undefined | Better HN

0 pointshamburglar3y ago0 comments

Yes. Require them to give the same dire warnings about apps from their own store, or remove them both.

0 comments

The difference is that the store includes any amount of heuristic tests meant to scan for malicious activity, and directly installing an APK has no such safety net.

You can argue that the testing Google does is bad or minimal, but it seems like the ideal solution would then be "improve the testing". I'd also prefer to see such tests moved on-device so they could apply to APKs from any source, but I don't know how technically feasible that'd be; depends on how they're doing the testing, I guess.

heleninboodler3y ago

This puts google in the position of being the arbiter of what testing is "good enough" when they're also one of the supposed competitors. If there's no mechanism by which the other app stores meet the "good enough" bar for testing that would eliminate the dire warnings, then they shouldn't be penalized for not being google.

drusepth3y ago

This is pretty par for the course, though. Who else is incentivized to determine what is "good enough" wrt user experience/safety on Google's platform? Microsoft, Apple, Canonical, Samsung, Steam, Amazon, etc are all the arbiters of what's "good enough" (or safe enough) for their respective platforms (and marketplaces) because it's their brand at bat when something _isn't_ good enough (or safe enough).

"Android" (by Google) takes a reputation hit when someone downloads malicious APKs from anywhere, including Google's store. Google, therefore, wants to reduce the availability of bad apps in their ecosystem; maintaining an app store that enforces their standard of quality is one approach to accomplishing this goal, dissuading unknown apps they can't vouch for is another.

Obviously, there are both pros and cons to these approaches (from both Google and the end-user's perspectives), and they could definitely be improved, but they accomplish a concrete goal of "reduce malware on Android".

realusername3y ago

> You can argue that the testing Google does is bad or minimal, but it seems like the ideal solution would then be "improve the testing"

Yes why would we believe Google on the APK scanning? There's zero transparency on this subject, zero code shared and the store is visibly full of scams anyways.

IshKebab3y ago

There's absolutely no reason you couldn't provide that automated testing for non-store APKs too.

Edit: Sorry, didn't read to the end of your comment. Yeah doing it on-device would be good but I'd guess there's some stuff they want to keep secret.

j / k navigate · click thread line to collapse

0 comments

drusepth3y ago

The difference is that the store includes any amount of heuristic tests meant to scan for malicious activity, and directly installing an APK has no such safety net.

heleninboodler3y ago

drusepth3y ago

realusername3y ago

> You can argue that the testing Google does is bad or minimal, but it seems like the ideal solution would then be "improve the testing"

Yes why would we believe Google on the APK scanning? There's zero transparency on this subject, zero code shared and the store is visibly full of scams anyways.

IshKebab3y ago

There's absolutely no reason you couldn't provide that automated testing for non-store APKs too.

Edit: Sorry, didn't read to the end of your comment. Yeah doing it on-device would be good but I'd guess there's some stuff they want to keep secret.

j / k navigate · click thread line to collapse