Hacker News new | ask | show | jobs
by msl 86 days ago
> Honestly, if coerced sideloading is a real attack vector, [...]

I don't believe that it is. I follow this "scene" pretty closely, and that means I read about successful scams all the time. They happen in huge numbers. Yet I have never encountered a reliable report of one that utilized a "sideloaded"[1] malicious app. Not once. Phishing email messages and web sites, sure. This change will not help counter those, though.

I don't even see what you could accomplish with a malicious app that you couldn't otherwise. I would certainly be interested to hear of any real world cases demonstrating the danger.

[1] When I was a kid, this was called "installing."
1 comments
Stagnant 86 days ago
This is the thing that bothers me the most about this. It is as if even the HN crowd is taking it as given that malware is this big problem for banking on Android but in reality there seems to be very little evidence to back this up. I regularly read local (Finnish) news stories about scams and they always seem to be about purely social engineering via whatsapp or the scammer calling their number and convincing the victim they are a banking official or police etc.

That's why I'm inclined to believe Google is just using safety as an excuse to further leverage their monopoly.

link