Most active commenters
  • mike_hearn(7)
  • AnthonyMouse(3)
  • rpdillon(3)

←back to thread

Is it possible to allow sideloading and keep users safe?

(shkspr.mobi)
205 points ColinWright | 22 comments | 30 Aug 25 12:03 UTC | HN request time: 1.372s | source | bottom
Show context
m463 ◴[31 Aug 25 05:39 UTC] No.45080628[source]
"sideloading" connotates something that is negative.

On systems before apple's locked-down iphone, it was just called "installing".

The PC revolution started with people just inserting their software into the comptuer and running it. You didn't have to ask the computer manufacturer or the OS vendor permission to do it.

And note that apple doesn't allow you to protect yourself. You cannot install a firewall and block arbitrary software on your phone. For example, you can not block apple telemetry.

replies(8): >>45080727 #>>45080995 #>>45081451 #>>45082064 #>>45082687 #>>45083125 #>>45088266 #>>45100572 #
pjmlp ◴[31 Aug 25 06:01 UTC] No.45080727[source]
Which is why alongside freedom came the business of anti-virus.
replies(3): >>45081201 #>>45081373 #>>45083051 #
wiseowise ◴[31 Aug 25 07:39 UTC] No.45081201[source]
Never in 20 years of using Linux/Macs I’ve ever needed anti-virus.
replies(7): >>45081249 #>>45081507 #>>45081768 #>>45081860 #>>45082078 #>>45082191 #>>45082263 #
1. mike_hearn ◴[31 Aug 25 09:22 UTC] No.45081768[source]
Macs come with an Apple provided antivirus built in, it's called XProtect.

Apple also has enforced a similar policy to what Google is doing, but much stricter, and has done for ~13 years or so (devs must be identified, the OS rejects unsigned code in all territories by default, Apple pre-approves all binaries even outside the app store).

Linux distros have policies far more extreme than anything Google, Apple or Microsoft have ever done. They explicitly don't support installing any software not provided by their "app stores". Getting into those requires giving up your source code to them, and they reserve the right to modify it as they see fit without informing anyone, reject it for any reason or no reason at all (including reasons like "we don't have time"), and they tie getting new releases of your app to the user upgrading to new releases of the OS. If you do try and install stuff from outside of your distribution, not only are there security warnings to click through but an expected outcome is that the OS breaks and the vendor washes their hands of you.

Despite those policies, or perhaps because of them, botnets of Linux servers are common.

Of all consumer-facing platforms only Windows and Android allow installation of unsigned third party code out of the box via some obvious graphical path. And on Windows that right is somewhat theoretical. You can do it but the built in browser will try very hard to stop you, and the OS itself will happily break unsigned code by blocking file open syscalls heuristically. So in practice most apps don't go the unsigned route. On Android OTOH, unsigned (non ID verified) code is sandboxed and works just like regular apps after installation, the OS won't heuristically interfere with the app.

replies(6): >>45082250 #>>45082856 #>>45082983 #>>45083088 #>>45083113 #>>45085343 #
2. BLKNSLVR ◴[31 Aug 25 11:06 UTC] No.45082250[source]
That's an interesting take on Linux. I see it as a lot closer to what Windows programs were like back in the day, where you can install whatever you want.

Linux distributions each have their built in package managers, but there's no 'policy', as I understand it, that prevents installation of, literally, whatever you want. It's generally more difficult than just downloading and double clicking on the installer / exe, but just follow the instructions and it's done.

And, yes, also there are weird version and dependency issues that crop up more than would be ideal, but that's not the topic.

replies(1): >>45082444 #
3. mike_hearn ◴[31 Aug 25 11:46 UTC] No.45082444[source]
There's no such policy on any OS except iOS I believe. You can override the security mechanisms on every other OS. The question is only how hard is it? On Linux, worst case, it can easily require compiling the program from source. If Apple or Microsoft imposed a policy that said you can install whatever you want but only by compiling from source, people would lose their minds!

And, note, back when I was a Linux user, distro vendors and evangelists justified that situation by security. They said we don't want people distributing software outside of our repositories because that's how Windows users get viruses, so we deliberately won't make it any easier.

So the Linux community doesn't get to cry freedom and decentralization now, IMHO. The time to do that was 25 years ago when Debian was being praised for having big repositories. Some of us actually did point out how centralized and authoritarian that approach was, I even built a system for distributing apps in binary form to all distros (with hacks and shims for binary compatibility), and that projects attracted some volunteers, but we got pilloried for not "getting" UNIX. One Debian developer even called us monkeys.

The users got tired of this and bypassed them with Docker, a much more decentralized system in which anyone can publish images without binary compatibility problems, and using them isn't tied to your OS version or OS vendor policies. But Docker is also centralized around Docker Hub, and Docker Inc do ban images and developers when malware is found:

https://jfrog.com/blog/attacks-on-docker-with-millions-of-ma...

Not so different to what the app stores do.

It's fair to say that the only OS vendors who have ever taken decentralized and free app distribution seriously are Apple, MS and Google. The open source world went all-in on the centralized store model from the start and never looked back.

replies(2): >>45082492 #>>45083064 #
4. detaro ◴[31 Aug 25 11:57 UTC] No.45082492{3}[source]
External, non-distro-maintained package repositories have been common for ages. I was still in elementary school, so my memory is a bit fuzzy, but I'm fairly sure downloading and installing individual packages was something I did too in the 90s. And fundamentally, any system that is open enough that "you can compile whatever you want on the device" is an option can also have binaries distributed.

Sure, the Linux ecosystem has not prioritized binary compatibility as much, so doing so has been harder, people culturally expected "use existing libraries" more than "just bundle everything", but as you note that attitude has shifted too and it always was possible, and nothing seriously suggested preventing it.

replies(1): >>45083083 #
5. AnthonyMouse ◴[31 Aug 25 13:05 UTC] No.45082856[source]
> They explicitly don't support installing any software not provided by their "app stores".

Most Linux distributions don't prevent you from installing third party software at all. You download something, you set the execute bit, it runs.

Users are wary of doing that with software from untrusted sources because, obviously, you're then placing your trust in whoever provided the software instead of the distribution's packaging team. But the OS won't stop you if that's what you want to do, and sometimes you do trust the source of the software.

> Despite those policies, or perhaps because of them, botnets of Linux servers are common.

Botnets of Linux servers are common because some people operate them without security installing updates (common with WordPress), and then attackers exploit known vulnerabilities in the unpatched software.

But "locked" phone platforms regularly discontinue security updates for devices that are still in widespread use. Locking the device doesn't solve that problem at all, and in fact makes it worse because then if the OEM doesn't patch it nobody else can do it either.

replies(1): >>45083306 #
6. cherryteastain ◴[31 Aug 25 13:23 UTC] No.45082983[source]
> They explicitly don't support installing any software not provided by their "app stores".

Nonsense. You can and run install whatever you want. Tons of closed source commercial software available for Linux like Matlab come as a .tar file which you extract and run.

replies(1): >>45083172 #
7. rpdillon ◴[31 Aug 25 13:36 UTC] No.45083064{3}[source]
> And, note, back when I was a Linux user, distro vendors and evangelists justified that situation by security. They said we don't want people distributing software outside of our repositories because that's how Windows users get viruses, so we deliberately won't make it any easier.

Never heard that argument, ever. `apt-get` literally allows you to add whatever repositories you want. You're conflating two completely separate worlds. The first is the world of Linux that pretty much invented the idea of a software repository for an operating system. This was invented because Linux has the notion of "distros", and the trick there is to provide a set of packages that all work together in that distro. That's the purpose of curating packages in the repos (along with Free Software licensing, in the case of distros like Debian). But this system was always federated, where users were empowered to add any additional software repositories they needed. F-Droid on Android copies the exact same architecture, allowing the user to add endpoints of servers they want to pull software from.

The second is a system of control built by Google and Apple. It has nothing in common with the Linux system, but rather was designed to vend proprietary software that extracted money from users, for the purpose of lining Google and Apple's pockets. When Tim Cook testified about app store fees and the judge queried him about why they were so high, he said "To lower those fees would be to give up the full return on our App Store investment." Basically: we're charging this much because we can.

Conflating these two systems and the reasons for their design would be very misleading.

> It's fair to say that the only OS vendors who have ever taken decentralized and free app distribution seriously are Apple, MS and Google. The open source world went all-in on the centralized store model from the start and never looked back.

It is not even remotely fair to say this. In fact, it's so misleading it feels malicious. The only operating system on the planet that offers user-supplied software repositories that work with the built-in package management system is Linux. Full stop. And Linux doesn't even only have one of these systems, it has several. Flatpak, Debian repos, Ubuntu repos, Arch's AUR, Slackware's third party repos, etc. And users don't have to "work around" the system to use any of this - simply adding new URLs works great, and it's always been this way.

https://wiki.archlinux.org/title/Unofficial_user_repositorie...

https://documentation.ubuntu.com/server/explanation/software...

In short, Windows and MacOS and Android have never taken third party software distribution seriously in the least, and have done nothing to support it. Linux has built-in support for third-party repositories, and has for decades.

replies(1): >>45083411 #
8. rpdillon ◴[31 Aug 25 13:39 UTC] No.45083083{4}[source]
Indeed. I remember installing Slackware in '97 and looking at some dev's alternate repos. Looks like Slackware still has third-party repos, though I stopped using it 25 years ago. =)

https://slackware.pkgs.org/

9. guimplen ◴[31 Aug 25 13:40 UTC] No.45083088[source]
This is so blatantly wrong. On macs it became a little bit hrder very recently (you need to tick a checkmark in the system setting to allow untrusted program running) otherwise you just need to run the program once via right-click. On most user-friendly linux distros you can just run installer of any program.
replies(1): >>45085123 #
10. Der_Einzige ◴[31 Aug 25 13:45 UTC] No.45083113[source]
How can you be so aggressively wrong about so many things in a single post? It’s impressive.

The stuff about Linux not letting you install stuff flies far in the face of like everyone’s knowledge of Linux. Your description of how Linux installation works is pure fantasy.

replies(1): >>45083254 #
11. mattdm ◴[31 Aug 25 13:55 UTC] No.45083172[source]
In Fedora, we don't "support" third-party packages or installation of software because we can't do much about it if something is wrong. You should go to the provider of the software for help.

But we certainly support your _ability_ to install and run whatever you want. It's your computer, and it's your OS.

replies(1): >>45090614 #
12. mike_hearn ◴[31 Aug 25 14:08 UTC] No.45083254[source]
I didn't say it didn't "let" you. I said it's not supported, as in, the Linux vendors don't consider that to be a feature of the OS that you should actually use.

I've been a Linux user for 25 years. You can reconfigure the OS to use additional repositories. It may or may not work, and only if there is a repository specific to both your distro and its version. But it's not a good idea.

In particular, OS upgrades are very likely to break. Being able to upgrade itself is a basic requirement of any modern OS. If your Linux distro corrupts itself on upgrade or fails to do so and you file a bug report you'll be told to remove any third party software because that's not supported.

This would be like if your Mac started crashing on boot because you downloaded a word processor from a website, and then Apple say "sorry, we only support apps coming from the app store". They don't do that, but Red Hat or Canonical will.

13. mike_hearn ◴[31 Aug 25 14:16 UTC] No.45083306[source]
You're conflating "allow" and "support".

The OS doesn't stop you installing third party software - signed or not - on macOS, Windows or Android, so "allow" is nothing interesting. That also won't be changing with Android, given that you can buy a phone with an unlockable bootloader and reflash to some other spin of Android that implements whatever security policies you want. You can put these devices into a mode that allows anything.

The question is whether that's something the vendors make easy, if they support it in the sense that you can do it and they will still deal with you if there's a problem. That's what support means. It's not a synonym for technically possible.

Windows, macOS and Android don't consider installing third party software to put the system in an unsupported state. Linux vendors do.

replies(2): >>45085096 #>>45087061 #
14. mike_hearn ◴[31 Aug 25 14:30 UTC] No.45083411{4}[source]
> In short, Windows and MacOS and Android have never taken third party software distribution seriously in the least, and have done nothing to support it. Linux has built-in support for third-party repositories, and has for decades.

They all have sophisticated systems in place specifically to support third party software distribution that works (and is relatively safe):

• Windows has the app store, MSI, and MSIX (which allows efficient installs and updates from arbitrary web servers). MSIX is a package manager, by the way. It also has API support for writing AV scanners, managing software deployments across managed networks and so on.

• macOS has .dmgs, notarization, Gatekeeper

• Android has support for installing APKs from the web with a package identity system that lets anyone self-sign their software.

Above all they consider installing apps that aren't controlled by the vendors to be a core feature, so they work hard to provide binary compatibility, bug workarounds, multi-year deprecation cycles, anti-malware scanners and more, all for the benefit of developers who develop their apps independently of the vendors.

Linux can be reconfigured with additional repositories, technically, but that feature was originally designed for reducing bandwidth usage with mirrors. It wasn't meant to allow third parties to distribute software on their own schedule, which is why these third party repositories are invariably locked to a specific version of a specific distribution. Developers who complain about this are just told every version of every Linux distribution is a unique OS, and that they should open source their apps to let distributors centrally take ownership of their work.

It's changing a bit now with Flatpak. But for the bulk of Linux's history, that was the gig: no supported way to distribute your apps, and third party repositories would come with health warnings from your OS vendor. Not a supported way to use the OS. If it breaks you keep the pieces.

replies(1): >>45086105 #
15. swiftcoder ◴[31 Aug 25 17:36 UTC] No.45085096{3}[source]
This has not been true on macOS in some time - you have to go to considerable lengths to install unsigned software at this point.

I recently upgraded macOS, and it took me a couple of reboots and scarily-worded system configuration changes to re-enable (signed) kernel extensions…

16. swiftcoder ◴[31 Aug 25 17:39 UTC] No.45085123[source]
It’s a lot harder than that now in macOS - now you have to individually approve each new unsigned binary through the system preferences security panel.
17. engeljohnb ◴[31 Aug 25 18:01 UTC] No.45085343[source]
> They explicitly don't support installing any software not provided by their "app stores". Getting into those requires giving up your source code to them, and they reserve the right to modify it as they see fit without informing anyone

I've used Ubuntu, Debian, Manjaro, Mint, and Fedora, and none of them are like this. Which distro do you use that doesn't let you install any software you want?

18. rpdillon ◴[31 Aug 25 19:12 UTC] No.45086105{5}[source]
Completely disagree...none of those are systems as comprehensively distributed as what Linux offers. Much of what you listed is centralized infrastructure.
19. AnthonyMouse ◴[31 Aug 25 21:02 UTC] No.45087061{3}[source]
> The OS doesn't stop you installing third party software - signed or not - on macOS, Windows or Android, so "allow" is nothing interesting.

The concern is that they are now doing this on Android, and have long been on iOS. Moreover, there are really three things here: Fully supported, still easy enough to be practical, and so much friction that it's dead.

If you install Steam on Windows, Microsoft doesn't "support" that -- if you call Microsoft support and want them to fix a problem with Steam, they're going to direct you to Valve. But installing Steam on Windows is easy to do, and therefore common. And it's the same thing with installing Steam on Linux.

Likewise, you can get Linux software from the distribution's repositories, but you can also use pip or npm or flatpak or any number of alternative packaging systems, and doing this is easy and common.

Which, on Android and iOS, it isn't. It's not just "not supported" but so arduous that the alternatives can't gain traction, which is qualitatively different and has consequences in terms of network effect even if it's technically possible to install LineageOS on a handset if you buy just the right one and immediately reinstall the OS and keep a separate phone to run your bank app. And even then you still can't install a mainline kernel on that device and are reliant on the OEM to keep publishing security updates.

replies(1): >>45090572 #
20. mike_hearn ◴[01 Sep 25 07:59 UTC] No.45090572{4}[source]
> The concern is that they are now doing this on Android

Even with this new policy there are still ways to install unsigned apps on Android e.g. via adb, reflashing to a different build of Android, and so on. But you're absolutely right that there's a spectrum of usability here, which is why "allow" isn't really a useful standard. Only iOS tries to set friction to 100%. Every other platform "allows" third party installation given enough work, which is why it's valid to compare the difficulty of doing so on Linux with other platforms.

Re: Steam. Microsoft absolutely does support that! If you install Steam, Windows breaks, and Steam isn't doing something disallowed like messing with internal data structures, then Microsoft will accept it as a bug in Windows. They work very hard to support apps even when they actually do mess with internals. It's the Linux world that shrugs if a change in Linux breaks Steam when Steam was doing nothing wrong.

Flatpak is a genuine improvement, yes. But for the rest, sorry, you have developer brain switched on! Pip! Easier to use than Android!? These tools:

• Only target developers, and as such regularly do things like try to compile software during install and then fail due to obscure compatibility or versioning issues.

• Have severe malware problems.

You couldn't present pip or npm to the Android team as a solution to the problem they're trying to solve. You blame Android for being "arduous" whilst desktop Linux has spent decades with <5% market share exactly because it's so incredibly arduous. Come on: even with these new policies it is much easier for both users and developers to access/make software on Android. I've developed and distributed software for every OS except iOS at this point, and the differences are clear.

replies(1): >>45096675 #
21. mike_hearn ◴[01 Sep 25 08:05 UTC] No.45090614{3}[source]
Regardless of the party line, in practice there's no big distinction between not caring if it works or not and not allowing it. The difference only matters for highly technical people with lots of time on their hands. For everyone else, if it's not a paved road it's not a road they can travel on at all, and so in practice Linux historically did not "support" third party software in any meaningful way.

And although I was making that argument to Fedora decades ago, it's only recently that this point has been accepted with official support by Red Hat for stuff like Flatpak. Of course other distros developed their own thing as always so it's still not really ideal. But at least the principle was now accepted that third party apps should have a properly supported way to thrive. Far too late, but it's done.

22. AnthonyMouse ◴[01 Sep 25 21:15 UTC] No.45096675{5}[source]
> Every other platform "allows" third party installation given enough work, which is why it's valid to compare the difficulty of doing so on Linux with other platforms.

Sure, but the point being, it's a lot easier to install software from outside of the repositories on Linux than it is on Android. Measure by how often it happens. Do a significant percentage of desktop Linux users ever use something other than the official repositories? Yes. Do a significant percentage of Android users? Nope.

> Re: Steam. Microsoft absolutely does support that! If you install Steam, Windows breaks, and Steam isn't doing something disallowed like messing with internal data structures, then Microsoft will accept it as a bug in Windows. They work very hard to support apps even when they actually do mess with internals. It's the Linux world that shrugs if a change in Linux breaks Steam when Steam was doing nothing wrong.

I don't think this is accurate. If there is actually a bug in Linux, they'll accept the bug report regardless of whether you discovered it while using Steam or something else.

> Only target developers, and as such regularly do things like try to compile software during install and then fail due to obscure compatibility or versioning issues.

Nah. If you want to use some random AI thing or web thing that isn't in the main repositories, it's going to be telling you to install dependencies using those tools regardless of whether you're doing any software development.

> Have severe malware problems.

This is true but not unique. If you use a package distribution system and it has malware in it, it has malware in it. It doesn't matter if it's Google Play or pip or something else. It doesn't matter if it's operated by the same entity who made the device. What matters is if the people operating it do a poor job of excluding malware, and then some are better than others. Google Play has more malware than F-Droid or the Debian repositories; npm has more than Google Play.

> You couldn't present pip or npm to the Android team as a solution to the problem they're trying to solve.

The interface for some of those things are tuned for developers, sure. If you make an interface for ordinary people then it looks more like F-Droid than npm. But then that's what you'd do -- except that the F-Droid installer isn't allowed in Google Play, which leaves ordinary people in the chicken and egg where you have to do something technical to get access to the interface that makes it easy for ordinary people.

> You blame Android for being "arduous" whilst desktop Linux has spent decades with <5% market share exactly because it's so incredibly arduous.

Desktop Linux has been growing at a pretty significant rate. It's now above 5%, and it wasn't so long ago that it was under 2%.

The main problem isn't the difficulty of installing third party software but rather the network effect of getting people to make it to begin with. If hardly anybody uses it then developers don't make software for it and then people who e.g. want to play games get a Windows PC etc. Which makes it slower to gain market share. But despite that, the number keeps going up rather than down.

> even with these new policies it is much easier for both users and developers to access/make software on Android.

The thing you really need is the ability for someone who has never done it before to make Hello World and get it running on their own phone, and that is not easier on Android than on a Linux desktop.