@zoee @bigzaphod @alexia This is absolutely a market. Software wants distribution. Distribution wants an audience. An audience is a market. We are that market.

I’m not here to teach basic economic theory though. It’s plainly evident that malicious software exists. Reducing friction to publish software will of course increase the publication rate of malicious software. Security measures are always annoying, but are usually important.

@thamesynne @alexia @bigzaphod Not really, to answer your last question. A repudiation of one dumb idea isn’t an endorsement of its inversion. What’s fun about middle ground is that it always exists, and there’s more of it than you’d think!

@RyanHyde @bigzaphod @alexia you're incorrect

A 2x4 with a nail through it can do plenty of harm and that's at the very bottom of harmful devices a determined hobbyist could make. Or, going by novels, Mein Kampf, Atlas Shrugged, Turner Diaries etc have inspired all kinds of vile people and events.

None of that justifies requiring permission and ID to access basic tools that 99.99% of people use completely innocuously.

@beeoproblem @bigzaphod @alexia Buying tools is not distributing weapons. Building code is not publishing malware. You’re free to the former in both scenarios. You’re not allowed to do the latter, and someone has to be sure that’s not your aim.

There are reasons regulation exists, and while many regulations go too far, eliminating them would be worse than having them.

I encourage you to read my other responses elsewhere here. I’m not advocating for corporations to wield all the power. But I also don’t trust every random developer in the world.

@beeoproblem @bigzaphod OP asked me to get the fuck out of his replied, so this comment omits him. Please reply here if you need to continue.

@RyanHyde @bigzaphod @alexia

Well that's wrong, distributing something and having an audience does not make something a market. See mutual aid for example. And look up "gift economy", hope that helps further your knowledge in basic economic theory!

Tying security measures to the will of a company that has the only goal of making profits is actually not the way to go. If they were actually serious about security, they'd implement better app spawning, use a more hardened memory allocator, prevent apps from using ptrace, and a number of other measures for better sandboxing that are well known at this point. They don't. Because security actually isn't that important to them.

@alexia I guess I've bought my last smartphone then. Can't deal w/ Apple's walled garden. If Android goes there too, I'm out. Fuck this shit.

@RyanHyde @bigzaphod if your issue is not trusting J Random Developer you already have a solution that mostly works. Get your apps from a trusted and vetted app store and never side load. You never need to trust J Ransom Dev ever again.

If one decides to forego that protection then it's on them. Google is pretending to solve a problem that barely exists likely to get around recent court rulings. If they actually cared about security they'd vet play store apps more thoroughly.

@RyanHyde @alexia @bigzaphod

whats cool about centralized authority figures is that they are universally serve the express purpose of causing harm, and being oppressive; and violating human rights.

*gestures the everything*

@thamesynne @RyanHyde @alexia @bigzaphod

can't forget- they also rely on deliberately and guaranteeing to 'not playing nice' (i.e *violence, abuse, and mistreatment, and human rights violations*) when people don't follow their idea on what 'playing nicely' is, and at the same time perpertrate a soceity where that is seen is completely fine and acceptable as long as their the ones doing it, and that fosters dehumanization towards its victims; and promotes a system that actively incentivizes not being altruistic;

see libertarianism: ok lets look at it, so basically they say that all that is bad if the one doing it is called the state, but if its called a corperation then it's magically fine, (and some variants of it say the state should ONLY cause harm; and not things like healthcare or running libraries)

yeah so the issue is that your saying its magically fine to do that,

but of course; this logic only applies if your supporting the status quo.

(for OP: confidential information being leaked is good.)

@alexia As one of those independent developers that make zero money from my project... fucking hell.

This doesn't really "affect /me/" directly (I (also) publish to Google Play, so I already had to go through this, and thankfully I'm in a place where I can afford to do so while staying relatively safe).

But goddamn does this shit still make my blood boil. I care about what people *in general* can do, not just me. I care about people having the easy option to fork it, for that matter. I also happen to be in a place where a decent chunk of my contributors don't have a development background at all, let alone for Android specifically.

And goddamn does it leave a bitter aftertaste, making me reluctant to give them more of my free labour.

But I also have no realistic plan B, or any real idea what it would look like. iOS is just jumping out of the ashes and into the fire. Mainline phone Linux (Pine, Librem, etc) is just wildly impractical as a sole phone (I can't even file my taxes without BankID..). And what else is there?

@zoee @RyanHyde @bigzaphod @alexia this is the free reign in question, and probably why these stories are breaking at the same time: https://www.bleepingcomputer.com/news/security/malicious-android-apps-with-19m-installs-removed-from-google-play/

@RyanHyde @thamesynne @alexia @bigzaphod

not endorsing the first idea-- is endorsing anarchy, otherwise your just endorsing the first one again;

there is no 'middle ground' on this -- that's just unironically doing the centrist meme where its like "what if we murder half the jews"

.. either you support actual human rights (i.e where they arent violated just because an authority figure said so) .. or you don't ...

it sounds like you don't.

@RyanHyde the middle ground already exists, and it's the current side-loading process, which requires you to *explicitly* choose a somewhat obscure setting, to allow installation of apps of "unknown sources"

someone who is sideloading will generally already know what they're doing, since they have to flip this permission on. even if done permanently, it's not a global option but a per-app option to allow such installs from, say, the file manager. malware detection via Google Play Protect is *also* already a thing, mentioned in the linked article

you appear to have assumed that arguing against centralized signature verifiers to be *allowed to develop for Android,* means arguing against *any* attempt at verification. instead, it's really just: "Android, let's not do exactly what Apple is doing to wall in the garden, thanks"

seems like the best middle ground would be for Google to simply, not do this thing

@alexia I can't wait until there's a ready for prime time mobile Linux distro. Maybe it's time to try some of the alpha alternatives to Android that I understand are out there?