Google Play Protect now asks for PIN in order to sideload some Android apps

24 pointsposted 9 months ago
by thunderbong
(twitter.com)

22 Comments

kelnos

9 months ago

That seems... fine? I think there's plenty to complain about on Android (or on iOS), but this doesn't feel like a big deal to me.

greatgib

9 months ago

No, this is not fine. The is again another barrier to ensure that things are more difficult and scary when you don't use the official play store. It's an anticompetitive behavior again.

You are already logged on your phone interface when you try to install so this additional check is excessive. I could have understood to have it just in the case that you don't protect your phone access with a pin.

Also, to not be anticompetitive, the behavior should be the same when using the play store or not. Like asking your pin to use the playstore like what is done in iOS. Even if it sucks if you want my opinion.

iszomer

9 months ago

Every time I want to install a package off AUR I have to use sudo preceding the command. And people want to whine about that.. /shrug

selfhoster11

9 months ago

1. You do not need to use sudo to run scripts and binaries, provided they are properly packaged. You just need to make them executable, which any user can do without entering the password.

2. You installed Arch Linux. That is a much more technically demanding accomplishment that simply does not equal to enabling sideloading on an Android device.

3. The official Arch repos do not discriminate on the basis of whether a given package will harm corporate interests, or the interests of the Arch development team. Google Play does - for example, NewPipe, which is a far better YouTube client than the official app in many respects, yet Google bans it for commercial advantage.

greatgib

9 months ago

In addition with other comments, you are also free to disable this behavior, you are also free to install an alternative "package manager" that will not require a sudo for each package installation ...

And out of the box, you can also install apps in our own user account without needing a sudo.

yjftsjthsd-h

9 months ago

You also have to use sudo to install from official Arch repos. It would be fine if the Play store required a PIN too.

aio2

9 months ago

Ideally, it could be what Apple does with their app store, where you can choose or not choose to input your password to install.

dmm

9 months ago

It depends on the implementation. Prompting for a pin for a one-time install of a downloaded apk is not a big deal.

If it requires a pin every time you install or upgrade from fdroid that would be really excessive and actively discouraging alternative app stores.

hulitu

9 months ago

> but this doesn't feel like a big deal to me.

Just normal enshitification. Nothing to see here. /s

(maybe Google shall try to run Play Protect on the Play Store, i've heard that there is a lot of malware there)

appendix-rock

9 months ago

[flagged]

theshrike79

9 months ago

It's a sign of the modern times. Something being different than what Main Characters are used to are always bad and should be changed.

Have they considered changing the way they do things? No.

The world must change to the way they think is best.

Vuska

9 months ago

This is such a myopic view. The average smartphone user may not immediately understand why increasingly locked down and user hostile devices are bad, but it does not negate the fact they are.

warmfusion

9 months ago

Seems like a good idea to me. Means if anyone gains access to your device while its unlocked, its less easy to side-load nefarious things while the device is out of your control.

cute_boi

9 months ago

yes, and it should ask pin while installing from google play too.

Mindwipe

9 months ago

Seems fine as long as the same is done for apps from Google Play too.

Which of course it isn't.

ksp-atlas

9 months ago

I've experienced this, I really wish sandboxed play services were a thing outside grapheneOS (which is very device limited)

hnburnsy

9 months ago

Does it do this if Play Protect is off. Just waiting for my banking app to not work because PlayProtect is off...

Play Protect verdict API

NO_ISSUES Play Protect is turned on and did not find any app issues on the device.

NO_DATA Play Protect is turned on but no scan has been performed yet. The device or the Play Store app may have been recently reset.

POSSIBLE_RISK Play Protect is turned off.

xnzakg

9 months ago

I mean, in a way this really wouldn't be that different from having to authenticate when installing software on a desktop OS if this was required for all apps.

And AFAIK Apple already requires you to confirm with your unlock method when installing apps from the App Store.

Honestly I wouldn't mind enabling requiring my pin for all app installs.

horsawlarway

9 months ago

This seems reasonable to me. Plenty of malicious apps on the play store too

Even things that aren't directly malware can be malicious if installed unknowingly on someone else's phone, ex - child-lock/tracking/recording apps. It also would allow parents to pass a phone to kids and not have them add junk.

Would love to just have all app installs require auth.

joemazerino

9 months ago

To even enable sideloading you have to input your bio/PIN (via developer options).

dizhn

9 months ago

It doesn't ask me for a pin but it asks me to enable play protect. Yet another Google option I'd never hear about if only I'd say yes once.

nhinck2

9 months ago

Doesn't seem egregious.