> we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified. We are designing this flow specifically to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands.
As long as this is a one-time flow: Good, great, yes, I'll gladly scroll through as many prompts as you want to enable sideloading. I understand the risks!
But I fear this will be no better than Apple's flow for installing unsigned binaries in macOS.
I also think we should stop calling it "sideloading". We need a better word. Sideloading has a negative vibe, as if it's a dangerous thing to install apps from sources other than the Play Store.
There is a distinction between installing something via the primary or a secondary mechanism. If someone said I just had to "install" a windows program and it turned out I had to compile it from scratch and set all the registry entries myself, I would be "astonished"(as in: The Principle Of Least Astonishment).
I fully understand that language matters and if this was an attempt by Google to de-legitimize this way of installing, that's no good. But for Christ's sake, having different names for different things is not inherently malicious.
I don't see why you'd be astonished here. The Play Store downloads the APK and installs the APK. If you've downloaded it already (eg with a browser), you just install the APK.
How is that comparable to compiling from scratch and setting the registry entries yourself?
About five clicks more(than a single click) and a scary safety setting to turn off. But I didn't mean that installing an apk was as involved as my windows example. That was meant to illustrate that there are two completely different lines of action, two completely different levels of user competence at play.
Installing from the play store involves exactly zero knowledge of what an apk even is.
I want to flip the question around and ask you: How are you not seeing that there is a distinction?
Does this allow unsigned binaries like today? Or is this now requiring you have a binary signed by a android developer account but just one without full identity verification.
Exactly, this would greatly reduce the ability for scammers in "urgent" situations, but for power users who flip the switch on day one it would rarely be a problem. What would be terrible though ... is if Google made it require a network connection or Google approval.
As long as this is a one-time flow: Good, great, yes, I'll gladly scroll through as many prompts as you want to enable sideloading. I understand the risks!
But I fear this will be no better than Apple's flow for installing unsigned binaries in macOS.
Please do better.