

I use the German digital id since years. Without enforced Google.
Because the German (older) app does not depend on it.
So no, that’s not true. It is an assumption and pessimism


I use the German digital id since years. Without enforced Google.
Because the German (older) app does not depend on it.
So no, that’s not true. It is an assumption and pessimism


You have to enable it. And I would love a dedicated switch.
Currently, you need to enable third party install sources.
And one could argue that the fact that most people will not enable developer mode is a clear sign that this is a protection.
In my very very personal opinion: people that do not want to enable developer mode should maybe not install apps from third parties. Developer mode itself unlocks a few switches, and none of them is enabled per default. This is a pretty safe action IMHO.
There is a way to avoid this, but this is the device owner mode. You need an app that takes full control over device ownership, and those apps are allowed to do anything including installing any app.
One example is OwnDroid.
An opensource app that is signed by a dev and allows to manage install sources would be a working solution with better security.
If someone builds it


Proven right with what? To be clear; I can not see in the future and if member states copy the EU implementation 1:1, then at least we can fight against it in that level. Because, an implementation relying ok US Google would violate multiple European regulations.
But as it seems, misinformation and propaganda won, facts are now subjective and we just give up and bow to big corpo, because those shit hats profit from exactly this kind of bullshit.


I had a good look at the process. And yes it is not very convenient and or course it is not just to protect users, that is a secondary marketing effect.
I completely lost this view after all those heated debates, thanks.
As long as people claim that F-Droid will stop working and other stuff, based on the initial plans, I classify most of the debate as fear mongering .
And good luck and fun with your new setup. I still have an original OpenMoko, to bad GSM is dead here.
And, thanks for the debate.



Final try, this is the official new workflow from Google.
Did you know this existed? Are you aware while not very convenient or restores the full sideloading functionality once you went through this process?
What the fuck are we even debating about if facts, provable fucking facts, are ignored


How do you now that?
Again, the ability to install a completely unverified APK is used in real, successful, attacks.
The user DOES NOT KNOW WHAT HE IS DOING! That is the entire point!
If users would know what this is and understand, maybe it would be less if a risk.


Maybe look at other threads here where I debate the actual issue. An actual debate.


I’m leaving Android over this. I doubt I’ll be the only one.
Good! I hope alternative mobile operating systems get traction out of this!
And again, there is no verification need anymore! That is exactly why I am so pissed about this debate in general.
Is the workflow simple? No. Is the 24hour period comfortable? No. Do I understand why? Yes, but one or two hours would be enough



Ah another myth “the EU App”, I will not go I to detail, but each member state must implement its own app. Yes, the reference implementation uses Google services currently, but there is not a single , working , published app! Not one.


Then we agree to disagree.
I think we are manly on the same page, but different opinions on priority and that’s fine.
I declare both as a risk.
From my perspective, with this change, we could make Google directly reliable for malware in the appstore.
While this started as a very anti consumer change, as long as sideloading stays possible, this is a good measure.


That assumes that Google does not do anything about the appstore and that is objectively not true.
Is it enough? No ideas, but still, it does not change the need for better endpoint security.


That is a general issue of online debates.
I can not squash 20 years of daily learning into a comment.
I can point you to sources where you can verify it our self. Social engineering studies, blog post about campaigns from other researchers.
Placing m credentials there is my kind of saying “I have insight, ask”, but how do you think should something like this communicated.
We have a highly sensitive topic, with a lot of obsolete or just misinformation.
It is a highly complex topic that can not be simply understood by most persons, but social media opens a place for debate anyways.
There are many other examples for this happening and it is bad. Very bad.
Another example Google wants to get rid of third party cookies. Instead they want to to adspace action on your local system. In our browser, protected. But bad, because Google. Firefox could implement the same API on better, but no, bad because Google.
Google is not the good guy. But just throwing out every fucking Idea because Google Had it (or was forced into it, allowing sideloading again was because of pressure) is just not what we need


How about an apple phone?
Or how about that: projects like Linux and Ubuntu phones died because there was no interest in it, because there was Google. And now, everybody wants an alternative.
They are out there, you can use opensource Android forks, you don’t have to use Google


What? “Will install” not “have installed”. Maybe “would” is a better word, English is not my first language and I have a bad day, but there is no moving goal post.


Not denying that there could be better ways, and also, that was never the question .


I k ow that the Playstore is also full of crap, I don’t deny this.
But, just because our back window does not close correctly, do you leave the front entrance open?
Not the best analogy maybe, but a visual one


That is no longer true!


That is why I linked sources. I don’t say trust me bro.


Then just don’t use an android phone, that’s a choice isn’t it???
100% Agreement