←back to thread

Is it possible to allow sideloading and keep users safe?

(shkspr.mobi)
205 points ColinWright | 2 comments | 30 Aug 25 12:03 UTC | HN request time: 0.402s | source
1. xg15 ◴[31 Aug 25 15:38 UTC] No.45084025[source]
> Vulnerable members of society should be protected from scams.

I'd like to have some clarification what kind of safety level people generally expect from their devices.

As an analogy, consider the different safety expectations of public transport (buses, trains, planes, etc) and individual transport (cars, bikes, scooters, etc).

In public transport, I'm responsible for exactly two things: Choosing the right transport to get on and getting off at the right moment. Everything else is the line operator's fault. The operator is also well within their rights to keep me from unscrewing random panels inside the train, conducting scientific experiments with a plane's onboard WiFi or thrashing the seats when I'm drunk. They can kick me out if I behave too badly. (They can not on arbitrary grounds deny me service if that would trigger anti discrimination protections)

In short, I don't own the train, I don't have any expectations of arbitrary control, but in exchange I do have very high expectations of the service provided, even with very little knowledge of the internal workings of a train.

In contrast, with private transport, I'm much more involved in the technical details of the trip: I have to know the exact route, I have to take every turn myself, I'm expected to know traffic rules and safely interact with other participants and I should at least have a basic knowledge of the internals of my bike or car.

In exchange, I also have much more freedom to modify my transport or to pick a different route.

The question is if the safety expectations for phones are more like the ones of public or of private transport.

replies(1): >>45084118 #
2. trueismywork ◴[31 Aug 25 15:51 UTC] No.45084118[source]
False dichotomy.

The analogy would be, does the your private car allow you to change the ratio between different gears in your car. Or does it allow you to customize the sensitivity of the steering wheel arbitrarily. Or install any custom kind of AC vents in your car and allowing you to make arbitrary cuts in chassis.

Having said that,first and foremost:

Its very difficult to explain to a lot of people people's expectations of vetting and privacy. People are completely fine with FB siphoning of their data and spying on them, but they are not fine if anyone can do it. That is, there should be a barrier to installing malware on the app, and that barrier being the company being a big company is okay with most people. What they're not fine with is any random person being able to do that.

And they will blame the phone manufacturer for all bad applications that can be installed on the phone. If a phone manufacturer allows for side loading applications and a big company requires it. Then, there becomes rhe culture of side loading applications, and suddenly the platform is not safe because there's no trust in applications.

The manufactures have to ensure that people can side load their apps and at the same time ensure that all apps of relevance use platforms like playprotect so that people can be given a simple advice "only use playprotect apps".

I am not sure this is a solvable problem.