According to the article there are now more than 3 billion Android users. I have no information to the contrary.
How do you expect to attempt to secure that many devices by allowing the platform to continue as it was?
You call it dumbing down, which I understand, but how do you stop all the click-happy people from installing the next nefarious “game”, when they already have little to no chance to avoid email spam and SMS scams, let alone LLM generated “custom targeted” exploits.
I get that there are users who use this (now) vanishing functionality, but are they representative of the total user base, or edge cases? Neither you nor I have any hard data on that, but I know that as an ICT professional, I’m an outlier.
I’m no friend of Google’s business model, but I don’t believe that they’re purposefully shooting themselves in the foot,mind you, I’ll concede that it has a poor track record in the past few years.
Let’s progress the conversation.
How would you protect essentially computer and security illiterate users from malware in a scalable and sustainable manner?
As an aside, I’m a long term (25+ years) Linux user and have used pretty much everything since the 6502 was part of the picture. In my professional opinion we haven’t begun to figure out how to do this in the desktop world, Android is so far the closest we’ve managed and I’m not seeing anything here (yet) that makes me see this as a mistake.
I dont really have the time to participate in what looks like an interesting debate but I have a few notes on your post.
How do you expect to attempt to secure that many devices by allowing the platform to continue as it was?
Secure what? Against what type of threat? This type of vague question results in vague answers. If the threat is social engineering I would argue not many protection would be effective beside educating the user about that.
You call it dumbing down, which I understand, but how do you stop all the click-happy people from installing the next nefarious “game”, when they already have little to no chance to avoid email spam and SMS scams, let alone LLM generated “custom targeted” exploits.
You don’t stop them. You ask them and show them a disclaimer when they activate sideloading and that’s it. They are on their own. If the user doesn’t understand the risk after (skipping) the disclaimer. That’s their own fault. I don’t want to be put in prison just to make sure nothing bad ever happen to me. If a user purposefully disable protections they are on their own. But they should always be able to disable them.
I get that there are users who use this (now) vanishing functionality, but are they representative of the total user base, or edge cases? Neither you nor I have any hard data on that, but I know that as an ICT professional, I’m an outlier.
This is the openness of the OG Android. Welcoming as many users as possible even if they are not your mean average user. It doesn’t matter if these user are a minority. They should be able to override any security they want. As long as they have acknowledged that they understand the risk and will not sue Google for it. I don’t see the problem.
I have worked on a custom ROM based on AOSP and that’s the other trend that worries me. The fact that less and less of “Android” seems to go to AOSP was already a concern years ago. Google wants to close their OS to better compete with Apple. This means severing those annoying minority power users from the rest of the community.
I see a very paradoxical response from you coming from Linux. If you enjoy Linux for its openness why would you accept Google rhetoric like that is really surprising. Let users do complicated stuff on your software as long as they have signed a virtual “I AM IN DANGER” form that’s OK. If you remove these advanced settings features anyway then it’s not for the user, it’s a PR move to protect the perception of your software.
Sorry if this comment seems a bit aggressive. In my opinion you are arguing for Android to slowly transform into IOS and ad someone working on Linux for decades, this is very weird.
It appears that you think that I’m holding contradictory opinions. It’s possible.
The “ICT aware” population is not what I’m concerned about and whilst that likely excludes both of us, it’s the retired widow who needs a phone to track her diary and call an ambulance, it’s the pig farmer who uses 123456789 as their email password and uses internet banking to pay his employees, it’s the impatient mother of three who is running between venues to get her kids to drama, soccer and music lessons.
I have made house calls to these actual people and hundreds more who do not, will not, cannot, read warnings. They simply don’t have the context to understand their severity. They don’t understand why a camera has no requirement to read your address book or connect to the internet. They don’t understand what a calculator needs to keep your screen on, or not. They “don’t have anything to hide” and have no understanding how their address book and diary can be used to defraud them of their life savings.
I’ve spent a lifetime educating people like this. It’s a drop in the ocean and all that happens is I’m pissing in the wind getting wet.
Is locking down Android helpful for you and I, perhaps not. But if I don’t get a phonecall in the middle of the night because one of my clients just lost their life savings because their phone got “hacked”, I’m a happy little vegimite.
Linux isn’t ready for prime time because novice users have no chance to just do simple stuff like plug in a phone, download a video and tweak it, let alone open a spreadsheet or make a Christmas card and print it out.
You and I can do this, my partner cannot.
Another way to look at this is a 30 year academic with Mac and Windows experience who cannot figure out how to migrate to Linux.
Usually as an IT professional people assume I lost touch with the average people abilities with technology. I’m used to that by now.
I understand very well most people want a phone to be simple and easy to use.
This is not a justification to remove this advanced options for power users. None of the user you mention in your post will ever activate sideloading. This is just an option for that minority of people.
Android is not much more complicated to use than IOS if you stick to basic use; social networks, taking pics, picking up calls. That’s it.
You can do all of that without ever knowing about sideloading or advanced permissions and so on.
So thank you but I’m with well aware I shouldn’t use my perception of Android as the norm. But I’ll definitely say that the average user literally doesn’t ever go in those advanced settings so whether they exist or not doesn’t matter to them. But out of openness I think it’s important the power users can still have this OPTION available.
Also if you really want a simple phone and super easy to use. Get them an IPhone and call it a day it’s simple as that. Obviously if you can’t afford one then Android should still be fine anyway.
Somehow I doubt any less technology enthusiastic person would favor an Android phone over an Apple one to then complain that there is too many options available in the settings.
I don’t think anyone is advocating turning off the side loading features, unless I missed something, but the complaints here appear that you have to do extra work to bypass security, which is not something I understand.
The assumption I think is that Google ask for more and more work to use that feature. So you can either shrug it off or prepare for Google to remove this ability entirely.
That’s not at all true. We no longer expect drivers to change sparkplugs (or batteries), even checking oil levels is beyond most, let alone using a manual gearbox or disabling airbags.
You have to understand that the fact that you’re here in this community participating in this discussion already puts you in a very small subset of humanity with technology skills not in evidence in the general public.
how to use their stuff. We don’t expect them to know what’s under the hood. But we do expect them to have knowledge of the rules of the road, what the traffic signs mean, the fact that driving at high speed into a wall is not desirable etc. Simple everyday stuff required to be able to use, not maintain, a car.
“read the stuff on screen and at least try to understand it” is the barest minimum. But we don’t even expect that of anyone anymore. Or even something as simple as if you see a red flashing sign saying “IF YOU DO THIS YOU WILL BE IN DANGER!”, at least try having a 2nd look
I’ve been writing software for a very long time. Users are essentially stupid and lazy. They don’t read what’s on a screen, even if it’s the only thing on the screen, even if you don’t give them any other options than clicking “Ok”.
When I say stupid, it’s not that they’re dumb, it’s that their mental model of the world doesn’t match the computer one, saying things like: “well, that’s stupid, it should be like this”, followed by a completely illogical and unimplementable world view of the problem they think is being solved.
For the majority of humanity, computers are magic and no amount of arguing here is going to change this in our lifetime. It’s why AI is welcomed with open arms and no thought to its reality.
Those “stupid and lazy” users own their phones, not you. They are the admins of their devices, not you. And as admins they should have full control over the security policy, not you.
They are the admins of their devices, not you. And as admins they should have full control over the security policy, not you.
I can’t agree with you there, a few years ago I installed Mint on my mum’s old desktop. It was either that or pay for a new Windows license to “upgrade” to Win10. She doesn’t have admin, doesn’t even know what admin is and would be unwilling to learn if she did know.
Not all users need to be admins, in fact most don’t want it.
Me, however, I get pissy if the machine stops me doing what I want to do.
You call it dumbing down, which I understand, but how do you stop all the click-happy people from installing the next nefarious “game”, when they already have little to no chance to avoid email spam and SMS scams, let alone LLM generated “custom targeted” exploits.
That’s the neat Part, you don’t
Their choice, their consequences. There are enough warnings on the way there, they are free people and were informed about the risks
As an aside, I’m a long term (25+ years) Linux user and have used pretty much everything since the 6502 was part of the picture. In my professional opinion we haven’t begun to figure out how to do this in the desktop world
App Distribution via Flatpaks and Immutable OS are already pretty much there. Did you try a recent Fedora Version?
As an It professional I must disagree. Dumbing down the platform isn’t good. Let’s hope Magisk Deny list keeps working.
Happy to debate.
According to the article there are now more than 3 billion Android users. I have no information to the contrary.
How do you expect to attempt to secure that many devices by allowing the platform to continue as it was?
You call it dumbing down, which I understand, but how do you stop all the click-happy people from installing the next nefarious “game”, when they already have little to no chance to avoid email spam and SMS scams, let alone LLM generated “custom targeted” exploits.
I get that there are users who use this (now) vanishing functionality, but are they representative of the total user base, or edge cases? Neither you nor I have any hard data on that, but I know that as an ICT professional, I’m an outlier.
I’m no friend of Google’s business model, but I don’t believe that they’re purposefully shooting themselves in the foot,mind you, I’ll concede that it has a poor track record in the past few years.
Let’s progress the conversation.
How would you protect essentially computer and security illiterate users from malware in a scalable and sustainable manner?
As an aside, I’m a long term (25+ years) Linux user and have used pretty much everything since the 6502 was part of the picture. In my professional opinion we haven’t begun to figure out how to do this in the desktop world, Android is so far the closest we’ve managed and I’m not seeing anything here (yet) that makes me see this as a mistake.
I dont really have the time to participate in what looks like an interesting debate but I have a few notes on your post.
Secure what? Against what type of threat? This type of vague question results in vague answers. If the threat is social engineering I would argue not many protection would be effective beside educating the user about that.
You don’t stop them. You ask them and show them a disclaimer when they activate sideloading and that’s it. They are on their own. If the user doesn’t understand the risk after (skipping) the disclaimer. That’s their own fault. I don’t want to be put in prison just to make sure nothing bad ever happen to me. If a user purposefully disable protections they are on their own. But they should always be able to disable them.
This is the openness of the OG Android. Welcoming as many users as possible even if they are not your mean average user. It doesn’t matter if these user are a minority. They should be able to override any security they want. As long as they have acknowledged that they understand the risk and will not sue Google for it. I don’t see the problem.
I have worked on a custom ROM based on AOSP and that’s the other trend that worries me. The fact that less and less of “Android” seems to go to AOSP was already a concern years ago. Google wants to close their OS to better compete with Apple. This means severing those annoying minority power users from the rest of the community.
I see a very paradoxical response from you coming from Linux. If you enjoy Linux for its openness why would you accept Google rhetoric like that is really surprising. Let users do complicated stuff on your software as long as they have signed a virtual “I AM IN DANGER” form that’s OK. If you remove these advanced settings features anyway then it’s not for the user, it’s a PR move to protect the perception of your software.
Sorry if this comment seems a bit aggressive. In my opinion you are arguing for Android to slowly transform into IOS and ad someone working on Linux for decades, this is very weird.
It appears that you think that I’m holding contradictory opinions. It’s possible.
The “ICT aware” population is not what I’m concerned about and whilst that likely excludes both of us, it’s the retired widow who needs a phone to track her diary and call an ambulance, it’s the pig farmer who uses 123456789 as their email password and uses internet banking to pay his employees, it’s the impatient mother of three who is running between venues to get her kids to drama, soccer and music lessons.
I have made house calls to these actual people and hundreds more who do not, will not, cannot, read warnings. They simply don’t have the context to understand their severity. They don’t understand why a camera has no requirement to read your address book or connect to the internet. They don’t understand what a calculator needs to keep your screen on, or not. They “don’t have anything to hide” and have no understanding how their address book and diary can be used to defraud them of their life savings.
I’ve spent a lifetime educating people like this. It’s a drop in the ocean and all that happens is I’m pissing in the wind getting wet.
Is locking down Android helpful for you and I, perhaps not. But if I don’t get a phonecall in the middle of the night because one of my clients just lost their life savings because their phone got “hacked”, I’m a happy little vegimite.
Linux isn’t ready for prime time because novice users have no chance to just do simple stuff like plug in a phone, download a video and tweak it, let alone open a spreadsheet or make a Christmas card and print it out.
You and I can do this, my partner cannot.
Another way to look at this is a 30 year academic with Mac and Windows experience who cannot figure out how to migrate to Linux.
Usually as an IT professional people assume I lost touch with the average people abilities with technology. I’m used to that by now.
I understand very well most people want a phone to be simple and easy to use.
This is not a justification to remove this advanced options for power users. None of the user you mention in your post will ever activate sideloading. This is just an option for that minority of people.
Android is not much more complicated to use than IOS if you stick to basic use; social networks, taking pics, picking up calls. That’s it.
You can do all of that without ever knowing about sideloading or advanced permissions and so on.
So thank you but I’m with well aware I shouldn’t use my perception of Android as the norm. But I’ll definitely say that the average user literally doesn’t ever go in those advanced settings so whether they exist or not doesn’t matter to them. But out of openness I think it’s important the power users can still have this OPTION available.
Also if you really want a simple phone and super easy to use. Get them an IPhone and call it a day it’s simple as that. Obviously if you can’t afford one then Android should still be fine anyway.
Somehow I doubt any less technology enthusiastic person would favor an Android phone over an Apple one to then complain that there is too many options available in the settings.
I don’t think anyone is advocating turning off the side loading features, unless I missed something, but the complaints here appear that you have to do extra work to bypass security, which is not something I understand.
The assumption I think is that Google ask for more and more work to use that feature. So you can either shrug it off or prepare for Google to remove this ability entirely.
I guess we will see.
we expect everyone to take the time to learn how to use anything else. We just use the same expectations for tech stuff.
deleted by creator
That’s not at all true. We no longer expect drivers to change sparkplugs (or batteries), even checking oil levels is beyond most, let alone using a manual gearbox or disabling airbags.
You have to understand that the fact that you’re here in this community participating in this discussion already puts you in a very small subset of humanity with technology skills not in evidence in the general public.
how to use their stuff. We don’t expect them to know what’s under the hood. But we do expect them to have knowledge of the rules of the road, what the traffic signs mean, the fact that driving at high speed into a wall is not desirable etc. Simple everyday stuff required to be able to use, not maintain, a car.
“read the stuff on screen and at least try to understand it” is the barest minimum. But we don’t even expect that of anyone anymore. Or even something as simple as if you see a red flashing sign saying “IF YOU DO THIS YOU WILL BE IN DANGER!”, at least try having a 2nd look
I’ve been writing software for a very long time. Users are essentially stupid and lazy. They don’t read what’s on a screen, even if it’s the only thing on the screen, even if you don’t give them any other options than clicking “Ok”.
When I say stupid, it’s not that they’re dumb, it’s that their mental model of the world doesn’t match the computer one, saying things like: “well, that’s stupid, it should be like this”, followed by a completely illogical and unimplementable world view of the problem they think is being solved.
For the majority of humanity, computers are magic and no amount of arguing here is going to change this in our lifetime. It’s why AI is welcomed with open arms and no thought to its reality.
Those “stupid and lazy” users own their phones, not you. They are the admins of their devices, not you. And as admins they should have full control over the security policy, not you.
I can’t agree with you there, a few years ago I installed Mint on my mum’s old desktop. It was either that or pay for a new Windows license to “upgrade” to Win10. She doesn’t have admin, doesn’t even know what admin is and would be unwilling to learn if she did know.
Not all users need to be admins, in fact most don’t want it.
Me, however, I get pissy if the machine stops me doing what I want to do.
deleted by creator
That’s the neat Part, you don’t
Their choice, their consequences. There are enough warnings on the way there, they are free people and were informed about the risks
App Distribution via Flatpaks and Immutable OS are already pretty much there. Did you try a recent Fedora Version?