So I buy a device ... with my own money ... which I supposedly then own, but then I need to ask some corporation permission to use it, and it treats me like a toddler by giving me a 24 hour wait period for the ability to install applications on that device? I'd understand if this "feature" was a part of Parental Controls, but I'm not a child, so this is insulting. I see Google saw how Microsoft likes to spit on its users and wanted a piece of that action. How is this legal?
I never bought into the apple ecosystem for the exact reason of not being able to feel ownership over my own device.
However i also understand the challenges google has. They/vendors are selling consumer devices with a consumer OS on it. Not everybody is tech savvy and a fair bit of people are too easy to trick into installing things.
An alternative could be to offer two versions(perhaps on phone activation). A business like version where a business(and people on HN) get full access. MDM and all. And average Joe mamas version that comes with more guard rails activated.
I can personally live with that 24 hour wait once, if it helps protect the average people from scammers etc.
I can understand that point, but I'd much rather vote for increased education than increased babysitting. Increased education would affect those that need it whereas increased babysitting affects everyone, including those who do not need it, and living in a society where everybody assumes you're a toddler because some people are easily gullible and ignorant is just horrible.
You are essentially a child to them. A child is just someone who has not yet developed the power to survive in a world full of adults. This is why parents guard and protect children, and when that fails society steps in to do it instead.
You are just a child to them. Not powerful enough to stick up for yourself. Ripe for abuse. The difference is society has decided not to step in to protect you from your abusive parents.
Right so by this logic, if I buy an electric car, and they decide to not let me drive on dirt-roads because the software won't allow me to and I need to ask special permission and wait 24h to be able to, that's also totally fine then, right? Do you not see the ridiculousness of this premise?
A 24 hour wait like this can sometimes be the result of a security team not knowing what else to do. There are all sorts of weird threat models when you think hard about how devices are used, like partners who have legit access to a phone at a certain point in time.
What's next? I buy a car which I cannot drive in certain locations unless I ask for permission and wait 24h? Daddy Car Dealership please let me drive in this location, pretty please?
Following this logic, adding a checkbox "I swear this app does not contain malware" to app publishing process would solve the problem with malicious apps on Play Store, right?
I hope consumers return these phones in droves like Windows RT and Windows 10 S. The issue is that sideloading isn’t an immediate concern—users would only realize the limitation later, when it’s too late to return the device.
I may be missing something, but what does the title have to do with the article? There is no mention about any waiting or mandatory reboot. What does OP have in mind?
yeah i was researching and accidently added an old article while copy pasting the link, the orginal blog was released yesterday on developer blog and is prob linked below.
I would have added it here, but i don't want hn to be label my account as spam
Would it not be nicer to have a dual boot phone where one OS is baked in rom and only contains certain necessary government/banking/medical service apps and the other is just completely free to use for whatever purpose? Just a thought...
In school I learned the definition of politics was "the distribution of benefits and burdens". We can and probably should view this as a political question. The benefit is the consumer right to do whatever you want with the device you bought (used by some), vs the burden of making yourself attackable by scammers etc. Google are pushing first and foremost for protecting end-users from scammers. They do benefit from this, so there is probably an incentive for them to do so. It is very practical that they can call locking down their phones "protecting users".
The big question here is where on the balance scale we care about "protecting users against scammers" vs "protecting users against enshittification, closed ecosystems, and possible future power grabs". One side is very tangible and easy to understand, the other more abstract, and most consumers simply don't understand it well enough to make educated choices about it. This uncertainty is being used by powers that benefit from pushing towards the "lock-down" extreme of the scale. Peter Thiel said so himself.
It is also worth noting that it is these security guys' job at Google to invent security schemes. All in all they did their job as engineers, and ignoring personal responsibility to engineer solutions that balance needs not only technical but also social, they did everything right. In a larger society there should be people who take on the job of setting boundaries for these technical solutions. Just like you need technical people to push back on technical demands from non-technical people within a company, we people who push back on this sort of stuff in our society. Us technical folks are best suited to do this job.
TL;DR: The political question boils down to how many grandmas are we as a society happy with getting scammed in the name of protecting consumer freedoms? In the extreme and hyperbolic case, are we happy with an infinite number of grandmas being sacrificed? Where on the line do we want to be? And what other measures can we put into place to make the problem easier to solve without sacrificing basic freedoms? If you are technical you should probably consider taking more space in the public debate.
There should be one screen each for self signing individual apps and it's updates, and another one for adding a public app store key to allow verifying apps and updates from that key. That would be factual and not scary. Yes, the question should be asked of the play store too.
People should by default not trust a developer or store or OS for that matter that is scaring you into doing something.
The only sane way to buy a device is to pick a user-representing OS (eg Graphene), pick a device from its list of supported devices, and then install your desired OS on that device as soon as you get it as part of your setup process. Then if it's 24, 48, or 168 hours to receive your unlock code to install the secure OS, it's all just part of the setup process (and if they refuse to unlock for whatever reason, then you're still in the return period!). The longer you let the surveillance industry keep its hooks in you, the more friction and dependence they will add to every single thing you want to do that goes against their business interests.
this was already discussed, so no point for dupe, but there is no wait period for ADB install
and AFAIK this also affects only unverified developers, though hard to imagine why would someone install app from verified dev outside the play store, for the record I don't have gapps in my phone and use Aurora
Actually this OP seems to be the old announcement from 2025 with no additional news as far as I saw. If implemented like this, it will be horror.
The baseline for a usable solution for me is still that I can keep my banking apps and that I am able to use fdroid trusted builds from source, can install builds from other open source CI builds, install builds from my students I know personally without needing them to verify with a foreign entity and publishing their personal data.
Practically the law will require me to buy another 'developer phone' the for work. Actually allowing more profiles like the work or hidden profile would allow users to at least chose per profile and could at least put their banking apps into a sandbox where they work (requirement would be that Google wallet can also run from such a profile) . I actually would be very happy to run the main profile without any Google play services like Graphene does: I guess a lot of data protection risks would be solved by this.
yeah i accidently added an old article while copy pasting the link, the orginal blog was released yesterday on developer blog and is prob linked below.
I have asked the admin to update this with the latest blog, as i can't update it myself nor i can remove the submission
This submission leads to a generic press release about the anti-feature from 6 months ago, when it was first announced. There's absolutely no mention of the information that has been revealed and posted here since, not even that regarding the 24-hour wait from the submission's title.
If this is what the other submissions of this account look like, it's no wonder they're being taken down.
However i also understand the challenges google has. They/vendors are selling consumer devices with a consumer OS on it. Not everybody is tech savvy and a fair bit of people are too easy to trick into installing things.
An alternative could be to offer two versions(perhaps on phone activation). A business like version where a business(and people on HN) get full access. MDM and all. And average Joe mamas version that comes with more guard rails activated.
I can personally live with that 24 hour wait once, if it helps protect the average people from scammers etc.
You are just a child to them. Not powerful enough to stick up for yourself. Ripe for abuse. The difference is society has decided not to step in to protect you from your abusive parents.
A 24 hour wait like this can sometimes be the result of a security team not knowing what else to do. There are all sorts of weird threat models when you think hard about how devices are used, like partners who have legit access to a phone at a certain point in time.
Are these multibillion companies so incompetent to not think about it?
That's an interesting way of selling this.
I would have added it here, but i don't want hn to be label my account as spam
The big question here is where on the balance scale we care about "protecting users against scammers" vs "protecting users against enshittification, closed ecosystems, and possible future power grabs". One side is very tangible and easy to understand, the other more abstract, and most consumers simply don't understand it well enough to make educated choices about it. This uncertainty is being used by powers that benefit from pushing towards the "lock-down" extreme of the scale. Peter Thiel said so himself.
It is also worth noting that it is these security guys' job at Google to invent security schemes. All in all they did their job as engineers, and ignoring personal responsibility to engineer solutions that balance needs not only technical but also social, they did everything right. In a larger society there should be people who take on the job of setting boundaries for these technical solutions. Just like you need technical people to push back on technical demands from non-technical people within a company, we people who push back on this sort of stuff in our society. Us technical folks are best suited to do this job.
TL;DR: The political question boils down to how many grandmas are we as a society happy with getting scammed in the name of protecting consumer freedoms? In the extreme and hyperbolic case, are we happy with an infinite number of grandmas being sacrificed? Where on the line do we want to be? And what other measures can we put into place to make the problem easier to solve without sacrificing basic freedoms? If you are technical you should probably consider taking more space in the public debate.
People should by default not trust a developer or store or OS for that matter that is scaring you into doing something.
and AFAIK this also affects only unverified developers, though hard to imagine why would someone install app from verified dev outside the play store, for the record I don't have gapps in my phone and use Aurora
https://news.ycombinator.com/item?id=47442690
The baseline for a usable solution for me is still that I can keep my banking apps and that I am able to use fdroid trusted builds from source, can install builds from other open source CI builds, install builds from my students I know personally without needing them to verify with a foreign entity and publishing their personal data.
Practically the law will require me to buy another 'developer phone' the for work. Actually allowing more profiles like the work or hidden profile would allow users to at least chose per profile and could at least put their banking apps into a sandbox where they work (requirement would be that Google wallet can also run from such a profile) . I actually would be very happy to run the main profile without any Google play services like Graphene does: I guess a lot of data protection risks would be solved by this.
I have asked the admin to update this with the latest blog, as i can't update it myself nor i can remove the submission
May I purchase a non-certified android device now? Because frankly, fuck you.
If this is what the other submissions of this account look like, it's no wonder they're being taken down.
Apologies, sir