Ancedotal: I used to believe in this "freedom to install". Than my Father got scammed (~$1000) in the name of Electricity recharge. The APK was sent over WhatsApp. Now I am not so sure how to implement this freedom. At the bare minimum there has to be big red warnings.
One thing which can immediately improve security is forbidding SMS read access forever. Just like Apple does. No App should be able to read SMS.
So your father:
1. Downloaded a weird file from a stranger
2. Went to the settings and about pyone sceeen
3. Tapped the thing 5 times to activate developer mode
4. Activated installing from third party sources despite the warning there
5. Installed the APK
May I suggest the problem is not that this is possible, but a lack of education? If your father is the type that would jump into the bathtub with a toaster because someone on whatsapp told them to do so, I am afraid it is not the existence of toasters that is the issue.
Yes, education around these scams and their methods could be better, but there is also a reason they target the elderly and vulnerable. Unless something else terrible happens, I assume I will count in one or both of those groups eventually. I feel like when I get there, I would appreciate empathy rather than disdain, if I were ever taken advantage of.
Regardless, you do not actually need to enable developer settings to install APKs from unknown sources (at least, not on my Samsung). When you open an APK from within another app (e.g. Google Drive or WhatsApp), Android "helpfully" forwards you straight to the relevant security settings page, allowing you to immediately toggle the "Install unknown apps" permission for that specific app. It's a streamlined flow, only a couple of taps, no scrolling/searching/reading, therefore likely easy to coach a victim into performing.
So, I expect what the Android team is alluding to in the original post is to enable additional friction like you describe.
eh, think this is a bit much to ask. Are we going to educate a majority of the baby boomers who just never got a feel for how technology works? Yeah, my Dad also just got scammed by a phishing scheme on his PC (and if a scammer had walked him through how to install an apk on his phone, he'd probably do that too).
In my humble opinion, in the design of a UI or any type of system, kind of have to go where the users take you to some degree. And Android, being an OS for consumer devices, should be geared toward the masses and the mistakes they'll make.
Should we ban refilling your own cars oil because some idots keep filling coolant into it?
I worked in IT support and I am deeply aware with the issues people are having. Some issues are systemic (aka bad design) and those should be fixed. Other issues are human.
It may not seem like it, but I have the patience of an angel, because I remember when computers where new to me. I like people to understand. Understanding is power. But when I did work in IT support I saw some things. Grown adults repeatedly clicking away error messages without reading them while I stand and watch over their shoulder. When I ask them what their error message read they say they don't know. Then we read it together and they go: "Ohhh".
Yeah. Ohhh. You have a weird error that prevents you from working and there is a red error message and you don't bother to read it. That isn't a technological problem that is a educational problem.
I stand by what I said, we cannot dumb down our system because people don't care, are lazy and act dumb. Because that leads to a cycle where it gets ever dumber and lazier all while making life hell for people who are not dumb or lazy.
If you want to use a car you need to know certain things. Same is true for digital systems, the internet, a smartphone, a toaster, a hair dryer, a knife, a simple plastic bag, etc. The solution is education, not dumbing down the world.
Well, yeah, everything has limits and this issue seems like a very practical one. Seems like it depends on how much work would be needed to teach the user base, which, at least to me, feels out of reach. As your being in IT, you may agree that teaching a large majority of 60+ year-olds standard things on something like Windows is difficult and extremely slow. Feels like it would take at least a month of dedicated training, where they are full on board. Having helped my older friends out, don't see that happening anytime soon (a half hour here and there is all they seem willing to do).
But you know, if there is a method that you know that can teach the masses these skills, then am all for it (maybe barrage them with youtube commercials teaching basic tech skills?:)
Shouldn't the logical conclusion be that if it's too much/hard to teach these people how to operate a device safely, they operate the devices in an unsafe way, bare the cost of it by being scammed, learn that it's not safe for them to operate the device for certain use-cases due to the experience, they tell others about it and it's in media -> people who do not feel confident operating such a device securely are scared away from using it due to the potential consequences they heard about -> problem solved (from a banking security perspective)
(except now the bank needs more staff behind the counter)
Not 100% sure if you mean this genuinely or joking around a bit. Will assume the former
Well, think just letting the knowledge of user failure expand organically is definite a method of deterrence, and some amount of this probably going to happen to some of the users. But to me, seems like it's a question of what percentage of your user base would be exposed to being scammed. Of course you'd want his to be zero, but if it's significant, yeah, probably should put measures in place to reduce the amount of scamming. Even on a purely practical level, it's bad for the reputation of your product...
...Am thinking, since there is so much resistence to locking down android, one problem might be was it was initially billed as a more open OS that tech people could enhance in whatever way they wanted. But yeah, times have changed, it's now a product that is used by the masses, and guessing the masses are now their most important users. Not saying this is wrong or right, but probably why there is so much push back as compared to say if iOS did the same thing (which they may have already done).
I wrote a longer post about that elsewhere but there is morally no good justification to restrict everyone else's devices just because a small minority falls for scams. This is a very principal issue in a free society and in most societies we allow all kinds of individual risk taking because we believe that adults should make their own choices even if that means that some people sometimes make mistakes.
On a side note, it is technically very feasible to help antivirus and security software makers to lock down phones for people who would benefit from it. For example, you could have a strict whitelisting approach for vulnerable users (e.g. elderly, bitcoin entrepreneurs, annoying kids, Google engineers) who prefer it that way, making installation of arbitrary software impossible. Giving up choices voluntarily is fine, taking away choices by force is not fine.
Why did your father enable installing APK packages from third party sources? That's a setting buried deep inside the developer settings, which themselves have to be activated with a very arcane manipulation
I believe this only works this way on some android forks, iirc you are talking about Samsung. Stock android would show a warning "do you want to install apk from this app?" and lead you to a settings page that enables apk installs from this particular app. No need to separately enable the ability to install apks in general.
I always thought this is a very weird flow, it adds hoops yet accomplishes nothing because the hoops are all trivial and the same for every app.
I have definitely seen this "you need to go deep in the settings to enable 3rd party installs at all" flow before, but I don't remember which device it was. (Just saying that the commenter above is not just inventing something, I was surprised when I saw it as well)
Hah, yes, this is also how S21 works. But to still refute the OP's point: (1) it is in stock settings, you do not need to enable the developer settings menu via any arcane method. (2) When you tap on an APK in e.g. Google Drive or WhatsApp, Android "helpfully" forwards you straight to this settings page, allowing you to immediately toggle the "Install unknown apps" and installation will begin (there may be another "do you want to install this app" confirmation).
The point being that there is not a whole lot of friction in this flow -- one or two taps -- likely making it easy for scammers to coach victims to perform.
I agree that activating the developer settings menu is substantially more friction, and may arouse more suspicion in a victim, but [on many/most devices] is not currently required. I guess the original article is alluding to putting this kind of friction in place.
I disagree - one feature in KDE Connect that is super useful is being able to forward your notifications, including your text messages. This would also harm non Android smartwatches, such as the recently revived Pebble.
There seems to be a whole market of Google Play developer accounts and apps for sale, developers like myself regularly get emailed by scammy companies offering to buy the account or to publish an app, and malware is regularly found on Google Play[0]. There's no reason to believe that bad actors would be stopped by install restrictions if their scam is effective enough to overcome the financial hurdles
The built in Android SMS app seems to be horrible in every incarnation I've seen. The one that comes with the Pixel, the one Samsung has. Some may like it, but I can't stand them. I tend to install my own SMS app in each case, and I don't use computers to be locked into something I don't prefer.
It's my tool. Mine. I'll do with it as I please.
I agree there are issues. But preventing installs aren't the answer, just like removing all windows and doors from a house isn't the answer to neighbourhood crime.
I'd be more inclined to say the problem is allowing apps to be funded by advertising. If all apps were paid apps, and using personal data in any way was immensely, "thrown in jail" illegal, then you'd find yourself approving access to contacts, SMS, Pii quite rarely.
It would really stand out in such a case.
"What?! I've been using my phone for 10 years, and some app wants to see my contacts. Why?? No one reputable asks for that, ever!"
So much of the problem with the internet is that Pii is paying the way.
On GrapheneOS, when I install anything, it flat out asks me if I want to give it internet access at all. SMS could be the same way. Off by default, try to grant it, big warnings.
At a certain point, if you have big warnings saying "Are you serious?!" and people turn it on, it entirely ends up being the end user's fault.
Genuinely curious: would you mind telling more about how your father got scammed and how the adversary managed to get your father to install an app from WhatsApp?
I receive all my SMS messages through a separate app, because my SMS provider is not my TelCo. Please propose solutions that will not harm people like me.
Freedom and protecting tech illiterate people are not mutually exclusive.
Our right to choose install software on our own devices should not be encroached because over-trusting elderly follower scammers instructions.
We can protect people like your dad with an opt-in system like parental controls. Have a responsible family member lock the system down however you deem fit.
One thing which can immediately improve security is forbidding SMS read access forever. Just like Apple does. No App should be able to read SMS.