Is it possible to allow sideloading and keep users safe?

(shkspr.mobi)

205 points ColinWright | 3 comments | 30 Aug 25 12:03 UTC | HN request time: 0.613s | source

Show context

diebeforei485 ◴[31 Aug 25 06:50 UTC] No.45080952[source]▶

I think sideloading should be allowed only if you actually connect your phone to a computer. This barrier will prevent a lot of vulnerable people from being scammed.

Alternatively, sideloading could require you to delete all App Store apps. In other words, disabling Google Play Protect should require you to wipe your phone. This is another barrier that will prevent a lot of people from getting scammed.

replies(3): >>45081088 #>>45081114 #>>45083012 #

1. chii ◴[31 Aug 25 07:17 UTC] No.45081088[source]▶

>>45080952 #

deleting all app store apps is too high a barrier, because there may not be a replacement that could be sideloaded.

replies(1): >>45081168 #

2. Freak_NL ◴[31 Aug 25 07:31 UTC] No.45081168[source]▶

>>45081088 (TP) #

I don't see that changing either. Banking apps, government auth, Whatsapp¹, public transport apps², etc. The status quo is that a small number of official app store apps are all but required.

1: Still basically required if you have young children and want things like play dates. Oh Signal? Yeah, the recent push means that some tech-savvy users now have both Whatsapp and Signal installed. In the Netherlands, you can do without Whatsapp, but not if you don't want to turn your child into a social recluse.

2: For example, in order to use Germany's Deutschlandticket one of the participating public transport companies apps is required. This is a huge regression compared to the initial paper ticket, but there it is.

replies(1): >>45081382 #

3. interloxia ◴[31 Aug 25 08:08 UTC] No.45081382[source]▶

>>45081168 #

I guess requiring a transport subscription to get the ticket, via app or smart card, is rather analogous to the topic of adding friction to the undesired path.

↑