415
Google gives Android users a way to install unverified apps if they worked hard for it(including waiting 24 hours)
(android-developers.googleblog.com)
this post was submitted on 19 Mar 2026
415 points (98.8% liked)
Technology
82956 readers
2908 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
If this is really as straightforward as it sounds then I'd consider this the best case scenario. Google could have gone full Apple style lockdown or even just have implemented this flow on a per app basis, but needing to wait 24hr one time to enable unverified app installation isn't a bad idea from a security perspective. It prevents a bad actor with temporary access from being able to do much while not getting in the way of us power users after the initial 24hr period.
My bigger problem is how Google is leveraging their monopoly to implement this single-handedly and only for themselves. If they had instead gone through AOSP this perhaps could have been implemented in a better way to allow other parties than just Google to be the verifier, and that 24hr waiting period could be applied to any verifier that is not the phone's default. I'd argue this would be an equally reasonable security measure considering how many scams are out there preying on those who aren't technologically savvy, yet would maintain transparency.
I've heard of security by obscurity being accepted, but never heard of security by obtuseness being accepted as valid.
I hate the fact that Android is open source only on paper. You can't compile your own flavor and install it.
You absolutely can... Custom ROMs do just that.
Your phone has to support it. It's not a Google wall. Your phone maker determines how difficult or easy this is. Google pixels make it rather easy to install Graphene on. Motorola is also going to support Graphene.
There's also lineage and e/os/ and even non-AOSP-based postmarketOS(which is a Linux distro.)
Which is not as libre as a computer OS. What I mean is that Google has complete control and power over it as it's not developed by the community and therefore doesn't do its best interests
Android used to be a little more diverse.
But it's been limited to the launcher(shell) mostly.
What do you think are in the best interest of the community that Google isn't doing? Do you have any less contentious examples? As a technical support specialist I've talked to numerous dipshits that were talked into installing a virus on their own Computer system or phone or other device.
Some people are really really really fucking gullible.
It's their problem if they were tricked into installing malware. It shouldn't be an excuse to limit power users. The real reason Google does that is profiling developers and preventing real libre alternatives