[cbolton]

It's bypassing the usual channel for app installations, so the term is technically fitting and the loaded meaning is also appropriate since it's mostly used by nerds (maybe too strong a word) and bad actors.

There are legitimate uses of sideloading for regular users, for example if you have solar panels that work with a Huawei app, they can't put it on the Play store because of US sanctions. But that's not Google's fault, and that does mean the app is more risky since it's not monitored by Google.

(I'm not saying sideloading is otherwise illegitimate, it's an important feature but it's not something I'd normally recommend to a non-technical user that already chose to use a phone with Google's system.)

[devsda]

> that does mean the app is more risky since it's not monitored by Google.

Why is Google the arbitrator of risk here ?

As a user I'm capable of assessing the risk directly or indirectly by delegating that responsibility to another store or another program a.k.a anti-virus programs, its my choice in the end.

I want Google to build software like Windows Defender and allow others to build similar software. I want the ability to chose my security provider or not have one. I don't want Google to play nanny.

[cbolton]

> Why is Google the arbitrator of risk here ?

Because they do the monitoring and take some responsibility? I'm just comparing "install from the Play store" with "install some apk from wherever". If you bring additional context/knowledge of course it makes a difference.

[immibis]

Risk and responsibility are different. Monitoring, responsibility, those are just silly words with semantic games since Google's store is full of malware while F-Droid is not. Google's store is the risky one, and the words on their compliance statements are irrelevant to that fact.

[cbolton]

I don't feel like I'm the one playing semantic games here, I'm just arguing that the term "sideloading" is a useful distinction vs "installing through the main channel" (whatever that is: could be the Play store, or F-Droid, or Huawei App Gallery).

Google's store has malware, but the point is there would be even more if Google was not monitoring the apps there. The store is less risky than getting apks from the wild web, TikTok, etc.

Sure F-Droid is safer (as you would expect from a curated store of a few thousand open source apps compared to a store with literally millions of apps). But I wouldn't call that sideloading either when it's your regular channel to get apps.

[raw_anon_1111]

Yes because that has worked really well in the history of PCs with malware, bundleware, ransomware, etc

[__MatrixMan__]

Just because its the channel that google would prefer you use doesn't mean its "the usual channel". What counts as "usual" is user specific. I don't even have google play installed on my Android phone.

[cbolton]

True, I'm speaking of the situation for the crushing majority of users (outside China I guess), not for literally every user.

[__MatrixMan__]

Sure, but if we want to chip away at that majority, we need to encourage them to think of using the play store as a choice they have. Implicitly assuming that "install" means "install from the play store" is counterproductive.

[dpoloncsak]

>and that does mean the app is more risky since it's not monitored by Google.

This implies the play store isn't hosting tonnes of malware right now

[cbolton]

Yeah maybe it gives the wrong idea. It's still better than no monitoring at all.

It gets tricky with alternative stores like F-Droid. I guess if you use F-Droid as a trusted source then it shouldn't be called sideloading.

[immibis]

There is currently zero evidence that the "monitored" Play Store is better or safer than the open internet.

[cbolton]

I'm curious what's your actual opinion in absence of hard data. If your grandma tells you a website gives her instructions for sideloading Candy Crush, you'd say yeah fine or advise her to go through the Play store?