zlacker

[parent] [thread] 18 comments
1. Hacker+(OP)[view] [source] 2025-08-26 07:58:31
Everybody DEMANDS Google "do something" about malware, scam and fake apps. So it does.

For an average Joe and Jane, who gets their money stolen, that's a good move. They don't care about technology, they just want their bank, instagram, cat pictures and video calls to work and not get scammed. They are often lured into installing scamware through exactly sideloading APK, completely unaware of the risks.

In the article there's this comment:

> I'm struggling to see the benefit of this new policy. While it's presented as a security measure, the requirement to fill out these forms seems like a trivial barrier for actual malware creators, who will easily abuse the system.

Every scammer will have a different code signing certificate which you can then block if they spread malware. Right now it's a huge mass of scammers and malware authors indistinguishable from each other. And Google could possibly block them all which would also block legitimate applications (now that would spark outrage). Thanks to the new policy it'll be easy to add a single cert to the blocklist.

If you want absolute freedom on your device, just install a different Android - for example Graphene, Lineage, /e/OS, or Calix. They are all Android too.

It's so fashionable these days to go after Google.

Thanks Google.

replies(7): >>gregor+J >>potwin+91 >>63stac+j1 >>cresha+n1 >>Janicc+Q1 >>buyucu+d2 >>jjani+Ke1
2. gregor+J[view] [source] 2025-08-26 08:04:41
>>Hacker+(OP)
No, the average Janes and Joes don't enable side-loading: it's a toggle, not enabled by default, it's in an advanced setting pane and it's good as it is. Google has been controlling what is installed through their Store and that is enough for 100% of average users. They have been doing it badly though, leaving many scams through, same for Apple. They should focus on this, not the advanced users.
replies(1): >>Gigach+41
◧◩
3. Gigach+41[view] [source] [discussion] 2025-08-26 08:07:02
>>gregor+J
They do, particularly in developing countries because it allows installing cracked versions of paid software or ad removed versions.

They can just follow a YouTube tutorial showing how to get around all the barriers Android added.

replies(2): >>gregor+B2 >>const_+nC1
4. potwin+91[view] [source] 2025-08-26 08:07:37
>>Hacker+(OP)
I don't think they're teaching old people how to enable developer mode and sideload an apk onto their phone, rather than just asking for bank information over the phone with a convincing lie.
5. 63stac+j1[view] [source] 2025-08-26 08:09:03
>>Hacker+(OP)
>For an average Joe and Jane, who gets their money stolen, that's a good move. They don't care about technology, they just want their bank, instagram, cat pictures and video calls to work and not get scammed

We could also teach basic computer literacy in schools so people could understand common scams. We could sell phones with "extra protections" that people with less knowledge could buy.

The only reason to force this crap on everyone is control. What google cares about is getting rid of people's ability to block ads, kill youtube vanced, and so on.

Google will implement this, the consumers will pay for it, scams will still exist, and Google will open their hands and say "welp we tried". The infrastructure will already be in place, and it will never be revoked.

replies(1): >>jhansc+lb
6. cresha+n1[view] [source] 2025-08-26 08:09:31
>>Hacker+(OP)
> Thanks to the new policy it'll be easy to add a single cert to the blocklist.

And another tomorrow. And then five more the day after, four of which will have been stolen from clueless legitimate developers, whose apps will get blocked too.

Microsoft tried this whole nonsense before, it doesn't work in practice.

> If you want absolute freedom on your device, just install a different Android - for example Graphene, Lineage, /e/OS, or Calix. They are all Android too.

Sounds to me like an APT rootkit vector that will be the next on the chopping block.

> For an average Joe and Jane, who gets their money stolen, that's a good move. They don't care about technology, they just want their bank, instagram, cat pictures and video calls to work and not get scammed. They are often lured into installing scamware through exactly sideloading APK, completely unaware of the risks.

Maybe Joe and Jane should learn their lesson instead, and don't do banking on their cat picture device, if they can't keep it safe.

7. Janicc+Q1[view] [source] 2025-08-26 08:12:37
>>Hacker+(OP)
How would you feel if Microsoft applied the same logic to windows? Suddenly only apps from the microsoft store are allowed.

Why do smartphone makers get all these special privileges while Microsoft got the law handed down on them for daring to bundle a damn web browser with their OS?

replies(1): >>nolist+i31
8. buyucu+d2[view] [source] 2025-08-26 08:15:00
>>Hacker+(OP)
Nobody is demanding Google do anything aside from a very loud minority who is scared of everything. There is no malware, scam, fake app problem for anyone with an IQ of more than 70.
replies(1): >>kassne+2n
◧◩◪
9. gregor+B2[view] [source] [discussion] 2025-08-26 08:17:51
>>Gigach+41
It's hard to find reasons to protect someone trying to install a shady app. Using that one reason to kill the possibility to install third-party apps for everyone is shady.
◧◩
10. jhansc+lb[view] [source] [discussion] 2025-08-26 09:37:44
>>63stac+j1
Who's going to pony up the capital to teach computer literacy to a 70 yo in the boondocks of X developing country that is the primary demographic for these scams?
replies(1): >>63stac+Of
◧◩◪
11. 63stac+Of[view] [source] [discussion] 2025-08-26 10:17:36
>>jhansc+lb
Public education is already funded in most of the world, we just have to add it to the curriculum. People who can't be reached through that can just buy the "protected" phones in the meantime.
◧◩
12. kassne+2n[view] [source] [discussion] 2025-08-26 11:18:19
>>buyucu+d2
> There is no malware, scam, fake app problem

There is. But they are as prevalent as ever in the Play Store, so this decision will not move the needle.

replies(1): >>buyucu+n61
◧◩
13. nolist+i31[view] [source] [discussion] 2025-08-26 15:06:53
>>Janicc+Q1
Microsoft is already doing this for drivers and is a hair away from enforcing code signing as well.
◧◩◪
14. buyucu+n61[view] [source] [discussion] 2025-08-26 15:19:07
>>kassne+2n
I never had a malware/scam/fake app problem. Nobody I know has ever had malware/scam/fake app problem. This feels like a manufactured imaginary problem to me.
replies(1): >>kassne+zi3
15. jjani+Ke1[view] [source] 2025-08-26 15:58:35
>>Hacker+(OP)
> Everybody DEMANDS Google "do something" about malware, scam and fake apps. So it does.

Which Google department are you at? Some good stuff you've convinced yourself of here. My social circle is 99% normies, not once of them has ever brought this up. Normie news doesn't bring it up. You do though, to justify yourself.

replies(1): >>quantu+ao1
◧◩
16. quantu+ao1[view] [source] [discussion] 2025-08-26 16:35:54
>>jjani+Ke1
"Everyone" as in financial companies and governments
◧◩◪
17. const_+nC1[view] [source] [discussion] 2025-08-26 17:40:39
>>Gigach+41
This is also Google's fault - they allow and heavily promote adware on the play store.

The only reason anyone is trying to find cracked apps is because the legitimate apps are, in it of themselves, malware. Typically spyware and adware.

◧◩◪◨
18. kassne+zi3[view] [source] [discussion] 2025-08-27 06:55:11
>>buyucu+n61
From a quick search:

https://www.theregister.com/2025/08/26/apps_android_malware/

https://arstechnica.com/security/2024/09/11-million-devices-...

https://www.cpomagazine.com/cyber-security/over-300-maliciou...

Not sure which numbers you are expecting, but 90 million downloads combined isn’t insignificant.

replies(1): >>buyucu+vF3
◧◩◪◨⬒
19. buyucu+vF3[view] [source] [discussion] 2025-08-27 10:27:24
>>kassne+zi3
Then why doesn't these things affect real human beings?

These "news" articles read like paid advertisements by companies like Zscaler.

[go to top]