Is it possible to allow sideloading and keep users safe?

Sandboxing should prevent most of those issues. We can't control the users giving permissions to everything, but with more control on those permissions, or disabled by default, a phone should stay pretty safe, or am I missing something?

Its not the sandboxing, its the access to user data that apps can request. a mobile OS allows apps to request and be granted all kinds of permissions, and 80% of the world population doesn't really understand what all things are possible for each of the permissions they give to an app. For example being able to export the whole contact list, or read all files in folders (where users may have saved notes with passwords) or real time tracking of gps location with wifi mac address sniffing, listen in on conversations, be able to screenshot other apps, trigger touch events... none of this a sandbox can prevent.

When there are problems reported about an app, there has to be a known party to hold accountable. I agree that a developer path that is complex enough that only people who know all the impacts are able to use to side load random apps they own or from someone they can trust, but the general population has to be protected unless at the individual level they are savvy.

People have been trained to tap through those prompts without really reading them, and it’s unreasonable to expect a less technical user to know what the implications of granting a permission are.

>People have been trained to tap through those prompts without really reading them, and it’s unreasonable to expect a less technical user to know what the implications of granting a permission are.

Can you please explain why there is no big push from the Google and Apple to remove microphone and camera access from the browsers? You claim that most users are "less skilled" and will allow anything , so for the grater good why not pushing to remove microphone, camera and file upload permissions? Why do we trust this users with reading a popup for permissions ?

Or maybe if the popups are not clear or good enough maybe is not the users fault ?

Giving illiterate people access to computers is going to be dangerous for them no matter what you do. UIs and operating systems should consider their caretakers instead.

> there has to be a known party to hold accountable

So no free applications. Prepare to pay a subscription for every flashlight app.

Not everyone has caretakers, unfortunately, but everyone needs a phone.

Then they can have flip phones. Those are still made and are great for children and other people who aren't capable of caring for themselves.

That’s just advocating for the same thing, OS makers removing users abilities to do things they want with their devices. Pretty much everyone in this comment section that is advocating against what Google is doing would advocate against that as well.

There are, in fact, some efforts going on to improve beyond the status quo on permission prompts in browsers, e.g. https://chromium.googlesource.com/chromium/src/+/refs/heads/...

Though, that document also states:

> Our research [1] finds that users often make rational decisions on the most used capabilities on the web today — notifications, geolocation, camera, and microphone. All of them have in common that there is little uncertainty about how these capabilities can be abused. In user interviews, we find that people have clear understanding of abuse potentials: notifications can be very annoying; geolocation can be used to track where one was and thus make more money off ads; and camera and microphone can be obviously used to spy on one’s life. Even though there might be even worse abuse scenarios, users aren't entirely clueless what could possibly go wrong.

[1]: https://dl.acm.org/doi/10.1145/3613904.3642252

I do not see this Apple fanboys asking Apple to remove the camera and microphone features in their OSX operating system. They have many stories about grandma getting tricked to sideload soem evil app from Facebook but somehow same grandma does never get tricked to share her microphone, camera or screen. So I concluded that it is all their minds creating a narative to feel better about them getting screwed by Apple (we all have this problem where we invent some reason to justify some decision we did but in this case is a big mob)

Or maybe when you buy a phone you can pay $5 extra to get the OS build that allows sideloading, or make it cost $5 and require you to hand-sign a bunch of forms to upgrade an existing phone to a sideloading-capable version. A little extra friction at phone purchase time (rather than app download time) would likely steer most people, especially non-techies, toward the safer option. Sure, maybe it doesn't stop the problem completely; someone completely bought in to some scam may go through the effort anyway. But if someone is that gullible, they're pretty destined to be scammed out of their money no matter what the protection.

I want an option to give fake permissions. A lot of apps are pretty necessary (due to network effects). I don't want to give my contact or location data to them but they also refuse to work without it, even though they don't it for the stuff I am doing. So just let me provide fake data instead. As far as the app is concerned, it has the permissions it so wanted.

That used to exist, but it's bad UX, because the user doesn't understand why the app they didn't give permissions to doesn't work well, and gives it a bad review. It's better UX for the app to say "I can't work without this permission", though it's worse for tech-savvy users.

Be careful with this statement. The whole premise behind banks requiring non-rooted phones is "we can be sure that sandboxing works on the original ROMs—e.g., it will prevent malware from screenshotting our app, and we know that certain custom ROMs patch this snapshot-prohibition code out, thus deliberately breaking the sandbox that we rely upon".

Why should people pay for the privilege of installing apps without having to submit their personal record to an American mega corp which then vet what they install?

You have the issue reversed. I should people should be able to buy specifically locked phones separately if they want to. Actually they already can.

Or maybe your absolutist bullshit is, in fact, bullshit, and there's nuance to be had that explains the discrepancy you observe.

In this case, one nuance is the fact that camera and microphone permissions are very very often necessary in the browser for video chats. Y'know, exactly the kind of thing that grandma might want to do with her grandkids on a regular basis.

You could have two classes of apps - manufacturer approved ones that do the usual stuff and unapproved ones that get limited access regardless of what the user types?

> It's better UX for the app to say "I can't work without this permission", though it's worse for tech-savvy users.

The app shouldn't get to decide what permissions it "can't work without." That's how you get calculator apps that claim they can't possibly work without GPS location.

An app that shows a map should definitely get to decide that it can't work without a location permission.

Why? The user might want to just browse the map without displaying his location on it. The user might want to just provide an address instead of his own location (assuming that function exists in the app). Why not just let the user run it, and let whatever actually needs the permission fail gracefully? Whether or not the app functionality lost is worth providing access to data gated by a permission should be up to the user, not up to the developer.

Because giving the app fake location data when the permission is denied leads to the user complaining that the map isn't showing their correct location. Apps don't want to get a bad rating for user error.

Wouldn't it be similar situation to iphone? there are free basic apps there. it's not like this is a new concept

But it is dangerous, Tim from Apple can't protect your grandma , she should only speak with their nephews using Apple approved applications , preferably the built in iApps, do you really want grandma to be scammed? Tium needs to remove microphone and camera support in browsers or else the hypocrisy is to obvious... or we can all be mature here and stop pretending that the restrictions are for security of your grandma.

The OP sounded like they wanted liability...