Comment by stouset
Comment by stouset 3 days ago
> downloading and using packages & executables from the internet
Oh boy, now my mom can get the full experience of having malware on her phone too!
Comment by stouset 3 days ago
> downloading and using packages & executables from the internet
Oh boy, now my mom can get the full experience of having malware on her phone too!
It might be a strong argument depending on the negative effects - I don't think it's very clear cut. Also no, neither Apple nor Google have a duopoly on the distribution of all consumer software. Microsoft exists, for example.
The other problem consideration here is negotiating power.
Today consumers don't have negotiating power over individual developers, but both Apple and Google do. If you complain to Meta about their unwanted tracking, you don't really have many options besides deleting the app (which you should do anyway). But if enough people complain to Apple or Google, they are more inclined to do something and have the power.
While it may be a marriage of convenience, it's undeniable that both companies through their app distribution models have also provided benefits to consumers that developers otherwise would have abused - privacy, screen recording, malicious advertising, &c.
If you want to argue from the standpoint of pro-consumer action, you have to remember that "developers" are usually pretty awful too and will get away with anything they can, even if it harms their customers. A good balance, instead of ideological purity about one "side" or the other is the smarter move. I tend to come down on the side of the mainstream app stores precisely because those asking for more "freedom" to do as they wish are a tiny minority and are usually more technical. I.e. they can jump through the hoops to install 3rd party app stores and jailbreak their phones today, and since you already can do what you want, maybe it's best to just leave the masses alone since they're very obviously happy with the duopoly.
I run GrapheneOS, but I can't use the national digital identity app because it requires Google Play Integrity. I very much cannot do what I want without it having severe consequences because the duopoly is starting to shape the basic digital infrastructure, and critical services start requiring that I use one of the two ecosystems.
I think the principle of digital autonomy should be front and center. Surely we can figure out security models that don't imply that two American tech companies get to call the shots on what people can or cannot do on hardware that they supposedly own.
Yes, but the regulation is wrong, since it is based on an irrational security analysis and cover-my-ass politics which belong in private companies and not in government institutions which are supposed to protect the freedoms of the citizens.
The technical security requirements should not be hard to define, i.e. the platform on which the solution runs should require all keys to be device-bound with a certificate chain from the hardware manufacturer proving this to the issuers during enrollment. The operating system should also be able to verify to the issuer that the hash of the app is recognized as an official app.
However, the strongest integrity level of solutions like Play Integrity - which is the only level that GrapheneOS cannot pass, and which only my national identity app requires - is protecting against very theoretical attacks which I don't believe actually happen in the real world, since it not only protects against fake malicious identity apps, but also against the scenario where a scammer has convinced their target of installing a custom Android operating system which fakes the app integrity verification. This attack requires a victim with a technical aptitude that allows them to unlock the bootloader and use adb, but which is at the same time gullible enough to believe the attacker. It also requires that the attacker builds a malicious Android release for the exact hardware of the victim. Seriously, if the victim is this easy to manipulate and also this resourceful, then the attacker should just convince them to disable biometrics and send the phone to the attacker by mail.
It is very very clever of Google to disguise what is essentially voluntary vendor lock-in as a security feature.
Apple and Google each respectively have a monopoly in their markets. Only apple approved apps may be installed on an iPhone.
Digital goods DO NOT work like physical goods. I can just buy another washing machine. I CANNOT just choose to opt out of using a smartphone. My choices are apple or Google, and even within those choices it's limited by network effects.
Well, you have to balance it with how much you want to line the coffers of malicious actors.
If you go all the way to "everyone should have the freedom to get pwned", then you are also funneling the money of innocents into the pockets of some of the worst people in the world, and that's not a great outcome just to make life more convient for some HNers.
The question is about what trade-off makes sense for most people. That probably is some sort of escape hatch nontech people just won't do.
Maybe it's a hard thing to appreciate until you've watched aging family members get tricked by absolute scum, mostly enabled by how loosey-goosey modern computing can still be.
The thing is, apple decides this for themselves, on a product that you fully bought and privately own. It bundles the most brilliant and most incompetent clueless people into 1 group and goes for lowest denominator. No freedom of choice.
Of course thats PR argument, in reality its about distorting and manipulating the market to get the most money out of its users and bind them to their ecosystem as hard as possible to extract even more. And the amount of those same people who uncritically defend them here is still staggering. But maybe its just employees ignoring their ndas, some investors and similar folks.
You can make the default locked down and still allow other operating systems, and most alternative operating systems will also come with a suitably strong security model that does not easily allow the user to fuck themselves. I don't think not locking everything down completely will inevitably lead to every elderly person becoming a victim of scam, so I don't acknowledge that argument.
I hate the classic apple users' "mom" argument. Why are all your moms morons? And why do you want to fuck up the entire mobile landscape to baby proof it for them. Im not gonna ruin my experience with technology because you dont expect your mom to be able to wipe her ass without apple's help
There is nothing stopping you from using non-Apple hardware to escape restrictions on downloading unreviewed software.
There are many things impeding you from doing so and you know it, because Apple designed it that way. Walled garden, remember?
With freedom also comes responsibility, and some innocent people will inevitably shoot themselves in the foot. This is not a strong enough argument for putting everybody else in a cage and letting a duopoly take over virtually all of the distribution of consumer software.