zlacker

[return to "Google will allow only apps from verified developers to be installed on Android"]
1. arielc+542[view] [source] 2025-08-26 11:11:45
>>kotaKa+(OP)
Meaning to use your device you need to have a contractual relationship with a foreign (unless you are in the US) third party that decides what you can or cannot do with it. Plus using GrapheneOS is less of an option every day, since banks and other "regulated" sectors use Google Play Protect and similar DRMs to prevent you from connecting from whatever device you want. Client-side "trust" means the provider owning the device, not the user.

Android shouldn't be considered Open Source anymore, since source code is published in batches and only part of the system is open, with more and more apps going behind the Google ecosystem itself.

Maybe it's time for a third large phone OS, whether it comes from China getting fed up with the US and Google's shenanigans (Huawei has HarmonyOS but it's not open) or some "GNU/Linux" touch version that has a serious ecosystem. Especially when more and more apps and services are "mobile-first" or "mobile-only" like banking.

◧◩
2. pimter+V42[view] [source] 2025-08-26 11:20:21
>>arielc+542
I think Play Integrity is the fundamental issue here, and needs to go. That's the crux of the issue.

Allowing apps to say "we only run on Google's officially certified unmodified Android devices" and tightly restricting which devices are certified is the part that makes changes like this deeply problematic. Without that, non-Google Android versions are on a fair playing field; if you don't like their rules, you can install Graphene or other alternatives with no downside. With Play Integrity & attestation though you're always living with the risk of being cut off from some essential app (like your bank) that suddenly becomes "Google-Android-Only".

If Play Integrity went away, I'd be much more OK with Google adding restrictions like this - opt in if you like, use alternatives if you don't, and let's see what the market actually wants.

◧◩◪
3. avhcep+X52[view] [source] 2025-08-26 11:30:25
>>pimter+V42
Banks seem to actually "want" Play Integrity. At least they act like it. I bet they would like for normal online banking on user-controlled devices to completely go away.
◧◩◪◨
4. termin+vv2[view] [source] 2025-08-26 13:58:00
>>avhcep+X52
Of course they do, and of course they would. Banks are in a crazy legal position where they are financially liable for user stupidity. If my bank account gets breached, it doesn't matter that I didn't take any reasonable security measures, the bank will still have to refund me. If the bank could say "you didn't follow our recommended security practices to use a PW manager and MFA or passkeys, so it's a FAFO situation for you," then they wouldn't be pushing for this stuff. But they can't do that because the government doesn't allow them to.

There is even government regulator pressure now for financial services to be liable for cases where the user legitimately authorizes a transaction to a party that turns out to be a scammer. Of course the banks want to watch your every move and control your devices. They would be stupid not to given the incentives.

◧◩◪◨⬒
5. blizdi+IA2[view] [source] 2025-08-26 14:24:31
>>termin+vv2
In what country do you live? In America, users are liable for the banks stupidity. If they don’t verify credentials and give away all of my money, I do NOT get it refunded, they are NOT responsible, and I am the victim of “identity theft.”
◧◩◪◨⬒⬓
6. termin+5F2[view] [source] 2025-08-26 14:44:21
>>blizdi+IA2
I live in America. I have got back every single cent I have lost due to fraudulent charges on my account. Furthermore, I was refunded instantly by the bank pending investigation.
◧◩◪◨⬒⬓⬔
7. no_wiz+cH2[view] [source] 2025-08-26 14:52:14
>>termin+5F2
The bank you have did the right thing and I think most banks and credit unions will do this, as it’s bad for a lot of reasons not to.

That said, the legal obligations around how this works is very different. One of the reasons common advice is use a credit card for online purchases instead if a debit card or checking account link is because of the fact that they have different liability expectations around fraud[0]

[0]: there are of course a multitude of good reasons for this advice generally speaking, but this one is cited a lot

◧◩◪◨⬒⬓⬔⧯
8. vlovic+ib3[view] [source] 2025-08-26 16:59:14
>>no_wiz+cH2
You are incorrect. This isn’t good will measures, these are required by law. The EFTA, for example, requires banks to make you whole against fraudulent ATM transactions. The CC recommendation is more about you having more time and flexibility to dispute the charge without risking access to cash; most Americans don’t even have a few thousand dollars in cash so a fraudulent ATM withdrawal is a major problem. But if you have a good chunk of cash the fraudulent ATM transaction will not really be felt by you provided you follow the requirements about notification (you have 2 days after noticing to report it to the bank).

The losses due to fraudulent CC activity are governed by the FCBA.

It’s shocking how people think companies do this kind of stuff out of good will rather than being forced by law.

[go to top]