If this is really as straightforward as it sounds then I’d consider this the best case scenario. Google could have gone full Apple style lockdown or even just have implemented this flow on a per app basis, but needing to wait 24hr one time to enable unverified app installation isn’t a bad idea from a security perspective. It prevents a bad actor with temporary access from being able to do much while not getting in the way of us power users after the initial 24hr period.
My bigger problem is how Google is leveraging their monopoly to implement this single-handedly and only for themselves. If they had instead gone through AOSP this perhaps could have been implemented in a better way to allow other parties than just Google to be the verifier, and that 24hr waiting period could be applied to any verifier that is not the phone’s default. I’d argue this would be an equally reasonable security measure considering how many scams are out there preying on those who aren’t technologically savvy, yet would maintain transparency.
Your phone has to support it. It’s not a Google wall. Your phone maker determines how difficult or easy this is. Google pixels make it rather easy to install Graphene on. Motorola is also going to support Graphene.
There’s also lineage and e/os/ and even non-AOSP-based postmarketOS(which is a Linux distro.)
Which is not as libre as a computer OS. What I mean is that Google has complete control and power over it as it’s not developed by the community and therefore doesn’t do its best interests
But it’s been limited to the launcher(shell) mostly.
What do you think are in the best interest of the community that Google isn’t doing? Do you have any less contentious examples? As a technical support specialist I’ve talked to numerous dipshits that were talked into installing a virus on their own Computer system or phone or other device.
Some people are really really really fucking gullible.
It’s their problem if they were tricked into installing malware. It shouldn’t be an excuse to limit power users. The real reason Google does that is profiling developers and preventing real libre alternatives
If this is really as straightforward as it sounds then I’d consider this the best case scenario. Google could have gone full Apple style lockdown or even just have implemented this flow on a per app basis, but needing to wait 24hr one time to enable unverified app installation isn’t a bad idea from a security perspective. It prevents a bad actor with temporary access from being able to do much while not getting in the way of us power users after the initial 24hr period.
My bigger problem is how Google is leveraging their monopoly to implement this single-handedly and only for themselves. If they had instead gone through AOSP this perhaps could have been implemented in a better way to allow other parties than just Google to be the verifier, and that 24hr waiting period could be applied to any verifier that is not the phone’s default. I’d argue this would be an equally reasonable security measure considering how many scams are out there preying on those who aren’t technologically savvy, yet would maintain transparency.
I’ve heard of security by obscurity being accepted, but never heard of security by obtuseness being accepted as valid.
I hate the fact that Android is open source only on paper. You can’t compile your own flavor and install it.
You absolutely can… Custom ROMs do just that.
Your phone has to support it. It’s not a Google wall. Your phone maker determines how difficult or easy this is. Google pixels make it rather easy to install Graphene on. Motorola is also going to support Graphene.
There’s also lineage and e/os/ and even non-AOSP-based postmarketOS(which is a Linux distro.)
Which is not as libre as a computer OS. What I mean is that Google has complete control and power over it as it’s not developed by the community and therefore doesn’t do its best interests
Android used to be a little more diverse.
But it’s been limited to the launcher(shell) mostly.
What do you think are in the best interest of the community that Google isn’t doing? Do you have any less contentious examples? As a technical support specialist I’ve talked to numerous dipshits that were talked into installing a virus on their own Computer system or phone or other device.
Some people are really really really fucking gullible.
It’s their problem if they were tricked into installing malware. It shouldn’t be an excuse to limit power users. The real reason Google does that is profiling developers and preventing real libre alternatives