this post was submitted on 03 Oct 2025
639 points (99.2% liked)
Technology
77955 readers
2592 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You misidentified your objection. It isn't sideloading removal, which isn't happening. It's developer verification, which affects the sideloading that remains available.
Just because you don't understand the value of verifying signatures doesn't mean it lacks value.
I recall the same alarm over secureboot: there, too, we can (load our certificates into secureboot and) sign everything ourselves. This locks down the system from boot-time attacks.
Then sign it: problem solved.
Developer verification should also give them a hard enough time to install trash that fucks their system and steals their information when that trash is unsigned or signed & suspended.
Even so, it's mentioned only in regard to devices certified for and that ship with Play Protect, which I'm pretty sure can be disabled.
Promise kept.
No, I don't. Developers are always going to need some way to load their unfinished work.
That's twice that you've missed the point that everyone else is saying. Read it again:
Google is irreversibly designating themselves the sole arbiter of what apps can be freely installed in the formerly-open Android ecosystem. It's the same as if they just one day decided that Chromium-based browsers would require sites have a signature from Google and Google alone. I honestly don't give a shit if they did it just on Pixel devices, but they're doing it to the phones of ALL manufacturers by looping it into Play services.
I just don't understand: why the fuck are you so pussy-whipped by Google that you're stanning their blatant power grabs?
I don't understand why you can't read: (1) developer verification can be disabled, bypassed, or worked with, (2) you called it sideloading removal, which it isn't.
You just don't like the extra steps that limit the ease for ignorant users to install software known to be malicious that could have been blocked. I don't like handholding my dumbass folks through preventable IT problems they created.
So let me buy a goddamn phone that I can install what I want in it. Again, I do not give a shit about any phone manufacturers that want to make a walled garden out of their Android installations. I agree, it's perfect for the grandmas of the world. But Google is forcibly doing this to every goddamn phone, phone manufacturer, and Android enthusiast.
The only silver lining is that whenever Google decides that unregulated social media services like Lemmy are not family-safe I won't have to listen to your malicious horseshit.
Seems you don't care about grandmas & gen z.
They can manage.
So casual users can get wrecked, yet I'm malicious? Maybe think of users other than yourself, weigh the potential losses to them by successful attacks, and consider whether OS designers have a legitimate claim in preventing exposure of known threats to casual users while still allowing power users to bypass those checks.
You're assuming I use an Android app (trash) to get on here, and not a proper workstation or web browser. You're welcome to this "malicious horseshit" for eternity.