←back to thread

Is it possible to allow sideloading and keep users safe?

(shkspr.mobi)
205 points ColinWright | 2 comments | 30 Aug 25 12:03 UTC | HN request time: 0.002s | source
Show context
m463 ◴[31 Aug 25 05:39 UTC] No.45080628[source]
"sideloading" connotates something that is negative.

On systems before apple's locked-down iphone, it was just called "installing".

The PC revolution started with people just inserting their software into the comptuer and running it. You didn't have to ask the computer manufacturer or the OS vendor permission to do it.

And note that apple doesn't allow you to protect yourself. You cannot install a firewall and block arbitrary software on your phone. For example, you can not block apple telemetry.

replies(8): >>45080727 #>>45080995 #>>45081451 #>>45082064 #>>45082687 #>>45083125 #>>45088266 #>>45100572 #
pjmlp ◴[31 Aug 25 06:01 UTC] No.45080727[source]
Which is why alongside freedom came the business of anti-virus.
replies(3): >>45081201 #>>45081373 #>>45083051 #
wiseowise ◴[31 Aug 25 07:39 UTC] No.45081201[source]
Never in 20 years of using Linux/Macs I’ve ever needed anti-virus.
replies(7): >>45081249 #>>45081507 #>>45081768 #>>45081860 #>>45082078 #>>45082191 #>>45082263 #
mike_hearn ◴[31 Aug 25 09:22 UTC] No.45081768[source]
Macs come with an Apple provided antivirus built in, it's called XProtect.

Apple also has enforced a similar policy to what Google is doing, but much stricter, and has done for ~13 years or so (devs must be identified, the OS rejects unsigned code in all territories by default, Apple pre-approves all binaries even outside the app store).

Linux distros have policies far more extreme than anything Google, Apple or Microsoft have ever done. They explicitly don't support installing any software not provided by their "app stores". Getting into those requires giving up your source code to them, and they reserve the right to modify it as they see fit without informing anyone, reject it for any reason or no reason at all (including reasons like "we don't have time"), and they tie getting new releases of your app to the user upgrading to new releases of the OS. If you do try and install stuff from outside of your distribution, not only are there security warnings to click through but an expected outcome is that the OS breaks and the vendor washes their hands of you.

Despite those policies, or perhaps because of them, botnets of Linux servers are common.

Of all consumer-facing platforms only Windows and Android allow installation of unsigned third party code out of the box via some obvious graphical path. And on Windows that right is somewhat theoretical. You can do it but the built in browser will try very hard to stop you, and the OS itself will happily break unsigned code by blocking file open syscalls heuristically. So in practice most apps don't go the unsigned route. On Android OTOH, unsigned (non ID verified) code is sandboxed and works just like regular apps after installation, the OS won't heuristically interfere with the app.

replies(6): >>45082250 #>>45082856 #>>45082983 #>>45083088 #>>45083113 #>>45085343 #
AnthonyMouse ◴[31 Aug 25 13:05 UTC] No.45082856[source]
> They explicitly don't support installing any software not provided by their "app stores".

Most Linux distributions don't prevent you from installing third party software at all. You download something, you set the execute bit, it runs.

Users are wary of doing that with software from untrusted sources because, obviously, you're then placing your trust in whoever provided the software instead of the distribution's packaging team. But the OS won't stop you if that's what you want to do, and sometimes you do trust the source of the software.

> Despite those policies, or perhaps because of them, botnets of Linux servers are common.

Botnets of Linux servers are common because some people operate them without security installing updates (common with WordPress), and then attackers exploit known vulnerabilities in the unpatched software.

But "locked" phone platforms regularly discontinue security updates for devices that are still in widespread use. Locking the device doesn't solve that problem at all, and in fact makes it worse because then if the OEM doesn't patch it nobody else can do it either.

replies(1): >>45083306 #
mike_hearn ◴[31 Aug 25 14:16 UTC] No.45083306[source]
You're conflating "allow" and "support".

The OS doesn't stop you installing third party software - signed or not - on macOS, Windows or Android, so "allow" is nothing interesting. That also won't be changing with Android, given that you can buy a phone with an unlockable bootloader and reflash to some other spin of Android that implements whatever security policies you want. You can put these devices into a mode that allows anything.

The question is whether that's something the vendors make easy, if they support it in the sense that you can do it and they will still deal with you if there's a problem. That's what support means. It's not a synonym for technically possible.

Windows, macOS and Android don't consider installing third party software to put the system in an unsupported state. Linux vendors do.

replies(2): >>45085096 #>>45087061 #
AnthonyMouse ◴[31 Aug 25 21:02 UTC] No.45087061{3}[source]
> The OS doesn't stop you installing third party software - signed or not - on macOS, Windows or Android, so "allow" is nothing interesting.

The concern is that they are now doing this on Android, and have long been on iOS. Moreover, there are really three things here: Fully supported, still easy enough to be practical, and so much friction that it's dead.

If you install Steam on Windows, Microsoft doesn't "support" that -- if you call Microsoft support and want them to fix a problem with Steam, they're going to direct you to Valve. But installing Steam on Windows is easy to do, and therefore common. And it's the same thing with installing Steam on Linux.

Likewise, you can get Linux software from the distribution's repositories, but you can also use pip or npm or flatpak or any number of alternative packaging systems, and doing this is easy and common.

Which, on Android and iOS, it isn't. It's not just "not supported" but so arduous that the alternatives can't gain traction, which is qualitatively different and has consequences in terms of network effect even if it's technically possible to install LineageOS on a handset if you buy just the right one and immediately reinstall the OS and keep a separate phone to run your bank app. And even then you still can't install a mainline kernel on that device and are reliant on the OEM to keep publishing security updates.

replies(1): >>45090572 #
1. mike_hearn ◴[01 Sep 25 07:59 UTC] No.45090572{4}[source]
> The concern is that they are now doing this on Android

Even with this new policy there are still ways to install unsigned apps on Android e.g. via adb, reflashing to a different build of Android, and so on. But you're absolutely right that there's a spectrum of usability here, which is why "allow" isn't really a useful standard. Only iOS tries to set friction to 100%. Every other platform "allows" third party installation given enough work, which is why it's valid to compare the difficulty of doing so on Linux with other platforms.

Re: Steam. Microsoft absolutely does support that! If you install Steam, Windows breaks, and Steam isn't doing something disallowed like messing with internal data structures, then Microsoft will accept it as a bug in Windows. They work very hard to support apps even when they actually do mess with internals. It's the Linux world that shrugs if a change in Linux breaks Steam when Steam was doing nothing wrong.

Flatpak is a genuine improvement, yes. But for the rest, sorry, you have developer brain switched on! Pip! Easier to use than Android!? These tools:

• Only target developers, and as such regularly do things like try to compile software during install and then fail due to obscure compatibility or versioning issues.

• Have severe malware problems.

You couldn't present pip or npm to the Android team as a solution to the problem they're trying to solve. You blame Android for being "arduous" whilst desktop Linux has spent decades with <5% market share exactly because it's so incredibly arduous. Come on: even with these new policies it is much easier for both users and developers to access/make software on Android. I've developed and distributed software for every OS except iOS at this point, and the differences are clear.

replies(1): >>45096675 #
2. AnthonyMouse ◴[01 Sep 25 21:15 UTC] No.45096675[source]
> Every other platform "allows" third party installation given enough work, which is why it's valid to compare the difficulty of doing so on Linux with other platforms.

Sure, but the point being, it's a lot easier to install software from outside of the repositories on Linux than it is on Android. Measure by how often it happens. Do a significant percentage of desktop Linux users ever use something other than the official repositories? Yes. Do a significant percentage of Android users? Nope.

> Re: Steam. Microsoft absolutely does support that! If you install Steam, Windows breaks, and Steam isn't doing something disallowed like messing with internal data structures, then Microsoft will accept it as a bug in Windows. They work very hard to support apps even when they actually do mess with internals. It's the Linux world that shrugs if a change in Linux breaks Steam when Steam was doing nothing wrong.

I don't think this is accurate. If there is actually a bug in Linux, they'll accept the bug report regardless of whether you discovered it while using Steam or something else.

> Only target developers, and as such regularly do things like try to compile software during install and then fail due to obscure compatibility or versioning issues.

Nah. If you want to use some random AI thing or web thing that isn't in the main repositories, it's going to be telling you to install dependencies using those tools regardless of whether you're doing any software development.

> Have severe malware problems.

This is true but not unique. If you use a package distribution system and it has malware in it, it has malware in it. It doesn't matter if it's Google Play or pip or something else. It doesn't matter if it's operated by the same entity who made the device. What matters is if the people operating it do a poor job of excluding malware, and then some are better than others. Google Play has more malware than F-Droid or the Debian repositories; npm has more than Google Play.

> You couldn't present pip or npm to the Android team as a solution to the problem they're trying to solve.

The interface for some of those things are tuned for developers, sure. If you make an interface for ordinary people then it looks more like F-Droid than npm. But then that's what you'd do -- except that the F-Droid installer isn't allowed in Google Play, which leaves ordinary people in the chicken and egg where you have to do something technical to get access to the interface that makes it easy for ordinary people.

> You blame Android for being "arduous" whilst desktop Linux has spent decades with <5% market share exactly because it's so incredibly arduous.

Desktop Linux has been growing at a pretty significant rate. It's now above 5%, and it wasn't so long ago that it was under 2%.

The main problem isn't the difficulty of installing third party software but rather the network effect of getting people to make it to begin with. If hardly anybody uses it then developers don't make software for it and then people who e.g. want to play games get a Windows PC etc. Which makes it slower to gain market share. But despite that, the number keeps going up rather than down.

> even with these new policies it is much easier for both users and developers to access/make software on Android.

The thing you really need is the ability for someone who has never done it before to make Hello World and get it running on their own phone, and that is not easier on Android than on a Linux desktop.