Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If I were designing the advanced flow, I'd require the decision to be made at phone setup time. Changing your mind later requires a factory reset.

Real sideloaders (F-Droid users, etc.) know at setup time that that's how they'll be using their phone, so it works for them. But ordinary users who are targets for sideloading malware will become a lot less attractive if attackers must convince them to wipe their phone to complete the coercive instructions.

Aliexpress has a similar approach to protect their accounts from takeovers. If you change or forget your password, all your saved payment methods are erased. This makes the account less valuable to an attacker, at the cost of a little pain to authentic account holders.



No, that's ridiculous. If I want to send an app to someone, now they have to wipe their phone to install it? That would kill installing non-Play apps far more than Google's original proposal.


I hadn't installed a non-Play Store app for something like 5 years until this year. I don't see why I should have been forced to factory reset my phone then.


Forgive my bluntness, but I hope you are never allowed on the Android team or near any significant UX decisions on any devices or apps I use or will use.


Great, at phone setup when many people don't know anything about the implications of the choice.

And factory reset when it's impossible to backup and restore everything, or anything at all without a Google account


But wiping your phone isn't "a little pain"


> Real sideloaders (F-Droid users, etc.)

When using F-Droid, I don't think of myself as a "sideloader". I'm using an app store (F-Droid), not installing some random APKs.

(Yes, the F-Droid store app had to be "sideloaded". Once. It updates itself. If or when Google allows alternate store apps in their store app, even that would no longer be necessary.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: