Which means I can make an app for this “Sideloading” by shizuku…
This is actually worse than integration in Play Protect which can be disabled very easily. Now you can only install unsigned apps via ADB which means just developers can do it.
Or anyone with a computer who installs ADB. You don’t have to be a developer.
And very annoying too since some government apps don’t like it when you have developer mode on.
Not only government. I can’t see my daughter’s insulin pump status if I don’t disable developer mode.
I believe I got a notification that it disables NFC payments when developer mode is enabled. Which I know not as many people use it in the U.S. but some do.
Since Google’s goal is to improve security
This is an obvious lie.
They never specified who’s security…
they want to improve thier AI and datamining capabilities.
What am I not seeing? How does this improve datamining capabilities?
Target can track your purchases when you shop at Target, but can’t really do that when you’re shopping at a local store. Same applies here.
But you can’t shop at Target with some random app, only the Target app. Even a small business has an accessible pathway to publish their app. Besides Fortnite and my gimbal nobody out here trying to educate customers on how to install their apk file.
They mean a physical Target store, not a phone app. Target can track customers walking in and out the door and what they buy, how long they stay, etc. but they can’t track anything about you if you just go to a different store, especially something like a small business which isn’t hooked into the ad data sponge.
Call sideloading what it is, installing apps.
Found the Rossman subrsciber. 📎
I know, I know. People don’t understand how they’ve already conceded the war with language.
Me: Like…Yeah, I’m just going to “jailbreak” the small computer I bought to… run a program.
The public unironically: Oh man, I hope you don’t get arrested.
Sideload refers to moving files between two devices, like P2P
I’m not sure why google is over engineering this, proper mainline distros have this solved since forever. Let the community setup trusted repos with gpg keys, then let me trust the repos. If Fdroid trusts the package and I trust Fdroid, who should care?
Because it was never actually about security to begin with. That’s obviously BS. Google just wants control.
Probably because they want to target software that cracks theirs to avoid ads, like ReVanced.
Ding ding ding ding ding. It’s so obvious, it’s because Google wants to be in control and block apps it would rather not exist. Newpipe, FreeTube, Revanced and the like.
Then why aren’t they already doing that by blocking DuckDuckGo?
The DuckDuckGo app blocks all apps from sending to Google (and other advertisers) tracking/ad data on a system level. And it’s freely available on the Play Store (has been for years.
https://play.google.com/store/apps/details?id=com.duckduckgo.mobile.android
If they wanted to prevent apps from blocking their ad abilities, this app would never have been allowed on the Play Store.
Does it actually block ads in apps?
Blokada 5 blocks ads in apps and it was removed from the google store years ago. You have to sideload it in order to use it.
There’s a neutered version on the google store, but it doesn’t block ads effectively.
Google also removed an addon called Adnauseam, which clicked ads in additional to blocking them. That way, advertisers still have to pay site owners for your visit. Google removed it without justifiable reason, then kept it removed since there was no sufficient backlash.
It’s the main reason why I switched to Firefox. That kind of abuse is for useful idiots.
If they blocked it now, people would just sideload it.
Thank you random lemming, didn’t know about duckduckgo-s tracker blocking capabilities, have it installed now.
Antitrust lawsuits and plausible deniability
Like “Jaywalking”, suddenly, walking is no longer the norm, but the car is preferred. The victims are seen as perpetrators.
And “littering” is the “real” culprit why we all drawn in uneccesey plastic. We should blame consumers not the polluters.
Corporations do it all the time.
Yes, but littering used to be a legitimately big problem to. Like the hole in the ozone, now that it’s “solved”/ the norm for it to be getting better the focus should shift to other things.
For sure. That’s why it worked so well. You take a valid problem and abuse it for your corporate gains.
It is, because it’s actually the term that defines the process of transferring files not from an external networked device - downloading - or to an external networked device - uploading - but between two local devices - sideloading.
It’s over two decades old, you downloaded an mp3 from kazaa, and then sideloaded it to your player.
For android apps, I believe the term originates from the method of using ADB to directly write the app to the phone memory, the command of which is “adb sideload filename”
And companies ofted do it. Thay recoined jaywalking to put the blaim of the accidents to pedestrians and take away the road from them. They change what littering means in attrmpt to delute the responsibility for polution… We are better than that this time, right?
Thay recoined jaywalking to put the blaim of the accidents to pedestrians and take away the road from them.
How do you suppose that works, exactly?
I assume you’re unaware of the concerted advertising campaigns by auto manufacturers to take public streets away from pedestrians, including things like
The industry hired actors dressed in old-fashioned clothing to illegally cross streets, making the behavior seem outdated
https://missedhistory.com/1800/lobbying-trick-blamed-pedestrians-inventing-jaywalking/
“Jay” had started as a word for drivers driving on the wrong side of the road
jaywalker was pre-dated by jay-driver – a driver of a horse-drawn carriage or automobile that refused to abide by the traffic laws by driving on the wrong side of the road
https://debrabernier.com/the-history-of-jaywalking-in-the-u-s/
I assume you’re unaware of the concerted advertising campaigns
Maybe try to stay on topic?
jay-driver – a driver of a horse-drawn carriage or automobile that refused to abide by the traffic laws
So jay-walker seems appropriate, does it not?
How is that offtopic? It’s direct answer to the question that was asked.
How is it not off-topic? It has nothing to do with the suggestion that the word is used to blame pedestrians as a whole.
It’s extremely on topic for the thread you responded to.
Google has a concerted effort to make “sideloading” bad, so they can remove it without public backlash
The next comment in the chain mentioned how auto manufacturers did the same thing, villainizing people using public spaces by calling it “jaywalking” until it became illegal to walk on public roads
That was done to take public spaces away from pedestrians and give it to cars
This is being done to take software outside of Google Play away and give the only profit to google
The topic was how the existence of the term “jaywalking” “blames pedestrians” when they’re not actually to blame.
What would you call it?
“installing” as in “installing software”
Okay but it’s specifically software from outside the Play Store?
Installing software from outside the play store should be called installing software. It’s installing software from the play store what should have a special name, like “gatedloading” for example.
Installing software from outside the play store should be called installing software
Good news. It is!
It’s installing software from the play store what should have a special name, like “gatedloading” for example.
Make it hap’n Cap’n. You’re still not invalidating the term of “sideloading”.
The issue people have with making the distinction is that Google is trying to spin the narrative and make side loading seem like a dangerous and bad thing to the average user base who don’t know any better.
They’re taking umbrage with you agreeing that quantitative usage of a storefront makes something simply installing vs side loading a program. Because it helps Google’s narrative in a way.
I understand exactly what people think the issue is. I don’t understand or agree with any of the logic. Google did not invent the term. Apple did not invent the term. There’s nothing in the term itself to imply anything nefarious. It’s nothing but a word used to describe apps installed from outside the default store. When 99-100% of users are all installing exclusively from the default store, it makes sense to have a term that describes that instead of saying “installing apps from outside the default app store” every time.
Installing software without a store was just called installing software.
Sideloading is when you download from the side, e.g. downloading software from a separate device instead of from the internet or physical media.
downloading software from a separate device
It isn’t.
Google is twisting the word to justify their purpose of preventing people from installing anything that isn’t from their walled garden. So anything that sounds even close to support for that motive is going to be met with pushback, even if it is a word that existed before Google’s use of it. Google’s implicitly saying that installing something from anywhere other than their store is something nefarious or otherwise bad/risky. Google is trying to perform the same kind of security theatre as the US with the NSA at airports.
Honestly, it doesn’t matter to me where you install an app from because you’re simply installing it. Whether that’s from Google’s storefront, Apple’s, or somewhere else, you’re installing an app. The circumstances where I’d need a term to specifically say that I’m installing an app from outside the default app store would also be covered by simply saying “I got it from GitHub (or wherever).” It takes the same energy to answer the question of where you got it from regardless of whether you say that you installed it or you side loaded it.
Google is twisting the word
How is it being twisted? They’re using it in exactly the way it is intended to be used?
When you install a ‘.exe’ file in Windows, you don’t call it ‘sideloading’, you call it ‘downloading and installing’.
This is the exact same thing. I download from sites, F-Droid, Obtainium, etc., and install the software that is the file I downloaded. I’m effectively NOT side-anything.
You might call it that if 99% of software was installed from MS store.
0% of my android software is installed through Google Play. Then what?
I don’t even know what that’s supposed to mean. We’re not talking about you.
If you need to be that specific, “installing” as in “installing software from outside the play store”
We have words for things for a reason. We don’t call doctors “guys who heal people”.
Doctor can mean different things to different people.
When I install software from the Arch User Repository I still just call it installing, even though it isn’t through the standard path. Everywhere else, you don’t make the distinction. For some reason on phones we’ve come to call it sideloading, even though the software is just software —it doesn’t care where it came from.
Because 99% of people are getting it from the same place…
even within android, if you attempt to install an apk directly, it doesn’t say “would you like to sideload this application?”, but instead says, “Do you want to install this app?”.
Even Google’s own OS doesn’t use made up language.
I don’t know what that’s supposed to prove. Use of the word is not mandatory.
Again, when I install something from the AUR (which is not where most software comes from —99+% are from official repositories) it isn’t given a special term. It’s the exact same situation as “sideloading” but we just call it installing. Can you explain what the difference is between them?
—99+% are from official repositories
LOL you just lumped every other repository into one and then excepted the AUR for…reasons?
The point is, there shouldn’t be a distinction. To make one is to support prejudice against installing software from elsewhere.
If you use “installing” for stuff from the Google store but any other word for stuff from other sources, you are aiding and abetting Google’s anti-property-rights propaganda.
there shouldn’t be a distinction.
There has to be. When 99% of installs come from one location, there needs to be a way to describe that other than “Installing apps from outside the default app store”.
To make one is to support prejudice against installing software from elsewhere.
No? It isn’t.
The words for distinguishing between apps that come from one trusted location vs others is usually untrusted or unverified apps versus trusted or verified ones. “Installing apps from outside the default app store” converts to, “Installing an untrusted app”.
It’s not that complicated.
“Installing apps from outside the default app store” converts to, “Installing an untrusted app”.
It doesn’t. It’s not that complicated.
The majority of PC game sales happen via steam but we don’t call games purchased from GOG “sideloaded.”
There is no necessary reason to make the distinction
There is no necessary reason to make the distinction
There is and I’ve already given it. MS app store doesn’t make up 99% of installations.
When 99% of installs come from one location, there needs to be a way to describe that other than “Installing apps from outside the default app store”.
Y tho. What difference does it make? Its the same thing.
It’s simply not the same thing and if you can’t understand how that makes it different, I don’t know how to help you.
The same word that I use to when I get software that’s not on the Microsoft Store, the Mac App Store, or whatever distro’s Software GUI when I am using my desktop…
If the MS Store and Mac App store made up 99% of installs, that might make sense.
So when I install an app from Fdroid, it’s only “installing” if lots of other people do it? But if other people don’t use it as much it’s “sideloading”?
“lots of other people” was not the words I used.
It can be both “installing” and “sideloading”. One is just more specific.
Why? That’s a perfect example. There is no qualitative difrence between Microsoft Store and Play Store. Why quantitative difference in the market share would make any distinction in the terminology we use around the process?
I’ve already explained why. I don’t know what more there is to say. If you don’t get it, that’s okay.
deleted by creator
Yes, so what do you call it when referring specifically to those apps?
Don’t forget “side effects”, when really, medications only have “effects”. Whether the effects are intended or not doesn’t change the fact that they happen.
Wait, so now I have to talk to a doctor before installing from F-Droid? Well, shit.
For all intents and purposes, your comment actually invalidates the premise of using ‘sideloading’ as a term for installing from outside the ‘official’ method.
You buy cough syrup because you’re coughing, not because you want to be drowsy (I would hope that’s the case). In the same way, you install Spotify to listen to music, not to get all your data extracted and sold. Getting drowsy is an inconvenient side effect of the medication, the same way that data grab and ads are an inconvenient side effect of the app.
You’re not ‘side-medicating’.
You are the master of your body, the person who decides ultimately what goes in and out of your body, No doctor can force you to take anything. That’s what I mean, The play store aka the doctor wants to become the master that decides what apps go in or out of your phone, instead of the user. My comment doesn’t invalidate the premise of the use of the term sideloading, because I don’t agree with the term to begin with.
Whether the effect is ideal or not does not change what is chemically happening in the body. The body can’t tell apart side effects from the main ones, so this distinction exists because humans deemed it so, just like the distinction between play store sanctioned apps, and everything else. It’s a distinction that Google is now abusing for it’s own monetary benefit.
It’s a bad comparison because some people do take the medicine to get the side effects. For example taking benadryl to fall asleep.
Cough medicine can induce drowsiness, but you probably shouldn’t be taking it as a sleep aid. The distinction between intended vs unintended effects is an important distinction to make, in my opinion, to prevent drugs from being unintentionally misused.
While that is true, it does not invalidate the poster’s point. All of the effects of drugs are just “effects”. They could just as easily market cough syrup as a sleep aid with the “side effect” that it suppresses coughing.
The difference in definition in this context is simply that “drug uses” is the list of its effects that they were going for, and “side effects” are a list of effects that they were not. Its entirely a man made distinction. Extend that reasoning to the “installing” vs. “side loading” discussion to see the poster’s point.
I believe him to be suggesting that “side loading” is a very different word for “installing” that can be loaded by PR people to shift public opinion against the practice. Whether or not they are doing that I can’t say myself, but that appears to be the point being made.
They could just as easily have coined it “direct installing” or “USB installing”, but they didn’t even though those terms are more descriptive. Draw from that whatever you will.
you shouldnt be taking medication not for his intended purpose, it has many warnings.
Talking to the wrong guy here, I’ve taken many a medications against their intended purpose: I am a curious guy.
But that sounds like saying, in the context of Google’s intention of disabling app sideloading, that warning users that it poses a security risk because it’s their intended purpose for android, is fine because the authority on android is Google.
Don’t just take the word of authority at face value, when they prioritize profit and mindshare over personal freedom.
Since Google’s goal is to improve security
Is it though? Really?
The security of their bank balance.
No.
This publication is always repeating Google’s nonsense.
What ulterior motive do they have for blocking sideloading?
Essentially banning any apps that would hurt googles profits.
I thought that was pretty obvious.
If Google wanted to add developer verification without being evil, it could use SSL certificates connected to domain names. I think the whole concept is ill-conceived, though I’ll admit to a modest bias against protecting people from themselves.
They couldn’t. Domains and SSL certificates can be obtained very easily anonymously and thus wouldn’t let Google identify the developers of malicious apps, which is the goal of this
The trouble is Google’s definition of malicious apps. Are adblockers malicious? How about alternative apps for YouTube? Based on the recent history, I don’t think you will be able to install those apps on the phone you purchased.
Yes, I agree. Google will use this to control the Android app ecosystem beyond the Play Store and I don’t like it either
You can sure as shit know that NewPipe and Smart Tube Next won’t be getting a licence. Fuck Google so fucking hard.
It provides a way to open an investigation into a malicious developer without giving Google the ability to ban anyone it doesn’t like.
Yeah I mean some form of asymmetric encryption/validation would work but it stops the real reason why Google wants to implement this.
The problem with that is that certificates expire before someone would want to keep using the app.
Code signing certificates work a little differently than SSL certificates. A timestamp is included in the signature so the certificate only needs to be valid at the time of signing. The executable will remain valid forever, even if the certificate later expires. (This is how it works on Windows)
Doesn’t work, the reason they can expire is to make certificate rotation possible. If an expired ssl certificate is cracked it doesn’t matter because no browser will accept the expired certificate, with your idea the expired certificate just signs an app with the date of 1984 and it works.
Certificates in SSL can’t change the date because that date is signed by a certificate higher in the hierarchy.
This isn’t “my idea”, this is how the industry already does code signing. You can’t sign something with a date of 1984 because your certificate has a start and end date, and is usually only valid for 1 year.
You can read more about how this works here: https://knowledge.digicert.com/general-information/rfc3161-compliant-time-stamp-authority-server
Then you need a Trusted Third Party, right? Still requires some though on how to prevent that third party from blocking applications they don’t like but I can see how a group of trusted authorities could work.
The trusted 3rd party in this case is actually multiple 3rd parties. There’s several options for trusted timestamping just like there’s multiple trusted root CAs for SSL. Since the timestamping service is free and public, anyone can use it to sign anything, even self-signed certificates. There’s no mechanism to deny access, at least for this portion.
There’s always a risk the root CAs all collude and refuse to give out certificates to people they don’t like, but at least so far this hasn’t been a problem. I don’t have a better solution unfortunately. If we could have a 100% decentralized signing scheme that would be ideal, but I have no idea how you would build such a thing without identity verification and some inherit trust in the system
It need only check at install time.
Correction: SSL certificates can expire before someone would want to continue being able to install any given app.
Sure, the developer needs to keep the certificate up to date and re-sign the APK on occasion.
So any APK I download will just expire at some point in time that’s probably really annoying to know, and then I have to dig through the internet again so I can install the app again?
If it’s anything like how Windows does it, you would still be able to override it. It just gives you a scary warning and hides the option unless you click “more info” or something.
These two are identical for software.
tl;dr you can still “sideload” via adb.
This is so incredibly inconvenient as to be meaningless.
It’s not completely meaningless because if it’s truly the only option I’m going to be using it until I eventually replace my current phone with one with an unlocked bootloader.
Rimjob_steve moment
I’m afraid that won’t help. There will be even fewer people developing apps specifically for the 0.01% of us using custom ROMs.
They’re already developing the apps for the 1% of us not just using proprietary apps from the play store. I don’t think this just kills open source app development.
That’s not who we’re talking about. We’re talking about the 0.1% who have custom ROMs.
It won’t kill it completely but it will severely hurt it. The more complicated it becomes, the smaller the userbase becomes.
Apps like Syncthing have already discontinued development due to Google shenanigans + lack of users. That’ll only get worse as the userbase shrinks.
There are plenty of people developing apps that require root, and users who run those are already jumping through a million hoops of cat and mouse to keep their fucking mcdonalds app detecting it so they can get cheaper coffees and free fries.
Like seriously, wtf McDonalds, your app is like the ultimate root/safetynet/device id detection tool, I don’t think there exists even a banking app that is as hard to fool.
When my current phone dies I’ll be buying a flip phone.
Guess what!? Those are all Android too!
But I guess those don’t have Google Play or anything Google, they’re more like a limited Android.
Nope, some of them run KaiOS
Guess what!? KaiOS is Android!
They can go back to being a Linux OS much easier than anybody else
good luck updating all your apps that way…
Exactly
It will be stupid, but I presume there will be a rise in desktop apps or webapps that require you to only plug the phone in and it will handle the rest.
There are already android apps that allow you to ADB into your own phone without root, so you could VERY EASILY just make an app store that utilises that, you only need to install the app from desktop once
Yeah, if something like Obtanium needs to run on my desktop instead of my phone and I have to plug it in every once in a while, that’s not the end of the world.
I think adb can also work over Wi-Fi, just like Android Studio can connect to the phone and build and install without plugging it.
Perhaps someone could write an ‘adb loopback’ app – get that into the official app store, and said app would then squirt other .apk files through adb on the phone to itself, thus sideloading it.
ADB loopback apps already exist, such as Shizuku
As far as I know, ADB needs to be run on another device which is plugged into the phone.
I suppose one could write a script/app that detects the device is plugged in, and automatically looks for and installs updates using adb. That would be the least amount of friction.
I think you can run ADB on another Android device, so maybe an Obtainium+ADB device that stays at home.
We already have to do that to install older apps. It’s inconvenient, but not as bad as having to boot up an ancient phone every time you need to use the app.
Not at all, just get comfortable with ADB and use Claude to walk you through the steps.
I see this as an absolute win. /s
Edit: Y’all, ADB isn’t hard to use. At all.
No one thinks it’s hard. It is, however, as I said, extremely inconvenient and time-consuming to do this every day, and no one wants to do that.
Every day? Who needs to install an app every day?
Not saying this isn’t annoying AF, it is, but it’s not the absolute lockdown that we all feared.
My guy, have you ever heard of “updates”? How do you suppose they get installed?
So just take one day a month and do your maintance. Anything that isn’t from the Play store isn’t exactly getting Dev work every day to patch whatever.
Whatever, I don’t love this either, but it’s not some absolute deal breaker IMO. Maybe 6/10 dealbreaker. We disagree and thats fine. Now please downvote like you were going to do anyway.
I get several updates/day from FDroid, Obtainium and Accrescent. Some of them are security updates.
why can google not just code something like this into android:
allow apps from:
( ) All sources (how it is now; allow each app to install apps from external sources)
( ) Just Google Play
( ) Apps which have been verified by Google Developer ProgramThat would give users choice, and corporations want as many people as possible to be incapable of making decisions for themselves.
Because they want to stop people from using ad blockers.
Option 1 is a potential cause of “lost” revenue.
Late stage capitalism absolutely forbids anything that could cause that, even if the cost of implementation outweighs any potential gain.
Because it’s Google
bing! thy turkey’s done
Taking Google at their word for a moment, it’s far too easy to scam the clueless masses into selecting the first one. Might work okay if it’s strictly an ADB command, tho.
Taking Google at their word for a moment
And why should we do that?
I’m inclined to think that’s not the job of an OS vendor to prevent. Sure, put a warning label on it, but it’s the user’s device; once they say they know what they’re doing, that should be that.
The implication here is, if they implement this, is that they volunteer to assume liability, should e.g., your bank account be drained despite undergoing their forced strict lockdown on paid and owned devices.
Fat chance, because laws are meaningless to crime syndicates
It might be a reasonable trade for users to make if Google assumed liability. In fact, that would be an interesting way to implement laws to discourage practices like these.
If someone can be socially engineered into disabling security mechanisms, then that should just be their fate. There’s no sense in fucking everyone else in order to protect them.
but they could make it be google play or samsung store only as the default as a compromise
That would just continue to ensure lock-in, and at least the EU would never go for that (& neither would I). Sideloading should still be allowed.
Google’s Play Store security has never been all that stellar, anyway.
We hope that Google keeps its word and preserves ADB installation
lol, adb is the first loophole that will be closed.
I don’t know, even people here are already considering it a loss of the only way is through ADB, because it’s not practical for everyday usage. But it’s better than nothing.
We should embrace oldschool SciFy and go for (DIY) Cyberdecks.
Thankfully, for those of us without the time for all that there are Linux phones such as this one I’m considering.
I’d love to play around with something like this, as a programmer myself, but unfortunately the cost is prohibitive in my country.
Yeah, that’s why it’s still in the “considering” phase for me as well - especially considering Trump’s tariffs crap. It also seems a tad underpowered for the price, and they still don’t have the promised removable battery replacements in their store.
It’s worth remembering, though, that the cost covers the constant software updates, as well as their user support. As such, it’s much like the Apple model of business, except much more open - so in the end it’s probably worth it.
Yo I’ve never seen this one. Thanks for the link!
I honestly think that this is just not going to happen. It’s already a giant pain in the ass to install apps from anywhere else than Play Store. With Shizuku it got much, much better.
You may want to re-evaluate how you’re installing non-Play apps. I use F-droid all the time and never had anything even approach “inconvenient.”
Like I said, Samsung does this crap in certain regions, specifically South Korea. I’m using Shizuku now and couldn’t be happier.
AAAAAaaaaaaaaaaaahhhhhhhhhh, ok, say no more. Samsung used to be much easier to work around and they’re really joining the “lock it down!” club lately.
Huh? Downloading an apk and clicking open with -> package installer is nothing but straightforward.
It nags me a lot, sometimes downright blocks me from installing without adb shit. Samsung.
What kind of apps are you installing? I’ve never ever had any issue with installing APKs on Samsung, you just have to allow the app that triggered it to install APKs one time and every subsequent time, it just works.
In some regions, afaik, you just CANNOT install certain apps without adb, this in my experience includes: KDEConnect, Fdroid, Newpipe…etc. The list changes time to time.
What region are you in if you don’t mind me asking? It works perfectly fine in Singapore.
This simply doesn’t work anymore for all apps on my Pixel 8.
Many I installed manually just redirect to the Play store with the message it could harm your device and you should download from Play.
Pixel 8a on graphene here so I’m not getting this. Maybe on stock
GrapheneOS patches this behavior if apps match their Google play signature IIRC. This is a behavior that apps on the play store can opt into (basically they block operation if they aren’t installed via Play).
It was rather annoying until recently, since some apps require you to be on a certified Android install to find them in the Play store, but don’t actually check play integrity in the app. These apps when installed via Aurora wouldn’t work for me until Graphene patched this.
Pixel 8a on stock here. I have no idea what @Hawk is talking about. I just install any app, that I want. I might had to alter some settings, to do it, but I don’t remember doing that.
