this post was submitted on 31 Dec 2024

149 points (94.1% liked)

Android

17864 readers

48 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.

Support, technical, or app related questions belong in: [email protected]

For fresh communities, lemmy apps, and instance updates: [email protected]

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below

Rules

Stay on topic: All posts should be related to the Android OS or ecosystem.
No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to [email protected].
Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to [email protected].
No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.
No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.
No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.
No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.
No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.
No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!
No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

See thread

Chat and More

founded 2 years ago

MODERATORS

[email protected]

Devgard

[email protected]

149

Android 15 sideloading restrictions are a raw deal for users (www.androidpolice.com)

submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]

76 comments fedilink hide all child comments

(page 2) 29 comments

sorted by: hot top controversial new old

[–] Buddahriffic 7 points 1 week ago (3 children)

Personally, I like the first one and wouldn't use an option to automatically give those permissions to all apps.

Being a power user doesn't make anyone immune from malware, it just needs to pass some sniff tests. It was by luck that that backdoor in the Linux kernel was found and it's naive to believe every single malware app is going to be obvious with unrealistic promises and/or bad grammar and spelling. Permissions requests are a clue that an app is doing something it shouldn't be. And Facebook is considered trusted by many despite an insider even confirming the "talk about something near your phone and fb will advertise it to you" being real.

When you download an app, unless you either wrote it yourself (including all libraries) or have checked the source for open source apps (again including libraries), you can only guess at what it is really doing. And just because an app does what it claims to do doesn't mean it isn't doing anything else, so the "well, it does work" test isn't a great security test.

For the app developers being able to block side loading, it says it uses meta data to enforce that. Couldn't modders just modify that meta data so that it doesn't realize X' app is actually a modified X app? It would need to do something more complex than a checksum or hash to detect it's the same app.

I mean, I love "fuck Google" bandwagons, but either I'm missing something or this one doesn't seem like that big of a deal.

load more comments (3 replies)

[–] AndrewZabar 4 points 1 week ago (1 children)

Wait, am I to understand they're intending on making it that you cannot just install any apk you choose because it's your phone and your business? Is that going to be no longer possible?

[–] frostysauce 6 points 1 week ago (1 children)

If you were to read the article you'd find that sideloaded apps will have restricted permissions that the user will have to un-restrict one by one.

[–] AndrewZabar 0 points 1 week ago

Ewww. Such fucking useless imposition of restrictions that should be the user's decision. Like almost everything else in technology nowadays where control is being taken away from the user.

I'm only ever going to use devices that I can put whatever custom ROM I want on or that natively supports the options I want.

As long as the general public just bends over and accepts this shit, they'll keep doing stuff like this.

[–] [email protected] 2 points 1 week ago* (last edited 1 week ago)

Will the permissions still be allowable by goinv to the app info page from the settings, clicking the 3 dot menu in the corner and taping to allow restricted settings.

[+] [email protected] -18 points 1 week ago* (last edited 1 week ago) (34 children)

I've been an Android user since the HTC Desire in 2010.

I'm unsure what the author of the article is advocating, since the "raw deal" appears to be geared towards making the Android environment more secure.

The author laments that they now have to manually enable security bypass settings and that some (they call it developers, but I'm not sure if they're referring to Application Development or Phone Platform Development) "developers" can lock down with further API checks.

I've been an ICT professional for over 40 years and security is always a balance. On the one end it looks like a phone in a locked room, inaccessible to anyone, on the other end it's a free-for-all, open to anyone.

I'm not at all sure what the author wants, except for wanting to roll back time to something less secure.

[–] [email protected] 2 points 1 week ago (1 children)

Yeah, the author and people are fussing over without reason. Regular users do not understand the implication of sideloading apps. I have had people get their telegram/whatsapp hacked because someone sent them a malicious link and they sent their login credentials to that website/app.

Restricting sensitive permissions will mean such people are better protected from such mistakes. Advanced users can still bypass the requirements even though it may be slightly complicated.

[–] [email protected] 3 points 1 week ago (1 children)

One can justify it however they like but it's going to end up making the experience worse for competent users anyway. Much like this Android 12 security change that made it permanently more annoying to manipulate files.

[–] [email protected] 1 points 1 week ago

Yeah, this change (scoped storage) is annoying. You need adb, root or system level apps to bypass the requirement. File access is also slow. That's the reason image loading and image deletion is slow in Google Photos app compared to the native gallery app of my smartphone.

Anyway, the trend is clear. More security for the end user. You can root, flash a custom rom, or use a linux based smartphone if you do not like the restrictions. It's more friction but that's not going to change for the better.

[–] Zak 1 points 1 week ago* (last edited 1 week ago)

I’m not at all sure what the author wants, except for wanting to roll back time to something less secure.

I'm not sure what the author wants either because the article is written in such a both sides style.

I know what I want though, and it definitely includes access to "dangerous" permissions; I've had root on my smartphone pretty much as long as I've been using one. I don't mind making those a bit awkward to turn on though, and it seems like that's what's going on here. If anything, I'd like to see that broadened to all apps rather than just installs outside app stores.

What I don't want, and what I'm concerned about is that this is a stepping stone to is a system where some permissions are only available to apps from Google-approved app stores, or a scenario like iOS where apps can only be installed from stores or with Google-approved developer credentials.

[–] woelkchen 0 points 1 week ago

I’m unsure what the author of the article is advocating, since the “raw deal” appears to be geared towards making the Android environment more secure.

"These tighter security measures protect average users from malicious apps but risk alienating power users, amateur developers, modders, and enthusiasts who depend on Android's flexibility."

The author acknowledges this in literally the second sentence.

load more comments (31 replies)

load more comments