In addition to what others have said, it means some developers who were building for Android are going to stop. You can't install an app when someone is obstructed from building it in the first place.
> every Android app developer must register centrally with Google before their software can be installed on any device. Not just Play Store apps: all apps.
> Registration requires:
> Paying a fee to Google
> Agreeing to Google's Terms and Conditions
> Surrendering your government-issued identification
> Providing evidence of your private signing key
> Listing all current and all future application identifiers
Google is not an entity you can can trust with this.
Delve into System Settings, find Developer Options
Tap the build number seven times to enable Developer Mode
Dismiss scare screens about coercion
Enter your PIN
Restart the device
Wait 24 hours
Come back, dismiss more scare screens
Pick "allow temporarily" (7 days) or "allow indefinitely"
Confirm, again, that you understand "the risks"
Nine steps. A mandatory 24-hour cooling-off period. For installing
software on a device you own.
Worse: this flow runs entirely through Google Play Services, not the Android OS. Google can change it, tighten it, or kill it at any time, with no OS update required and no consent needed.
And as of today, it hasn't shipped in any beta, preview, or canary build.
It exists only as a blog post and some mockups.
The scams this directly targets are well known and common. Someone gets a phishing message, they have someone install some sort of malware on the device, then their bank accounts are drained into some offshore account never to be seen again.
That's why there's a requirement for restarting the phone and waiting 24 hours.
The restart ends the connection for any remote-access software or phone call that might be driving the operation -- and the 24 hour wait period breaks the "urgency" part of the scam that prevents other people who know better from stopping the vicim from continuing.
Had to read that sentence twice. You really think that there's more people getting scammed via "please tap the build number seven times and then go to extra settings and enable untrusted installs and then go to this website that I will dictate the URL of and you should ignore that install warning" etc etc etc. to install an apk to run software that can barely access more than a simple webpage could, than there are people (like HN'ers) who install apk files from github and f-droid?!
(Also note that "crapware" describes basically every app you find in google's store. I try on occasion, when nobody made an open source this-or-that, and it's such a minefield. If that's the thing you're trying to avoid, I don't know how you could possibly feel positive about a requirement to only use the Play Store for the tech-illiterate)
To be fair, that's a one time process. You do not need to do that for every app you want to sideload.
The malware issue that the flow is designed to mitigate is a very real problem. Perhaps there is a better way, but it's not immediately clear what that is.
You are thinking about it from the point of view of an enthusiast/hacker who wants to put their homebrew stuff on it. But this is also tightening around developers who may want to distribute their applications to lay users.
Unless they do something google doesn't like, or trip one of their many automated systems that ban them without recourse. Or they are compelled to revoke a key by a government.
Revocations are for apps being malware and nothing else, much like macOS Gatekeeper (Apple doesn't even revoke certs used by Warez groups to sign cracked apps).
Automated bans can be an issue, but that's an edge case. Google already had the functionality to 'revoke' an app if ordered to do so by a legal authority.
It is much more important to make a real world attack - something that is draining wallets of ordinary people across Thailand/Brazil/SEA in general - harder to achieve. One thing is a political goal of some people in the west, the other is an ordinary person not having the money to feed themselves because a scammer stole it all.
I can't trust Google will keep to that, sorry. Nor can I accept harms being twisted into a further centralised accumulation of power (especially when Google, with all their resources, could likely do much more to prevent these scams than grabbing that power for themselves)
Well, the very good news is that Google is not seeking your trust. You have no say at all. This is the new system, it benefits actual real people over HN commenters and you will just have to deal with it.
Google doesn't have the ability to change the way banking apps work with regards to transferring money from one account to another in Malaysia/Brazil/Thailand. That would be a matter for the national Governments. This is the best approach available.
Because grandmas all over the world are getting swindled by scam apps.
Look, I can't locally install a web extension I wrote on an open-source Firefox browser, because security. I have to install a Developer Edition, or get the extension reviewed and signed by Mozilla, for the very same reasons of thwarting scammers. Is this stifling, or is it making my browser not mine? Is anybody making a big deal out of that?
The world we inhabit is not always friendly. It has a ton of determined and sophisticated bad actors, and a lot of people with less technical savvy than you and me. We have to deal with that, instead of being cantankerous.
It's not obvious to me that this will help much with scamming. Especially when it affects safer app repositories like F-droid more than the cesspit that is the official Play store.
Play Store being a cesspit is indeed a problem! But it still is making a constant effort to drive away scammers, so scams don't last too long there. Scammers show sleek-looking web pages offering to install an "official app" from their own apk. Or they have an app that clandestinely sideloads another app. This is being curbed.
But it's limited to a one-time action, not encumbered by additional papers or payment. I don't foresee any trouble using F-Droid (which I use a lot) after I have dismissed the scary screens and confirmed that I know what I'm doing.
>It's not obvious to me that this will help much with scamming.
Because as a reader to this forum, you're probably more tech savvy that the average person. Moreover this type of scam seems to be more common in Asia than the West, see:
They convince users to download a "government app", grant it accessibility permissions, then use that to take over their phone and drain their bank accounts.
>Especially when it affects safer app repositories like F-droid more than the cesspit that is the official Play store.
Where do you draw the line? If you whitelist f-droid, do you have to whitelist third party f-droid repos too? What about other app "stores" like obtanium? Moreover f-droid being less of a "cesspool" is likely because its reach is smaller, not because it has better moderation.
I'm aware of the way the scams work. I'm also aware that scammers tend to be much more motivated to jump through hoops that are put in front them (more so than legitimate users!). Scammers can also talk people through many, many warning signs.
Scammers cannot talk people past a 24 hour wait. This attack is built upon pressure and operates at a scale that makes stealing many identies, building different-enough apps to avoid getting flagged by Google and signing them all non-viable.
Not a 'code of rules'. The scam itself relies on urgency. Breaking the spell by allowing people to talk to friends/family/their bank makes the scam not work.
And most Android banking malware is distributed through unsafe sideload installs (as opposed to much safer Gatekeeper-style installs, which is what is coming) and are fed to victims through complex attacks involving obtaining a victim's personal information and calling them while credibly pretending to be a local authority or a bank representative. You can read about this wherever you get news about cyber crime.
This is a scourge in South East Asia and Google can do some good here. The only cost is whining from non-technical people. Everyone else will go pay $25 or whatever and sign their app.
The 24 hour wait period is so the scammer can't use the element of urgency to keep the victim on the phone where they don't have the opportunity to speak with trusted friends/family who would stop the scam.
This isn't referring to the efforts Google has gone to try to thwart sideloading.
It is another requirement of Google's, where all developers must be registered to them and apps must be signed by them and anything that isn't will be blocked.
Less savy and unmotivated users.. maybe? Whats the main use cases for newpipe? Let me guess: get premium features for free (no ads, downloads etc).
Do you think people wont click 9 buttons and wait 24hs for this?
Its like people forgot how pirated windows/sw used to run on millions (billions) on devices in the past until ads (and some convenience from non-so-cheap-anymore subscriptions) became the norm
The incentive for those Adtech is to keep you hooked as long as possible so they can sell you more ads, and making you lose your only real currency in life: time.
The incentive for Apple or Microsoft is to make a good product that you will gladly pay for. This is very different.
A good restaurant makes an excellent product bit it doesn't mean that I will spend 5 hours there.
Google Analytics has >80% market share. Most of the websites you visit are helping them build a profile of everything you do on the internet with the goal of selling targeted advertisement. That is their business, it's what pays for everything else they do. I think that is what is meant by surveillance capitalism.
Every iPhone that people buy gives direct money to Apple, centralizing their power. This means, they get to dictate what apps can / cannot run on the device.
So what? Nobody is forcing anyone to buy iPhones. Similarly, nobody is forcing anyone to install Google Analytics, or go to that website.
Nobody is forcing people to do Heroin or Cocaine. We should start giving it for free to people in the street. Everyone can then decide if they want to take it or not. Oh yes and once you are hooked we should definitely never keep the dealer accountable. It's the users who always decides to use it! They are the ones to blame, never the giga corporation making money on your back!
That surely would work very very well in society. Literally the same thing is happening with Google, Facebook, TikTok etc.
You probably work for bigtech and your salary depends on people losing their braincells so I don't expect you to suddenly get some ethics and understand all of this.
I was told that Apple was playing 4D chess when they introduced Liquid Glass which is the design language of Vision Pro, and they were priming everyone to be a world with only VR glasses.
I’ve always doubted this take, if you look at the history of Apple software design you will see that they regularly pull visual ideas across from one platform to another just because they’re fond of them at the time. I think that this is like that, they decided it was time for a refresh.
> hey are just focused on privacy and are likely waiting for the time when local models become efficient enough to run on iPhones (which is quickly becoming a reality).
This is such revisionist history. They were not strategicially waiting. They tried, really really hard. The entire iPhone 16 pro was built on AI. Heck, they even (re)named it as Apple Intelligence.
Remember, this is the same time when Microsoft launched Copilot (RIP), Google launched Gemini, OpenAI with ChatGPT etc.
---
They had to walk back hard because it was a flop. They might be accidentally successful because they are a company with multiple strengths, but dont think of it as they were sitting AI out.
This is such a narrow take, and doesnt match human progress at all.
When cars were being built out, did we cry saying "Cars are flattening mobility. We could run, and jog and stroll and now with mechanized boxes, we have given our ways of the horse pulled carriage".
Or when digital music production, which might be a bit more relevant, came about. "We've lost the unique ability for a human hand to touch an instrument. Computer generated music is at its core, souless, and lacks emotion"
As you can probably tell, none of those things are true.
--
Also, I find it fascinating how we endlessly glorify Steve Jobs and his musings. The man was a genius, but I have a sense that he'd have been a supreme asshole if he were still alive.
It wasnt clear from the blog so I'll ask here. Where does the money go? The post refers to providing tickets to underprivileged attendees, but is that 100% or ony some part of it? Where does the rest of the money go?
> Once your event outgrows academic spaces, donated conference rooms, or theatre spaces, working with the hotels is the industry’s standard way to pay for a professional convention center space. You commit to a certain number of hotel nights blocked off at nearby hotels, based on your event’s numbers from previous years, and in return, you get a reduced rental charge at the convention center. If you sell enough rooms, you additionally earn a small percentage of the revenue from those rooms, i.e. a commission. If, on the other hand, you don’t sell enough rooms, you owe damages to the hotels–essentially paying the full rate for the rooms they reserved for your event but didn’t sell.
Attendees pay the Hotel directly for their rooms. If the event does not book enough rooms to cover expenses then the organizer (PyCon) owes a minimum amount to the Hotel. If there are more rooms booked than expected the Organizer gets a check. This is a normal Hotel industry arrangement.
PyCon itself is run by the Python Software Foundation; according to publicly-available records they spent approximately US$2,491,000 on PyCon US expenses in 2024, including supporting 552 travel grant recipients: https://www.python.org/psf/records/
Apple have had Siri for decades without any meaningful movement. If you think Apple is suddenly going to get better, that's just wishful thinking. Apple neither has the expertise nor the capability to do any of that. They'd hvae demonstrated that with Siri long time back.
What Apple does it build beautiful hardware. The software has been shambles for a really long time.
Apple's reality distortion field is really really strong. People love to claim Apple is doing 4D chess, when in reality Apple has certain strengths but AI is anything but.
Which is why they were completely caught offguard with botched rollout of Apple Intelligence. Even when they were playing to their strengths, things have not gone for them (Apple Vision Pro). Liquid Glass has had mixed reception, and that's often explained away as "Apple is setting up a world for Spatial Computing by unifying design language" and when the lead designer was fired it was like "Thank God Alan Dye is gone, he was bad for Apple anyway".
Because nobody is forcing you to take a Waymo? I dont think it is as hard to understand.
Its like saying "You dont understand why people arent more upset about spicy food because your stomach cant handle it.."
reply