GoKawiilUser choice is a problem. It’s one that platforms have been tackling in different ways for decades now, and it all comes down to a balance. Users want the freedom to install whatever software they want. But the companies behind those platforms understand that they also need to keep their users protected against the threat of malware. So how do you keep that “do whatever you want” door open, while also employing a bouncer to keep the peace?
This is as much a technical problem as it is one centered on human behavior, and that messy human part of it means that there are always going to be edge cases where one-size-fits-all approaches don’t work. But with that acknowledged, Google’s new “advanced flow” for sideloading apps strikes what I think is an incredibly satisfying compromise — and this 24-hour delay is probably the smartest part of it.
What do you think about Android's new sideloading flow for unverified apps? 3708 votes It's a good move. Better security is worth the extra steps. 19 % I get why Google is doing it, but it feels like overkill. 32 % This makes Android less open and hurts power users. 47 % Doesn't affect me, I don't sideload apps. 2 %
Where Android malware comes from There’s no shortage of places you could pick up an Android APK that’s infected with some hidden malicious code, just waiting to ruin your day (and week, and bank balance). Sometimes malware sneaks into the official Play Store — but Google’s constantly vigilant about detecting and removing all that it can. Or maybe you find a download link on the web or in an online forum — you might think you’re getting an early release from the actual developer, but it’s an impostor trying to trick you into installing malware.
Google already has good system in place to address these threats, and they’re getting even stronger with this new push for more universal develop registration. Between Play Protect scans and sticking with developers you trust, most users can feel reasonably confident that their apps are safe.
Don’t want to miss the best from Android Authority? Set us as a favorite source in Google Discover to never miss our latest exclusive reports, expert analysis, and much more.
to never miss our latest exclusive reports, expert analysis, and much more. You can also set us as a preferred source in Google Search by clicking the button below.
But there’s also a much more insidious type of malware threat, and one that leans harder than ever on the human element here: scams. Bad actors target vulnerable communities everywhere, often starting with phone calls or messages warning about imminent dangers — a classic here is someone telling you over the phone that you’ve got a relative in jail and they need you to send money for bail/a fine/to pay a lawyer immediately.
Sometimes, scammers like those just try to get you to send them cash. But increasingly, they’re adding a malware component to their scams, trying to convince you that the only way to make the necessary payment is with some special software. These kind of high-pressure tactics, and coming from a live person you’re talking to, can be incredibly more persuasive than some random forum comment suggesting you install an unverified APK. When the safety of your loved ones is on the line, it’s very possible that you might dismiss all the warning messages Android throws at you and still try to install the sketchy APK.
How Android’s “advanced flow” for sideloading keeps users safe Google has clearly spent a lot of time looking at its options here. Warning messages are a good start, but they can only get you so far, and all too easily collapse when scammers are able to get an emotional hook into their target. What Google ultimately had to accept is that any sideloading protection workflow that included a switch or toggle that users could turn off, would be turned off through the influence of smooth-talking scammers.
... continue reading