this post was submitted on 15 Jul 2026
207 points (99.1% liked)
Open Source
47885 readers
635 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
- !libre_culture@lemmy.ml
- !libre_software@lemmy.ml
- !libre_hardware@lemmy.ml
- !linux@lemmy.ml
- !technology@lemmy.ml
Community icon from opensource.org, but we are not affiliated with them.
founded 7 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
So with your career in ITSec, you're aware of the massive amount of malware found in the play store? That it has historically been the main distribution vector for malware?
You are downplaying the hoops here by a lot. To install software on my own phone.
Stop calling installing software "side loading". Its nonsense.
I k ow that the Playstore is also full of crap, I don't deny this.
But, just because our back window does not close correctly, do you leave the front entrance open?
Not the best analogy maybe, but a visual one
Except you have it backwards. The play store is the primary vector. The play store is also pre-installed on Android devices, and even without the whole verification nonsense, you still need to allow a different app repository to install.
Not cleaning their own play store up first means it has nothing to do with what they are claiming. And lets be candid - they have absolutely not.
The analogy is bad specifically because its not reflecting the issues anywhere near accurately. This is closing a window on the second floor while the front door is wide open with a sign that says "Come on in!".
That assumes that Google does not do anything about the appstore and that is objectively not true.
Is it enough? No ideas, but still, it does not change the need for better endpoint security.
I firmly disagree. The issue has nothing to do with the endpoint. They have done very little with the play store relative to this massively impactful change to installation practices in creating a walled garden - precisely the reason many, myself included, chose not to go with iOS in the first place.
So the very idea that this is an endpoint security issue rather than an app store issue is, to me, laughable at best.
Then we agree to disagree.
I think we are manly on the same page, but different opinions on priority and that's fine.
I declare both as a risk.
From my perspective, with this change, we could make Google directly reliable for malware in the appstore.
While this started as a very anti consumer change, as long as sideloading stays possible, this is a good measure.
There is no reason they shouldn't be now. Developer verification for the play store is one thing. Developer verification for installing an application on your own device is wholly separate.
And one is substantially higher risk than the other. Namely, the play store. As we recently saw with tens of millions of downloads from just a handful of apps in the play store. Does requiring this developer verification on a device resolve that problem? No. Not even remotely, does it?
As long as it impacts the device use (it does), it still is.
I'm leaving Android over this. I doubt I'll be the only one.
Good! I hope alternative mobile operating systems get traction out of this!
And again, there is no verification need anymore! That is exactly why I am so pissed about this debate in general.
Is the workflow simple? No. Is the 24hour period comfortable? No. Do I understand why? Yes, but one or two hours would be enough
We'll see. The plan for now is a tcl flip with hotspot and a clamshell linux box in my pocket.
Please read the very first sentence in that slide. Then read through those steps again (and look at the steps inside of those steps).
Yes, there is a need still, or there are a series of annoying, anti-consumer steps involved, in an effort to have a walled garden.
Android and Google are not worth supporting over this. Again, not dealing with the play store first and thoroughly tells me this has nothing to do with security. If it did, they wouldn't be going this route.
I had a good look at the process. And yes it is not very convenient and or course it is not just to protect users, that is a secondary marketing effect.
I completely lost this view after all those heated debates, thanks.
As long as people claim that F-Droid will stop working and other stuff, based on the initial plans, I classify most of the debate as fear mongering .
And good luck and fun with your new setup. I still have an original OpenMoko, to bad GSM is dead here.
And, thanks for the debate.
Yeah I'm not debating that there is fear mongering about this at all, just - as you noted - this is not about protecting users. Thats a farce.
This is about Google trying to close up their ecosystem, device first. That is the issue I take with this whole situation, its a clear step in that direction being marketed as something it decidedly is not.
And I think Android users should recognize what it actually is, and try to find a different option than Apple or Google going forward.