Android Users in Singapore To Be Blocked From Installing Unverified Apps as Part of Anti-Scam Trial (straitstimes.com) 48
New submitter Dustin Destree shares a report: Android users in Singapore will be blocked from installing apps from unverified sources, a process called sideloading, as part of a new trial by Google to crack down on malware scams. The security tool will work in the background to detect apps that demand suspicious permissions, like those that grant the ability to spy on screen content or read SMS messages, which scammers have been known to abuse to intercept one-time passwords. Singapore is the first country to begin the gradual roll-out of the security feature over the next few weeks, done in collaboration with the Cyber Security Agency of Singapore, according to a statement on Feb 7 by Google, which develops the Android software.
"Disneyland with the death penalty" (Score:1)
Especially just after the story where Disney is rolling out restrictions to US subscribers...
Re: (Score:3)
"Disneyland with the death penalty"
I am surprised we even allow electricity here. I am pretty sure it isn't in the bible.
Re: (Score:3)
Re: (Score:2)
Singapore does give me a chuckle sometimes. Like when they had problems with people spitting gum in public places. What did Singapore do? Ban bubble gum.
Re: (Score:2)
It's only banned on public transport.
Re: (Score:2)
It's worth remembering where this is happening. Singapore has a government that dominates private sector without ownership, and its government acts as and considers itself is an ethical actor in its own nation.
So both core tenets of fascism are met.
Re: (Score:2)
Re: (Score:2)
Cool story bro. Cool font too.
In real life on the other hand, fascism is defined by those two features. Because fascism as an ideology as described and implemented by actual fascists is that state is everything, represents everything and in turn everything serves the state. This is why state must control private aspects of life without owning them, and this is why state must be ethical in fascism. Those are two fundamental tenets of the ideology as it is described by actual fascists.
The obvious problem bein
Re: (Score:2)
Re: (Score:1)
Yes, and the idea is utopian coming from the same roots as all movements rooted in Western liberalism. We have a foundational assumption underlying the entire ideology that all men are created equal, and all men are oppressed by the state and need liberation from it to become the perfect man.
When combined with liberalism, it leads to some of the best outcomes humanity has ever produced in terms of human flourishing, but mainly because the "freedom in pursuit of ideals" leads to "maximum exploitation of all"
Re: Walled gardens, sponored by the state. (Score:2)
Don't feed the trolls.
I knew he was one just because he posted in monospace type.
Then I read one of his comments, now I think the comments are AI generated.
now force app store cut to be max 10% with side lo (Score:2)
now force app store cut to be max 10% with side load off and very limited censorship
F-droid (Score:4, Insightful)
Re:F-droid (Score:5, Informative)
And you can keep doing so. The only thing blocked here is Apps that use a combination of the ability to read SMSes, read notifications, and simulate touches on the screen. The number of normal apps affected by this is close to zero and you can keep sideloading what you want.
What's not clear is if sideloading is blocked only for apps that use all 4 permissions or only a subset of them. Either way I suspect messaging apps which attempt to integrate SMS messaging may be the most likely ones potentially affected if this is implemented poorly.
Re: (Score:3)
I've said it before [slashdot.org] and I'll say it again: Google loves dictating how your device will work for them. It's only a matter of time before Google completes the lockdown. Well everywhere except the EU, maybe. It depends on how hard the EU backhands Apple in their latest bit o
Re: (Score:2)
I agree completely. I've only ever sideloaded apps.
TFS was poorly written, but it seems to say they're not blocking all sideloading.
Article is badly written, and feel rage-bait (Score:5, Interesting)
It first claims that Android won't be allowed to side, but then mentions that it is piloting a "security tool will work in the background to detect apps that demand suspicious permissions, like those that grant the ability to spy on screen content or read SMS messages". So, which is it, blocking sideloading or not?
It later mentions that "Users who are blocked from downloading a suspicious app will be notified with an explanation." So, again, this doesn't seem to be blocking side-loading all together, but more that it will be preventing installing apps that "demand suspicious permissions".
Now, I could be wrong, and Google may be blocking all side-loading as a "security" feature". But with everything happening in the EU and the Apple App Store, I doubt that they would see that and decided they should now start blocking side loading.
Re: (Score:2)
blocking sideloading effectively kills android app development. how are you going to test on real hardware if you can't sideload an app? makes no sense.
Re: (Score:2)
As for developing, you would be expected to disable all of Google
Re: (Score:2)
So either you have full lock down or no Google security, and if so, would it be some you can turn on and off as needed?
Of course the proper question to ask in that case is why should the user be forced to choose between "security" they have no control over and a complete lack of any security.
Then again, "security" in this context isn't referring to the end user's security at all......
Re: (Score:2)
blocking sideloading effectively kills android app development. how are you going to test on real hardware if you can't sideload an app? makes no sense.
Incorrect. Correct: Blocking sideloading except for "strategic business partners" (i.e. those willing to pay whatever the fee is to prove you're serious) is a great way to generate revenue and block upstarts from jumping onto your platform and creating something not ultimately under your scrutiny. Win-win. Added benefit? Removing user choice. WIN-WIN-WIN!
Re: (Score:2)
Story says the change is that when play protect is on, .apk installation is fully blocked. If you turn play protect off, it will let you install stuff normally. And there's no intermediate option to activate current status quo, where when play protect is on it will let you install it but will scan it first and block it if it doesn't like it.
Re: (Score:2)
the problem is that they will most likely add a mechanism for apps to detect (and refuse to run) if your device has this option enabled.
a lot of banking apps will refuse to run if you have a rooted phone, for example.
Re: (Score:2)
This is not a root. And you can simply disable play protect, install you .apk, and then enable it.
Re: (Score:2)
Re: (Score:2)
"But if they change how things work, it will change how things work".
Yes. Thank you for stating the obvious. I am indeed addressing how things work, not how they would work if they were completely changed.
Re: (Score:2)
from my comment:
why would you address "how things work" when i was very obviously speculating on how things would work?
You got it wrong, you wanted to correct me, and got called out like a fool. And instead of saying "oh, I thought it was about how it works now" or hey, just shutting the fuck up, you decided to double down on it.
Re: (Score:2)
I ignored that because I naturally assumed that this was a rhetorical hyperbole. Because claiming something this idiotic as "most likely" in the world where trend is in the exact opposite direction (see google's main competitor in this space, apple being increasingly pushed to open it's OS to installations from outside the walled garden) seriously rather than as a rhetorical flourish would indicate either ignorance of the field that you otherwise do not demonstrate, or malicious arguing. Which I don't think
Re:Article is badly written, and feel rage-bait (Score:5, Interesting)
Reading it carefully, it states that the change is to google play protect. That's google's android spyware-and-antivirus all-in-one package. And no, there's no mistake there, it's not anti-spyware, it's spyware as it delivers information on everything it scans to google, with no way to opt out. You either have google's anti-virus software that spies on everything you do on your phone and phones it home, or you don't.
Change being made is that when play protect is turned on, sideloading is blocked entirely. Right now, even when turned off, play protect is actually secretly on and constantly nags you to turn it own when you install apps. If you run any software that you get anywhere but from play store with regular updates from .apk files, you probably have seen the "turn me on, I want to spy on your harder baby" pop-up from google protect every once in a while when you update your email client or your ad blocker or any other useful software you have.
Re: (Score:3)
Other sources indicate that Google is specifically blocking sideloading of apps that request 4 specific permissions. The 4 specific ones usually used for stealing One-time passcodes, i.e. read SMSes, and simulate inputs which would allow an app to quickly intercept these.
Re: (Score:2)
Re: (Score:2)
99% of all side-loaded Android apps are malware infested.
There's no way this is true. In fact, the number's probably lower than that even on the Play Store.
Re: (Score:2)
Re: (Score:3)
I'd probably say the rage-bait is something that has merit.
For about 20+ years, I've been expecting governments to have something like a AV scanner, except it was there to detect things like IP violations, or anything the government disliked in real time, report, then shut down and lock the machine, perhaps tell the owner to report to the nearest facility for processing. It likely would use a NAC stack, similar to how Windows 2008 had a NAC infrastructure where if a PC didn't have the right AV program, it
Re: (Score:2)
Re: (Score:2)
The obvious solution... (Score:3)
Seems to me that Android should highlight (with a bright red icon/text) the dangers of granting certain permissions, e.g. by saying "granting access to SMS will allow this app to see one-time passwords sent by your bank or other accounts. Only grant permission if you're sure you can trust it." Not sure why this should be limited to sideloading, even if Google does have some systems designed to detect trojans/malware.
I'm still sore that Google decided to grant internet access to everything without the user's permission, even including keyboard apps that see your passwords as you type them. (I mean, I get that apps are ad-supported. But is it really that nobody makes ad-free FOSS Android apps, or is it that only ad-supported apps have the SEO money they need to make themselves easier to find?)
Re: (Score:2)
How would an ad-free free software keyboard application download a new language dictionary selected by the user without using the Internet access permission? Or would you prefer that the keyboard application include dictionaries for all supported languages in the application bundle downloaded from the store? That would make everybody spend the storage space and monthly Internet data download quota on dictionaries for a hundred languages that they will never use?
Re: The obvious solution... (Score:1)
Re: (Score:2)
A virtual keyboard application on a touch-driven device uses a dictionary for autocorrect, autocomplete, and gesture typing.
Re: (Score:2)
It could open a URL which would use the web browser. A file would be downloaded, with the user's consent. When the app (the keyboard) is next opened, it could prompt to load the download.
Granted it would take significant effort, but it's not like this is an insurmountable obstacle.
Re: (Score:2)
Each additional step increases the likelihood that the user will abandon the installation process and return to the pack-in keyboard.
EU moving the opposite way (Score:2)
Our back-doors (Score:2)
Meaning: We want the power to spy on you, so we can't implement a "ask user" philosophy (and our "open software" philosophy means we can't install a secret API). Instead, we'll remove your freedom so random strangers can't use our back-doors.