Worth noting - was that before or after Google started getting painful decisions in court battles on the App Store thing?
Because this is not going to be super positive for them on that front.
> victims would also be guided to disable Google Play Protect that helps to prevent harmful downloads.
I feel like there's only so much a company can do when it comes to balancing protecting users from themselves vs allowing users free rights over their own computers, especially when users have gotten habituated to ignoring incessant safety warnings caused by attempts to protect users.
I also keep wondering how safe the Play store is from this stuff. The very existence of obscenely detailed public GPS datasets about Android users show that even "official store" apps are somewhat malicious.
I don't see a real solution besides giving a smart and friendly 3rd party admin rights over the devices of susceptible users.
> I feel like there's only so much a company can do when it comes to balancing protecting users from themselves vs allowing users free rights over their own computers
Convert to a one-time escape hatch unlock via a random-question quiz hosted by Google that assesses security and computing knowledge?
If the intent is to prevent the dumbest users from doing something, then a good place to start would be an assessment to determine if a user is actually dumb or not.
It's oxymoronic to attempt cover-all methods that encompass both (a) advanced users who do want to sideload & (b) people who will type in anything the internet tells them will make a cracked app work.
I mean the most brutal solution would be that for Google Play Store certification the manufacturer must use a cryptographic challenge/response process to enable admin on the phone and run a free global hotline for the user to phone/TTY in to get their their response, circumventable by factory resetting the phone (although scammers might still be able to talk somebody through that too).
Then the staff (or a chatbot) could be trained to intervene and confirm that the caller is not getting scammed.
Phone vendors could also be licensed to use a simple web interface to do this at the shop if the buyer requests, and the vendor license would be logged so if the user gets scammed immediately after unlocking it's not anonymous who helped them get scammed.
Similar to Root, really, but mid-tier since enabling Root involves giving up some other security assertions.
Because this is not going to be super positive for them on that front.
> victims would also be guided to disable Google Play Protect that helps to prevent harmful downloads.
I feel like there's only so much a company can do when it comes to balancing protecting users from themselves vs allowing users free rights over their own computers, especially when users have gotten habituated to ignoring incessant safety warnings caused by attempts to protect users.
I also keep wondering how safe the Play store is from this stuff. The very existence of obscenely detailed public GPS datasets about Android users show that even "official store" apps are somewhat malicious.
I don't see a real solution besides giving a smart and friendly 3rd party admin rights over the devices of susceptible users.