"sideloading" connotates something that is negative.
On systems before apple's locked-down iphone, it was just called "installing".
The PC revolution started with people just inserting their software into the comptuer and running it. You didn't have to ask the computer manufacturer or the OS vendor permission to do it.
And note that apple doesn't allow you to protect yourself. You cannot install a firewall and block arbitrary software on your phone. For example, you can not block apple telemetry.
Sideloading sounds like sidestepping (synonyms: circumventing, avoiding, evading, bypassing, ignoring, dodging, escaping, skirting). I wonder if the term originated on iOS, where you did have to circumvent things to install programs manually.
Anti-virus apps aren't actually useless. They are slow, inefficient, have bad false positive and negative rates, but they aren't useless. I know it's an unpopular opinion but most HN posters have never been on the other side of this stuff.
Many moons ago I attended an internal tech talk by the Google security team. This was shortly after they got hacked by China around 2010 or so. The talk was a general one on what they were doing to boost the security posture in general.
Number one thing they were doing was moving away from AV scanners on Windows to a regime in which IT would centrally whitelist all apps by signature or EXE/DLL hashes. Beyond the issue of false negatives, the reason was that people would routinely install malware infected software despite being told by the AV scanner that it was infected. They'd be told that and they'd just override it. Nearly always the reason was that they were installing pirated software and wanted it badly enough that they either didn't care that it was virus infected, or they talked themselves into believing a conspiracy theory in which AV companies reported false positives to try and discourage piracy.
The other problem with AV was that it reported true positives centrally, but then they'd be coming from high level executives and there'd be problems with addressing the issue. Whereas in a whitelisting scheme said executive would have to file a ticket to request permission to install the malware-ridden pirated Photoshop or whatever, and they wouldn't do it.
This was very sad and I don't know if they kept it up, that sort of thing is terribly high maintenance and it wouldn't be a surprise if they moved away from it at some point. But when your biggest problem is AV that is accurate but ignored and that's inside one of the world's most sophisticated tech companies, it's fair to say AV is not useless but if anything needs to be even stricter.
Same with me for Linux, but I would also say that, with the discipline and knowledge I have had for the last 10-15 years I probably wouldn't need anti-virus for Windows either.
Macs come with an Apple provided antivirus built in, it's called XProtect.
Apple also has enforced a similar policy to what Google is doing, but much stricter, and has done for ~13 years or so (devs must be identified, the OS rejects unsigned code in all territories by default, Apple pre-approves all binaries even outside the app store).
Linux distros have policies far more extreme than anything Google, Apple or Microsoft have ever done. They explicitly don't support installing any software not provided by their "app stores". Getting into those requires giving up your source code to them, and they reserve the right to modify it as they see fit without informing anyone, reject it for any reason or no reason at all (including reasons like "we don't have time"), and they tie getting new releases of your app to the user upgrading to new releases of the OS. If you do try and install stuff from outside of your distribution, not only are there security warnings to click through but an expected outcome is that the OS breaks and the vendor washes their hands of you.
Despite those policies, or perhaps because of them, botnets of Linux servers are common.
Of all consumer-facing platforms only Windows and Android allow installation of unsigned third party code out of the box via some obvious graphical path. And on Windows that right is somewhat theoretical. You can do it but the built in browser will try very hard to stop you, and the OS itself will happily break unsigned code by blocking file open syscalls heuristically. So in practice most apps don't go the unsigned route. On Android OTOH, unsigned (non ID verified) code is sandboxed and works just like regular apps after installation, the OS won't heuristically interfere with the app.
That's an interesting take on Linux. I see it as a lot closer to what Windows programs were like back in the day, where you can install whatever you want.
Linux distributions each have their built in package managers, but there's no 'policy', as I understand it, that prevents installation of, literally, whatever you want. It's generally more difficult than just downloading and double clicking on the installer / exe, but just follow the instructions and it's done.
And, yes, also there are weird version and dependency issues that crop up more than would be ideal, but that's not the topic.
There's no such policy on any OS except iOS I believe. You can override the security mechanisms on every other OS. The question is only how hard is it? On Linux, worst case, it can easily require compiling the program from source. If Apple or Microsoft imposed a policy that said you can install whatever you want but only by compiling from source, people would lose their minds!
And, note, back when I was a Linux user, distro vendors and evangelists justified that situation by security. They said we don't want people distributing software outside of our repositories because that's how Windows users get viruses, so we deliberately won't make it any easier.
So the Linux community doesn't get to cry freedom and decentralization now, IMHO. The time to do that was 25 years ago when Debian was being praised for having big repositories. Some of us actually did point out how centralized and authoritarian that approach was, I even built a system for distributing apps in binary form to all distros (with hacks and shims for binary compatibility), and that projects attracted some volunteers, but we got pilloried for not "getting" UNIX. One Debian developer even called us monkeys.
The users got tired of this and bypassed them with Docker, a much more decentralized system in which anyone can publish images without binary compatibility problems, and using them isn't tied to your OS version or OS vendor policies. But Docker is also centralized around Docker Hub, and Docker Inc do ban images and developers when malware is found:
It's fair to say that the only OS vendors who have ever taken decentralized and free app distribution seriously are Apple, MS and Google. The open source world went all-in on the centralized store model from the start and never looked back.
External, non-distro-maintained package repositories have been common for ages. I was still in elementary school, so my memory is a bit fuzzy, but I'm fairly sure downloading and installing individual packages was something I did too in the 90s. And fundamentally, any system that is open enough that "you can compile whatever you want on the device" is an option can also have binaries distributed.
Sure, the Linux ecosystem has not prioritized binary compatibility as much, so doing so has been harder, people culturally expected "use existing libraries" more than "just bundle everything", but as you note that attitude has shifted to and it always was possible.
Never in those 20 years did I need one on Windows either. It turns out if you vet the software you install in the first place, malware is pretty rare. That isn't the bar for most regular users of software though.
Working in retail tech support, we got folks bringing in their new macbooks, freshly ruined by new ransomware, utterly baffled that it was possible at all. But when you're trying to use Photoshop without paying... well, shady stuff's still out there.
Only if you ignore the "npm install" or "pip install" moral equivalent. Free open source packages that come with a side helping of malware have become common in recent years.
Oh I included that I just think that statically things are mostly going fine (unless we are all secretly backdoored in a way that has yet to be made public).
You have been lucky. It's trivial for someone to write a stealer and trick someone to run it. For example there's been stealers targeting Linux built into trojans of Minecraft mods.
If you consider developer has the right to determine who runs their software, it is actually.
My last 10 apk installs:
- 9 apps not available in the local store
- 1 app I changed some setting in the manifest
For less technical people it will also include some shady apk's for example promising free La Liga match broadcast but then scraping everything from phone.
I've found myself having to sideload more apps in Android lately, simply because they didn't update and were removed by Google from the Play Store. Great apps that worked for years and did what I needed them to do are now no longer good enough because the developer didn't choose to stay on a ridiculous treadmill.
> I’ve been programming computers since 1986 and even I have never said it would be cool to side load on my phone.
Because you know about the options, and probably have at least one computer where you can install what you want. Imaging if 1986 you only had access to an iPhone, like most young people today, would you still be programming computers 40 years from now then? There are new computer science students in university that doesn't know how file paths work.
In 1986, it would have been like having my only “computer” my Atari 5200. Are you really arguing that kids today don’t know that computers exist? I can’t see myself enjoying programming if the only thing I had was an iPhone with a keyboard and mouse - but it being “open”.
Is this a joke? The reason for TFA is precisely that this is quickly becoming impossible as Google closes down Android. It's already viciously impractical to install a privacy respecting OS like Lineage or Graphene, and now they're coming for the very possibility of installing software.
> Do we pour billions into educating users not to click "yes" to every prompt they see?
Yes, obviously yes. In the same way we teach people to operate cars safely and expect them to carry and utilise that knowledge. Does it work perfectly? Of course not, but at least we entertain the idea that if you crash your car into a wall because you’re not paying attention it might actually be your fault.
Computers are a critical aspect of work and life. While I’m a big proponent of making technology less of a requirement in day to day life—you shouldn’t need to own a smartphone and download an app to pay for parking or charge your car—but in cases where it is reasonable to expect someone to use a computer, it’s also reasonable to expect a baseline competency from the operator. To support that, we clearly need better computer education at all ages.
By all means, design with the user’s interests at front of mind and make doing the right thing easiest, but at some point you have to meet in the middle. We can’t reorient entire industry practices because some people refuse to read the words in front of them.
Now, I'm not going to say we shouldn't try to move the needle. More education around this is unquestionably a good thing.
But this sounds an awful lot like trying to avoid changing the technology by changing human nature. And that's a fool's errand.
There are always going to be a significant percentage of users you're never going to reach when it comes to something like this. That means you can never say "...and now we can just trust people to use their devices wisely!"
Fundamentally, the issue with people clicking things isn't really a problem because it's new technology. It's a problem because they're people. People fall for scams all the time, and that doesn't change just because it's now "on a computer".
The owner of a device should have the final say. The way a lot of this is set up basically deprives the owner of one of their core property rights, in particular the right of exclusion. Instead, in many systems the decision about what software to include or exclude is made cryptographically by a third party rather than by the device’s owner. I don’t think we should support limiting people’s property rights for “safety” or other reasons. iOS is probably one the worst in this regard and it sad to see android moving more and more towards this direction.
I have posted multiple times before that this effectively limits people’s property rights. Here are some other posts I have made on the subject:
There are two reasons to install an app: I personally want to install it (yay!) or a powerful third party will bring down a wildly disproportionate punishment if I don’t (wtf.) Nowadays the cast majority of app installs are in the second category, and in this category, being able to make it common knowledge that I physically can’t install your (parking app / apartment app / course selection app /banking app) as root with unlimited privileges even if you (tow my car / evict me / expell me / close my bank account) is super valuable. This value skyrockets further if a large section of the population has this same inability to root themselves, which apple coordinates. This is why people buy apple! ask anyone who buys an iphone for grandma. I would be quite pissed off if the government steps in and takes away this coordination mechanism.
> I have posted multiple times before that this effectively limits people’s property rights. Here are some other posts I have made on the subject:
This is crazy long and not directly about the iPhone, but this is the most comprehensive explaination I've heard of why your plea will probably never be heard:
It's not sideloading it is installing an application. Don't use enemy words.
There are some comments attempting to trick people into thinking that some of the least intelligent people of society have more freedom than regular people.
Freedom of speech and to own your belongings is first. This includes installing what you want on your device.
I think the premise that app stores, notarisarion and such protect users is false. It’s like saying sunglasses protect you from the sun - they help you not get blinded by it right away, but you still need sunscreen, wear a hat etc.
Apple/Google rejecting some obvious scam apps doesn’t mean people don’t get scammed or hurt in other ways. Just like online age verification doesn’t actually protect children or make you a better parent… its just straw man of sorts, designed to remove agency from users through a false sense of safety.
> It’s like saying sunglasses protect you from the sun
It is actually much closer than you think. There are the standard sunglasses and then you have actually rated sunglasses for various purposes. The more extreme the environment, the more the former gives a false sense of safety that just isn't there.
The iphone system protects people fairly well at the stuff it's designed for, ie installing malware. Obviously sunglasses don't stop you needing sunscreen and the app store doesn't protect me from crashing my car etc.
The elephant in the room is not addressed: software in Google Play with so many antifeatures that it can only be called malware (except that Google doesn't call it malware because it brings revenue), and no alternatives except apps outside Google Play that are not signed by a developer who would submit their identity to Google.
Unfortunately, some users manage to cause themselves harm using nothing but their own body.
Clearly, there should be a way to restrict their access to that too. Keep them from performing unauthorized bodily actions that could result in self-harm. For safety reasons.
The people who were scammed did not run rooted phones. Rooting your phone may allow you to install pirated applications containing malware. But most banking losses comes from scams where the user itself initiated a transaction.
The point of those examples is not about rooting phones, it's that there's a subset of the population who can be informed that they're doing something guaranteed to be self-harming and who will do it anyway, then complain that someone should have stopped them.
These discussions aren't really about tech. They're all about politics. Libertarian societies grant freedom on the understanding that some people can't handle it and will hurt themselves (and maybe even others). Collectivist societies sacrifice freedom on the altar of socializing individual losses. The first example he gives is from the relatively collectivist UK, where "James" sent all his money to a foreign romance scammer despite being warned by his bank not to do it. The twist that the blog author doesn't mention is how the story ends: his family went crying to the BBC who kicked up a fuss and Lloyds decided to give him the amount he lost i.e. make other bank customers pay for his bad decisions.
This is a spectrum: you can't have a society that both grants maximal freedom and that also protects people from themselves.
As societies differ in how collectivist/libertarian/crime-ridden they are yet tech platforms are global, it's inevitable there will be disagreements about where on the spectrum this judgement call should fall. What Google is doing here is actually quite innovative and surprising for a company as historically woke as they are: they're admitting that the problem primarily affects some cultures/countries and not others, so the level of freedom should be different. The rules are being changed to only apply to phones in specific countries, whilst preserving freedoms for those in others. This is a very interesting decision that stands against a multi-decade trend in the tech world of treating every country and culture as if they are all identical.
It's not sideloading, you are not doing anything nefarious,shady, on the side, on the edge. It's software installation on your device, your own device.
This newspeak is purposely invented to negatively portrait software installation from sources not controlled by Google/Apple
Sure. But the societal losses of a vast amount of people getting scammed might in general be more important your individual wish for freedom to run anything you want on your device. I think there are important tradeoffs to be made, and that we have to acknowledge that many people in society less technically skilled might suffer from serious consequences in your proposed model of computation.
People get scammed over phonecalls all the time and we're not opening up for debate my freedom to accept calls from unknown users. Because why would you? Doing that is like using a nuke to kill a fly.
This reeks as a powergrab that restricts my freedom disguised with the classic "for the greater good". Same as the new UK age verification laws
>But the societal losses of a vast amount of people getting scammed might in general be more important your individual wish for freedom to run anything you want on your device
The societal losses of a vast amount of people having no private, uncensored means of communication, which this is leading to, are orders of magnitude greater. The largest cause of early death in the past century was governments murdering their own citizens, and the more power governments have over their citizens, the easier it becomes for this to happen again.
I say let them be scammed. Idiocy only grows if it's not resisted. People don't learn if they don't see the consequences. Otherwise it'll just make society head into an authoritarian socialist hellhole... not that it wasn't already going in that direction.
Yes there is a clear part from not being able to install what you want on your phone - even though you are free to buy a phone that you can - and authoritarianism. Did you know that you also can’t drive just anything on the highway and in some places you have to get your car inspected every year before you can drive it?
A key part of your analogy is "on the highway", where I am a danger to other people and public infrastructure.
I'm allowed to build a wacky unsafe DIY car and drive it around my own property without getting permission from the government. In many scenarios I don't even need a driver's license.
Bringing the analogy back around, maybe one could argue that if I let my phone get hacked such that it becomes part of a botnet or something then it is a danger to other people, but that's not the typical example. Usually these policies claim to be about protecting me from myself while using a device I own.
Okay, but as the owner then I should at the very least be allowed to load my own signing keys for the boot-rom to load other software. Like what if I want to run/port linux to the device. A locked down boot-loader deprives me of full enjoyment of the use of my tangible property.
> The first is that a user has no right to run anyone else's code, if the code owner doesn't want to make it available to them. Consider a bank which has an app. /../ I think the bank has the right to say "your machine is too risky - we don't want our code to run on it."
But should they? Should we also accept Google's browser signing and ban all browsers the bank doesn't like? Am I allowed to accept calls from people they haven't vetted or is it too much of a risk to the bank's bottom line that they might talk me into a scam.
I suppose we should also write off the inevitable privacy and freedom violations in the name of "security".[0] I don't have anything to hide after all.
Plenty of banks will say "only available in Chrome" or "you must be running version xyz of your browser".
There are also banks which are app-only.
You'll also notice that modern phones have a "spam caller" feature. It either gets data from the phone network or from another source. Should your phone block the most obvious spam calls? Your email client already blocks spam.
At a network level, STIR/SHAKEN is also trying to block you from answering fraudulent calls.
These things are happening right now. I expect most people think a reduction in phone spam is worth the occasional false positive.
> But should they? Should we also accept Google's browser signing and ban all browsers the bank doesn't like?
If you want to hold the banks liable for fraud committed against you (which is exactly what happens in many countries), then it’s hardly reasonable to say that they’re not allowed to use what ever technical options they can to prevent that fraud.
You can put forward the argument that banks simply shouldn’t be responsible for fraud committed against their customers. But we only need to look at world of cryptocurrencies to see how well that works in reality.
It's unreasonable to ask them to do a job, and then tie both their hands behind their back and tell them they have to accept being punched in the stomach and that they should be happy about this.
If you want to tax banks and pay the money directly to fraudsters, I guess that's a model you can aim for.
I find it telling that all the exemples of scams they use to justify preventing apps installation without registering through an American corporation are entirely unrelated to apps installation. Just show the protect the users angle is completely bogus.
Users aren't safe anyway when the gatekeeper is Google. They're deeply evil these days and our phones are mainly a surveillance tool for them.
Apple is only slightly better. They limit espionage from other parties but not their own. And meta ads still exist so they block was not very effective.
> I think the bank has the right to say "your machine is too risky - we don't want our code to run on it."
I disagree. Let's go with preferring user agency until banks are in trouble.
> Again, it probably isn't fair to ban users who run on permissive software, but it is a rational choice by the manufacturer. And, yet again, I think software authors probably should be able to restrict things which cause them harm.
I disagree. Ban users when they cheat, not when they have the power to cheat.
Strongly agreed. Banking apps should run on on anything that can run them. Banks should not be the gatekeepers in charge of deciding what's a "good" or a "bad" device.
The problem is that apps can detect when I say "no you cannot have this data"
A decade ago, we had Xposed modules that would hook into the permissions systems, and give you the option to feed apps fake, generated data. So if it tried to scrape my location or phone number or whatever else, it got garbage
Sandboxing should prevent most of those issues. We can't control the users giving permissions to everything, but with more control on those permissions, or disabled by default, a phone should stay pretty safe, or am I missing something?
People have been trained to tap through those prompts without really reading them, and it’s unreasonable to expect a less technical user to know what the implications of granting a permission are.
I want an option to give fake permissions. A lot of apps are pretty necessary (due to network effects). I don't want to give my contact or location data to them but they also refuse to work without it, even though they don't it for the stuff I am doing. So just let me provide fake data instead. As far as the app is concerned, it has the permissions it so wanted.
That used to exist, but it's bad UX, because the user doesn't understand why the app they didn't give permissions to doesn't work well, and gives it a bad review. It's better UX for the app to say "I can't work without this permission", though it's worse for tech-savvy users.
Giving illiterate people access to computers is going to be dangerous for them no matter what you do. UIs and operating systems should consider their caretakers instead.
Or maybe when you buy a phone you can pay $5 extra to get the OS build that allows sideloading, or make it cost $5 and require you to hand-sign a bunch of forms to upgrade an existing phone to a sideloading-capable version. A little extra friction at phone purchase time (rather than app download time) would likely steer most people, especially non-techies, toward the safer option. Sure, maybe it doesn't stop the problem completely; someone completely bought in to some scam may go through the effort anyway. But if someone is that gullible, they're pretty destined to be scammed out of their money no matter what the protection.
Why should people pay for the privilege of installing apps without having to submit their personal record to an American mega corp which then vet what they install?
You have the issue reversed. I should people should be able to buy specifically locked phones separately if they want to. Actually they already can.
>People have been trained to tap through those prompts without really reading them, and it’s unreasonable to expect a less technical user to know what the implications of granting a permission are.
Can you please explain why there is no big push from the Google and Apple to remove microphone and camera access from the browsers? You claim that most users are "less skilled" and will allow anything , so for the grater good why not pushing to remove microphone, camera and file upload permissions? Why do we trust this users with reading a popup for permissions ?
Or maybe if the popups are not clear or good enough maybe is not the users fault ?
That’s just advocating for the same thing, OS makers removing users abilities to do things they want with their devices. Pretty much everyone in this comment section that is advocating against what Google is doing would advocate against that as well.
I do not see this Apple fanboys asking Apple to remove the camera and microphone features in their OSX operating system. They have many stories about grandma getting tricked to sideload soem evil app from Facebook but somehow same grandma does never get tricked to share her microphone, camera or screen. So I concluded that it is all their minds creating a narative to feel better about them getting screwed by Apple (we all have this problem where we invent some reason to justify some decision we did but in this case is a big mob)
Or maybe your absolutist bullshit is, in fact, bullshit, and there's nuance to be had that explains the discrepancy you observe.
In this case, one nuance is the fact that camera and microphone permissions are very very often necessary in the browser for video chats. Y'know, exactly the kind of thing that grandma might want to do with her grandkids on a regular basis.
> Our research [1] finds that users often make rational decisions on the most used capabilities on the web today — notifications, geolocation, camera, and microphone. All of them have in common that there is little uncertainty about how these capabilities can be abused. In user interviews, we find that people have clear understanding of abuse potentials: notifications can be very annoying; geolocation can be used to track where one was and thus make more money off ads; and camera and microphone can be obviously used to spy on one’s life. Even though there might be even worse abuse scenarios, users aren't entirely clueless what could possibly go wrong.
Its not the sandboxing, its the access to user data that apps can request. a mobile OS allows apps to request and be granted all kinds of permissions, and 80% of the world population doesn't really understand what all things are possible for each of the permissions they give to an app. For example being able to export the whole contact list, or read all files in folders (where users may have saved notes with passwords) or real time tracking of gps location with wifi mac address sniffing, listen in on conversations, be able to screenshot other apps, trigger touch events... none of this a sandbox can prevent.
When there are problems reported about an app, there has to be a known party to hold accountable. I agree that a developer path that is complex enough that only people who know all the impacts are able to use to side load random apps they own or from someone they can trust, but the general population has to be protected unless at the individual level they are savvy.
Be careful with this statement. The whole premise behind banks requiring non-rooted phones is "we can be sure that sandboxing works on the original ROMs—e.g., it will prevent malware from screenshotting our app, and we know that certain custom ROMs patch this snapshot-prohibition code out, thus deliberately breaking the sandbox that we rely upon".
The answer to this question is yes. You need to make enabling sideloading somewhat difficult and make it require a modicum of tech literacy. The only reason that the phone companies do what they do is to make more money from their stores. They don’t care about people or their safety.
For me it’s a matter of settings. As a user I would have option to choose “secure” mode that disallow installing apps from unofficial sources, but if I want to I should have option to allow side loading. Everything else is just corporations need to have to much control.
The problem is that important services will then be (and already are!) only permitted to run in “secure” mode.
I literally have a banking app that will refuse to run on an “unsecure” phone. Today I can still install unsigned apps, but removing that ability is explicitly the goal of this policy change.
Now that Android is going full retard with their authoritarian BS, it’s time to build a new phone operating system or at least make the ones we already have viable.
It’s a monumental undertaking, but it needs to be done.
MacOS handles it pretty well, I can use it to do what Doctorow calls general computing and my mother can use it to shop and do email. Apple allowing freedom for MacOS but not iOS is inconsistent and I see no good reason for that.
Except Apple code signing on MacOS is basically what Google is trying to copy over to Android. I can run arbitrary programs on MacOS, but I have to go and remove the com.apple.quarantine attribute from any application that doesn't have Apple's explicit permission to exist, i.e. most FOSS apps. I suspect that option will go away eventually.
That already happened. ARM Macs require code to either be signed or "ad-hoc signed", which doesn't use a key so it's not really a signature, it's more like a SHA hash whitelist that's local to your machine.
They'd have a job doing that one. Speaking as a 30 year laptop user with no interest in ipads. I've never seen the point of ipads - it's like a phone that can't make phone calls.
>Is it possible to allow sideloading and keep users safe?
Why is this a question of _allow_? Who is my hardware provider that he is somehow my guardian and must _allow_ me to install software that I want to install?
>Is it possible to allow people to do sports and keep them safe?
>Is it possible to allow people to roam freely and keep them safe?
>Is it possible to allow people to not be locked up in a padded cell and keep them safe?
People are responsible for what they are doing, and teaching them about technology is the best way to do deal with this example here, as it doesn't infringe anyone's human rights and would give anyone the resources to check their sources.
Every sporting body that I know of has rules to keep people safe. Even dangerous sports like boxing and American Football pit some effort into keeping participants reasonably safe.
Similarly, every modern society has rules to keep people safe when roaming. That might be as simple as warning signs it as complex as a coastguard.
We've had decades of warning people about online scams and I don't see any slowdown in the volume of scammy emails that I receive. Education clearly isnt working - and that imposes a cost on all of us.
We've had decades of 'simple warning signs' or measures as complex as coastguards and yet people are still periodically lost in the wilderness, badly injured, or even killed. Education clearly isn't working here either — what restrictions should we impose on people's right to roam to solve this?
You clearly know the answer here since you used the word “periodically”. There’s a massive difference between hundreds and millions. No one is stopping you from buying a non Google phone, no one is stopping you from running calyx or graphene. Mitigation for the things that affect the most number of people is how the world works.
> Mitigation for the things that affect the most number of people is how the world works.
Millions of people hurt themselves, physically hurt themselves, every day, doing things that we could easily restrict. Yet we still allow them to buy knives, glassware that can break, hammers, power tools, non automated vehicles of all kinds, the list goes on.
We also spend a lot of time educating them on the dangers, far more than is spent warning about online scams, and we do it at a far earlier age (age 0, for some of them).
Of course we still allow the sale of safe knives and plastic mugs, so people are free to choose; that point still stands. I'd argue that there is more competition in tableware, and less friction shifting between it, than there is in mobile operating systems.
> No one is stopping you from buying a non Google phone, no one is stopping you from running calyx or graphene.
Google and phone manufacturers have been actively moving in that direction and have a long history of being actively hostile to those things. This is just another move on the same board to restrict these freedoms.
They don't come into your own house and tell you what to do though. The police aren't going to arrest you for swimming in your own pool without a lifeguard. That's completely absurd.
And those laws are completely unjust. It is absurd to place an obligation on someone to protect people who are trespassing on the owner's property. If you are poking around someone else's home, it's on you if you get into something that hurts you.
they are, and they're correct in that comparison. except that the laws for the pool don't require a branded fence or anything, it's just a height and gate-lock requirement.
Google is telling you to buy their particular brand of fence (which has inextricably an insane markup). And they disallow it for pool shapes they dont like and you dont have an appeals process for it.
Okay, how would you fix the scammy email problem? Only allow authorizing people to send emails after they applied for a government issued address?
Outlaw all non big corpo operating systems?
Perfect surveillance? All because some boomers can't into common sense?
It's also ironic that you bring up warning signs as a counterexample to my point, as it's exactly what I am saying. You can warn them, but you don't bar them from doing so.
Yes if the os sandboxes everything. If you choose to give it access to a file it can mirror that file so that any edits can be undone. Sure it uses more space but way safer unless they find a jailbreak outta their sandbox.
What about making side loading require some moderate level of technical sophistication? Like connecting to the phone over usb and having to manually type some long shell commands, or exit vim, or write a compiling c program, or some other layman proof filter to activate installing outside apps. I feel like grandma would be too intmimidated by this (good), making it too frustrating for even the most determine scammer to explain, no matter how desperate they are for her social security checks. Have it be done in the bootloader so you can't follow these instructions while on the phone, and require physical interactivity with the device (can't be automated over usb). Regardless, this policy is an unacceptable infringement on digital freedom by google.
I believe this is already the case. You can purchase phones that may be bootloader unlocked, allowing custom firmware to be installed. This enables a tech-savvy user to sideload anything they like.
Closed drivers need Android userspace -> Android panics or otherwise refuses to function if it decides it's SE Linux policy is compromised -> you still don't have control over the device.
And we're back to "just break into the thing you've already paid for." Nope. Go away. No more smartphone crap.
If only there was no app stores... sigh... I would only download apps from the reputable company I like (myfavoritebigbank.com), trusting their brand and reputation for my security. If a client-side app can threaten their security, that's a weakness on their part.
And if a lone developer has a cool new idea, and its app is recommended by users I trust on an obscure specialized forum, then I'll decide to install their app from "coollonedeveloper.com".
If only we could invent some kind of "domain names" system that one would have control and responsibility over, instead of trusting some broken unscalable app stores...
> There are, I think, two small cracks in that argument.
> The first is that a user has no right to run anyone else's code, if the code owner doesn't want to make it available to them. Consider a bank which has an app. When customers are scammed, the bank is often liable. The bank wants to reduce its liability so it says "you can't run our app on a rooted phone".
> Is that fair? Probably not. Rooting allows a user to fully control and customise their device. But rooting also allows malware to intercept communications, send commands, and perform unwanted actions. I think the bank has the right to say "your machine is too risky - we don't want our code to run on it."
> The same is true of video games with strong "anti-cheat" protection. It is disruptive to other players - and to the business model - if untrustworthy clients can disrupt the game. Again, it probably isn't fair to ban users who run on permissive software, but it is a rational choice by the manufacturer. And, yet again, I think software authors probably should be able to restrict things which cause them harm.
It's not clear to me whether in this fragment the author is stating the two alleged cracks in the argument or rather only the first one — the second one being Google's ostensible justification for the change. Either way, neither of these examples are generalisable arguments supporting that 'a user has no right to run anyone else's code, if the code owner doesn't want to make it available to them'.
With regards to banking apps, the key point has been glossed over, which is that that when customers are scammed the bank is 'often' liable. Are banks really liable for scams caused by customer negligence on their devices? If they're not, this 'crack' can be thrown out of the window; if they are, then it is not an argument for "you can't run our app on a rooted phone", but rather "we are not liable for scams which are only possible on a rooted phone".
As for the second example, anti-cheat protection in gaming, the ultimate motivation of game companies is not to prevent 'untrustworthy clients' from 'running their code'. The ability of these clients to be 'disruptive to other players' is not ultimately contingent on their ability to run the code, but rather to connect to the multiplayer servers run by the gaming company or their partners. The game company's legitimate right 'to ban users who run on permissive software' is not a legitimate argument in favour of users not having full control over their system.
> Are banks really liable for scams caused by customer negligence on their devices?
In the UK, not legally liable. However culture is not 100% aligned with the law and in practice banks that stick to the rules will be pilloried by the left-wing press and politicians, they risk regulator harassment etc, so they sometimes decide to socialize the losses anyway even when the law doesn't force them. The blog post cites an example of that.
To stop this you'd have to go further and pass a law that actively forbids banks from giving money to people who lost it to scammers through their own fault.
Thanks for the feedback. Those examples are meant to cover the first point.
The problem if you are a bank is that scammed people can be very persistent about trying to reclaim their money. There's a cost to the bank of dealing with a complaint, doing an investigation, replying to the regulator, fielding questions from an MP, having the story appear in the press about the heartless bank refusing to refund a little old lady.
It is entirely rational for them to decide not to bear that cost - even if they aren't liable.
> rather "we are not liable for scams which are only possible on a rooted phone".
Who is going to prove that though? It’s much simpler and less stressful on our court systems if a bank just says “we don’t allow running on rooted phones” and then if a user takes them to court the burden is on proving whether the phone was rooted or not rather than proving if the exploit that affected them is only possible on a rooted phone.
Yet Google has no problem with displaying these vulnerable people scammy ads (which is also the most common way they actually discover these malicious APKs), since it brings them revenue..
What if we'd instead require users to verify themselves before being allowed to see ads? I'm sure that would be more effective for preventing scams, fraud and abuse.
Safety is not a valid reason to limit freedom. We cannot, and should not try to, keep people safe from their own bad decisions. That is treating adults like children, which is offensive to human dignity.
What about (a) speed limits, (b) drink driving laws, (c) seat belt laws, and (d) helmet laws for bicycle and motorcycle riders? I assume in your world view that all of these categories are "limiting your freedom". I am fine with all of them.
There are millions of homeless or otherwise struggling people all around the world, who would let anyone to use their identity for a small compensation. I don't really see how this requirement to register in Google will help with app security. So the malware will be signed with John Smith living under a bridge, now what?
Unfortunately, the reality is that often their identity is not actually "good enough" to perform these actions. For example, many of these people don't have an address/bank account/email.
I have come to the conclusion that both Android and iOS, along with the banking systems, are all doomed platforms.
Even something like GrapheneOS, in theory the best path to security and privacy and liberty, was falling way short even before this latest announcement from Google.
The problem lies partially in the app ecosystems, which embrace spyware and exploiting users (requiring all the worst Google APIs), and partially in governments, which will leverage any centralized organization like Google to gain control (EU chat control etc.).
The solution cannot be just a custom OS or an OS fork. In fact, ecosystem compatibility is toxic and slows down growth of real alternatives. There needs to be some wholly independent and decentralized offering.
The challenge is hardware compatibility and core services like digital IDs. Most apps should be solved by using a website instead.
These issues are especially important because the future is increasingly digital. Smart phones, smart glasses, smart watches, VR glasses, smart homes, and even brain implants. I don't want to live in a future where I'm either left behind or my whole life is controlled by Google/Apple/the government/etc.
The “use a website instead” angle doesn’t really work for a lot of things, and given the impermanence of websites these days, is actually a major point of potential failure.
The "use a website instead" angle should work for the majority of things people spend phone time on. For the few things that could not be a PWA, some extra effort is needed.
What universele are these people in? Though the app/play store is a fantastic way to obtain shitware that either steals data (seems to be nearly mandatory, if you look at the apps of these store operators), CPU time through mining of some sort, eats through your brain (by inserting horrific amounts of ads, much of which such clear scams I really don't get how this is allowed) or simply ask extra money for essential features one by one.
Everything about the so called stores is so decrepit, the safest way to get any decent software on is side loading / fdroid. How could you in sincerity argue any different?
I'd like a source for that. News to me if that is common at all. Not to mention there are apps on the playstore / ios store that can be used in a similar way without sideloading.
I think sideloading should be allowed only if you actually connect your phone to a computer. This barrier will prevent a lot of vulnerable people from being scammed.
Alternatively, sideloading could require you to delete all App Store apps. In other words, disabling Google Play Protect should require you to wipe your phone. This is another barrier that will prevent a lot of people from getting scammed.
Alternatively, require the user to decide whether they want sideloading or not at device setup time, with no ability to change this decision without wiping and starting from scratch.
It wouldn't solve the "getting infected via cracked apps" problem, but it would at least solve the "users being scammed into sideloading something they don't want" problem.
I don't see that changing either. Banking apps, government auth, Whatsapp¹, public transport apps², etc. The status quo is that a small number of official app store apps are all but required.
1: Still basically required if you have young children and want things like play dates. Oh Signal? Yeah, the recent push means that some tech-savvy users now have both Whatsapp and Signal installed. In the Netherlands, you can do without Whatsapp, but not if you don't want to turn your child into a social recluse.
2: For example, in order to use Germany's Deutschlandticket one of the participating public transport companies apps is required. This is a huge regression compared to the initial paper ticket, but there it is.
I guess requiring a transport subscription to get the ticket, via app or smart card, is rather analogous to the topic of adding friction to the undesired path.
< Vulnerable members of society should be protected from scams.
There are three ways to deliver protection: build better walls, defeat attackers after successful initial attacks, defeat attackers before successful initial attacks.
The article ties itself into knots because it recognizes that the first way cannot deliver 100% security. But it refuses to recognize that there are two additional ways.
The United States military could go after scammers operating from foreign compounds. It could treat the economic targeting of American citizens as acts of economic war. It chooses not to. Freedom is not free, and when your country chooses to literally not fight for your freedom, it's hardly any wonder that your freedoms are eroded.
Remember XKCD 538: https://xkcd.com/538/ Cybersecurity and physical security are fundamentally linked.
Scammers can operate from literally any country in the world, in any location where they have access to the internet. The idea of the military busting into a Bin Laden-style scammer compound is very romantic, but plenty of these operate from regular offices or homes, and it’s trivial for someone new to get into the scamming business if a big scammer is taken down.
People forget both why the US invaded Afghanistan in the first place, and why US financial sanctions are so effective. The US invaded Afghanistan, a country whose government was not directly involved in the 9/11 attacks, because that government refused to extradite OBL and other senior Taliban leadership, to bring them to justice in the United States. US financial sanctions are so effective because they cut off foreign institutions from the US financial system if those institutions do business with those who harm Americans and American interests. Soft power is backed by hard power, first against organizations hosted by governments willing to cooperate with the US, and eventually against governments unwilling to cooperate.
That scammers can operate from anywhere is beside the point. More often than not, law enforcement and the military know where that is. A conscious decision is made not to prioritize or fund fighting it.
That’s easy when you’re dealing with people operating in countries where your existing relationship is poor or non-existent. There’s nothing practical that country can do to fight back against U.S. demands.
But try applying that approach to India or China. Do you think those countries are going to allow the U.S. military to operate on their home turf, shooting at their citizens, and not retaliate? It doesn’t even have to be military retaliation, the U.S. economy is heavily intertwined with those countries, just look at the consequences of Trumps tariffs. Do you honestly think U.S. citizens would be willing to trade off the trade benefits of working with those countries, just so you run a military raid on building of scammers?
> Do you think those countries are going to allow the U.S. military to operate on their home turf, shooting at their citizens, and not retaliate?
It's not related to scamming, but the US did just bomb Iranian nuclear facilities; the reaction was a face-saving gesture that was intentionally weak so as to de-facto de-escalate. So the answer to your question is basically yes. The costs of a wider war are too large to the host country to make it worth it to continue to allow scammers to operate freely.
> just look at the consequences of Trumps tariffs. Do you honestly think U.S. citizens would be willing to trade off the trade benefits of working with those countries, just so you run a military raid on building of scammers?
Don't you realize that Trump's election, his tariffs, all this is due to popular sentiment that the US was getting the raw end of the deal in its foreign affairs, that there was a need to, literally, put America First? If anything, such ideas, to have targeted attacks and enforcement aimed at the exact actors targeting American citizens, have been at their most popular in decades, at least since the Iraq war went off the rails.
Yeah. And even in situations where there’s no alliance to disrupt (e.g., Chinese scam compounds in functionally lawless areas of Myanmar), I don’t imagine that most Americans would be sold on the idea of a military operation against scammers.
>> Vulnerable members of society should be protected from scams.
> There are three ways to deliver protection
While I agree with your idea I'd like to remember that there are previous steps: teach people to be less vulnerable. Teach people to be less greedy. Teach people the consequences of actions.
Being less vulnerable is an obvious definition: know how to not fall for some scams.
Less greedy: some scams revolve around the idea of quick and ease profits and the comeback is hurtful because the person thinks he would get x and ends up losing 500x.
Consequences of actions: there's a lot of value to the group that observes the (bad) consequences of one actions. Pain, even from others, teaches something. The more we protect people from consequences, the better and safer it is about small losses until the actions go beyond the protection and the consequences are catastrophic.
I fully agree that there's a different strategy for before the line is crossed, one that is often more humane, more freedom-respecting, and cheaper to boot. Too often those strategies are sadly under-funded.
That's beside the point that the line, too often, is being crossed, and perpetrators are allowed to perpetuate their crimes, instead of the military and/or law enforcement stepping in and performing their organization's missions to protect us, especially the most vulnerable among us.
Most of this problem is solved by not hiding the trust model.
Do you want an phone where you trust Apple/Google/3rd party to make a "malware or not" decision? Or one where all that is turned off and you can do whatever? Go right ahead in either case - you control the trust, rather than it being made for you by the platform vendor.
Similarly, we have certificate infrastructure where the TLS roots are owned by a small number of people. These are generally trusted, but some people/organizations edit them down (ex: removing roots from state actors deemed untrustworthy). But it's hidden, and generally a lot of choices.
Even linux distros, you pick which package signing keys you trust.
And Docker/K8s... oh wait, there's no default keys and containers remain being developer's puke bags in most cases, and the repos are rugpulled by corporations regularly...
They don't even need to know it is a thing that exists. The defaults (ie. the status quo of implied trust in the OS vendor) are fine for this type of user.
> Here's the story of a bank literally telling a man he was being scammed and he still proceeded to transfer funds to a fraudster.
> The bank blocked a number of transactions, it spoke to James on the phone to warn him and even called him into a branch to speak to him face-to-face.
Y'know, at some point the cost of protecting the dumbest people is too much to be worth it. I am perfectly fine with some people getting hacked, doxxed and scammed out of their life savings if the alternative is everyone losing their freedoms.
Freedoms are important because without them people with power go unchecked more and more. It's a slow process but it culminates in 1) dictatorship at the state level 2) exploitation at the corporate level.
Frankly, I think this sort of behavior in a non-senile person constitutes disability, and I think it demonstrates societal failure to provide people with disabilities with support structures. Where was a friend or family, why was this guy operating a bank account to begin with?
This is a false dichotomy. The following are not the only two possible solutions:
* Everyone has to trust one of two giant mega-corporations to make good decisions for everyone
* Everyone has to take on the evaluation of everything themselves, do their own admin, understand opsec, etc etc.
Freedom does not entail the latter. Freedom means having the freedom to do it, but also having the freedom to delegate it, and to decide who to delegate it to. We don't have to be technology "preppers". We can set up and fund independent organisations to do this -like Debian, for example. And have competition between them.
Yes, that means some people will delegate their trust to their religious cult. That's the price of freedom
At point of purchase, you get to decide whether you want secure mode or not. Then after that, if you want to change it, you have to open a support ticket with the manufacturer.
Look at the people who are conned into buying Apple Gift Cards so that they can "pay their taxes".
If they can be convinced of that, how hard will it be for a scammer to say "we've detected a problem with your phone. To avoid being imprisoned for piracy, please file this support ticket so we can debug things."?
being conned into buying gift cards means the weak link isn't with the security of the phone, but with the person's brain.
Making the device so locked down that no such con could exist also means there's no way to use the phone in ways that haven't been authorized - and as a power user, i detest that i am paying a price for the safety of those who are too stupid. I do not want to pay that price.
Conveniently, google gets to remain in a position to earn more money from being in the controlling seat.
as they say, if you trade freedom for security, you'll end up with neither.
Devices should offer a local signing cert, where you can sign an app for that device only. Then make the app signing process enforce binding agreement that you assume all responsibility related to the app.
The most secure OS existing, Qubes OS, allows and encourages installing any untrusted software and protects you with strong, hardware-assisted virtualization.
There is something that's always perplexed me. Why is it that money when transferred electronically can so easily disappear into obscurity or oblivion? Why is there no full audit trail?
Restated, every electronic transfer requires a sender and a receiver—and there are standardized (electronic) protocols to ensure funds are debited from sender's account and credited to the receiver's account. So we ought to know where monies end up but so often we don't.
The way around these scams is (a) have infallible fully identifiable trace routes, and (b) destination banks must be known to the sending bank and meet an international standard of prudence and integrity or funds would not be transfered, and that ought to be a lawful requirement. (Ipso facto, it would be incumbent on recipient banks to know its account holders and to act on fraudulent transactions.)
In other words, the electronic funds transfer system should be transparent from the sender's account right through to the recipient's bank and the actual bank account within that destination bank. In short, the funds should be traceable right through to the point where the recipient withdraws cash from the destination bank and walks out the bank's door. (There are ways that a destination/bank can keep certain details about the recipient private and yet still allow the money trail capable of being audited that I can't address here.)
In effect, the requirements ought to be (1) sending banks would only transfer funds to banks of known integrity, (2) receiving banks must have procedures in place to recover monies from accounts in the event of fraud, and (3) protocols such as delaying payments, putting funds in escrow until transactions are proven legitimate, and methods of recovering/refunding funds etc. are properly established. Transparency would also mean transactions would be reversible in case of fraud.
Ideally, such procedures would be set out in ISO protocols and by law banks could only transfer funds to other banks that follow the protocols.
Yes, I know this sounds simple and the world's banking systems are complex and convoluted and that there'd be many objections from many sources, banks, credit card companies, money traders and so on but it cannot be denied that the great weakness in funds transfer is that monies can vanish without a trace. Frankly that's unacceptable in an age of electronic money transfer where every cent is accounted for along the transfer route. That various entities can obfuscate that accounting at various points in the transfer process ought no longer be acceptable.
To say it can't be done or that it's unacceptably complex is bullshit, for example banks and credit card companies such as Visa and MasterCard had no trouble blocking funds transfered to WikiLeaks.
The real problem is that the world's banking system is a law unto itself and that banks would on many grounds object strongly to introducing a system.
Look at it this way: similar schemes to that which I've outlined are already in place in say conveyancing, property is only deemed exchanged and the transfer complete when lawyers 'meet' and exchange money and land deeds. Same happens when say two waring countries meet and exchange captive soldiers on the spot.
Given the many billions of dollars lost to scammers every year it's clear that banking transfer systems are hopelessly flawed. Things would soon change if banks told customers that they cannot transfer monies to xyz destination because the money trail is untrusted/cannot be authenticated and that it would be unlawful for them to so act.
> Are you allowed to run whatever computer program you want on the hardware you own?
Yes. It is a basic human right.
> This is a question where freedom, practicality, and reality all collide into a mess.
No; it isn't. The answer is clear and not messy. If you are not allowed to run programs of your choice, then it is not your hardware. Practicality and "reality" (whatever that means) are irrelevant issues here.
Maybe you prefer to use hardware that is not yours, but that is a different question.
It seems that this is another one of those things where the lowest common denominator sets the rules for everyone. Most people arent tech savvy programmers so giving them the freedom to do 'whatever they want' will lead them to hurt themselves in some way. Of course this is not an excuse for locking down your hardware. Smartphones just came into being as a consumer-first product and didnt require many of the freedoms that programmers needed, which is why computers are fundamentally more open than smartphones. Apple of course is trying to change that with their Macs
TBF historically systems were designed with such poor UX that it was sometimes quite difficult not to do stupid things. Such as using Windows back in the day without installing software from the internet at large (ie there was no reputable package manager).
But that's a system design issue as opposed to an argument against user freedom.
Only that nothing about this requires big expertise. If you are a user of computers, you should be able to navigate the basics. It's the same like driving a car, you must know the traffic rules and how to behave, but that doesn't mean you have to understand how your engine works in detail.
If you want to drive a car you go through driving school and have to pass the tests to get a drivers license. Theres no drivers license for the internet and not really any strict set of rules you have to follow in order to get online - most people pick up a sense for rules online by osmosis, usually about how to not get scammed or get malware - sometimes they have to learn by first hand experience. If we go by your comparison this would be like learning to drive by crashing a couple cars. I definitely believe anyone whos even a little tech savvy underestimates how complicated or confusing technology can be for the average person.
> this is another one of those things where the lowest common denominator sets the rules for everyone
In that case, the solution should be to raise the lowest commmon denominator. Lots of issues like that could be prevented by investing in education to increase technology literacy. But long term investments (even public ones) do not match well with quarterly reports.
However, this isn't entirely a tech problem - it's a social/human one.
Not every mechanic has a driver's license. Sure, they may enjoy working on cars and the technology of cars... but for one reason or another they may have never gotten or have lost their driver's license.
Not everyone who is tech literate is similarly socially literate. I have programmer co-workers who have been scammed into sending gift card authentication codes or installed malware (or allowed the installation) onto their personal computing devices.
It isn't possible to prevent someone from accessing the internet any more than it is possible to prevent them from accessing a phone.
I am not saying that one should have a license to access the internet. Rather, I am saying that a device that holds and maintains the authentication mechanism for doing banking transactions, it is not unreasonable for the maker of that device and its software to attempt to mitigate the possibility that they are held liable for negligence in allowing user installed software to do banking without the owner's consent.
With the uncertainty that everything in the operating system and hardware is locked down to the point where no-consent access by malware to those banking capabilities is completely restricted (and thus they're not liable for negligence) - the wall that is being put up to try to prevent that is "no software that has not been vetted can be run on this device."
Consider that the phone is often the authentication mechanism and second factor for authorization to restricted systems. Authy, Microsoft Authenticator, and other 2nd factor applications typically do not run on general computing devices.
Technical literacy does not imply social or security literacy.
> Technical literacy does not imply social or security literacy.
Indeed. And people were falling for scams long before the Internet. What's new is the push to make that the fault of bystanders... thus causing those bystanders to intervene. It's neither the bank's fault, nor Google's fault, if somebody falls for a scam. Or installs malware. Or whatever. If you try to make it their fault, they're going to do really annoying things that you don't want.
Sure, you can sell security tools, or curation, or whatever. Many people will even want to buy them, but things break when that starts being a duty. And the only way to prevent it from becoming a duty is to accept that people own their own mistakes.
> And the only way to prevent it from becoming a duty is to accept that people own their own mistakes.
This tends to be counter to consumer protection laws or data privacy laws.
A company that can be held to strict liability for their actions can be sued (and be found liable) even if they presented that the action is unreasonable or dangerous.
In saying a consumer who buys a 100% "you can do anything on it" device liable for every action that that device takes no matter what initiated that action?
To me, the argument that you should be able to do anything on the device and be held liable for all the actions that device allows is very similar to that of "the maker of the device has no liability for providing a device that can be misused."
If that is the case, then (to me) this would need to be something that would need to be changed by the courts and the laws (and such a company would need to pull completely out of Europe).
Indeed, the bad attitude I'm talking about has found its way into some laws, as well as into other kinds of norms and expectations. That doesn't make it good.
You may be exaggerating it, but insofar as you're right, you're just describing the problem.
> no software that has not been vetted can be run on this device
That’s just it. Software isn’t being vetted. Witness all the scam apps in the iOS and Android app stores. Even paid developer accounts don’t stop people from publishing these, nor does Apple’s walled garden protect you from them.
Do not make perfect the enemy of the good. There are failings of vetting.
That said, for sensitive apps they tend to go through more strict scrutiny of their functionality. Publishing a "Wəlls Fargo" application will likely not get approval.
The question isn't "does it need to be 100%" but rather "if was not done at all, would Apple or Google be liable for flaws in their software (e.g. VM breakouts) that allows malware to do banking transactions, location tracking, or place calls (e.g. 1-900 number dialing) without user consent?"
I'm fairly certain that Apple and Google take measures to limit their liability. With how courts and countries are finding technology companies liable for such (consumer and data privacy protections), I would expect to see more restrictions on the device to try to further limit the company's exposure.
I deal with a lot of young people who have grown up with tech, and my experience is that in general they haven't got a sodding clue about how anything works, or the implications of any of this.
Or it's not a computer and really something more like a television. In that case these things should be thought of as a vice rather than a productivity tool.
The social structure of the smartphone app ecosystem is remarkably similar to the cable provider -> network -> show situation from before too.
The example I always go to is a Nintendo or PlayStation, etc.
They’re clearly just computers, they’re “hardware you own”, but you’ve never been able to run whatever software you want on them. But it’s been like this since the 1970’s and there’s never been an uproar over it.
For me the difference is that you know what you’re getting into when you buy a console, and it’s clear up front that it’s not for “general” computing. I’m inclined to put smart phones into this category as well, but I can see how reasonable people may disagree here.
For me the difference is that you know what you’re getting into when you buy a console, and it’s clear up front that it’s not for “general” computing. I’m inclined to put smart phones into this category as well, but I can see how reasonable people may disagree here.
I think there is a huge difference. You can perfectly live your life without a game console. Even if you are a game addict and it is absolutely necessary for you to live, you could buy a PC and game on that.
Smartphones are a necessity nowadays. Some banks only have smartphone apps (or require a smartphone app to log in to their website). Some insurers want you to upload invoices with an app. Some governments require an app to log in (e.g. the Dutch DigiID). You need a smartphone to communicate with a lot of organizations and groups.
Smartphones have become extremely essential. And two companies can decide what does and what doesn't get run on a smartphone and they can take their 30% over virtually everything. They can destroy a company by simply blocking their app on a whim (contrast with game studios, which could always publish their game for PC or Mac or whatever).
It is not a healthy, competitive market. It is the market version of a dictatorship. And Google forbidding non-app store installs is making it worse.
Governments should intervene to guarantee a healthy market (the EU is trying, but I think they are currently worried about the tariff wrath).
There was a documentary over here on TV about people that do not use smartphones. The conclusion was that it was almost impossible, they often have to rely on other people for certain things, and are excluded from a lot of social circles.
They have the same hardware in them as a personal computer, and essentially always have. (The original Nintendo had the same CPU as an Apple II.) The difference is only how they were marketed, and the artificial limitations on what software you could run.
The problem is larger than just smart phones. Smart phones are the templates for all future devices. You car now runs Android as well.
In the future, when your whole house is controlled by a computer, do you want that computer to be controlled by Google or to be controlled by yourself?
I think it's always going to evolve that way when people are so concerned about "safety" (no matter how that's defined) that all the escape hatches are removed.
Is it the people that are pushing for this though? Apple has long pushed privacy and security as a way to maintain their control over personal devices, the people just believe it and accept it. Google is just taking notes and seeing how profitable that approach is. Provided there's no push back, they'll succeed easily with no one actually asking for this.
Increasingly, I keep noticing that all human-corporation relationships are a rehash of older power structures and basically struggles for power in which people gradually keep losing it until they realize they are exploited and then finally start fighting back.
People started free and equal, then some specialized into warriors[0] and gradually built deeper and deeper hierarchical power structures, called themselves "nobles" and started exploiting the "commoners".
At some point people snapped, killed a bunch of them (French revolution, US was for independence, etc.) and decided they wanna rule themselves.
And then companies started getting bigger and bigger, with deeper hierarchical power structures, the "nobles" call themselves "executives" or "shareholders" and the people doing actual productive work are not longer "commoners", they are "workers"[1].
[0]: And thus controlled the true source of power - violence.
[1]: Ironically admitting that people who are not workers are not doing real work, they are just redistributing other people's work and money.
I don't like describing it as cycles because it is too simplistic and pretend it is inevitable, robbing people of agency.
I prefer to think of society as a system where different actors have different goals and gradually lose/gain influence through a) slow processes where those with influence gain more from people who are sufficiently happy to be apathetic b) fast processes when people become sufficiently unhappy to reach for the source of all real world influence - violence.
This happens because uneducated/dumb/complacent people let it happen. It can be prevented by teaching them the importance if freedoms and to always fight back. But that goes directly against the interests of those in power - starting from parents who want children to be obedient.
Control over hardware isn’t actually the issue at stake here: many Android devices can unlock their bootloaders in a moderately safe way. Go nuts.
It’s a more tricky issue where Google and other parties can restrict access to their services to devices they deem legitimate. Their services, their rules. Your hardware. Different arguments required.
It’s everywhere: Widevine is used to prevent stealing 4K content (incl ATSC 3.0), gaming providers use it for anti-cheat, banks use it to rate limit abuse. It’s not just Android.
(I say this as someone with an Apple Vision Pro running visionOS 1.0 with the hope to jailbreak it one day. I’m actually unable to do whatever I want to their hardware, unlike my Pixel phones.)
There are actually just about no services that genuinely need hardware attestation other than some DRMed music/video and zelle. Everything else pretty much works on Linux in a browser or has some substitute that does.
Yes, only some things for now! I hope it stays that way or decreases, but that’s not the way the arrow is pointing.
Providers still implement it where they can, like for blackout restrictions for US sports games: impossible to enforce on the web because I can spoof location. Very possible to enforce on iOS because jailbreaking is not possible. Possible to enforce on Android because you can check if spoofing was made possible.
It’s currently the primary reason I can’t play games online on Linux.
It's practically impossible due to the closed drivers and specs, directly causing planned obsolescence and e-waste. It should be a part of the right to repair.
If there are rooms in your house someone else could lock you out of, do you own the house or do they?
If someone else could use your car without your permission, do you own the car or do they?
If someone could grow their own plants in you back yard, do you own the garden or do they?
If someone else could choose what programs run on your computer, do you own the computer or do they?
Saying "basic human right" instead of just "basic right" may be odd, but definitionally, owning a thing means having the right to say how it is used. Either you own it and have that right, or you don't own it and don't have that right. That's what owning means.
There are times when it is necessary to limit the rights that a individual has so that the system that the individual lives within can work.
You can buy a radio transmitter, but you're not allowed to operate it without a license. You can likewise buy a car, but you aren't allowed to operate that either without a license.
You do not have the right to modify your phone so that it acts as a radio frequency jammer.
Possession of a device does not give an individual unrestricted rights to what can be done with it.
Requiring something and locking someone out are completely different things.
I’m fine with government requiring smoke detectors in my home, I’m not fine with completely unregulated private entity deciding how I live in my home, bought with my money.
And in case of a muffler, there’s literally no one in this entire world who can stop me from removing it. There are repercussion for doing so, but nobody stole my rights from removing it.
That’s a great ideal, but Android is used both by sophisticated users who want a phone they can tinker with and the tech-illiterate grandparents of the world, who will never have a legitimate reason to install an app outside the Play Store, and who would never attempt to do that unless they were being guided by a scammer.
So, put a toggle somewhere. When the toggle is toggled, put up a big fat warning sheet and say if somebody on the phone or mail asks you to do that, 99.9% it's a scammer.
If people still go for it, then it is their responsibility. A lot of things in life require responsibility because otherwise the results can be disastrous. But we don't forbid them, because it would be a huge violation of freedoms.
But it’s not someone on the phone - it’s their best friend / star-crossed lover who they met on WhatsApp because of a chance wrong-number text! Since then they’ve become incredibly close, and they can trust each other with anything. When their lover gives them some amazing investment advice and it requires clicking through a scary-looking prompt (like they do all the time on a phone), who do they trust - their one true love or a generic warning message on their phone?
You have to take into account that the threat model here is vulnerable people, often older, being taken in by scammers who talk to them for weeks and gain their complete confidence. To the victims, it feels like a real romantic relationship, not someone who could even possibly be a scammer.
The solution is not taking people's freedom away. The solution is education. Lesson 1: lovers are not for investment advise.
Also, scams also happen outside smartphones.
What's next? Are we going to revoke people's control over their financials because they might be scammed? Let's have the bank approve before we can do a transaction. And since we are using their payment platform, maybe they should also take 30%.
Please stop feeding their narrative. Scammers are Google/Apple's "but think of the children".
Aren’t they? I ask my partner for investment opinions all the time.
> Let's have the bank approve before we can do a transaction.
Yes… That’s already how it works. Banks use heuristics to detect and prevent suspicious transactions. That’s why most of these scams ultimately involve crypto.
Aren’t they? I ask my partner for investment opinions all the time.
Obviously, the probability of it being a scammer reduces with the amount of time. In the end it's a function of time vs. effort. Scamming billionaires by marrying them and waiting until they die happens frequently enough. A 5 year scam for a few thousand bucks, unlikely.
As usual, use common sense, which you would have to do anyway if you do investments.
There are lots of older people who have never really invested their money, have a lot in their savings account, and might be excited by the idea of a get-rich-quick crypto investment they hear about from someone they trust. Even if they’ve only known them for a little while.
> Banks use heuristics to detect and prevent suspicious transactions.
... and it's really fucking annoying when their heuristics misfire-- which is not at all rare-- especially since they do all they can to externalize all costs of that to the customer.
We've been trying to educate people about passwords and phishing for years/decades now, and it has not worked. Further, every day a new ten thousand (US) people need to be educated:
> So, put a toggle somewhere. When the toggle is toggled, put up a big fat warning sheet and say if somebody on the phone or mail asks you to do that, 99.9% it's a scammer.
The proverbial grandparents will follow the instructions of the scammers and will click through all of that. We've had decades of empirical evidence: people will keep clicking and tapping on dialogue boxes to achieve their goal.
People have physically driven to cryptocurrency ATMs on the instructions of scammers:
Who cares? Granny is still allowed to buy knives and accidentally chop off her fingers while she cooks. If she ends up doing that it's either her fault or she's too old to be using knives. We don't ban or blunt knives just because you can cut yourself with them.
Okay great, seeing how every reasonable warning and technical restriction is completely pointless and how people will do everything they're told if they're naive enough and the person on the other end is convincing enough, we can skip this whole dance.
Because at the end of the day the scammer is going to convince your grandma to go to the bank, withdraw the entirety of her savings and send them to the scammer in an envelope.
Any technical restrictions therefore only harm our personal freedoms and don't actually protect those who are vulnerable because those people's problems aren't technical in nature.
Then why not lock down their devices. Why aren't people using the parental controls on their parents phones to lock it down and own in on their behalf? I don't understand this idea that because there are some people vulnerable to scams that we all have to give up control to Apple and Google. The option to move the trust and ownership to another party is useful, but it doesn't have to be just those two parties as options.
Not everyone has children. Not everyone has children who they remain in contact with. Not everyone has children who are tech-adept enough to do that. Not everyone has children who are less vulnerable than themselves.
Well maybe let's start small and cover the people that do first, just to see how that goes. Instead we're starting with all people on the planet, and it will be declared a success because the metrics will say it was, there's no rolling this back.
And it doesn't have to be children of parents, that's just the common example that's brought out every time this comes up.
We literally did start with that… that’s the current situation, everyone has parental toggles and yet millions of people get scammed for billions of dollars a year. You’re acting like we (and these massive corporations) haven’t been trying for decades at this point. And you’re saying we shouldn’t be trying more stuff, we should just stop and give up and let innocent people get scammed because you want to be able to run whatever on your phone.
Maybe I'm wrong, but I have never seen Apple or Google suggest that someone use the parental control tools on a vulnerable adult person's phone to prevent them from hurting themselves. They have never run such a campaign for awareness or changed those tools to make them more palatable to controlling adult's phones (these tools are always sold as things to enable on a child's device). So no, I don't think we've started with that. We've started by adding some toggles and scary warning, and I agree that hasn't worked. I never suggested we stop trying, I suggested we allow the trusted owner/admin of the device to be more easily assigned to someone that person trusts, not just forcing Google into that role without consent.
You do not want to live in a world where that's normalized. There are legal processes for determining when somebody's "vulnerable" enough to need a guardian. Those process are heavy and strict for a damned good reason. And sometimes still not strict enough.
If I'm drunk and give my friend my car keys and ask them to not let me do anything stupid, I'm not giving up my legal rights to autonomy. I don't think this is any different. Legal guardianship is entirely unrelated, unless we're having some slippery slope fun.
So you expect aging parents to actively ask their children to put controls on their devices, and not to reverse that decision when it matters most?
Many, probably most, of the people most at risk aren't going to do that.
When you're (somewhat) drunk, you know that you're drunk, and you're still able to comprehend how that will slow down your reactions while driving. When you're being scammed, you think you're right... and if you begin to doubt that, you may tend to push the thought out of your mind rather than follow it through, and to evade things that might bring it back. And it's very hard to admit to yourself that you're permanently impaired in that sort of way... especially when you're impaired in that sort of way.
I'm expecting us that come up with something better than "give all computing control to two US companies" Yes this idea has flaws that you're an expert at picking at, but there's gotta be some middle ground that doesn't treat all of us as the most tech illiterate or scammable people.
> let innocent people get scammed because you want to be able to run whatever on your phone.
As always it comes down to insulting and emotionally guilt tripping people to screw them out of their freedoms and of course there's never even a shred of evidence to support any of these incredible claims. You're laying it on too thick, give us a break.
> You’re acting like we (and these massive corporations) haven’t been trying for decades at this point.
You're acting like this would make a dent in the total number of people who are scammed every day.
And it just so happens that the only acceptable remedy necessitates infringing on billions of people's personal freedoms which will, incidentally, secure trillions in future profits for these corporations. All that for a temporary speed bump that would only affect a minority of scammers who would adapt in a month.
So because it's low on the list it's not a right? Where do we draw the line? Let's do an experiment. Which rights can we take away from you? Some are pretty far down the list, right? The right to live is pretty important, so that's all the way up on the list. So where's the line drawn?
How is this overly simplistic? It is pretty simple. You buy some hardware, and some company wants to force you to use their telemetry ridden, data collecting software under the guise of stupid people being unable to do a google search and comparing a string. I can safely say I don't want to live in your technocratic techbro wet dream.
Remote attestation is a useful capability. One example: it can be used to create a camera such that the photographer can prove that an image is an accurate recording of reality and not AI-generated. Without remote attestation, we will soon enter a state of affairs in which the courts (and anyone else, too) cannot ever rely on photographic or video evidence.
The banking system has been relying on remote attestation for decades to ensure that devices used in settling financial transactions have not been tampered with:
Also, I think the chip-and-PIN cards used for most in-store transactions in Europe for the last 20 years rely on remote attestation and tamper resistance to prevent fraud.
Finally, in the domain of desktop and laptop computers, there is a big security hole in that most components (certainly, disk drives and storage devices, but basically any peripheral or board) are essentially embedded computers that can be pwned with the result that they stayed pwned even if the owner of the computer installs the OS from scratch. One solution to this would be for suppliers of peripherals and boards to get much better at securing their products or to stop using microprocessor to implement their products, but it would be quite a lot of work (and governmental intervention or at least intervention by industry-wide quasi-governmental entities that currently do not exist) to get from the current situation to the one I just described. The only products currently available that are secure against this threat (aside perhaps from using 40-year-old computers) use verified-boot technology to implement the security.
I.e., the only desktop and laptop computers you can buy where you can be reasonable sure some attacker hasn't installed malware in the computer's disk drive or track page or wifi module are things like Macs and Chromebooks, which implement the security using verified boot.
So we should all give up our rights so we can use the fancy new locked down technology to digitally sign our photographs. Oh, and now every photograph you ever post on social media can be tracked to your device. I love your future!! We should also install a camera in your bathroom. Just to attest. It's just attestation, bro.
I am sorry that free choice what software to install on your device goes against your existential fear of "AI extinction" as displayed in your profile description. I guess I was wrong, and surrendering all your rights, being tracked and used for datapoints that will in turn be used to train AI is actually good.
I don't think the "ethic" you are proposing (i.e., a consumer should have free choice of what software to install on their own device) has much bearing one way or the other on AI extinction risk.
Do you simply not care that this Linux computer that you have such warm feelings about is fairly easy to pwn (in part because of the lack of verified boot and in part because desktop Linux software is just much easier to pwn than the systems software on a Mac or a Chromebook or an iPhone or an Android phone) such that if you ever got to be an effective activist against some government or some powerful industrial interest, that government or industrial interest could fairly easily eavesdrop on everything you do with this Linux computer?
That doesn't sound much like protecting your individual rights.
You're right. My loonixtard brain didn't grok this without your input. My device is going to be pwned because I didn't use a Microsoft verified image. Should I ever feel the need to start the revolution, I will make sure to use secure boot and use Microsoft windows using my employers account.
It appears that most PC makers didn't implement verified boot correctly (e.g., they negligently left sample keys in the firmware they shipped), which is why I avoided any mention of Windows in my previous comments.
Safety is important, but may not that important. So, shouldn’t we just create something like a "secure virtual machine" to make it easier to protect sensitive content, rather than requiring the highest level of security for everything?
Friendly reminder that rather than have malicious apps steal bank credentials using zero days, all the people I’ve known who’ve been scammed… voluntarily read out their OTP to said scammer, or transferred the money themselves to the scammer’s bank account using the official banking app.
Funnily and ironically enough, a phone that is rooted and fails safety net would likely not allow the bank apps to open, and thus be safer in such a case.
Evolution used to work by some people dying before they could reproduce.
That's how we become the smartest animal on the planet. But it no longer works, we are very good at keeping everyone alive. And there's nothing wrong with that, as long as we don't compromise our freedoms to achieve it.
Some people getting exploited is the modern equivalent of leopards eating your face. It would be nice to protect people from it happening but NOT by everyone giving up basic human rights. And yes, in the modern world, running any software on your hardware should be a basic human right.
Especially at a time where computation is starting to resemble intelligence. Otherwise we all become serfs all over again.
A certain kind of arrogant man who hails from the land of theory tends to believe that everything can be perfectly optimized, that even real-world systems can be designed with mathematical guarantees as to some constraint or another. In their world every thing and every one is an abstract variable to be managed and modified, a goat to be herded. User input is modeled as untrustworthy, hostile input and treated accordingly. The unwashed masses have never toiled in their sterile computer science cathedrals, never been anointed with the sacred waters of ROOT, and thus could never possibly deserve to wield the powers of computation without the infallible guidance of Saint Jobs (peace be upon him) and his holy host.
To compute on one's own is to open one's electronic soul to the Sins of Free Software. Such devilish arts must be shunted to the margins of society, till they may be purged on That Day when all shall bask in Google's light forevermore.
Back when the Apple hardware for iPhone offered real isolation between apps, yes. But that's really hard to maintain and isn't PRISM-friendly. Neither Apple nor Google can justify offering real isolation for apps in the current market.
Yes but they're virtual now where the early apps were physically or logically isolated with memory isolation and secret vault. They still have the secret vault but the virtualization layer is all software and the OS has special access.
---
iOS and Android still provide per-app sandboxes, but those sandboxes are managed entirely by the OS kernel and higher-level frameworks.
Secure Enclave (iOS) and Titan M/TEE (Android) still exist for cryptographic operations, biometric data, and DRM, but access is brokered by the OS. The enclave doesn’t run apps; it just provides cryptographic functions.
OS privilege expansion: system services have visibility into app data at runtime for telemetry, background tasks, push notifications, etc. Apps are isolated from each other, but not from the platform owner.
Result: app-to-app compromise is still difficult, but OS-level compromise (intentional or not) gives broad access. This design simplifies features like push services, app updates, and sync, but makes "true isolation" (hardware separation, zero OS visibility) infeasible in today’s consumer mobile ecosystems.
"sideloading" connotates something that is negative.
On systems before apple's locked-down iphone, it was just called "installing".
The PC revolution started with people just inserting their software into the comptuer and running it. You didn't have to ask the computer manufacturer or the OS vendor permission to do it.
And note that apple doesn't allow you to protect yourself. You cannot install a firewall and block arbitrary software on your phone. For example, you can not block apple telemetry.
Sideloading sounds like sidestepping (synonyms: circumventing, avoiding, evading, bypassing, ignoring, dodging, escaping, skirting). I wonder if the term originated on iOS, where you did have to circumvent things to install programs manually.
Probably on the N-Gage, where you did would side-talk and so side-loading was the next thing to do :p
But the terminology did seem to spring up with iOS. It makes sense to call it that there. But on a platform that allows it, it's just installing.
Which is why alongside freedom came the business of anti-virus.
And people were successfully tricked into "needing" anti virus scanners that do more harm then good.
Anti-virus apps aren't actually useless. They are slow, inefficient, have bad false positive and negative rates, but they aren't useless. I know it's an unpopular opinion but most HN posters have never been on the other side of this stuff.
Many moons ago I attended an internal tech talk by the Google security team. This was shortly after they got hacked by China around 2010 or so. The talk was a general one on what they were doing to boost the security posture in general.
Number one thing they were doing was moving away from AV scanners on Windows to a regime in which IT would centrally whitelist all apps by signature or EXE/DLL hashes. Beyond the issue of false negatives, the reason was that people would routinely install malware infected software despite being told by the AV scanner that it was infected. They'd be told that and they'd just override it. Nearly always the reason was that they were installing pirated software and wanted it badly enough that they either didn't care that it was virus infected, or they talked themselves into believing a conspiracy theory in which AV companies reported false positives to try and discourage piracy.
The other problem with AV was that it reported true positives centrally, but then they'd be coming from high level executives and there'd be problems with addressing the issue. Whereas in a whitelisting scheme said executive would have to file a ticket to request permission to install the malware-ridden pirated Photoshop or whatever, and they wouldn't do it.
This was very sad and I don't know if they kept it up, that sort of thing is terribly high maintenance and it wouldn't be a surprise if they moved away from it at some point. But when your biggest problem is AV that is accurate but ignored and that's inside one of the world's most sophisticated tech companies, it's fair to say AV is not useless but if anything needs to be even stricter.
Never in 20 years of using Linux/Macs I’ve ever needed anti-virus.
Same with me for Linux, but I would also say that, with the discipline and knowledge I have had for the last 10-15 years I probably wouldn't need anti-virus for Windows either.
Macs come with an Apple provided antivirus built in, it's called XProtect.
Apple also has enforced a similar policy to what Google is doing, but much stricter, and has done for ~13 years or so (devs must be identified, the OS rejects unsigned code in all territories by default, Apple pre-approves all binaries even outside the app store).
Linux distros have policies far more extreme than anything Google, Apple or Microsoft have ever done. They explicitly don't support installing any software not provided by their "app stores". Getting into those requires giving up your source code to them, and they reserve the right to modify it as they see fit without informing anyone, reject it for any reason or no reason at all (including reasons like "we don't have time"), and they tie getting new releases of your app to the user upgrading to new releases of the OS. If you do try and install stuff from outside of your distribution, not only are there security warnings to click through but an expected outcome is that the OS breaks and the vendor washes their hands of you.
Despite those policies, or perhaps because of them, botnets of Linux servers are common.
Of all consumer-facing platforms only Windows and Android allow installation of unsigned third party code out of the box via some obvious graphical path. And on Windows that right is somewhat theoretical. You can do it but the built in browser will try very hard to stop you, and the OS itself will happily break unsigned code by blocking file open syscalls heuristically. So in practice most apps don't go the unsigned route. On Android OTOH, unsigned (non ID verified) code is sandboxed and works just like regular apps after installation, the OS won't heuristically interfere with the app.
That's an interesting take on Linux. I see it as a lot closer to what Windows programs were like back in the day, where you can install whatever you want.
Linux distributions each have their built in package managers, but there's no 'policy', as I understand it, that prevents installation of, literally, whatever you want. It's generally more difficult than just downloading and double clicking on the installer / exe, but just follow the instructions and it's done.
And, yes, also there are weird version and dependency issues that crop up more than would be ideal, but that's not the topic.
There's no such policy on any OS except iOS I believe. You can override the security mechanisms on every other OS. The question is only how hard is it? On Linux, worst case, it can easily require compiling the program from source. If Apple or Microsoft imposed a policy that said you can install whatever you want but only by compiling from source, people would lose their minds!
And, note, back when I was a Linux user, distro vendors and evangelists justified that situation by security. They said we don't want people distributing software outside of our repositories because that's how Windows users get viruses, so we deliberately won't make it any easier.
So the Linux community doesn't get to cry freedom and decentralization now, IMHO. The time to do that was 25 years ago when Debian was being praised for having big repositories. Some of us actually did point out how centralized and authoritarian that approach was, I even built a system for distributing apps in binary form to all distros (with hacks and shims for binary compatibility), and that projects attracted some volunteers, but we got pilloried for not "getting" UNIX. One Debian developer even called us monkeys.
The users got tired of this and bypassed them with Docker, a much more decentralized system in which anyone can publish images without binary compatibility problems, and using them isn't tied to your OS version or OS vendor policies. But Docker is also centralized around Docker Hub, and Docker Inc do ban images and developers when malware is found:
https://jfrog.com/blog/attacks-on-docker-with-millions-of-ma...
Not so different to what the app stores do.
It's fair to say that the only OS vendors who have ever taken decentralized and free app distribution seriously are Apple, MS and Google. The open source world went all-in on the centralized store model from the start and never looked back.
External, non-distro-maintained package repositories have been common for ages. I was still in elementary school, so my memory is a bit fuzzy, but I'm fairly sure downloading and installing individual packages was something I did too in the 90s. And fundamentally, any system that is open enough that "you can compile whatever you want on the device" is an option can also have binaries distributed.
Sure, the Linux ecosystem has not prioritized binary compatibility as much, so doing so has been harder, people culturally expected "use existing libraries" more than "just bundle everything", but as you note that attitude has shifted to and it always was possible.
I’ve never needed the seatbelt in my car or the airbags but I will not be uninstalling them.
Never in those 20 years did I need one on Windows either. It turns out if you vet the software you install in the first place, malware is pretty rare. That isn't the bar for most regular users of software though.
Working in retail tech support, we got folks bringing in their new macbooks, freshly ruined by new ransomware, utterly baffled that it was possible at all. But when you're trying to use Photoshop without paying... well, shady stuff's still out there.
Many people also never need insurances, until they do.
How is that curl https://... | sudo sh going?
Given its prevalence, I think it's actually going surprisingly well
Only if you ignore the "npm install" or "pip install" moral equivalent. Free open source packages that come with a side helping of malware have become common in recent years.
Oh I included that I just think that statically things are mostly going fine (unless we are all secretly backdoored in a way that has yet to be made public).
You have been lucky. It's trivial for someone to write a stealer and trick someone to run it. For example there's been stealers targeting Linux built into trojans of Minecraft mods.
As another lucky soul do you happen to know of a case documented somewhere?
For example.
https://support.curseforge.com/en/support/solutions/articles...
And the other 80%+ of the population that uses Windows?
If you consider developer has the right to determine who runs their software, it is actually.
My last 10 apk installs:
- 9 apps not available in the local store - 1 app I changed some setting in the manifest
For less technical people it will also include some shady apk's for example promising free La Liga match broadcast but then scraping everything from phone.
I've found myself having to sideload more apps in Android lately, simply because they didn't update and were removed by Google from the Play Store. Great apps that worked for years and did what I needed them to do are now no longer good enough because the developer didn't choose to stay on a ridiculous treadmill.
Yes and called viruses, dozens of toolbars on your computer, key loggers, malware, ransomware, etc.
If you want an open phone, buy one. But I instruct all of the older members of my family to buy iPhones and iPads.
I’ve been programming computers since 1986 and even I have never said it would be cool to side load on my phone.
> I’ve been programming computers since 1986 and even I have never said it would be cool to side load on my phone.
Because you know about the options, and probably have at least one computer where you can install what you want. Imaging if 1986 you only had access to an iPhone, like most young people today, would you still be programming computers 40 years from now then? There are new computer science students in university that doesn't know how file paths work.
In 1986, it would have been like having my only “computer” my Atari 5200. Are you really arguing that kids today don’t know that computers exist? I can’t see myself enjoying programming if the only thing I had was an iPhone with a keyboard and mouse - but it being “open”.
And stallman since even longer but he's considered "not quite there" by quite a few. Age isn't everything
> If you want an open phone, buy one.
Is this a joke? The reason for TFA is precisely that this is quickly becoming impossible as Google closes down Android. It's already viciously impractical to install a privacy respecting OS like Lineage or Graphene, and now they're coming for the very possibility of installing software.
> If you want an open phone, buy one.
There are none that are usable.
People on HN that run non Google Android phones seem to argue otherwise.
> Do we pour billions into educating users not to click "yes" to every prompt they see?
Yes, obviously yes. In the same way we teach people to operate cars safely and expect them to carry and utilise that knowledge. Does it work perfectly? Of course not, but at least we entertain the idea that if you crash your car into a wall because you’re not paying attention it might actually be your fault.
Computers are a critical aspect of work and life. While I’m a big proponent of making technology less of a requirement in day to day life—you shouldn’t need to own a smartphone and download an app to pay for parking or charge your car—but in cases where it is reasonable to expect someone to use a computer, it’s also reasonable to expect a baseline competency from the operator. To support that, we clearly need better computer education at all ages.
By all means, design with the user’s interests at front of mind and make doing the right thing easiest, but at some point you have to meet in the middle. We can’t reorient entire industry practices because some people refuse to read the words in front of them.
Now, I'm not going to say we shouldn't try to move the needle. More education around this is unquestionably a good thing.
But this sounds an awful lot like trying to avoid changing the technology by changing human nature. And that's a fool's errand.
There are always going to be a significant percentage of users you're never going to reach when it comes to something like this. That means you can never say "...and now we can just trust people to use their devices wisely!"
Fundamentally, the issue with people clicking things isn't really a problem because it's new technology. It's a problem because they're people. People fall for scams all the time, and that doesn't change just because it's now "on a computer".
The owner of a device should have the final say. The way a lot of this is set up basically deprives the owner of one of their core property rights, in particular the right of exclusion. Instead, in many systems the decision about what software to include or exclude is made cryptographically by a third party rather than by the device’s owner. I don’t think we should support limiting people’s property rights for “safety” or other reasons. iOS is probably one the worst in this regard and it sad to see android moving more and more towards this direction.
I have posted multiple times before that this effectively limits people’s property rights. Here are some other posts I have made on the subject:
* https://news.ycombinator.com/item?id=39349288
* https://news.ycombinator.com/item?id=39236853
* https://news.ycombinator.com/item?id=35067455
* https://news.ycombinator.com/item?id=40727203
There are two reasons to install an app: I personally want to install it (yay!) or a powerful third party will bring down a wildly disproportionate punishment if I don’t (wtf.) Nowadays the cast majority of app installs are in the second category, and in this category, being able to make it common knowledge that I physically can’t install your (parking app / apartment app / course selection app /banking app) as root with unlimited privileges even if you (tow my car / evict me / expell me / close my bank account) is super valuable. This value skyrockets further if a large section of the population has this same inability to root themselves, which apple coordinates. This is why people buy apple! ask anyone who buys an iphone for grandma. I would be quite pissed off if the government steps in and takes away this coordination mechanism.
> The owner of a device
That may be the crux of the misunderstanding. The 'licensing' of music, movies, TV shows when you "purchase" them is coming / has come to hardware.
The owner of the device is who controls what you can do with it, not necessarily who paid to keep it in their pocket.
> I have posted multiple times before that this effectively limits people’s property rights. Here are some other posts I have made on the subject:
This is crazy long and not directly about the iPhone, but this is the most comprehensive explaination I've heard of why your plea will probably never be heard:
https://youtu.be/ZK742uBTywA?si=poDXl3Mz7lYwdUxa0
(TLDR: international treaties)
It's not sideloading it is installing an application. Don't use enemy words.
There are some comments attempting to trick people into thinking that some of the least intelligent people of society have more freedom than regular people.
Freedom of speech and to own your belongings is first. This includes installing what you want on your device.
I think the premise that app stores, notarisarion and such protect users is false. It’s like saying sunglasses protect you from the sun - they help you not get blinded by it right away, but you still need sunscreen, wear a hat etc.
Apple/Google rejecting some obvious scam apps doesn’t mean people don’t get scammed or hurt in other ways. Just like online age verification doesn’t actually protect children or make you a better parent… its just straw man of sorts, designed to remove agency from users through a false sense of safety.
> It’s like saying sunglasses protect you from the sun
It is actually much closer than you think. There are the standard sunglasses and then you have actually rated sunglasses for various purposes. The more extreme the environment, the more the former gives a false sense of safety that just isn't there.
The iphone system protects people fairly well at the stuff it's designed for, ie installing malware. Obviously sunglasses don't stop you needing sunscreen and the app store doesn't protect me from crashing my car etc.
Yeah, and banning cars would also protect people from car crashes.
But it comes with the rather large price of a huge limitation to my personal choices.
Not having mandatory checks and requirement would result in the market being flooded with unsafe cars
The elephant in the room is not addressed: software in Google Play with so many antifeatures that it can only be called malware (except that Google doesn't call it malware because it brings revenue), and no alternatives except apps outside Google Play that are not signed by a developer who would submit their identity to Google.
Is it possible to protect users from themselves in every circumstance?
Yes. Remove all of the features from the software. Now, I know you're wondering, "What if my users eat the battery?"
Next, remove the hardware itself. Now users cannot harm themselves at all.
Unfortunately, some users manage to cause themselves harm using nothing but their own body.
Clearly, there should be a way to restrict their access to that too. Keep them from performing unauthorized bodily actions that could result in self-harm. For safety reasons.
"If you are protected by a steel door, but you don't have the key, you aren't safe: You're imprisoned."
The examples in the post are bad.
The people who were scammed did not run rooted phones. Rooting your phone may allow you to install pirated applications containing malware. But most banking losses comes from scams where the user itself initiated a transaction.
The point of those examples is not about rooting phones, it's that there's a subset of the population who can be informed that they're doing something guaranteed to be self-harming and who will do it anyway, then complain that someone should have stopped them.
These discussions aren't really about tech. They're all about politics. Libertarian societies grant freedom on the understanding that some people can't handle it and will hurt themselves (and maybe even others). Collectivist societies sacrifice freedom on the altar of socializing individual losses. The first example he gives is from the relatively collectivist UK, where "James" sent all his money to a foreign romance scammer despite being warned by his bank not to do it. The twist that the blog author doesn't mention is how the story ends: his family went crying to the BBC who kicked up a fuss and Lloyds decided to give him the amount he lost i.e. make other bank customers pay for his bad decisions.
This is a spectrum: you can't have a society that both grants maximal freedom and that also protects people from themselves.
As societies differ in how collectivist/libertarian/crime-ridden they are yet tech platforms are global, it's inevitable there will be disagreements about where on the spectrum this judgement call should fall. What Google is doing here is actually quite innovative and surprising for a company as historically woke as they are: they're admitting that the problem primarily affects some cultures/countries and not others, so the level of freedom should be different. The rules are being changed to only apply to phones in specific countries, whilst preserving freedoms for those in others. This is a very interesting decision that stands against a multi-decade trend in the tech world of treating every country and culture as if they are all identical.
It's not sideloading, you are not doing anything nefarious,shady, on the side, on the edge. It's software installation on your device, your own device. This newspeak is purposely invented to negatively portrait software installation from sources not controlled by Google/Apple
Is it possible to let owners use their hardware as they wish, without having large companies control what they deem "safe"?
I'm not the user of my phone, I'm its owner.
Sure. But the societal losses of a vast amount of people getting scammed might in general be more important your individual wish for freedom to run anything you want on your device. I think there are important tradeoffs to be made, and that we have to acknowledge that many people in society less technically skilled might suffer from serious consequences in your proposed model of computation.
People get scammed over phonecalls all the time and we're not opening up for debate my freedom to accept calls from unknown users. Because why would you? Doing that is like using a nuke to kill a fly.
This reeks as a powergrab that restricts my freedom disguised with the classic "for the greater good". Same as the new UK age verification laws
> we're not opening up for debate my freedom to accept calls from unknown users
That debate was had already and was lost. Phone scammers get blocked by telcos all the time.
>But the societal losses of a vast amount of people getting scammed might in general be more important your individual wish for freedom to run anything you want on your device
The societal losses of a vast amount of people having no private, uncensored means of communication, which this is leading to, are orders of magnitude greater. The largest cause of early death in the past century was governments murdering their own citizens, and the more power governments have over their citizens, the easier it becomes for this to happen again.
I say let them be scammed. Idiocy only grows if it's not resisted. People don't learn if they don't see the consequences. Otherwise it'll just make society head into an authoritarian socialist hellhole... not that it wasn't already going in that direction.
People don't necessarily learn if they see consequences.
They definitely won't learn if they don't see consequences.
No, this is not true. It's definitely possible to educate people about security without them getting hacked.
Yes there is a clear part from not being able to install what you want on your phone - even though you are free to buy a phone that you can - and authoritarianism. Did you know that you also can’t drive just anything on the highway and in some places you have to get your car inspected every year before you can drive it?
A key part of your analogy is "on the highway", where I am a danger to other people and public infrastructure.
I'm allowed to build a wacky unsafe DIY car and drive it around my own property without getting permission from the government. In many scenarios I don't even need a driver's license.
Bringing the analogy back around, maybe one could argue that if I let my phone get hacked such that it becomes part of a botnet or something then it is a danger to other people, but that's not the typical example. Usually these policies claim to be about protecting me from myself while using a device I own.
A nice sentiment, hasnt been true for a while though
You are owner of the hardware, user of the software.
Okay, but as the owner then I should at the very least be allowed to load my own signing keys for the boot-rom to load other software. Like what if I want to run/port linux to the device. A locked down boot-loader deprives me of full enjoyment of the use of my tangible property.
That is totally fair.
> The first is that a user has no right to run anyone else's code, if the code owner doesn't want to make it available to them. Consider a bank which has an app. /../ I think the bank has the right to say "your machine is too risky - we don't want our code to run on it."
But should they? Should we also accept Google's browser signing and ban all browsers the bank doesn't like? Am I allowed to accept calls from people they haven't vetted or is it too much of a risk to the bank's bottom line that they might talk me into a scam.
I suppose we should also write off the inevitable privacy and freedom violations in the name of "security".[0] I don't have anything to hide after all.
[0]: https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...
Plenty of banks will say "only available in Chrome" or "you must be running version xyz of your browser".
There are also banks which are app-only.
You'll also notice that modern phones have a "spam caller" feature. It either gets data from the phone network or from another source. Should your phone block the most obvious spam calls? Your email client already blocks spam.
At a network level, STIR/SHAKEN is also trying to block you from answering fraudulent calls.
These things are happening right now. I expect most people think a reduction in phone spam is worth the occasional false positive.
You may have a different opinion.
I think that makes sense if you also agree to not have any protections from them for getting scammed.
But otherwise I agree, I hate the same shit about requiring 2fa. Let me fucking decide about how much I care about my account being stolen.
> But should they? Should we also accept Google's browser signing and ban all browsers the bank doesn't like?
If you want to hold the banks liable for fraud committed against you (which is exactly what happens in many countries), then it’s hardly reasonable to say that they’re not allowed to use what ever technical options they can to prevent that fraud.
You can put forward the argument that banks simply shouldn’t be responsible for fraud committed against their customers. But we only need to look at world of cryptocurrencies to see how well that works in reality.
> it’s hardly reasonable to say that they’re not allowed to use what ever technical options they can to prevent that fraud.
Of course it's reasonable? You can give someone a job and also ask them to do it a certain way.
It's unreasonable to ask them to do a job, and then tie both their hands behind their back and tell them they have to accept being punched in the stomach and that they should be happy about this.
If you want to tax banks and pay the money directly to fraudsters, I guess that's a model you can aim for.
Then that vendor need to go to /dev/null and end its business.
I find it telling that all the exemples of scams they use to justify preventing apps installation without registering through an American corporation are entirely unrelated to apps installation. Just show the protect the users angle is completely bogus.
Users aren't safe anyway when the gatekeeper is Google. They're deeply evil these days and our phones are mainly a surveillance tool for them.
Apple is only slightly better. They limit espionage from other parties but not their own. And meta ads still exist so they block was not very effective.
> I think the bank has the right to say "your machine is too risky - we don't want our code to run on it."
I disagree. Let's go with preferring user agency until banks are in trouble.
> Again, it probably isn't fair to ban users who run on permissive software, but it is a rational choice by the manufacturer. And, yet again, I think software authors probably should be able to restrict things which cause them harm.
I disagree. Ban users when they cheat, not when they have the power to cheat.
Strongly agreed. Banking apps should run on on anything that can run them. Banks should not be the gatekeepers in charge of deciding what's a "good" or a "bad" device.
The problem is that apps can detect when I say "no you cannot have this data"
A decade ago, we had Xposed modules that would hook into the permissions systems, and give you the option to feed apps fake, generated data. So if it tried to scrape my location or phone number or whatever else, it got garbage
Sandboxing should prevent most of those issues. We can't control the users giving permissions to everything, but with more control on those permissions, or disabled by default, a phone should stay pretty safe, or am I missing something?
People have been trained to tap through those prompts without really reading them, and it’s unreasonable to expect a less technical user to know what the implications of granting a permission are.
I want an option to give fake permissions. A lot of apps are pretty necessary (due to network effects). I don't want to give my contact or location data to them but they also refuse to work without it, even though they don't it for the stuff I am doing. So just let me provide fake data instead. As far as the app is concerned, it has the permissions it so wanted.
That used to exist, but it's bad UX, because the user doesn't understand why the app they didn't give permissions to doesn't work well, and gives it a bad review. It's better UX for the app to say "I can't work without this permission", though it's worse for tech-savvy users.
Giving illiterate people access to computers is going to be dangerous for them no matter what you do. UIs and operating systems should consider their caretakers instead.
Not everyone has caretakers, unfortunately, but everyone needs a phone.
Then they can have flip phones. Those are still made and are great for children and other people who aren't capable of caring for themselves.
Or maybe when you buy a phone you can pay $5 extra to get the OS build that allows sideloading, or make it cost $5 and require you to hand-sign a bunch of forms to upgrade an existing phone to a sideloading-capable version. A little extra friction at phone purchase time (rather than app download time) would likely steer most people, especially non-techies, toward the safer option. Sure, maybe it doesn't stop the problem completely; someone completely bought in to some scam may go through the effort anyway. But if someone is that gullible, they're pretty destined to be scammed out of their money no matter what the protection.
Why should people pay for the privilege of installing apps without having to submit their personal record to an American mega corp which then vet what they install?
You have the issue reversed. I should people should be able to buy specifically locked phones separately if they want to. Actually they already can.
>People have been trained to tap through those prompts without really reading them, and it’s unreasonable to expect a less technical user to know what the implications of granting a permission are.
Can you please explain why there is no big push from the Google and Apple to remove microphone and camera access from the browsers? You claim that most users are "less skilled" and will allow anything , so for the grater good why not pushing to remove microphone, camera and file upload permissions? Why do we trust this users with reading a popup for permissions ?
Or maybe if the popups are not clear or good enough maybe is not the users fault ?
That’s just advocating for the same thing, OS makers removing users abilities to do things they want with their devices. Pretty much everyone in this comment section that is advocating against what Google is doing would advocate against that as well.
I do not see this Apple fanboys asking Apple to remove the camera and microphone features in their OSX operating system. They have many stories about grandma getting tricked to sideload soem evil app from Facebook but somehow same grandma does never get tricked to share her microphone, camera or screen. So I concluded that it is all their minds creating a narative to feel better about them getting screwed by Apple (we all have this problem where we invent some reason to justify some decision we did but in this case is a big mob)
Or maybe your absolutist bullshit is, in fact, bullshit, and there's nuance to be had that explains the discrepancy you observe.
In this case, one nuance is the fact that camera and microphone permissions are very very often necessary in the browser for video chats. Y'know, exactly the kind of thing that grandma might want to do with her grandkids on a regular basis.
There are, in fact, some efforts going on to improve beyond the status quo on permission prompts in browsers, e.g. https://chromium.googlesource.com/chromium/src/+/refs/heads/...
Though, that document also states:
> Our research [1] finds that users often make rational decisions on the most used capabilities on the web today — notifications, geolocation, camera, and microphone. All of them have in common that there is little uncertainty about how these capabilities can be abused. In user interviews, we find that people have clear understanding of abuse potentials: notifications can be very annoying; geolocation can be used to track where one was and thus make more money off ads; and camera and microphone can be obviously used to spy on one’s life. Even though there might be even worse abuse scenarios, users aren't entirely clueless what could possibly go wrong.
[1]: https://dl.acm.org/doi/10.1145/3613904.3642252
Its not the sandboxing, its the access to user data that apps can request. a mobile OS allows apps to request and be granted all kinds of permissions, and 80% of the world population doesn't really understand what all things are possible for each of the permissions they give to an app. For example being able to export the whole contact list, or read all files in folders (where users may have saved notes with passwords) or real time tracking of gps location with wifi mac address sniffing, listen in on conversations, be able to screenshot other apps, trigger touch events... none of this a sandbox can prevent.
When there are problems reported about an app, there has to be a known party to hold accountable. I agree that a developer path that is complex enough that only people who know all the impacts are able to use to side load random apps they own or from someone they can trust, but the general population has to be protected unless at the individual level they are savvy.
> there has to be a known party to hold accountable
So no free applications. Prepare to pay a subscription for every flashlight app.
Be careful with this statement. The whole premise behind banks requiring non-rooted phones is "we can be sure that sandboxing works on the original ROMs—e.g., it will prevent malware from screenshotting our app, and we know that certain custom ROMs patch this snapshot-prohibition code out, thus deliberately breaking the sandbox that we rely upon".
The answer to this question is yes. You need to make enabling sideloading somewhat difficult and make it require a modicum of tech literacy. The only reason that the phone companies do what they do is to make more money from their stores. They don’t care about people or their safety.
For me it’s a matter of settings. As a user I would have option to choose “secure” mode that disallow installing apps from unofficial sources, but if I want to I should have option to allow side loading. Everything else is just corporations need to have to much control.
The problem is that important services will then be (and already are!) only permitted to run in “secure” mode.
I literally have a banking app that will refuse to run on an “unsecure” phone. Today I can still install unsigned apps, but removing that ability is explicitly the goal of this policy change.
Im worried about big apps like instagram deciding that side loading is better for whatever permissions hacks that alllows
Apparently DJI's app is only available directly from them.
They would have already done it
“allow side loading” is a premise I object to.
Now that Android is going full retard with their authoritarian BS, it’s time to build a new phone operating system or at least make the ones we already have viable.
It’s a monumental undertaking, but it needs to be done.
Wait, how does the requirement to only install apps signed by Google comply with the DMA?
If it doesn't, don't we all have our answer on what we should do?
The DMA only applies in the EU, and the exact boundaries of the law are still to be fully litigated out
Right, but, hint hint, lobby politicians so they draft comparable legislation in the US as well.
A ship in the harbor is safe. But that is not what ships are for.
MacOS handles it pretty well, I can use it to do what Doctorow calls general computing and my mother can use it to shop and do email. Apple allowing freedom for MacOS but not iOS is inconsistent and I see no good reason for that.
Except Apple code signing on MacOS is basically what Google is trying to copy over to Android. I can run arbitrary programs on MacOS, but I have to go and remove the com.apple.quarantine attribute from any application that doesn't have Apple's explicit permission to exist, i.e. most FOSS apps. I suspect that option will go away eventually.
> I have to go and remove the com.apple.quarantine attribute
You do not. You can go into System Settings and allow the app to run.
Highly unlikely they’d remove the option with how many devs use macos
They definitely will. They'll change it so that you can locally sign apps with a key that only works on your machine.
That already happened. ARM Macs require code to either be signed or "ad-hoc signed", which doesn't use a key so it's not really a signature, it's more like a SHA hash whitelist that's local to your machine.
I think it's more likely Apple will shift everyone to using iPads and phase out Mac.
They'd have a job doing that one. Speaking as a 30 year laptop user with no interest in ipads. I've never seen the point of ipads - it's like a phone that can't make phone calls.
MacOS does not handle it well. I can run `curl example.com | sh` and it'll steal my ssh key.
It is perfectly consistent: iOS is not for general computing
I create apps just for myself, just started learning, self taught, not a student taking programming course in university, not professional
Apps created by me for my routine,
Does that mean i would not be able to install my apps ??
No, you "just" have to show Google your ID and cryptographically make sure Google knows the apps belong to you
>Is it possible to allow sideloading and keep users safe?
Why is this a question of _allow_? Who is my hardware provider that he is somehow my guardian and must _allow_ me to install software that I want to install?
>Is it possible to allow people to do sports and keep them safe?
>Is it possible to allow people to roam freely and keep them safe?
>Is it possible to allow people to not be locked up in a padded cell and keep them safe?
People are responsible for what they are doing, and teaching them about technology is the best way to do deal with this example here, as it doesn't infringe anyone's human rights and would give anyone the resources to check their sources.
Every sporting body that I know of has rules to keep people safe. Even dangerous sports like boxing and American Football pit some effort into keeping participants reasonably safe.
Similarly, every modern society has rules to keep people safe when roaming. That might be as simple as warning signs it as complex as a coastguard.
We've had decades of warning people about online scams and I don't see any slowdown in the volume of scammy emails that I receive. Education clearly isnt working - and that imposes a cost on all of us.
We've had decades of 'simple warning signs' or measures as complex as coastguards and yet people are still periodically lost in the wilderness, badly injured, or even killed. Education clearly isn't working here either — what restrictions should we impose on people's right to roam to solve this?
You clearly know the answer here since you used the word “periodically”. There’s a massive difference between hundreds and millions. No one is stopping you from buying a non Google phone, no one is stopping you from running calyx or graphene. Mitigation for the things that affect the most number of people is how the world works.
> Mitigation for the things that affect the most number of people is how the world works.
Millions of people hurt themselves, physically hurt themselves, every day, doing things that we could easily restrict. Yet we still allow them to buy knives, glassware that can break, hammers, power tools, non automated vehicles of all kinds, the list goes on.
We also spend a lot of time educating them on the dangers, far more than is spent warning about online scams, and we do it at a far earlier age (age 0, for some of them).
Of course we still allow the sale of safe knives and plastic mugs, so people are free to choose; that point still stands. I'd argue that there is more competition in tableware, and less friction shifting between it, than there is in mobile operating systems.
> No one is stopping you from buying a non Google phone, no one is stopping you from running calyx or graphene.
Google and phone manufacturers have been actively moving in that direction and have a long history of being actively hostile to those things. This is just another move on the same board to restrict these freedoms.
> No one is stopping you from buying a non Google phone
You mean, the iPhone, which restricts everything even more?
They don't come into your own house and tell you what to do though. The police aren't going to arrest you for swimming in your own pool without a lifeguard. That's completely absurd.
I don't know where you live, but lots of places require you to secure your pool in such a way that people can't accidentally drown in it.
For example https://www.forbes.com/advisor/legal/personal-injury/attract...
Societies often place limits on individual freedoms.
And those laws are completely unjust. It is absurd to place an obligation on someone to protect people who are trespassing on the owner's property. If you are poking around someone else's home, it's on you if you get into something that hurts you.
Even the self-proclaimed bastion of liberalism, the US, has laws against booby trapping, so that is obviously not true.
Are you seriously comparing the self-serving decisions of a for-profit company with laws designed to protect people?
they are, and they're correct in that comparison. except that the laws for the pool don't require a branded fence or anything, it's just a height and gate-lock requirement.
Google is telling you to buy their particular brand of fence (which has inextricably an insane markup). And they disallow it for pool shapes they dont like and you dont have an appeals process for it.
Okay, how would you fix the scammy email problem? Only allow authorizing people to send emails after they applied for a government issued address?
Outlaw all non big corpo operating systems?
Perfect surveillance? All because some boomers can't into common sense?
It's also ironic that you bring up warning signs as a counterexample to my point, as it's exactly what I am saying. You can warn them, but you don't bar them from doing so.
Yes if the os sandboxes everything. If you choose to give it access to a file it can mirror that file so that any edits can be undone. Sure it uses more space but way safer unless they find a jailbreak outta their sandbox.
A better question would be:
Is it possible to restrict software installation and keep users free?
I think the question should be reversed. Is it possible to stay safe if you can not control the devices you supposedly own.
What about making side loading require some moderate level of technical sophistication? Like connecting to the phone over usb and having to manually type some long shell commands, or exit vim, or write a compiling c program, or some other layman proof filter to activate installing outside apps. I feel like grandma would be too intmimidated by this (good), making it too frustrating for even the most determine scammer to explain, no matter how desperate they are for her social security checks. Have it be done in the bootloader so you can't follow these instructions while on the phone, and require physical interactivity with the device (can't be automated over usb). Regardless, this policy is an unacceptable infringement on digital freedom by google.
Even if it requires equipment, if people want it, someone will sell doing it.
If there’s a real downside, they’ll be affected.
I believe this is already the case. You can purchase phones that may be bootloader unlocked, allowing custom firmware to be installed. This enables a tech-savvy user to sideload anything they like.
Closed drivers need Android userspace -> Android panics or otherwise refuses to function if it decides it's SE Linux policy is compromised -> you still don't have control over the device.
And we're back to "just break into the thing you've already paid for." Nope. Go away. No more smartphone crap.
If you install custom firmware, you can control the SELinux policy that is configured and enforced by that firmware.
If only there was no app stores... sigh... I would only download apps from the reputable company I like (myfavoritebigbank.com), trusting their brand and reputation for my security. If a client-side app can threaten their security, that's a weakness on their part.
And if a lone developer has a cool new idea, and its app is recommended by users I trust on an obscure specialized forum, then I'll decide to install their app from "coollonedeveloper.com".
If only we could invent some kind of "domain names" system that one would have control and responsibility over, instead of trusting some broken unscalable app stores...
it was never about safe or not safe
> There are, I think, two small cracks in that argument.
> The first is that a user has no right to run anyone else's code, if the code owner doesn't want to make it available to them. Consider a bank which has an app. When customers are scammed, the bank is often liable. The bank wants to reduce its liability so it says "you can't run our app on a rooted phone".
> Is that fair? Probably not. Rooting allows a user to fully control and customise their device. But rooting also allows malware to intercept communications, send commands, and perform unwanted actions. I think the bank has the right to say "your machine is too risky - we don't want our code to run on it."
> The same is true of video games with strong "anti-cheat" protection. It is disruptive to other players - and to the business model - if untrustworthy clients can disrupt the game. Again, it probably isn't fair to ban users who run on permissive software, but it is a rational choice by the manufacturer. And, yet again, I think software authors probably should be able to restrict things which cause them harm.
It's not clear to me whether in this fragment the author is stating the two alleged cracks in the argument or rather only the first one — the second one being Google's ostensible justification for the change. Either way, neither of these examples are generalisable arguments supporting that 'a user has no right to run anyone else's code, if the code owner doesn't want to make it available to them'.
With regards to banking apps, the key point has been glossed over, which is that that when customers are scammed the bank is 'often' liable. Are banks really liable for scams caused by customer negligence on their devices? If they're not, this 'crack' can be thrown out of the window; if they are, then it is not an argument for "you can't run our app on a rooted phone", but rather "we are not liable for scams which are only possible on a rooted phone".
As for the second example, anti-cheat protection in gaming, the ultimate motivation of game companies is not to prevent 'untrustworthy clients' from 'running their code'. The ability of these clients to be 'disruptive to other players' is not ultimately contingent on their ability to run the code, but rather to connect to the multiplayer servers run by the gaming company or their partners. The game company's legitimate right 'to ban users who run on permissive software' is not a legitimate argument in favour of users not having full control over their system.
> Are banks really liable for scams caused by customer negligence on their devices?
In the UK, not legally liable. However culture is not 100% aligned with the law and in practice banks that stick to the rules will be pilloried by the left-wing press and politicians, they risk regulator harassment etc, so they sometimes decide to socialize the losses anyway even when the law doesn't force them. The blog post cites an example of that.
To stop this you'd have to go further and pass a law that actively forbids banks from giving money to people who lost it to scammers through their own fault.
Thanks for the feedback. Those examples are meant to cover the first point.
The problem if you are a bank is that scammed people can be very persistent about trying to reclaim their money. There's a cost to the bank of dealing with a complaint, doing an investigation, replying to the regulator, fielding questions from an MP, having the story appear in the press about the heartless bank refusing to refund a little old lady.
It is entirely rational for them to decide not to bear that cost - even if they aren't liable.
> rather "we are not liable for scams which are only possible on a rooted phone".
Who is going to prove that though? It’s much simpler and less stressful on our court systems if a bank just says “we don’t allow running on rooted phones” and then if a user takes them to court the burden is on proving whether the phone was rooted or not rather than proving if the exploit that affected them is only possible on a rooted phone.
I for one think that this more of a matter of wishful thinking than a technical one.
It's IMHO a matter between trust and hope.
Do we really think that Google has complete control over the stuff they distribute?
Do we really think that a single person delivering some software outside of Google ecosystem is evil?
Judging these things is rather hard without some form of trust and hope.
And it's not something everyone can pick up seriously without the needed knowledge and tools.
Yet Google has no problem with displaying these vulnerable people scammy ads (which is also the most common way they actually discover these malicious APKs), since it brings them revenue..
What if we'd instead require users to verify themselves before being allowed to see ads? I'm sure that would be more effective for preventing scams, fraud and abuse.
> 00. Users should be free to run whatever code they like.
> 01. Vulnerable members of society should be protected from scams.
00: yes, always; 01: yes, but not at the expense of 00 (or probably some other things)
Why? What’s your logic and reasoning?
Safety is not a valid reason to limit freedom. We cannot, and should not try to, keep people safe from their own bad decisions. That is treating adults like children, which is offensive to human dignity.
a and b are about 3rd party safety. C.f. gun safe mandates.
Because safety should never come at the cost safety?
How would you feel if your brain was “safeguarded” against potentially harmful thoughts?
There are millions of homeless or otherwise struggling people all around the world, who would let anyone to use their identity for a small compensation. I don't really see how this requirement to register in Google will help with app security. So the malware will be signed with John Smith living under a bridge, now what?
Unfortunately, the reality is that often their identity is not actually "good enough" to perform these actions. For example, many of these people don't have an address/bank account/email.
I have come to the conclusion that both Android and iOS, along with the banking systems, are all doomed platforms.
Even something like GrapheneOS, in theory the best path to security and privacy and liberty, was falling way short even before this latest announcement from Google.
The problem lies partially in the app ecosystems, which embrace spyware and exploiting users (requiring all the worst Google APIs), and partially in governments, which will leverage any centralized organization like Google to gain control (EU chat control etc.).
The solution cannot be just a custom OS or an OS fork. In fact, ecosystem compatibility is toxic and slows down growth of real alternatives. There needs to be some wholly independent and decentralized offering.
The challenge is hardware compatibility and core services like digital IDs. Most apps should be solved by using a website instead.
These issues are especially important because the future is increasingly digital. Smart phones, smart glasses, smart watches, VR glasses, smart homes, and even brain implants. I don't want to live in a future where I'm either left behind or my whole life is controlled by Google/Apple/the government/etc.
The “use a website instead” angle doesn’t really work for a lot of things, and given the impermanence of websites these days, is actually a major point of potential failure.
The "use a website instead" angle should work for the majority of things people spend phone time on. For the few things that could not be a PWA, some extra effort is needed.
What universele are these people in? Though the app/play store is a fantastic way to obtain shitware that either steals data (seems to be nearly mandatory, if you look at the apps of these store operators), CPU time through mining of some sort, eats through your brain (by inserting horrific amounts of ads, much of which such clear scams I really don't get how this is allowed) or simply ask extra money for essential features one by one.
Everything about the so called stores is so decrepit, the safest way to get any decent software on is side loading / fdroid. How could you in sincerity argue any different?
Do we pour billions into educating users not to click "yes" to every prompt they see?
Instead we pour billions into educating users to be submissive sheeple.
"Freedom is not worth having if it does not include the freedom to make mistakes."
Authors like this love saying that it’s all about installing apps you choose on a device you own and control.
Who could disagree with that?
The problem is it’s often controlling household members sneakily installing creepy things on devices of those they live with and want to control.
> The problem is it’s often
I'd like a source for that. News to me if that is common at all. Not to mention there are apps on the playstore / ios store that can be used in a similar way without sideloading.
If only there was some kind of biometric protection on those devices, preventing from unauthorized access.
They can’t keep users safe even if only PlayStore app are allowed so why hinder other installation paths?
I think sideloading should be allowed only if you actually connect your phone to a computer. This barrier will prevent a lot of vulnerable people from being scammed.
Alternatively, sideloading could require you to delete all App Store apps. In other words, disabling Google Play Protect should require you to wipe your phone. This is another barrier that will prevent a lot of people from getting scammed.
Alternatively, require the user to decide whether they want sideloading or not at device setup time, with no ability to change this decision without wiping and starting from scratch.
It wouldn't solve the "getting infected via cracked apps" problem, but it would at least solve the "users being scammed into sideloading something they don't want" problem.
deleting all app store apps is too high a barrier, because there may not be a replacement that could be sideloaded.
I don't see that changing either. Banking apps, government auth, Whatsapp¹, public transport apps², etc. The status quo is that a small number of official app store apps are all but required.
1: Still basically required if you have young children and want things like play dates. Oh Signal? Yeah, the recent push means that some tech-savvy users now have both Whatsapp and Signal installed. In the Netherlands, you can do without Whatsapp, but not if you don't want to turn your child into a social recluse.
2: For example, in order to use Germany's Deutschlandticket one of the participating public transport companies apps is required. This is a huge regression compared to the initial paper ticket, but there it is.
I guess requiring a transport subscription to get the ticket, via app or smart card, is rather analogous to the topic of adding friction to the undesired path.
< Vulnerable members of society should be protected from scams.
There are three ways to deliver protection: build better walls, defeat attackers after successful initial attacks, defeat attackers before successful initial attacks.
The article ties itself into knots because it recognizes that the first way cannot deliver 100% security. But it refuses to recognize that there are two additional ways.
The United States military could go after scammers operating from foreign compounds. It could treat the economic targeting of American citizens as acts of economic war. It chooses not to. Freedom is not free, and when your country chooses to literally not fight for your freedom, it's hardly any wonder that your freedoms are eroded.
Remember XKCD 538: https://xkcd.com/538/ Cybersecurity and physical security are fundamentally linked.
Scammers can operate from literally any country in the world, in any location where they have access to the internet. The idea of the military busting into a Bin Laden-style scammer compound is very romantic, but plenty of these operate from regular offices or homes, and it’s trivial for someone new to get into the scamming business if a big scammer is taken down.
People forget both why the US invaded Afghanistan in the first place, and why US financial sanctions are so effective. The US invaded Afghanistan, a country whose government was not directly involved in the 9/11 attacks, because that government refused to extradite OBL and other senior Taliban leadership, to bring them to justice in the United States. US financial sanctions are so effective because they cut off foreign institutions from the US financial system if those institutions do business with those who harm Americans and American interests. Soft power is backed by hard power, first against organizations hosted by governments willing to cooperate with the US, and eventually against governments unwilling to cooperate.
That scammers can operate from anywhere is beside the point. More often than not, law enforcement and the military know where that is. A conscious decision is made not to prioritize or fund fighting it.
That’s easy when you’re dealing with people operating in countries where your existing relationship is poor or non-existent. There’s nothing practical that country can do to fight back against U.S. demands.
But try applying that approach to India or China. Do you think those countries are going to allow the U.S. military to operate on their home turf, shooting at their citizens, and not retaliate? It doesn’t even have to be military retaliation, the U.S. economy is heavily intertwined with those countries, just look at the consequences of Trumps tariffs. Do you honestly think U.S. citizens would be willing to trade off the trade benefits of working with those countries, just so you run a military raid on building of scammers?
> Do you think those countries are going to allow the U.S. military to operate on their home turf, shooting at their citizens, and not retaliate?
It's not related to scamming, but the US did just bomb Iranian nuclear facilities; the reaction was a face-saving gesture that was intentionally weak so as to de-facto de-escalate. So the answer to your question is basically yes. The costs of a wider war are too large to the host country to make it worth it to continue to allow scammers to operate freely.
> just look at the consequences of Trumps tariffs. Do you honestly think U.S. citizens would be willing to trade off the trade benefits of working with those countries, just so you run a military raid on building of scammers?
Don't you realize that Trump's election, his tariffs, all this is due to popular sentiment that the US was getting the raw end of the deal in its foreign affairs, that there was a need to, literally, put America First? If anything, such ideas, to have targeted attacks and enforcement aimed at the exact actors targeting American citizens, have been at their most popular in decades, at least since the Iraq war went off the rails.
Yeah. And even in situations where there’s no alliance to disrupt (e.g., Chinese scam compounds in functionally lawless areas of Myanmar), I don’t imagine that most Americans would be sold on the idea of a military operation against scammers.
Just nuke them into oblivion, like Google and Apple nuke freedom to own your device.
>> Vulnerable members of society should be protected from scams.
> There are three ways to deliver protection
While I agree with your idea I'd like to remember that there are previous steps: teach people to be less vulnerable. Teach people to be less greedy. Teach people the consequences of actions.
Being less vulnerable is an obvious definition: know how to not fall for some scams.
Less greedy: some scams revolve around the idea of quick and ease profits and the comeback is hurtful because the person thinks he would get x and ends up losing 500x.
Consequences of actions: there's a lot of value to the group that observes the (bad) consequences of one actions. Pain, even from others, teaches something. The more we protect people from consequences, the better and safer it is about small losses until the actions go beyond the protection and the consequences are catastrophic.
I fully agree that there's a different strategy for before the line is crossed, one that is often more humane, more freedom-respecting, and cheaper to boot. Too often those strategies are sadly under-funded.
That's beside the point that the line, too often, is being crossed, and perpetrators are allowed to perpetuate their crimes, instead of the military and/or law enforcement stepping in and performing their organization's missions to protect us, especially the most vulnerable among us.
Most of this problem is solved by not hiding the trust model.
Do you want an phone where you trust Apple/Google/3rd party to make a "malware or not" decision? Or one where all that is turned off and you can do whatever? Go right ahead in either case - you control the trust, rather than it being made for you by the platform vendor.
Similarly, we have certificate infrastructure where the TLS roots are owned by a small number of people. These are generally trusted, but some people/organizations edit them down (ex: removing roots from state actors deemed untrustworthy). But it's hidden, and generally a lot of choices.
Even linux distros, you pick which package signing keys you trust.
And Docker/K8s... oh wait, there's no default keys and containers remain being developer's puke bags in most cases, and the repos are rugpulled by corporations regularly...
I look forward to you explaining all that to my elderly mother.
Once you’ve explained the difference between Google and “the internet”, you may stand a chance. I wish you luck, I’ve been trying that for a while.
BRB, heading out for popcorn.
They don't even need to know it is a thing that exists. The defaults (ie. the status quo of implied trust in the OS vendor) are fine for this type of user.
> Here's the story of a bank literally telling a man he was being scammed and he still proceeded to transfer funds to a fraudster.
> The bank blocked a number of transactions, it spoke to James on the phone to warn him and even called him into a branch to speak to him face-to-face.
Y'know, at some point the cost of protecting the dumbest people is too much to be worth it. I am perfectly fine with some people getting hacked, doxxed and scammed out of their life savings if the alternative is everyone losing their freedoms.
Freedoms are important because without them people with power go unchecked more and more. It's a slow process but it culminates in 1) dictatorship at the state level 2) exploitation at the corporate level.
Frankly, I think this sort of behavior in a non-senile person constitutes disability, and I think it demonstrates societal failure to provide people with disabilities with support structures. Where was a friend or family, why was this guy operating a bank account to begin with?
This is a false dichotomy. The following are not the only two possible solutions:
* Everyone has to trust one of two giant mega-corporations to make good decisions for everyone
* Everyone has to take on the evaluation of everything themselves, do their own admin, understand opsec, etc etc.
Freedom does not entail the latter. Freedom means having the freedom to do it, but also having the freedom to delegate it, and to decide who to delegate it to. We don't have to be technology "preppers". We can set up and fund independent organisations to do this -like Debian, for example. And have competition between them.
Yes, that means some people will delegate their trust to their religious cult. That's the price of freedom
Blocking sideloading under the pretense that it "keeps people safe", is bullshit. Google is taking steps to build their wall a lot higher.
Just make it harder to disable security.
At point of purchase, you get to decide whether you want secure mode or not. Then after that, if you want to change it, you have to open a support ticket with the manufacturer.
Kinda like how SIM-locking works.
Look at the people who are conned into buying Apple Gift Cards so that they can "pay their taxes".
If they can be convinced of that, how hard will it be for a scammer to say "we've detected a problem with your phone. To avoid being imprisoned for piracy, please file this support ticket so we can debug things."?
being conned into buying gift cards means the weak link isn't with the security of the phone, but with the person's brain.
Making the device so locked down that no such con could exist also means there's no way to use the phone in ways that haven't been authorized - and as a power user, i detest that i am paying a price for the safety of those who are too stupid. I do not want to pay that price.
Conveniently, google gets to remain in a position to earn more money from being in the controlling seat.
as they say, if you trade freedom for security, you'll end up with neither.
Devices should offer a local signing cert, where you can sign an app for that device only. Then make the app signing process enforce binding agreement that you assume all responsibility related to the app.
The most secure OS existing, Qubes OS, allows and encourages installing any untrusted software and protects you with strong, hardware-assisted virtualization.
There is something that's always perplexed me. Why is it that money when transferred electronically can so easily disappear into obscurity or oblivion? Why is there no full audit trail?
Restated, every electronic transfer requires a sender and a receiver—and there are standardized (electronic) protocols to ensure funds are debited from sender's account and credited to the receiver's account. So we ought to know where monies end up but so often we don't.
The way around these scams is (a) have infallible fully identifiable trace routes, and (b) destination banks must be known to the sending bank and meet an international standard of prudence and integrity or funds would not be transfered, and that ought to be a lawful requirement. (Ipso facto, it would be incumbent on recipient banks to know its account holders and to act on fraudulent transactions.)
In other words, the electronic funds transfer system should be transparent from the sender's account right through to the recipient's bank and the actual bank account within that destination bank. In short, the funds should be traceable right through to the point where the recipient withdraws cash from the destination bank and walks out the bank's door. (There are ways that a destination/bank can keep certain details about the recipient private and yet still allow the money trail capable of being audited that I can't address here.)
In effect, the requirements ought to be (1) sending banks would only transfer funds to banks of known integrity, (2) receiving banks must have procedures in place to recover monies from accounts in the event of fraud, and (3) protocols such as delaying payments, putting funds in escrow until transactions are proven legitimate, and methods of recovering/refunding funds etc. are properly established. Transparency would also mean transactions would be reversible in case of fraud.
Ideally, such procedures would be set out in ISO protocols and by law banks could only transfer funds to other banks that follow the protocols.
Yes, I know this sounds simple and the world's banking systems are complex and convoluted and that there'd be many objections from many sources, banks, credit card companies, money traders and so on but it cannot be denied that the great weakness in funds transfer is that monies can vanish without a trace. Frankly that's unacceptable in an age of electronic money transfer where every cent is accounted for along the transfer route. That various entities can obfuscate that accounting at various points in the transfer process ought no longer be acceptable.
To say it can't be done or that it's unacceptably complex is bullshit, for example banks and credit card companies such as Visa and MasterCard had no trouble blocking funds transfered to WikiLeaks.
The real problem is that the world's banking system is a law unto itself and that banks would on many grounds object strongly to introducing a system.
Look at it this way: similar schemes to that which I've outlined are already in place in say conveyancing, property is only deemed exchanged and the transfer complete when lawyers 'meet' and exchange money and land deeds. Same happens when say two waring countries meet and exchange captive soldiers on the spot.
Given the many billions of dollars lost to scammers every year it's clear that banking transfer systems are hopelessly flawed. Things would soon change if banks told customers that they cannot transfer monies to xyz destination because the money trail is untrusted/cannot be authenticated and that it would be unlawful for them to so act.
> Are you allowed to run whatever computer program you want on the hardware you own?
Yes. It is a basic human right.
> This is a question where freedom, practicality, and reality all collide into a mess.
No; it isn't. The answer is clear and not messy. If you are not allowed to run programs of your choice, then it is not your hardware. Practicality and "reality" (whatever that means) are irrelevant issues here.
Maybe you prefer to use hardware that is not yours, but that is a different question.
It seems that this is another one of those things where the lowest common denominator sets the rules for everyone. Most people arent tech savvy programmers so giving them the freedom to do 'whatever they want' will lead them to hurt themselves in some way. Of course this is not an excuse for locking down your hardware. Smartphones just came into being as a consumer-first product and didnt require many of the freedoms that programmers needed, which is why computers are fundamentally more open than smartphones. Apple of course is trying to change that with their Macs
You don't need to be a "tech savvy programmer" to be aware of the risks on the Internet and not do stupid shit.
TBF historically systems were designed with such poor UX that it was sometimes quite difficult not to do stupid things. Such as using Windows back in the day without installing software from the internet at large (ie there was no reputable package manager).
But that's a system design issue as opposed to an argument against user freedom.
You mean like using curl, shell, and sudo that is so prevalent these days?
https://xkcd.com/2501/
Only that nothing about this requires big expertise. If you are a user of computers, you should be able to navigate the basics. It's the same like driving a car, you must know the traffic rules and how to behave, but that doesn't mean you have to understand how your engine works in detail.
If you want to drive a car you go through driving school and have to pass the tests to get a drivers license. Theres no drivers license for the internet and not really any strict set of rules you have to follow in order to get online - most people pick up a sense for rules online by osmosis, usually about how to not get scammed or get malware - sometimes they have to learn by first hand experience. If we go by your comparison this would be like learning to drive by crashing a couple cars. I definitely believe anyone whos even a little tech savvy underestimates how complicated or confusing technology can be for the average person.
> this is another one of those things where the lowest common denominator sets the rules for everyone
In that case, the solution should be to raise the lowest commmon denominator. Lots of issues like that could be prevented by investing in education to increase technology literacy. But long term investments (even public ones) do not match well with quarterly reports.
I would say young people grow up with tech and usually are very tech literate.
Tech... a "maybe" yes.
However, this isn't entirely a tech problem - it's a social/human one.
Not every mechanic has a driver's license. Sure, they may enjoy working on cars and the technology of cars... but for one reason or another they may have never gotten or have lost their driver's license.
Not everyone who is tech literate is similarly socially literate. I have programmer co-workers who have been scammed into sending gift card authentication codes or installed malware (or allowed the installation) onto their personal computing devices.
It isn't possible to prevent someone from accessing the internet any more than it is possible to prevent them from accessing a phone.
I am not saying that one should have a license to access the internet. Rather, I am saying that a device that holds and maintains the authentication mechanism for doing banking transactions, it is not unreasonable for the maker of that device and its software to attempt to mitigate the possibility that they are held liable for negligence in allowing user installed software to do banking without the owner's consent.
With the uncertainty that everything in the operating system and hardware is locked down to the point where no-consent access by malware to those banking capabilities is completely restricted (and thus they're not liable for negligence) - the wall that is being put up to try to prevent that is "no software that has not been vetted can be run on this device."
Consider that the phone is often the authentication mechanism and second factor for authorization to restricted systems. Authy, Microsoft Authenticator, and other 2nd factor applications typically do not run on general computing devices.
Technical literacy does not imply social or security literacy.
> Technical literacy does not imply social or security literacy.
Indeed. And people were falling for scams long before the Internet. What's new is the push to make that the fault of bystanders... thus causing those bystanders to intervene. It's neither the bank's fault, nor Google's fault, if somebody falls for a scam. Or installs malware. Or whatever. If you try to make it their fault, they're going to do really annoying things that you don't want.
Sure, you can sell security tools, or curation, or whatever. Many people will even want to buy them, but things break when that starts being a duty. And the only way to prevent it from becoming a duty is to accept that people own their own mistakes.
> And the only way to prevent it from becoming a duty is to accept that people own their own mistakes.
This tends to be counter to consumer protection laws or data privacy laws.
A company that can be held to strict liability for their actions can be sued (and be found liable) even if they presented that the action is unreasonable or dangerous.
In saying a consumer who buys a 100% "you can do anything on it" device liable for every action that that device takes no matter what initiated that action?
To me, the argument that you should be able to do anything on the device and be held liable for all the actions that device allows is very similar to that of "the maker of the device has no liability for providing a device that can be misused."
If that is the case, then (to me) this would need to be something that would need to be changed by the courts and the laws (and such a company would need to pull completely out of Europe).
Indeed, the bad attitude I'm talking about has found its way into some laws, as well as into other kinds of norms and expectations. That doesn't make it good.
You may be exaggerating it, but insofar as you're right, you're just describing the problem.
> no software that has not been vetted can be run on this device
That’s just it. Software isn’t being vetted. Witness all the scam apps in the iOS and Android app stores. Even paid developer accounts don’t stop people from publishing these, nor does Apple’s walled garden protect you from them.
Do not make perfect the enemy of the good. There are failings of vetting.
That said, for sensitive apps they tend to go through more strict scrutiny of their functionality. Publishing a "Wəlls Fargo" application will likely not get approval.
The question isn't "does it need to be 100%" but rather "if was not done at all, would Apple or Google be liable for flaws in their software (e.g. VM breakouts) that allows malware to do banking transactions, location tracking, or place calls (e.g. 1-900 number dialing) without user consent?"
I'm fairly certain that Apple and Google take measures to limit their liability. With how courts and countries are finding technology companies liable for such (consumer and data privacy protections), I would expect to see more restrictions on the device to try to further limit the company's exposure.
I deal with a lot of young people who have grown up with tech, and my experience is that in general they haven't got a sodding clue about how anything works, or the implications of any of this.
Absolutely not a Scooby.
Or it's not a computer and really something more like a television. In that case these things should be thought of as a vice rather than a productivity tool.
The social structure of the smartphone app ecosystem is remarkably similar to the cable provider -> network -> show situation from before too.
The example I always go to is a Nintendo or PlayStation, etc.
They’re clearly just computers, they’re “hardware you own”, but you’ve never been able to run whatever software you want on them. But it’s been like this since the 1970’s and there’s never been an uproar over it.
For me the difference is that you know what you’re getting into when you buy a console, and it’s clear up front that it’s not for “general” computing. I’m inclined to put smart phones into this category as well, but I can see how reasonable people may disagree here.
For me the difference is that you know what you’re getting into when you buy a console, and it’s clear up front that it’s not for “general” computing. I’m inclined to put smart phones into this category as well, but I can see how reasonable people may disagree here.
I think there is a huge difference. You can perfectly live your life without a game console. Even if you are a game addict and it is absolutely necessary for you to live, you could buy a PC and game on that.
Smartphones are a necessity nowadays. Some banks only have smartphone apps (or require a smartphone app to log in to their website). Some insurers want you to upload invoices with an app. Some governments require an app to log in (e.g. the Dutch DigiID). You need a smartphone to communicate with a lot of organizations and groups.
Smartphones have become extremely essential. And two companies can decide what does and what doesn't get run on a smartphone and they can take their 30% over virtually everything. They can destroy a company by simply blocking their app on a whim (contrast with game studios, which could always publish their game for PC or Mac or whatever).
It is not a healthy, competitive market. It is the market version of a dictatorship. And Google forbidding non-app store installs is making it worse.
Governments should intervene to guarantee a healthy market (the EU is trying, but I think they are currently worried about the tariff wrath).
I have a friend that still uses a dumb flip phone from the early 2000s. No smartphones are not necessary.
There was a documentary over here on TV about people that do not use smartphones. The conclusion was that it was almost impossible, they often have to rely on other people for certain things, and are excluded from a lot of social circles.
Surely it would be better if console makers gave users freedom to control the device, rather than smartphones not being in the users' control either.
Unfortunately, the copyright lobby of the video game industry was too strong in the 70s/80s/90s, so here we are.
Those are not really personal computers, they're fancy set top boxes and extensions of the television.
They have the same hardware in them as a personal computer, and essentially always have. (The original Nintendo had the same CPU as an Apple II.) The difference is only how they were marketed, and the artificial limitations on what software you could run.
Right. They're vices and not tools even though they might look like tools.
The problem is larger than just smart phones. Smart phones are the templates for all future devices. You car now runs Android as well.
In the future, when your whole house is controlled by a computer, do you want that computer to be controlled by Google or to be controlled by yourself?
Only because of sustained pressure from all the usual suspects to try to make that the social structure.
I think it's always going to evolve that way when people are so concerned about "safety" (no matter how that's defined) that all the escape hatches are removed.
Is it the people that are pushing for this though? Apple has long pushed privacy and security as a way to maintain their control over personal devices, the people just believe it and accept it. Google is just taking notes and seeing how profitable that approach is. Provided there's no push back, they'll succeed easily with no one actually asking for this.
Increasingly, I keep noticing that all human-corporation relationships are a rehash of older power structures and basically struggles for power in which people gradually keep losing it until they realize they are exploited and then finally start fighting back.
People started free and equal, then some specialized into warriors[0] and gradually built deeper and deeper hierarchical power structures, called themselves "nobles" and started exploiting the "commoners".
At some point people snapped, killed a bunch of them (French revolution, US was for independence, etc.) and decided they wanna rule themselves.
And then companies started getting bigger and bigger, with deeper hierarchical power structures, the "nobles" call themselves "executives" or "shareholders" and the people doing actual productive work are not longer "commoners", they are "workers"[1].
[0]: And thus controlled the true source of power - violence.
[1]: Ironically admitting that people who are not workers are not doing real work, they are just redistributing other people's work and money.
Some variant of Anacyclosis?
https://www.youtube.com/watch?v=uqsBx58GxYY
Can't watch the video now but partially.
I don't like describing it as cycles because it is too simplistic and pretend it is inevitable, robbing people of agency.
I prefer to think of society as a system where different actors have different goals and gradually lose/gain influence through a) slow processes where those with influence gain more from people who are sufficiently happy to be apathetic b) fast processes when people become sufficiently unhappy to reach for the source of all real world influence - violence.
This happens because uneducated/dumb/complacent people let it happen. It can be prevented by teaching them the importance if freedoms and to always fight back. But that goes directly against the interests of those in power - starting from parents who want children to be obedient.
Control over hardware isn’t actually the issue at stake here: many Android devices can unlock their bootloaders in a moderately safe way. Go nuts.
It’s a more tricky issue where Google and other parties can restrict access to their services to devices they deem legitimate. Their services, their rules. Your hardware. Different arguments required.
It’s everywhere: Widevine is used to prevent stealing 4K content (incl ATSC 3.0), gaming providers use it for anti-cheat, banks use it to rate limit abuse. It’s not just Android.
(I say this as someone with an Apple Vision Pro running visionOS 1.0 with the hope to jailbreak it one day. I’m actually unable to do whatever I want to their hardware, unlike my Pixel phones.)
There are actually just about no services that genuinely need hardware attestation other than some DRMed music/video and zelle. Everything else pretty much works on Linux in a browser or has some substitute that does.
Yes, only some things for now! I hope it stays that way or decreases, but that’s not the way the arrow is pointing.
Providers still implement it where they can, like for blackout restrictions for US sports games: impossible to enforce on the web because I can spoof location. Very possible to enforce on iOS because jailbreaking is not possible. Possible to enforce on Android because you can check if spoofing was made possible.
It’s currently the primary reason I can’t play games online on Linux.
> many Android devices can unlock their bootloaders in a moderately safe way.
And yet you can't install an alternative OS like Mobian, postmarketOS or PureOS due to the closed drivers and specs.
> > Are you allowed to run whatever computer program you want on the hardware you own?
> Yes. It is a basic human right.
Says who?
What's your philosophical argument in favour of this?
It's directly in the text.
> hardware you own
Is it not possible to run software on any hardware you own?
Is it illegal to spin up a Linux server on your mobile phone?
It's practically impossible due to the closed drivers and specs, directly causing planned obsolescence and e-waste. It should be a part of the right to repair.
That's not an argument.
Please explain how owning an item of hardware implies that running whatever computer program you want on it is a basic human right.
If there are rooms in your house someone else could lock you out of, do you own the house or do they?
If someone else could use your car without your permission, do you own the car or do they?
If someone could grow their own plants in you back yard, do you own the garden or do they?
If someone else could choose what programs run on your computer, do you own the computer or do they?
Saying "basic human right" instead of just "basic right" may be odd, but definitionally, owning a thing means having the right to say how it is used. Either you own it and have that right, or you don't own it and don't have that right. That's what owning means.
There are parts of your car that you are not legally allowed to remove or disable (for example, the muffler or catalytic converter https://19january2017snapshot.epa.gov/sites/production/files... ).
There are times when it is necessary to limit the rights that a individual has so that the system that the individual lives within can work.
You can buy a radio transmitter, but you're not allowed to operate it without a license. You can likewise buy a car, but you aren't allowed to operate that either without a license.
You do not have the right to modify your phone so that it acts as a radio frequency jammer.
Possession of a device does not give an individual unrestricted rights to what can be done with it.
Requiring something and locking someone out are completely different things.
I’m fine with government requiring smoke detectors in my home, I’m not fine with completely unregulated private entity deciding how I live in my home, bought with my money.
And in case of a muffler, there’s literally no one in this entire world who can stop me from removing it. There are repercussion for doing so, but nobody stole my rights from removing it.
That’s a great ideal, but Android is used both by sophisticated users who want a phone they can tinker with and the tech-illiterate grandparents of the world, who will never have a legitimate reason to install an app outside the Play Store, and who would never attempt to do that unless they were being guided by a scammer.
So, put a toggle somewhere. When the toggle is toggled, put up a big fat warning sheet and say if somebody on the phone or mail asks you to do that, 99.9% it's a scammer.
If people still go for it, then it is their responsibility. A lot of things in life require responsibility because otherwise the results can be disastrous. But we don't forbid them, because it would be a huge violation of freedoms.
But it’s not someone on the phone - it’s their best friend / star-crossed lover who they met on WhatsApp because of a chance wrong-number text! Since then they’ve become incredibly close, and they can trust each other with anything. When their lover gives them some amazing investment advice and it requires clicking through a scary-looking prompt (like they do all the time on a phone), who do they trust - their one true love or a generic warning message on their phone?
You have to take into account that the threat model here is vulnerable people, often older, being taken in by scammers who talk to them for weeks and gain their complete confidence. To the victims, it feels like a real romantic relationship, not someone who could even possibly be a scammer.
The solution is not taking people's freedom away. The solution is education. Lesson 1: lovers are not for investment advise.
Also, scams also happen outside smartphones.
What's next? Are we going to revoke people's control over their financials because they might be scammed? Let's have the bank approve before we can do a transaction. And since we are using their payment platform, maybe they should also take 30%.
Please stop feeding their narrative. Scammers are Google/Apple's "but think of the children".
> lovers are not for investment advise.
Aren’t they? I ask my partner for investment opinions all the time.
> Let's have the bank approve before we can do a transaction.
Yes… That’s already how it works. Banks use heuristics to detect and prevent suspicious transactions. That’s why most of these scams ultimately involve crypto.
Aren’t they? I ask my partner for investment opinions all the time.
Obviously, the probability of it being a scammer reduces with the amount of time. In the end it's a function of time vs. effort. Scamming billionaires by marrying them and waiting until they die happens frequently enough. A 5 year scam for a few thousand bucks, unlikely.
As usual, use common sense, which you would have to do anyway if you do investments.
There are lots of older people who have never really invested their money, have a lot in their savings account, and might be excited by the idea of a get-rich-quick crypto investment they hear about from someone they trust. Even if they’ve only known them for a little while.
> Banks use heuristics to detect and prevent suspicious transactions.
... and it's really fucking annoying when their heuristics misfire-- which is not at all rare-- especially since they do all they can to externalize all costs of that to the customer.
> The solution is education.
We've been trying to educate people about passwords and phishing for years/decades now, and it has not worked. Further, every day a new ten thousand (US) people need to be educated:
* https://xkcd.com/1053/
> So, put a toggle somewhere. When the toggle is toggled, put up a big fat warning sheet and say if somebody on the phone or mail asks you to do that, 99.9% it's a scammer.
The proverbial grandparents will follow the instructions of the scammers and will click through all of that. We've had decades of empirical evidence: people will keep clicking and tapping on dialogue boxes to achieve their goal.
People have physically driven to cryptocurrency ATMs on the instructions of scammers:
* https://bc-cb.rcmp-grc.gc.ca/ViewPage.action?siteNodeId=2136...
* https://www.usatoday.com/story/money/2025/04/21/bitcoin-atm-...
Warning sheets will do nothing.
Who cares? Granny is still allowed to buy knives and accidentally chop off her fingers while she cooks. If she ends up doing that it's either her fault or she's too old to be using knives. We don't ban or blunt knives just because you can cut yourself with them.
Okay great, seeing how every reasonable warning and technical restriction is completely pointless and how people will do everything they're told if they're naive enough and the person on the other end is convincing enough, we can skip this whole dance.
Because at the end of the day the scammer is going to convince your grandma to go to the bank, withdraw the entirety of her savings and send them to the scammer in an envelope.
Any technical restrictions therefore only harm our personal freedoms and don't actually protect those who are vulnerable because those people's problems aren't technical in nature.
Then why not lock down their devices. Why aren't people using the parental controls on their parents phones to lock it down and own in on their behalf? I don't understand this idea that because there are some people vulnerable to scams that we all have to give up control to Apple and Google. The option to move the trust and ownership to another party is useful, but it doesn't have to be just those two parties as options.
Not everyone has children. Not everyone has children who they remain in contact with. Not everyone has children who are tech-adept enough to do that. Not everyone has children who are less vulnerable than themselves.
Well maybe let's start small and cover the people that do first, just to see how that goes. Instead we're starting with all people on the planet, and it will be declared a success because the metrics will say it was, there's no rolling this back.
And it doesn't have to be children of parents, that's just the common example that's brought out every time this comes up.
We literally did start with that… that’s the current situation, everyone has parental toggles and yet millions of people get scammed for billions of dollars a year. You’re acting like we (and these massive corporations) haven’t been trying for decades at this point. And you’re saying we shouldn’t be trying more stuff, we should just stop and give up and let innocent people get scammed because you want to be able to run whatever on your phone.
Maybe I'm wrong, but I have never seen Apple or Google suggest that someone use the parental control tools on a vulnerable adult person's phone to prevent them from hurting themselves. They have never run such a campaign for awareness or changed those tools to make them more palatable to controlling adult's phones (these tools are always sold as things to enable on a child's device). So no, I don't think we've started with that. We've started by adding some toggles and scary warning, and I agree that hasn't worked. I never suggested we stop trying, I suggested we allow the trusted owner/admin of the device to be more easily assigned to someone that person trusts, not just forcing Google into that role without consent.
You do not want to live in a world where that's normalized. There are legal processes for determining when somebody's "vulnerable" enough to need a guardian. Those process are heavy and strict for a damned good reason. And sometimes still not strict enough.
If I'm drunk and give my friend my car keys and ask them to not let me do anything stupid, I'm not giving up my legal rights to autonomy. I don't think this is any different. Legal guardianship is entirely unrelated, unless we're having some slippery slope fun.
So you expect aging parents to actively ask their children to put controls on their devices, and not to reverse that decision when it matters most?
Many, probably most, of the people most at risk aren't going to do that.
When you're (somewhat) drunk, you know that you're drunk, and you're still able to comprehend how that will slow down your reactions while driving. When you're being scammed, you think you're right... and if you begin to doubt that, you may tend to push the thought out of your mind rather than follow it through, and to evade things that might bring it back. And it's very hard to admit to yourself that you're permanently impaired in that sort of way... especially when you're impaired in that sort of way.
I'm expecting us that come up with something better than "give all computing control to two US companies" Yes this idea has flaws that you're an expert at picking at, but there's gotta be some middle ground that doesn't treat all of us as the most tech illiterate or scammable people.
> let innocent people get scammed because you want to be able to run whatever on your phone.
As always it comes down to insulting and emotionally guilt tripping people to screw them out of their freedoms and of course there's never even a shred of evidence to support any of these incredible claims. You're laying it on too thick, give us a break.
> You’re acting like we (and these massive corporations) haven’t been trying for decades at this point.
You're acting like this would make a dent in the total number of people who are scammed every day.
And it just so happens that the only acceptable remedy necessitates infringing on billions of people's personal freedoms which will, incidentally, secure trillions in future profits for these corporations. All that for a temporary speed bump that would only affect a minority of scammers who would adapt in a month.
Society is held back so much when the most capable have to live by rules made for the least capable.
Give the knowledgeable the freedom to use their skills. Separately, develop ways to help/protect specifically those that need it.
Or guided by their tech savvy children.
What else do you consider basic human rights?
My suspicion is: were you to list them, running programmes on hardware you own would be fairly low on that list.
So because it's low on the list it's not a right? Where do we draw the line? Let's do an experiment. Which rights can we take away from you? Some are pretty far down the list, right? The right to live is pretty important, so that's all the way up on the list. So where's the line drawn?
I don't want to live in your overly simplistic world.
How is this overly simplistic? It is pretty simple. You buy some hardware, and some company wants to force you to use their telemetry ridden, data collecting software under the guise of stupid people being unable to do a google search and comparing a string. I can safely say I don't want to live in your technocratic techbro wet dream.
Remote attestation is a useful capability. One example: it can be used to create a camera such that the photographer can prove that an image is an accurate recording of reality and not AI-generated. Without remote attestation, we will soon enter a state of affairs in which the courts (and anyone else, too) cannot ever rely on photographic or video evidence.
The banking system has been relying on remote attestation for decades to ensure that devices used in settling financial transactions have not been tampered with:
https://en.wikipedia.org/wiki/IBM_4758
Also, I think the chip-and-PIN cards used for most in-store transactions in Europe for the last 20 years rely on remote attestation and tamper resistance to prevent fraud.
Finally, in the domain of desktop and laptop computers, there is a big security hole in that most components (certainly, disk drives and storage devices, but basically any peripheral or board) are essentially embedded computers that can be pwned with the result that they stayed pwned even if the owner of the computer installs the OS from scratch. One solution to this would be for suppliers of peripherals and boards to get much better at securing their products or to stop using microprocessor to implement their products, but it would be quite a lot of work (and governmental intervention or at least intervention by industry-wide quasi-governmental entities that currently do not exist) to get from the current situation to the one I just described. The only products currently available that are secure against this threat (aside perhaps from using 40-year-old computers) use verified-boot technology to implement the security.
I.e., the only desktop and laptop computers you can buy where you can be reasonable sure some attacker hasn't installed malware in the computer's disk drive or track page or wifi module are things like Macs and Chromebooks, which implement the security using verified boot.
So we should all give up our rights so we can use the fancy new locked down technology to digitally sign our photographs. Oh, and now every photograph you ever post on social media can be tracked to your device. I love your future!! We should also install a camera in your bathroom. Just to attest. It's just attestation, bro.
I am sorry that free choice what software to install on your device goes against your existential fear of "AI extinction" as displayed in your profile description. I guess I was wrong, and surrendering all your rights, being tracked and used for datapoints that will in turn be used to train AI is actually good.
I don't think the "ethic" you are proposing (i.e., a consumer should have free choice of what software to install on their own device) has much bearing one way or the other on AI extinction risk.
Do you simply not care that this Linux computer that you have such warm feelings about is fairly easy to pwn (in part because of the lack of verified boot and in part because desktop Linux software is just much easier to pwn than the systems software on a Mac or a Chromebook or an iPhone or an Android phone) such that if you ever got to be an effective activist against some government or some powerful industrial interest, that government or industrial interest could fairly easily eavesdrop on everything you do with this Linux computer?
That doesn't sound much like protecting your individual rights.
You're right. My loonixtard brain didn't grok this without your input. My device is going to be pwned because I didn't use a Microsoft verified image. Should I ever feel the need to start the revolution, I will make sure to use secure boot and use Microsoft windows using my employers account.
It appears that most PC makers didn't implement verified boot correctly (e.g., they negligently left sample keys in the firmware they shipped), which is why I avoided any mention of Windows in my previous comments.
>this Linux computer that you have such warm feelings about is fairly easy to pwn
It's just not. Otherwise, all servers would be running your beloved iOS, wouldn't they?
>in part because of the lack of verified boot
This does not matter. I can generate my own keys.
>easier to pwn [...] than [...]an iPhone
Lol... If anything, phones are more vulnerable because you have less access to sandboxes and VMs.
Hey, look, an Apple CVE from two days ago. https://nvd.nist.gov/vuln/detail/CVE-2025-43284
And this one's from this month. https://nvd.nist.gov/vuln/detail/CVE-2025-43300
And here's Apple's sandbox failing, last month. https://nvd.nist.gov/vuln/detail/CVE-2025-43274
pwas deserve more attention
Safety is important, but may not that important. So, shouldn’t we just create something like a "secure virtual machine" to make it easier to protect sensitive content, rather than requiring the highest level of security for everything?
Friendly reminder that rather than have malicious apps steal bank credentials using zero days, all the people I’ve known who’ve been scammed… voluntarily read out their OTP to said scammer, or transferred the money themselves to the scammer’s bank account using the official banking app.
Funnily and ironically enough, a phone that is rooted and fails safety net would likely not allow the bank apps to open, and thus be safer in such a case.
Also see: wrench vs RSA encryption at https://xkcd.com/538/
Goodbye Android.
And then what?
More like: time for regulators to step up and do their work.
What makes you think they will? What makes you think regulators don't also want this?
And then GNU/Linux phones. Sent from my Librem 5.
Evolution used to work by some people dying before they could reproduce.
That's how we become the smartest animal on the planet. But it no longer works, we are very good at keeping everyone alive. And there's nothing wrong with that, as long as we don't compromise our freedoms to achieve it.
Some people getting exploited is the modern equivalent of leopards eating your face. It would be nice to protect people from it happening but NOT by everyone giving up basic human rights. And yes, in the modern world, running any software on your hardware should be a basic human right.
Especially at a time where computation is starting to resemble intelligence. Otherwise we all become serfs all over again.
Ah yes, the rudest form of agreement - downvote without justification.
If you can't explain why i am wrong, consider i am right.
A certain kind of arrogant man who hails from the land of theory tends to believe that everything can be perfectly optimized, that even real-world systems can be designed with mathematical guarantees as to some constraint or another. In their world every thing and every one is an abstract variable to be managed and modified, a goat to be herded. User input is modeled as untrustworthy, hostile input and treated accordingly. The unwashed masses have never toiled in their sterile computer science cathedrals, never been anointed with the sacred waters of ROOT, and thus could never possibly deserve to wield the powers of computation without the infallible guidance of Saint Jobs (peace be upon him) and his holy host.
To compute on one's own is to open one's electronic soul to the Sins of Free Software. Such devilish arts must be shunted to the margins of society, till they may be purged on That Day when all shall bask in Google's light forevermore.
Yes. Run the sideloaded apps in a VM. Modern phones are powerful enough to do that.
Back when the Apple hardware for iPhone offered real isolation between apps, yes. But that's really hard to maintain and isn't PRISM-friendly. Neither Apple nor Google can justify offering real isolation for apps in the current market.
I thought sandboxes were precisely what they are doing.
Yes but they're virtual now where the early apps were physically or logically isolated with memory isolation and secret vault. They still have the secret vault but the virtualization layer is all software and the OS has special access.
---
iOS and Android still provide per-app sandboxes, but those sandboxes are managed entirely by the OS kernel and higher-level frameworks.
Secure Enclave (iOS) and Titan M/TEE (Android) still exist for cryptographic operations, biometric data, and DRM, but access is brokered by the OS. The enclave doesn’t run apps; it just provides cryptographic functions.
OS privilege expansion: system services have visibility into app data at runtime for telemetry, background tasks, push notifications, etc. Apps are isolated from each other, but not from the platform owner.
Result: app-to-app compromise is still difficult, but OS-level compromise (intentional or not) gives broad access. This design simplifies features like push services, app updates, and sync, but makes "true isolation" (hardware separation, zero OS visibility) infeasible in today’s consumer mobile ecosystems.