Doing evil things under the guise of good intentions (with reasons that appear valid on the surface) has always been the playbook. All you're doing is excusing it - let's not.
If this was genuinely about security and UX then they would continue to provide viable "escape hatches", but it isn't and so they don't. That's what's being criticized.
I disagree, I don’t think I’m excusing it at all and your argument hinges on the restriction of software running on hardware to be evil. I wouldn’t describe it that way. I think it’s frustrating certainly but I don’t think you have an inalienable right to run code of your choice.
I would characterize it more as Google is responding to the needs of the vast majority of its users, most of whom do not care to run unsigned software, certainly don’t write it, and have no need of escape hatches. Escape hatches are great, but each also represents a security weakness waiting to be exploited.
And not to leave it merely implied: they are also responding to large development organizations who want locked down platforms in which they can distribute, and more importantly crack down on those who would pirate their, software.
> Escape hatches are great, but each also represents a security weakness waiting to be exploited.
Having money and using them without supervision is a safety risk. You can unknowingly buy food that isn't good for your health. And good food is what you actually need. So transfer your money to me and I will benevolently manage your diet for you. No other motives but your safety and wellbeing, I swear.
By the way, can you really trust the supermatkets? They sell alcohol and alcohol is bad for you.
> I don’t think you have an inalienable right to run code of your choice
> more importantly crack down on those who would pirate their, software.
If you represent the interests of corporations then try leading with that next time.
> Escape hatches are great, but each also represents a security weakness waiting to be exploited.
Besides being a broad statement that lacks citations and no doubt relies on contrived examples where this was implemented poorly, it's also clearly a violation of the EU Digital Markets Act.
> If you represent the interests of corporations then try leading with that next time.
I don't. I'm just saying Google and whichever boogeyman you'd care to slot into position 2 share the same interests. Far more than you or me and Google anyway.
> Besides being a broad statement that lacks citations and no doubt relies on contrived examples where this was implemented poorly
To a laymen user, any software that is running without code signing has a much much much higher chance of being something that has gone wrong rather than Joe Public found a cool image editing app that doesn't want to be distributed via the Play store. Are there exceptions? Sure, I'm certainly a big one. Does that mean I don't understand Google's position here? No.
> it's also clearly a violation of the EU Digital Markets Act.
If true, they'll end up in court, same as Apple did.
> To a laymen user, any software that is running without code signing has a much much much higher chance of being something that has gone wrong rather than Joe Public found a cool image editing app that doesn't want to be distributed via the Play store.
Don't give me these "political" answers. That's just another broadly-agreeable statement that's completely unrelated to the one I asked you to substantiate:
> Escape hatches are great, but each also represents a security weakness waiting to be exploited.
There are 3 problems here:
0. If Google genuinely cared about Android security to this degree, they wouldn't be giving threat actors 4 months to run wild with 0-days before publishing them:
Mobile security relies on sandboxing, not on Google's approvals. Even the most malicious app approved by Google shouldn't be able to steal information, access information from other apps without authorization, or execute actions on user's behalf.
Whenever this core principle is broken due to inevitable security vulnerabilities, it should be treated as such and promptly patched. Instead these shortcomings are used as convenient excuses to advance these political goals.
2. An escape hatch can be anything:
- "allow installation from unknown sources" like we've always had
- secret settings menu + PIN/password + require a switch to be flipped in the recovery menu during boot + require an ADB command to executed + warnings at every step.
- ADB commands + switch in recovery menu + time delay + require a full device reset with all data being lost
First one is somewhat vulnerable to social engineering though I've personally never encountered a device where someone was tricked into doing this, so it must be more resistant than downloading malware on Windows.
Second is close to impervious to social engineering. Grandma isn't going to be accessing the recovery menu or running ADB commands any time soon.
Third one, while far too restrictive in my opinion would still be better than nothing, it would be impenetrable to social engineering, and safeguard any existing data on the device even in case of a serious concurrent vulnerability in the Android sandbox.
Are all of these completely unacceptable?
On the balance of probabilities, "Joe Public" isn't being tricked into doing anything, he is trying to install ReVanced to get ad-free Youtube.
If this was genuinely about security and UX then they would continue to provide viable "escape hatches", but it isn't and so they don't. That's what's being criticized.