Is it possible to allow sideloading and keep users safe?

(shkspr.mobi)

205 points ColinWright | 2 comments | 30 Aug 25 12:03 UTC | HN request time: 0s | source

Show context

enriquto ◴[30 Aug 25 12:59 UTC] No.45074254[source]▶

> Are you allowed to run whatever computer program you want on the hardware you own?

Yes. It is a basic human right.

> This is a question where freedom, practicality, and reality all collide into a mess.

No; it isn't. The answer is clear and not messy. If you are not allowed to run programs of your choice, then it is not your hardware. Practicality and "reality" (whatever that means) are irrelevant issues here.

Maybe you prefer to use hardware that is not yours, but that is a different question.

replies(7): >>45074265 #>>45074374 #>>45074385 #>>45074396 #>>45074529 #>>45074536 #>>45074595 #

rikafurude21 ◴[30 Aug 25 13:18 UTC] No.45074396[source]▶

>>45074254 #

It seems that this is another one of those things where the lowest common denominator sets the rules for everyone. Most people arent tech savvy programmers so giving them the freedom to do 'whatever they want' will lead them to hurt themselves in some way. Of course this is not an excuse for locking down your hardware. Smartphones just came into being as a consumer-first product and didnt require many of the freedoms that programmers needed, which is why computers are fundamentally more open than smartphones. Apple of course is trying to change that with their Macs

replies(2): >>45074418 #>>45074440 #

gr4vityWall ◴[30 Aug 25 13:22 UTC] No.45074440[source]▶

>>45074396 #

> this is another one of those things where the lowest common denominator sets the rules for everyone

In that case, the solution should be to raise the lowest commmon denominator. Lots of issues like that could be prevented by investing in education to increase technology literacy. But long term investments (even public ones) do not match well with quarterly reports.

replies(1): >>45074917 #

rikafurude21 ◴[30 Aug 25 14:21 UTC] No.45074917[source]▶

>>45074440 #

I would say young people grow up with tech and usually are very tech literate.

replies(2): >>45075252 #>>45075332 #

shagie ◴[30 Aug 25 15:10 UTC] No.45075332[source]▶

>>45074917 #

Tech... a "maybe" yes.

However, this isn't entirely a tech problem - it's a social/human one.

Not every mechanic has a driver's license. Sure, they may enjoy working on cars and the technology of cars... but for one reason or another they may have never gotten or have lost their driver's license.

Not everyone who is tech literate is similarly socially literate. I have programmer co-workers who have been scammed into sending gift card authentication codes or installed malware (or allowed the installation) onto their personal computing devices.

It isn't possible to prevent someone from accessing the internet any more than it is possible to prevent them from accessing a phone.

I am not saying that one should have a license to access the internet. Rather, I am saying that a device that holds and maintains the authentication mechanism for doing banking transactions, it is not unreasonable for the maker of that device and its software to attempt to mitigate the possibility that they are held liable for negligence in allowing user installed software to do banking without the owner's consent.

With the uncertainty that everything in the operating system and hardware is locked down to the point where no-consent access by malware to those banking capabilities is completely restricted (and thus they're not liable for negligence) - the wall that is being put up to try to prevent that is "no software that has not been vetted can be run on this device."

Consider that the phone is often the authentication mechanism and second factor for authorization to restricted systems. Authy, Microsoft Authenticator, and other 2nd factor applications typically do not run on general computing devices.

Technical literacy does not imply social or security literacy.

replies(2): >>45075593 #>>45075861 #

1. tempodox ◴[30 Aug 25 15:44 UTC] No.45075593[source]▶

>>45075332 #

> no software that has not been vetted can be run on this device

That’s just it. Software isn’t being vetted. Witness all the scam apps in the iOS and Android app stores. Even paid developer accounts don’t stop people from publishing these, nor does Apple’s walled garden protect you from them.

replies(1): >>45075763 #

2. shagie ◴[30 Aug 25 16:08 UTC] No.45075763[source]▶

>>45075593 (TP) #

Do not make perfect the enemy of the good. There are failings of vetting.

That said, for sensitive apps they tend to go through more strict scrutiny of their functionality. Publishing a "Wəlls Fargo" application will likely not get approval.

The question isn't "does it need to be 100%" but rather "if was not done at all, would Apple or Google be liable for flaws in their software (e.g. VM breakouts) that allows malware to do banking transactions, location tracking, or place calls (e.g. 1-900 number dialing) without user consent?"

I'm fairly certain that Apple and Google take measures to limit their liability. With how courts and countries are finding technology companies liable for such (consumer and data privacy protections), I would expect to see more restrictions on the device to try to further limit the company's exposure.

↑