a lot of applications available off of the official app-store are both not malicious and quite useful, and there's still a security warning & a setting that you need to change prior to downloading anything

an example: in a previous UI update, Samsung had randomly removed the swipe navigation gesture option, a useful feature I'd used to navigate around for years. developers immediately released a reputable APK providing that feature again there's tons of beneficial applications

Good thing that's not what's being discussed. There's a difference between developing something under a specific developer license and just developing something that functionally runs Android. Many people run windows apps that are unsigned, many or most of them are legitimate applications 🤷‍♂️

This is "why don't they make crime illegal" levels of unaware, my man

I assure you that it isn’t

I mean this in the most good faith way, I'm not a discover feed weirdo, it's ok to accept you are wrong this time. You're doing exactly the thing you railed against the other day except it's computers instead of reporting. bsky.app/profile/coop...

Buddy, I work in enterprise IT and the best directive you can possibly give for security on mobile devices is don’t run unsigned software on your device. I have no idea what you’re trying to accomplish by bringing up that post.

The world of enterprise IT is not the world of normal people using a computer and I think you might have a skewed picture from it. Malware is not just miners and ransomware, the software stealing the most information and doing the most damage to us is happily signed and stamped by every app store.

But I brought it up because I got the impression that you're a reporter from you talking about other people not knowing how that works. No idea you're an IT guy. Misread on my part. I'm still confident that you're reading not allowing unsigned software on phones wrong. It's all about ad tracking.

It's a tough problem. On one hand you absolutely need to set and enforce trust based on knowledge (that normies lack!) and standards. On the other hand delegating that control to monopolistic hegemonic surveillance capitalists does real damage. Ultimately most phone apps are borderline malicious.

Define "malicious". How would you meaningfully detect and restrict software that fits that definition?

This is like the most daft you can be

I mean… there’s an “I know it when I see it definition”, but that doesn’t actually work when you’re the engineer tasked with building an operating system. Fundamentally you can go with an “allowlist” approach, of “we only run software we KNOW is safe”, or a “denylist” approach

Of “we only disallow software which we KNOW is dangerous”. Which of those two approaches would you choose?

I’m going to make the assumption that unsigned software is malicious and I think you know that and are making a really weird assumption to argue against it

That's basically what Google has done here, but it's also a big change to something that's always differentiated Android from iPhone. And I know iPhone gets away with it (for now), but basically forcing you onto the Google Play Store for a 30% cut is IMO philosophically wrong. I don't see any reason

why the current status quo is bad. There's multiple layers of protection before you can allow yourself to install unsigned software on the device. It's even now where it's not a universal toggle off, but you have to do it for each app.

It very much is not.

No, I'm serious. What they've done is sidestepped that question (because it's impossible to answer) to instead whitelist developers.

I've been computering a long, long time, and I have even less of an idea of what rules could possibly encode "malicious" to any reasonable accuracy than when I started. I want `rm` to delete the files I say, and I want to write programs that can use the `unlink()` syscall

One time I literally just turned an app icon to a dark grayscale and recompiled the app for sideloading because the real one was causing burn-in on my phone screen.

This would not be allowed with the new app-signing rules, lol.