Comment by EasyMark - Hacker Neue

EasyMark 3 days ago parent

It's never about security (at least not user's security). It's like you pointed out only about power and locking in customers. They don't care if your phone gets hacked or you bank account drained. They care about the bottom line. Android is fine. Google should have 2 layers if they're worried playstore 1 has only well vetted authors and apps. playstore 2 can be the free for all (mostly) of the current store. These could be two different apps or prominent tags. Choice is good, lock down is bad. Corporate does not like employees or customers to have freedom, that's why it's our duty to fire people like the current US regime who always side with corporations over customers.

skybrian 3 days ago

This is a drastic response, but they didn't make up the security threat. Attackers convincing users to side-load malware is a thing.

https://www.bitdefender.com/en-us/blog/hotforsecurity/hacker...

BrenBarn 3 days ago

The thing is that people sideloading good non-malware apps because they want to is also a thing, and all kinds of icky apps that abuse permissions but are still verified and installed through the Play Store are also a thing. This doesn't really change what is a thing. It just moves more stuff under Google's control.

kristopolous 3 days ago

security is the "Save the Children" of technology. It's not that there isn't a theoretical thing there, it's that in the real material sense, the actual actions taken are power grabs for control and suppression.

eadmund 3 days ago

> Attackers convincing users to side-load malware is a thing.

Sure. It’s also not Google’s problem.

It’s not Victorinox’s problem of someone uses a Swiss Army knife to cut someone else. It’s not Toyota’s problem if someone deliberately runs over a pedestrian.

skybrian 3 days ago

Car companies do care if their cars are easy to break into and will improve the security of newer models, even if any particular theft is not their fault.

If they don't do that then their reputation will suffer and governments might take notice. So, in practice, big companies do have to care about their users, not individually but in aggregate.

kam 3 days ago

That's a bad analogy. No one is complaining about Google providing Android security updates.

This is like a car manufacturer preventing the installation of all unapproved aftermarket accessories by claiming they're protecting you from a stalker installing a tracker on your car.

schrodinger 3 days ago

I don’t actually think it’s that bad. If all of a sudden we started hearing an awful lot about Android phones having viruses, to the point where almost everyone had a friend who got a virus on their android. I think the market would actually shift. We’d probably see more people moving to iPhones.

rascul 3 days ago

> Car companies do care if their cars are easy to break into and will improve the security of newer models, even if any particular theft is not their fault.

Didn't Kia go over a decade without caring or improving until the Kia Boys stuff?

skybrian 3 days ago

Yep, it took a while but it eventually caught up with them.

const_cast 3 days ago

They made it up in the sense that it's completely unnecessary - most malware is on the Play Store.

jabedude 3 days ago

What is the source for this extraordinary claim? Also, malware hosted in the play store has the property of being tied to an identity which can be banned.

const_cast 3 days ago

I don't need a source, it's common fucking sense.

1. Most users do not use fdroid or APKs to download software. They download software from the play store.

2. Therefore almost all malware will target the play store.

3. Therefore most malware actively used comes from the play store.

4. Compounded, the play store does almost nothing to prevent malware and actively encourages certain types of malware like spyware and adware.

5. Compounded, Google gets a cut from each piece of malware sold on the play store or advertised on the play store, therefore they have no incentive to prevent malware in any significant way.

expected_void 1 day ago

> 3. Therefore most malware actively used comes from the play store.

This isn't necessarily true even if you're right on all the other points. Even if most malware is on the Play Store, it can still be true that, out of the Android users that DO get malware (or rather, those that actually report malware to Google), most of them got it from outside the Play Store.

It can be true that a minority of users get any malware at all because Play Store is safe, but most users in that minority get malware because they are open to using apps from outside Play Store.

If Google is making this change in service of safety, they would protect a large chunk of that minority, by verifying apps downloaded outside Play Store. If it's necessary for Google to help these users, this change is not "completely unnecessary".

munchlax 3 days ago

It's the security of having happier shareholders, making more money.

That's still security, albeit an entirely different threat model.

This item has no comments currently.