[blueg3]

> Given that both of these things are obviously true, it seems like a pretty obvious solution is to just have a pop up that has a install at your own risk warning whenever you install something outside of the official app store.

It is an obvious solution, and it's a good first solution. This popup already exists.

A problem in security engineering is that when people are motivated (which is easy to achieve), they will just click through warnings. That is why, for example, browsers are increasingly aggressive about SSL warnings and why modifying some of the Mac security controls make you jump through so many hoops.

The usual take on HN is take the attitude that the developer is absolved of responsibility since they provided a warning to the user. That's not helpful. Users are inundated with stupid warnings and aren't really equipped to deal with a technical message that's in between them and their current desire. They want to click the monkey or install the browser toolbar. The attitude that it's not my problem because I provided a warning they didn't understand doesn't restore the money that was stolen from them by malware.

[extraduder_ire]

A significant change that google implemented (announced?) for android recently was not allowing you to install software or allow "unknown sources" while on a phone call.

I think that's going to have a far more significant impact on people installing malware than developer attestation.

[terminalshort]

I guess this is a difference in philosophy then, but I think that the goal of security engineering should be to protect users from malicious actors, not to protect them from their own bad choices. If I give you a safety feature, and you turn it off, that's not my problem. There is a special level of hatred that I have reserved only for the busybodies who limit my choices and justify it as protecting me.

That said, your point about messaging is really good, and so many times I see security warnings I roll my eyes at how badly the message is written.

[degamad]

I agree that our choices should not be limited to protect us.

However, we need a better solution than pop-up warnings. I guarantee that you have clicked through a pop-up warning that was standing between you and the thing that you wanted to do (as have I, and everyone else who has used a computer for more than a day). We very quickly learn that most warnings aren't going to affect us, and that they're just saying "are you sure" to things that we're already sure of.

We've all selected a file, hit the delete key, got the pop-up saying "are you sure you want to delete wrong_file.txt", hit "yes" (because we always have to hit yes after hitting delete), then looked at the outcome and thought "oh, that was the wrong file" too late...

[dgoldstein0]

Which is why the default is often move to trash these days, or includes an undo option for a bit instead of a confirmation dialog.

But some actions are pretty hard to undo (eg installing malware), so the issue in general stands.