[array_key_first]

I really don't understand this mentality at all. Freedom is about the ability to do more stuff, not the requirement to do more stuff. Meaning, everything you want to do with a locked down phone, you can do with an open one.

There's no, like, gun to your head saying you HAVE to side load apps. You can just... not... do that. If you think side loading is insecure. You can download 100% of your apps from the play store. In fact, that's what 95% of people do.

I mean, what's the threat model here? That you somehow forget your own belief about side loading being insecure and then accidently side load an app? Does that even seem possible?

I can kind of understand this argument for granny who doesn't know where she is. Kind of. But for you, it makes no sense. I mean really, think about what you're saying here about you as a computer user or even as a person.

[unyttigfjelltol]

Hey, I’ve side loaded and F-Droided and all that. But here’s the thing: I just need the phone to work, minimally spy on me, and not turn into some horrible malware sinkhole. Google and their OEM ecosystem lost my confidence on all three counts.

One thing I used to side load or F-Droid was a keyboard, to circumvent what I perceived as privacy violations. But my selection Year 0 got forked or disappeared by Year 2, idk when or why, and thats a glaring security or privacy risk that I don’t have time to monitor and figure.

I actually thought Google’s solution in the article was charming— toggle developer mode. If you’re in developer mode you know you’ve got something to monitor and mitigate. Smartphones just aren’t powerful enough to use for their own defense at a consumer level against professionalized hackers, and from a product positioning perspective Google’s move is completely defensible.

[left-struck]

Well people can be tricked into sideloading apps if it’s possible.

To be clear I’m totally on your side and I think that’s a ridiculous reason to not have an open system, but let’s not pretend it’s not a possibility because doing so harms our otherwise very solid argument

[array_key_first]

It is definitely a possibility, for granny like I pointed out. Not for this person, who is aware of the risk and does not want to side load apps.

Like I said, they would have to somehow forget their own beliefs. Doesn't seem likely to me.

[literalAardvark]

If you look at the workflows for these changes, you'll notice that some of them are actually there to prevent you from doing stuff under duress.

Like it or not, if one wants security some freedom will need to be moved elsewhere.

And since the market is heading that way, the only thing we can do is form an android sandbox SIG and maintain a fork for enthusiasts.

[cryptonym]

Let's not be naive by pretending improving user security is the main purpose of that move.

[literalAardvark]

May or may not be. It does significantly improve security.

[cryptonym]

I miss data to confirm any of this does significantly improve security.

Anecdata: I have yet to meet someone who have been targeted by unknowingly side-loading apps.

If they really want to improve security they can work on much more impactful changes. I know people having been scammed by ads proudly delivered by instagram and google. I read about malicious apps that somehow went through official store filtering.

[literalAardvark]

They're doing good work on those fronts as well, but in war you don't win all the battles.

It's also especially difficult to tighten security in the direction your money is coming from.

Android has no such constraints