Stop fucking calling it sideloading. It is called installing an app
So it’s on the same scale as buying a gun in the states.
I didn’t realise it was so dangerous.
Not quite. The majority of states have no waiting period to buy a gun and there’s no federal law, either.
Oh. It’s more dangerous than a gun then!
Political power grows from the barrel of f-droid
It’s so weird that they don’t take comments on the android developer blog post… Almost like they think it’ll be hugely unpopular.
To those who think it is a fair compromise: It is not.
Android already had one layer of this shit before. When installid freshly dowloaded apk, android would prompt you to confirm that the source of the apk is trusted. This was not like this before. Before you’d just install apk.
And I agree to a certain amount. But thing is, it was added for no specific reason. People who install apks form outside source, will keep doing it and they 99% of the time know what they are doing or being told to do so by someone who knows what they are doing.
Adding another layer to this wont solve the problem, except make users annoyed for 24h wait time. And this is only adding 1 layer now. Who the fuck knows what is going to be 1 year later. 5 years later?
The thing is, people who do it and trust others to say, “just do it” - are the crazy ones.
It’s like the bs Tech Talk in TikTok. Always telling you to run RegEdit and such… oof.
No one thinks this is fair. Little old grannys don’t side load apps, so they don’t need protection.
Google is the epitome of living long enough to become the villain.
They changed their “don’t be evil” motto years ago. I guess they must have kept two thirds of it.
A motto was never going to stop them from going sour. Any corporation that gets large enough and is publicly traded is going to attract sociopaths, narcissists and other Patrick Bateman wannabes to the positions of leadership within the corp like sharks to chum. It is a matter of when that gradual shift from good people to bad people takes place, not if.
The problem is that our economy and corporate structures reward the scummiest people because they’re the best at making profits.
I teach digital literacy and 99% of unsavory software I encounter on people’s phones come from the play store or app store
I will believe that they’re serious about protecting users when I see them do something about the crap ton of borderline scam solitaire and weather apps infesting their stores
Your wish is fulfilled. Google now requires the government id, full biometrics and shared gps location to publish apps in the store.
See, that is fine. If Google wants to have a safe and curated, high quality store, (which it doesn’t), it is very logical that it would want to have the origins of software very well identified.
AS LONG AS it provides a mechanism for users to access other sources of software.
They are doing the opposite, allow bullshit apps in the “safe store” while hindering the independents.
We desperately need a decently competent OSS phone OS, if possible with a compatibility layer for Android apps.
I mean, yeah. They do. Would it be finally enough to stop all scammers online? All in on a clear “No”.
Motorola has Graphene OS soon.
google doing their best to make me move to a different platform for my next phone.
anybody know of other options?
Linux phones are about to get interesting.
I’ve heard that 15 years ago
Same with what we were hearing about the Linux desktop!
…yet here we are in 2026 and literally all my desktops have since become Linux, lol.
15 years ago the world wasn’t looking for a maliciously compliant escape route.
Unfortunately, I don’t think most people are too interested even now. The masses that buy phones and make it profitable aren’t aware of things like this or even give a shit. Any time I bring something up with friends and family it gets shrugged off. Realistically Linux phones are going to be fringe unless they can offer something up to the masses that is attractive to them.
Hope I’m wrong.
They were interesting 15 years ago, too.
Still think the Nokia N900 was the best phone of all time.
It feels that it is either Linux phones, or Fairphone, or GrapheneOS. We are somewhat fucked.
I don’t think anything other than degoogled Android is mature enough to recommend. And it looks like degoogled androids might extinct soon.
What makes you say Degoogled Android might go extinct? Projects like LineageOS and GrapheneOS are still going strong. /e/OS, murenaOS, VollaOS and other similar phones have been coming out of the woodwork recently. I think DeGoogled Android is just getting started.
That is, unless, you mean Google is working hard to close down AOSP so the downstream DeGoogled projects don’t function anymore? Then yeah, I sadly have to agree.
Google seems to start cracking down on free android, I don’t really believe they want to just stop the ability to install apps on your regular android and be done with it. Once they get the taste for blood, they can’t stop
I’ve preordered my jolla phone a few weeks ago. It will arrive around september. Let’s hope it don’t suck 😉
In these scenarios, scammers exploit fear – using threats of financial ruin, legal trouble, or harm to a loved one – to create a sense of extreme urgency. They stay on the phone with victims, coaching them to bypass security warnings and disable security settings before the victim has a chance to think or seek help.
Does this actually happen? Or they just trying to manufacture consent to all this bullshit?
Do calls like that happen? Unfortunately, yes.
Is it a reason to lock down and enshittify every computing platform, every OS, every Internet-connected device until we own nothing, control nothing and can’t install what we please?
It’s an age old tactic of manipulation to start with something true, exaggerate the threat, and apply it everywhere possible.
age old
Yeah for sure. I have to deal with a lot of tech-support and similar scam victims, and I always wind up explaining that this con is as old as civilization at least, it’s just the location and props that are new.
Lure you in with a benefit or problem solved, ensure that you get lost or disoriented, manufacture fear/uncertainty/doubt, offer a way out, trap is set.
Once upon a time I had someone try to run this same scam on me in meatspace, a big ancient city. Offer a solution to a logistics problem, get me lost in the maze, create new problem of changed conditions, intimidate with new people arriving, and pressure with intense sales tactics on a bullshit product. I wasn’t actually lost so just walked away, curiosity satisfied, but some people would have lost a lot of money.
Never seen it and I’ve worked in banking which I would have thought it would be most prevalent. Seen lots of traditional scams, but never stuff that involves side loading apps. I think the attack surface is just not big enough to make it worthwhile.
That does happen. You can see stuff like that on scam baiting videos all the time.
they do happen yes
Well I’m sure we’ve all heard stories about it happening, and my FIL had someone walking him through a “Microsoft has detected a virus on your PC” scenario one time until he fucked up and lost the connection (fortunately)
This would make sense if google play store wasnt full of malware. Scammers dont need you to sideload malicious apps they just get you to download it from the play store.
Worked in a phone store for a bit. And absolutely this.
Googles half the malware themselves.
Cant install (random app name here, since we cant use X anymore as a generic thanks to musk and his 13 year old obsession with naming everything X) app, without having 1500 different google bullshit data trackers installed.
How about a 24 hour waiting period for me to harden my OS before Google slurps up all my data.
fuck google. We immediately need linux like alternative to android
Is GrapheneOS a good enough alternative?
I am very interested in switching to that when their phone comes out… But I wish pure Linux were viable.
It just works. Some banking apps won’t.
One of my banking apps (Citi) didn’t even work in stock Android on a Pixel. It thinks I’m rooted lol.
Everything works well enough in the browser though. Nowadays I just do all that stuff on a desktop PC. Not everything needs to be an app or even done on a phone.
The desktop versions of bank websites have everything I need, whereas mobile versions can skip out on certain features. Plus, these apps tend to hoard perms for “security” reasons, or so they say.
If you have a strong password and legit MFA (like TOTP or a physical key), use a trusted device/browser that’s good enough. There shouldn’t be a need to grab my location or nearby devices.
Bonus points if the bank lets you review login sessions and deauth devices, flags things like impossible travel, etc.
Credit unions tend to do better. DCU is one example. They excel at security, don’t do any silliness with perms in their app, let you review logins and devices, and have a strong MFA implementation. The big private national players just want to sell you to data brokers to pad their margins while you pay ridiculous interest rates on their crappy products and get nothing in return.
I use the browser with a hardware TAN generator, though my bank’s app works fine on GOS.
Graphene has some quirks, but overall experience is solid. Not perfect, but it does the job.
We basically need an android compatibility layer before that can happen.
Iirc, ValvE was working on one for the Steam Frame so all the Android VR games will run natively on SteamOS.
Edit: its called Lepton. Here’s an article i found about it.
Iirc lepton basically just runs Waydroid/lineage under the hood so its still android
I’m not sure that would be necessary, actually. Android is derived from Linux, surely they can do a translation layer for the majority of API calls? I mean there’s no need for emulating anything, nor would it necessarily require layering an entire android install on top of Linux…? But my programming knowledge is limited, and somewhat rusty, so I’m not really sure.
Its just full Android.
90% of Android isn’t Linux it’s, well, Android.
I’m not too familiar with the project, but I thought I heard talk about it being a compat. layer instead of a VM. Idk though, I might be entirely wrong lol.
Its just full Android.
90% of Android isn’t Linux it’s, well, Android.
Never mind then lol. Might at least be more optimized like they did with Wine/Proton.
I’m interested in Jolla phones who develop this os: https://sailfishos.org/
Meanwhile the scam apps and viruses in the damn play store: …
Exactly, scammers aren’t having people install unverified apks, they are sending people straight to the play store and they have the money to pay the verified dev process. It’s all automated and no single human checks applications. It is all based on paying.
Come join us at /e/OS, we don’t have this https://e.foundation/
“This is Android’s new ‘advanced flow’ for INSTALLING apps without verification”. Sideloading is such a bullshit term made only to confuse consumers. They can wrap that in sparkling wrapper, but it’s still security theater at best and definetly misleading. Apps from F-Droid or any other app ‘store’ are not any less safe than the ones at googles own offering.
Without verification by Google. I am very much capable of verifying the origin and trustworthiness of the apps I install.
The advanced flow is not for “installing apps”. It’s for sideloaded apps.
Semantics, no? Side loading is an alternate way of installing.
Yes, it is, thank you.
Do you consider installing games to you PC from Steam sideloading too? What about downloading Firefox installer? It is installing software on your computer, no matter if that computer happens to be in a cellphone form factor, and always has been. Sideloading is a made up term to make it sound somehow dangerous or complicated in order to justify even bigger walls on the ecosystem garden and control how people use their own devices.
Do you consider installing games to you PC
This is not a PC though. Whether you or I like it or not, they are different. And no one wants to type out “installing apps from outside the Google Play Store” every time. It’s a useful term.
Sideloading is a made up term
All terms are made up.
to make it sound somehow dangerous or complicated in order to justify
[Citation needed]
People keep saying this but it makes absolutely no sense. The term predates both Apple and Google, and nothing about the term itself suggests it is “dangerous”.
“installing apps from outside the Google Play Store”
To me that implies it’s somehow different than just installing software. You could say ‘install from play store’ or ‘install from f-droid’ if you need to specify which app repository you should use, as that what it is. Sideloading might be an appropriate term if you need to upload apk to your device via USB-cable from your PC, which the term originally meant.
to make it sound somehow dangerous or complicated in order to justify
[Citation needed]
From the article:
This “advanced flow” is for power users and enthusiasts who “want to take educated risks to install software from unverified developers.” Google says it was “designed carefully to prevent those in the midst of a scam attempt from being coerced by high pressure tactics to install malicious software.”
Sure, the term itself comes from 1990s, but lately specially Google tries to twist that to mean something only ‘power users’ do and it comes with a ‘educated risk’.
To me that implies it’s somehow different than just installing software.
That’s because it is, as I’ve just finished explaining. Again, see the “advanced flow” in OP? This does not apply to “installing software”. It only applies to sideloading. I’m not sure why this is so difficult to understand.
You could say ‘install from play store’ or ‘install from f-droid’ if you need to specify which app repository you should use
That’s true, if you were referring to a specific repository, but the term “sideloading” does not refer to any specific repository, as you know.
From the article:
None of this says “sideloading” or refers specifically to the term, it refers to the practice.
Google tries to twist that to mean something only ‘power users’ do and it comes with a ‘educated risk’.
You’re incredibly naive if you think anyone other than “power users” are sideloading.
And it does come with risk, because it might come from a reputable source like FDroid or it might be a random app from some unverified (by anyone) sketchy website, and the system has no technological means to tell the difference.
This does not apply to “installing software”.
So it doesn’t apply when I click the big button which says ‘Install’ on F-Droid app on my phone?
And it does come with risk,
Just like installing software from the ‘secure’ Google Play store.
Installing software is installing software, no matter where you get that software from. That’s it. You can try to twist that with nuances on terminology or invent new ones, the end result is that an piece of software is installed on the system and nothing more. It doesn’t matter if the software came from play store, f-droid, steam, windows store, shady google drive link or the pirate bay. It doesn’t matter if you’re a power user or never seen a smartphone before in your life.
Sure, there might differences in potential security, compatibility, licensing and whatever, but it is still a piece of software being installed.
So it doesn’t apply when I click the big button which says ‘Install’ on F-Droid app on my phone?
Please note the use of quotes. I was using “installing software” the way you were, as in literally any software. Whereas this does not apply to apps in the Google Play Store. That’s why the distinction is important.
Just like installing software from the ‘secure’ Google Play store.
Yes, just like that, except a higher level of risk, because potentially no one is verifying the validity of said software. And as I already explained, there’s no technological way for the OS to differentiate a legitimate source like FDroid from a random sketchy website on the internet.
Installing software is installing software, no matter where you get that software from
Except it’s not, because sideloading is different, as you know, if you actually read the OP, and if you actually read my comments where I already explained how it’s different.
Now I’m done repeating myself over and over, so unless you have something new to contribute to the discussion, I’m out. Have a nice day!
