You mention nuance and good faith, but on your profile, and on your website, you claim to work on Android at Google. Previously on Google Play. I don't see that mentioned in your comments about this issue, I do think it matters a lot.
> This side however seems to stick its head in the sand over security, "I wouldn't fall for it therefore it's not a problem"
Which is also a total misrepresentation of the arguments made on the website, and made by many people opposing these changes. Again, since you mention good faith and nuance.
> By all means push back on security being a concern,
The website does not seem to push back on security being a concern in general, if I'm reading it right. It does however push back on the idea that changes made by Google will actually increase security of the users.
> but the numbers don't support this.
Can I see these numbers? I would seriously love to.
I don't really understand your argument here, isn't Google's announcement also entirely one sided? I also don't see any "discussion" of disadvantages of their solution in their announcements. For example, the "over 50 times more malware" stat is stated without any source at all, same with "Most of your users’ download experience will not change at all" (inb4 I don't care about power users at all). Not to mention stats about scam-by-sideloaded app, anything that would suggest that the proposed solution is going to work.
The point of "keepandroidopen.org", in my understanding, is to be a quick PSA on why the author of the website thinks this is a problem with some call-to-action. It's not supposed to be a place for discussion, it's at best a discussion starter, one of the sides of the discussion to consider. Obviously they present their side, as Google has presented their side.
And anyway, how are users supposed to hold this "reasonable discussion" with a corporation? I know that Google had some sort a feedback form about this, and that they made some changes, but that is not a discussion. I didn't really actually see any "reasonable discussion" being held on this topic ever, anywhere, ever, nor do I really see how it would happen. I don't even really see a good reason for Google to hold such a discussion. It's a decision made by a corporation, about their product, after all.
Could you present your how you see this "reasonable discussion" being had? Where? How?
They then end up paying more by buying five awful low-range phones that each last a year instead of one mid-range that will last more. No, I would rather everyone paid more for a phone. I find it hard to believe that the difference in price will make it impossible for them to buy it, if so, that's a separate problem. This + mandated software support may finally make it viable to just buy a used phone, too.
I think Google is trying to solve the problem at the wrong level - people do not really understand their computing devices enough to understand the risks, they never had to learn or were taught how to use such devices, they were only told it's easy and to not ask questions. The interfaces are designed in a way that allows them to get by with almost no understanding of anything. Which is why such solutions may also be bypassed by a determined attacker. Such scams only really expose this fact. So there is no good way to differentiate between the two groups.
My solution is educating about smartphones and computers first. Not in an in-depth way, but people need to understand what "application", "verified" means and what are the risks. I think android cleaned up the abstraction enough to make this possible.
Being able to tell if an app came from a trusted company or not is a good thing, but I would rather such a solution be managed in an OS-independent way, not controlled by Google. Applications not authenticated by a company should not be second-tier citizens, but there should be a clear warning (and the users should already know the difference before even seeing this warning).
I think the scams and phishing also expose another important problem that nobody tried to tackle yet - you can't authenticate calls, sms messages or emails. There is no good way of telling if it's actually your bank calling you, or if it's just a scammer.
In the end, we also need to accept that not all scams can be prevented, at some point if someone is calling as a friend of your family member, and is asking to urgently transfer money to an unknown account, and you fall for this... I really can't think of a technological measure that would've helped, it's only you and your common sense.
> My solution is educating about smartphones and computers first.
98% of people literally do not care and/or are too dumb to understand. You could force them at gunpoint to sit in the education class, and give them a simple basic quiz afterwards, and they'd get half the answers wrong. They will continue to not even read what's on their screen, and just click the big highlighted button every time they see one.
Yet somehow they are not too dumb to get a driving license or operate a gas stove. I would argue that operating a car is much more complicated than operating a smartphone.
At some point, if you are unwilling to learn basic facts about your environment, and you don't have a guardian, then you will get hurt. I don't necessarily mean by a computer. I think that's fine and I don't think a patronizing solution by a corporation that clearly wants more control over society is a necessary help.
How many people are gullible enough right now to plug a phone to a laptop over USB and execute an exe on an operating system with no sandboxing at all? ADB even seems to work over webusb. (at that point you may as well give up on hacking the phone, but I digress). That's exactly why I believe the problem is more complicated and why Google's solution is not really fixing anything, not for the users.
There's going to be a lot of people who don't have a laptop/desktop handy right now - because they're out of the house, because it's unplugged in a cupboard, or because they borrow it from a friend or use an internet cafe when they need that. So a requirement to use that and connect your phone to it is effectively similar to the 24 hr waiting period: time to think, time to mention it to a friend who's heard about this scam before. This is why phones are such an attractive target in the first place.
What do you mean by impossible in this case? Can't you just have the coin-operated parking meters back? Where I live, in EU, parking meters even take cards.
EDIT: I guess "just" is doing some heavy-lifting, so I won't argue this further, but "impossible" isn't the word I would use either. The city could revert this decision, definitely if enough people wanted them to (that's... I know, the hardest part). I just agree with the OP that we technically could go back to slightly less-digital society.
> Where I live, in EU, parking meters even take cards.
Unfortunately, a more accurate way of putting it is: stuff takes cards in lieu of coins. Like, where I live (also EU), ticket machines in buses and trams have gradually been upgraded over the past decade to accept cards, and then to accept only cards.
It's a ratchet. Hidden inflation striking again. Cashless is cheaper to maintain than cash-enabled, so it pretends to be a value-add at first, but quickly displaces the more expensive option. Same with apps, which again, are cheaper to maintain than actual payment-safe hardware.
It's near impossible to reverse this, because to do that, you have to successfully argue for increasing costs - especially that inflation quickly eats all the savings from the original change, so you'd be essentially arguing to make things more expensive than the baseline.
a few years ago the vending machines in my office building started accepting credit and debit cards for an extra fee of $0.35 per transaction. just recently they stopped accepting bills and coins leaving cards as the only option, but are still charging the extra fee.
I feel like this kind of glosses over the fact that a lot of people (I'd say an overwhelming majority) prefer the cashless options anyway.
I don't know if I have any friends who miss carrying coins and cash, or who miss carrying individual bus/subway tickets, but if they do, they're awfully quiet about it compared to the friends who happily say they can't remember using cash.
I'd say that if anything, cashless things are catching up to the general public.
Personally, I'm in favor of keeping things cash-friendly because people shouldn't be forced to be cash-free, but that's only to support a small minority of people.
Overwhelming majority prefers shit[0] - people pick from what is made available to them, not from what could possibly exist, and they don't have direct say whether or when what's available changes.
These cashless solutions are just another thing[1] being pushed from top down; the passengers only notice when they suddenly find themselves unable to buy a ticket for coins, but by that point, the decision has long been made, so people only get to whine and complain, or otherwise express opinions that are not actually listened to by anyone with power to change things.
This is not saying that all those solutions are bad or inferior. Just that nobody is actually checking with people whether they want it or not; technology is deployed as fait accompli, and regular people just find ways to cope.
--
[0] - Like flies, I suppose. There's millions of them, they can't be wrong!
[1] - Like most technology, really, both software and hardware.
That, + logistics and logistics security in general. I agree, the costs are real; in general, anything physical with mass = costs. So the cost savings are real too - my point is that those are instantly eaten by inflation, so going from cash to cashless and then back to cash isn't a no-op; rather, the first leg quickly turns into a no-op, then the second leg would be increasing costs.
Place where I park my car for work (Gosford, Australia) just got rid of cash payment, they now take card payment only (apparently there is also going to be an app, but they haven’t launched it yet). I think the number one reason is they are upgrading to a new system, and the parking technology vendor doesn’t provide cash payments as a standard option-probably they could implement a custom integration to enable it if they thought it was essential, but cash payments are so rare, it would be a difficult decision to justify. The carpark is owned and operated by the local government, so they need to justify their decisions, either as commercially viable, or else as producing substantial public benefit, but I think both arguments would be difficult to sustain in this case.
It’s kinda easy to justify though from a financial standpoint. If the parking meters take cash, you need all the hardware to accept and secure the cash. Then you need somebody to go around at some point and actually physically collect the cash. Then someone has to reconcile the cash, etc.
So at least from that angle I see it as an easy “government is actually trying to be more efficient” argument.
As a user cash is a pain in the ass. I have to count it out, keep it in my pockets, etc. So much easier to just tap my phone or my card. But yeah that’s a tradeoff in the classic “You’re trading X for convenience”.
Even then with cards they may still need to consider fraud via skimmers, or that the equipment can be vandalized. Going app-only (or vastly reducing the availability of payment machines) means less upkeep for them, but it also moves the kind of fraud to where people have replaced the information or QR codes to scan. It seems like a parallel to what google and whatever entities are pushing them to make these changes are trying to do, at some point someone has to put in work to keep the system working securely and everyone wants to delegate it to someone else.
At least in Australia, skimmers haven’t really been an issue for a long time. Everyone uses paywave / nfc payments. The ticket machines I’ve seen installed lately don’t even have a way to insert the card or a pin pad.
They are in theory still possible to destroy but it’s a lot harder and the little electronics left are cheaper to repair.
There should be a legal requirement then, that there's an office you can go to and buy vouchers with cash, which you can use on the machines. There's no need to collect the cash from all the meters but you can still pay cash.
Don't pay and when you get a fine take them to court and state you don't have a bank card. There's jo wat a council can legally require you to enter into an agreement with a bank to use council run facilities, it's likely nobody's challenged them on it though.
Every council I've lived in has still taken cash for every type of council fee, despite their "official" statement being they don't.
> There's jo wat a council can legally require you to enter into an agreement with a bank to use council run facilities, it's likely nobody's challenged them on it though.
Is there some law saying they can’t?
This is a carpark. If you own a car, you are legally required to hold a CTP insurance policy as a condition of registration-so to be able to use the facility, you legally need to be customer of one type of private financial institution; given that, is it really problematic if council requires you to be a customer of a second kind as well, when close to 100% of the population are?
The next level of parking enshittification is pay-by-license-plate, which is starting to become widespread here in Perth, Australia, even for locations that are free parking, and locations that have parking machines. Surveillance just ratchets upwards.
There are places in EU too where parking meters have disappeared and payments are only done through apps. And I am talking about public space in the street, not private parkings.
I do believe that. Pointing out that I live in the EU was completely unnecessary, I meant that I live somewhere in the EU, I didn't really mean to compare it to the US.
The other problem, in the US at least, is that cash is very low value (inflation), and dollar coins never caught on. I'm not trying to carry around $6 in quarters to park for 2 hours. And that's a pretty inexpensive parking spot.
No, they're implying that you need a lot of coins to pay for parking.
If you need $6 to pay for parking, and the largest commonly available coin is a quarter, that means you need 24 coins to pay. If the value of currency was such that the parking only costed $3, or if dollar coins were more common, you'd need less coins to pay.
And maintain them, which I suspect costs even more. Parking meters do fiddly work, out in all weather, where people hate them and do all kinds of vandalism.
It doesn't surprise me that they want to make hardware maintenance your problem.
I parked in a garage in downtown Tacoma, Washington. The only option to pay was via an app. So I downloaded the app (by walking outside to where there was cell service, because I was, you know, underground in a garage) at which point it threw an internal server error when adding my card. There was no attendant on duty, and no way to pay with a credit card. So I left - just drove out of the garage. Then a few months later I got a fine for $75 for not paying. Then I called them to dispute it, and they offered to waive most of it, but it was still more than if I had been able to pay the fee initially.
I'm sure it was sold to the garage as a way to "maximize revenue and unlock operational efficiency". And sure enough, look, the revenue number is up and to the right. Working as designed.
Seriously, I don't understand why these stories have to so often end with someone just giving in and paying. Our society is so disenfranchised. I understand that doing it the right way by sending them written notice that it's an invalid debt takes time and effort, but there are options between that and just giving in and validating their nonsense.
You're right, I pasted this into Claude and it seems to think that there are many avenues. And Claude even named the parking operator by name because they're facing a class action for this very thing:
Claude wrote:
> The broader trend is in your favor. App-only parking companies are facing a wave of legal action nationally. A major class action lawsuit against Metropolis Technologies (one of the largest app-based parking operators) alleges they violated consumer protection laws by failing to provide adequate means to pay for parking and then penalizing consumers for not paying. Lanier Law Firm Tennessee's Attorney General secured a nearly $9 million settlement against Metropolis for similar practices, requiring them to implement clear signage, maintain staffed customer support, and automatically issue refunds when their technology malfunctions.
It's just so exhausting to deal with this kind of thing, I've been super busy and it's not worth it to me to fight over $30, which is exactly the bet these scummy companies are making. I think LLMs lower the cost of drafting serious sounding letters to the point where that should be my first impulse rather than giving up and paying them, which rewards the behavior.
Of course it's not impossible; but very incompatible with the agenda per which everyone must become a digital slave, guilty by default, surveilled 24/7, deprived of all privacy, freedom and rights, with TOSes replacing the charade that there is for law now, and impenetrable screens instead of human interaction.
>Regina city council made the decision to remove the coin option at downtown meters as part of the budget deliberation process, said Faisal Kalim, the City of Regina's director of community standards.
Yes, I read the linked article. Yes, the city made this decision. The decision could be reverted. I understand that this is a type of thing the OP (top-comment in the thread) is wishing for.
I don't see the "impossible" in my understanding of the linked article.
Coin-operated meters means someone have to come around checking the meter, collect coins, check the parking tickets. One person can only cover so many devices per day.
Then you have mechanical maintenance, with that comes disputes with "it was broken, it didn't accept the money" and so forth.
I've probably forgotten a number of other related things, but compare the above to digital solution.
Parking app, where the customer pays only for the parked time, no fiddling with money or keeping track of time. The parking attendant checks much quicker by just scanning the license plate while walking the rounds (could be done via car and a mounted camera even).
Analog just costs more, and citizens doesn't want taxes to go to things that are not strictly necessary.
It was possible for many decades already, budget and maintenance-wise. You can at least accept a credit card as an alternative. Yes, it's not perfect, but the fully digital alternatives also have drawbacks, as pointed by OP.
Things that were possible become impossible. Once Britain ruled the seas with wooden sailboats. Those boats are not perfect but could they win today’s naval battles? Also no.
"The decision could be reverted." Do you often buy a new car and revert that purchase to purchase a different new car? I guess you don't often use your own money so no big deal.
Why the snark? Did I misread? I don't often buy a new car, do you? I really don't understand what your last sentence means.
I don't even think this a fair comparison, it's more like keeping the old car just in case or for other family members. But I think I specified enough what I'm arguing already, yes this is unlikely, just not impossible.
> Can't you just have the coin-operated parking meters back? Where I live, in EU, parking meters even take cards.
That costs money. Coin operated machines routinely are targeted by vandals, with each case making easily 100x the damage for loot. And card-acceptance also has its issues, the terminals need a data uplink, someone needs to take care of the machines. That's why so many (especially private parking lots) shift over to purely app based schemes. Orders of magnitude less tech you need to worry about.
I found one parking lot in the EU where there were only signs, and the signs not only pointed to an Android+iOS only, attestation-protected app, rather than a website, but an app that, at least on Android, was region-locked to only allow installations from people with the local country set correctly in Play Store (something completely different than the country Google sets for your account, for some reason).
It was a public lot, and the only lot in the town, as far as we could tell.
They are saying that things that have already been dumbed down can't go back. Obviously that's just their opinion, but I would guess that most people agree with them.
> because you are annoyed about some temporary problems
I mean, all problems are temporary, time is money etc. etc. And there are signs that suggest that some of these problems (namely freedom to run your own software) are not going to get resolved soon. Is there something deeper in your thought that I missed?
> These kind of posts get a lot of upvotes, but they do nothing to change corporate behavior.
I don't understand, we are on a discussion forum. Of course writing comments here does not influence what Apple does, that's not what HN is for, I think (I hope) that everyone already assumes that. Why do you feel the need to point that out?
I do? It's a trivially comparable thing? I'm not even talking about ALL prescription drugs. I'm talking about the fact that some have interactions that can kill you. Having "life savings gone" consequences from a random app install is that level of danger.
A non-trivial number of people should probably have to go see a specialist before being able to unlock sideloading in my opinion... which means we probably all would have to. It's annoying, but I actually care about other people.
I have a hard time with this because it's the world we've lived in forever. Everyone knows installing an "app" installs an executable.
Doesnt android require a specific permission to be user-accepted for an installed app to read notifications? I think it's separate from the post-notifications permission.
This seems to be an issue of user literacy. If so, doesn't it make more sense for a user to have the option to opt into "I'm tech illiterate, please protect me" than destroy open computing as we know it?
this. just like how when you start playing a hard esoteric game like an RTS or MOBA, they ask you what your degree of comfort/experience with the genre is to avoid making a pro player go through the tutorial and vice versa.
In an ideal world where governments and corporations weren't trying to lock us into a closed system for massive surveillance and control, during the installation/setup of a mobile phone should be a question about tech literacy and protection. Selecting any option that isn't "I'm tech illiterate, please protect me" should be very annoying. There should be many warnings in uppercase bold red letters telling the user it can be dangerous and listing those dangers. But if I'm a developer and want to patch my kernel or modify the system as I please, I should be able to do so. If i want to install a malware app in a burner phone to study its behavior (or just for fun) I should be able to do so.
There would probably be one or two grandmas that would still somehow choose the pro hacker mode and get scammed down the line, but I think that minuscule amount of harm done is very much preferable to closing out *literally everyone else* from using the devices THEY BOUGHT.
It might not "solve" the problem, but I'd expect it to significantly address the problem no?
I've heard much criticism of it being too heavy-handed, but I don't think I understand criticism that it won't improve security. Could you expand on that?
No. You seem to be implicitly arguing that that unsigned apps are inherently less trustworthy than PlayStore apps. That's a claim that needs to be proven first. And based on the huge amount of documented data exfiltration performed by Google-approved apps, I'm going to say that claim is false.
I'm arguing that a curation process that includes security review is likely to produce a more secure set of software. Admittedly it might be completely ineffective, but I think that's an unreasonable assumption. So some review is more secure than no review. Now I'm not saying "better", you could argue it's a false sense of security, but it's still more security.
> I'm arguing that a curation process that includes security review is likely to produce a more secure set of software
I actually totally agree! There is no external entity users can rely on to make sure apps they download are legitimate. I read the thread from root to this comment and I don't see it mentioned, so I'm not sure if you know this and are just arguing something else but...
There is actually nothing about testing or verifying apps themselves in the announcement made by Google. It's just about enforcing developer verification in some Google service and "registering the apps".
EDIT: I checked your profile, and I now see that you actually work at Google, on Android... Is there something I misunderstood about these announcements?
> you could argue it's a false sense of security, but it's still more security
Well here I don't agree, I would much rather be aware of the dangers than think I'm safe when I'm actually not.
> This side however seems to stick its head in the sand over security, "I wouldn't fall for it therefore it's not a problem"
Which is also a total misrepresentation of the arguments made on the website, and made by many people opposing these changes. Again, since you mention good faith and nuance.
> By all means push back on security being a concern,
The website does not seem to push back on security being a concern in general, if I'm reading it right. It does however push back on the idea that changes made by Google will actually increase security of the users.
> but the numbers don't support this.
Can I see these numbers? I would seriously love to.