Darth Android
Posted4 months agoActive4 months ago
pluralistic.netTechstory
calmmixed
Debate
60/100
Android SideloadingGeneral Purpose ComputingApp Ecosystem Security
Key topics
Android Sideloading
General Purpose Computing
App Ecosystem Security
Cory Doctorow's article discusses the implications of Google's changes to Android sideloading, sparking a discussion on the trade-offs between security and general purpose computing.
Snapshot generated from the HN discussion
Discussion Activity
Light discussionFirst comment
15m
Peak period
4
0-2h
Avg / period
1.8
Key moments
- 01Story posted
Sep 1, 2025 at 2:55 PM EDT
4 months ago
Step 01 - 02First comment
Sep 1, 2025 at 3:10 PM EDT
15m after posting
Step 02 - 03Peak activity
4 comments in 0-2h
Hottest window of the conversation
Step 03 - 04Latest activity
Sep 2, 2025 at 12:37 PM EDT
4 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45095537Type: storyLast synced: 11/20/2025, 5:54:29 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
Google is finally forced to impose one of these on its malware-beleaguered app ecosystem -- accountability -- and suddenly people think it's the evil empire.
"General purpose computing" is nice to have if you're tinkering around, but from an infosec standpoint it boils down to "arbitrary code execution", and when it comes to the devices ordinary people use in the everyday world, people don't want it. It's too much of a risk. My wife carries an iPhone, and is incredibly thankful that Apple is protecting her data and privacy, in part by refusing certain kinds of apps to run on their platform. People have their bank accounts, credit cards, government IDs, taxes, health information, etc. tied into these devices, all of which can easily be stolen or fraudulently used if we allow random software to run willy-nilly. It's time for accountability in the mobile app space. Part of being a professional is staking your professional reputation on everything you put out there, and if you're not willing to do that, don't develop for the platform. If you want to tinker around, buy a Raspberry Pi 500.
Then provide security guarantee. Apps can’t read my contacts unless I explicitly give them access. Google and Apple have still yet to take trivial steps to protect users (e.g. ability to deny an app network access). This has nothing to do with security and everything to do with control.
> If you want to tinker around, buy a Raspberry Pi 500.
Why? Why should tinkering be banned completely of the computer that most people use the most in their whole life (often their only computer)?
Even if such a permission existed, how many grandmas do you think will obey when instructed: "I will send you a link, please do the needful and download this app, then go into settings and enable internet access, contact access, and payment method access"? My guess is: a lot.
> Why? Why should tinkering be banned completely of the computer that most people use the most in their whole life (often their only computer)?
Because 99.9% of the users of such computers do not care about "the ability to tinker", wouldn't miss it if it were gone, and are at substantially greater risk of fraud, identity theft, or worse if it were there.
Because the average user cannot reliably—and doesn't want to—manage security permissions for every app. The UAC dialogs were a stark lesson in this. Users are easily tricked or lulled into giving an app permissions it shouldn't have.
Anyway, Google isn't banning tinkering completely, only tinkering without accountability.
though resistance is amusing
the whole set up is symetrical in that it still requires many millions of individuals to self manage a significant portion of the sales, and so having a bit of web frontage and making a buck is easy
millions of people, blithly causing every kind of chaos without any specific intent to resist or oppose anything just trying for a piece of the pie, no malice, no grand plan for world domination, but fearsly focused on getting something for themselves, and will lie and cheat and steal, and break things, but just a little bit
and so, today, we can see the attempts by various powers to institue some order around here, though there laments are startlingly similar to the chant's of the god's decrying how they could not get any peace ir rest,because of all the noise and trouble caused by the people of mesoptamia 4000 years ago
always almost
I'd say it's law AND technology. Because even if it was technically possible to break some protections, it wouldn't mean it'd always be economically viable to do that. It really gets harder because the security is being improved (albeit this "security" is for the device manufacturer, not me).
While it isn't legal to break these protections and make a product around that, it is legal to try to break them and get a reward if a company offers such program. I guess both Google and Apple offer them, but of course governments indirectly pay more for these exploits.