolutely a bad look for them if something happens to you while in their ecosystem (randsomware, malware, identity theft, etc.)
just because you own the physical memory registers doesn’t mean you’re ever making use of them without this rentseekers work and IP.
Blort™ 🐀Ⓥ🥋☣️
in reply to Eugen Rochko • • •ruiten
in reply to Eugen Rochko • • •Darth Tiktaalik 🏳️⚧️ likes this.
Kevin Karhan
Unknown parent • • •@jakeyounglol @Kdude EXACTLY THAT is the problem!
I mean, @EUCommission is led by #Zensursula:
Jake
Unknown parent • • •max oakland
in reply to Eugen Rochko • • •Ron
in reply to Eugen Rochko • • •Daniel "DazzaJay" Fitzgerald🇦🇺
in reply to Eugen Rochko • • •sideloading is a bullshit word made up to make doing what you want with what you own sound more scary. Let's call it what it has always been called on PC.
Installing Software.