It is, because it’s actually the term that defines the process of transferring files not from an external networked device - downloading - or to an external networked device - uploading - but between two local devices - sideloading.
It’s over two decades old, you downloaded an mp3 from kazaa, and then sideloaded it to your player.
For android apps, I believe the term originates from the method of using ADB to directly write the app to the phone memory, the command of which is “adb sideload filename”
And companies ofted do it. Thay recoined jaywalking to put the blaim of the accidents to pedestrians and take away the road from them. They change what littering means in attrmpt to delute the responsibility for polution… We are better than that this time, right?
Like “Jaywalking”, suddenly, walking is no longer the norm, but the car is preferred. The victims are seen as perpetrators.
And “littering” is the “real” culprit why we all drawn in uneccesey plastic. We should blame consumers not the polluters.
Corporations do it all the time.
Yes, but littering used to be a legitimately big problem to. Like the hole in the ozone, now that it’s “solved”/ the norm for it to be getting better the focus should shift to other things.
For sure. That’s why it worked so well. You take a valid problem and abuse it for your corporate gains.
preferred*requiredFTFY, at least here in a certain country…
Don’t forget “side effects”, when really, medications only have “effects”. Whether the effects are intended or not doesn’t change the fact that they happen.
Cough medicine can induce drowsiness, but you probably shouldn’t be taking it as a sleep aid. The distinction between intended vs unintended effects is an important distinction to make, in my opinion, to prevent drugs from being unintentionally misused.
While that is true, it does not invalidate the poster’s point. All of the effects of drugs are just “effects”. They could just as easily market cough syrup as a sleep aid with the “side effect” that it suppresses coughing.
The difference in definition in this context is simply that “drug uses” is the list of its effects that they were going for, and “side effects” are a list of effects that they were not. Its entirely a man made distinction. Extend that reasoning to the “installing” vs. “side loading” discussion to see the poster’s point.
I believe him to be suggesting that “side loading” is a very different word for “installing” that can be loaded by PR people to shift public opinion against the practice. Whether or not they are doing that I can’t say myself, but that appears to be the point being made.
They could just as easily have coined it “direct installing” or “USB installing”, but they didn’t even though those terms are more descriptive. Draw from that whatever you will.
you shouldnt be taking medication not for his intended purpose, it has many warnings.
Talking to the wrong guy here, I’ve taken many a medications against their intended purpose: I am a curious guy.
But that sounds like saying, in the context of Google’s intention of disabling app sideloading, that warning users that it poses a security risk because it’s their intended purpose for android, is fine because the authority on android is Google.
Don’t just take the word of authority at face value, when they prioritize profit and mindshare over personal freedom.
Wait, so now I have to talk to a doctor before installing from F-Droid? Well, shit.
For all intents and purposes, your comment actually invalidates the premise of using ‘sideloading’ as a term for installing from outside the ‘official’ method.
You buy cough syrup because you’re coughing, not because you want to be drowsy (I would hope that’s the case). In the same way, you install Spotify to listen to music, not to get all your data extracted and sold. Getting drowsy is an inconvenient side effect of the medication, the same way that data grab and ads are an inconvenient side effect of the app.
You’re not ‘side-medicating’.
You are the master of your body, the person who decides ultimately what goes in and out of your body, No doctor can force you to take anything. That’s what I mean, The play store aka the doctor wants to become the master that decides what apps go in or out of your phone, instead of the user. My comment doesn’t invalidate the premise of the use of the term sideloading, because I don’t agree with the term to begin with.
Whether the effect is ideal or not does not change what is chemically happening in the body. The body can’t tell apart side effects from the main ones, so this distinction exists because humans deemed it so, just like the distinction between play store sanctioned apps, and everything else. It’s a distinction that Google is now abusing for it’s own monetary benefit.
It’s a bad comparison because some people do take the medicine to get the side effects. For example taking benadryl to fall asleep.
Call sideloading what it is, installing apps.
I know, I know. People don’t understand how they’ve already conceded the war with language.
Me: Like…Yeah, I’m just going to “jailbreak” the small computer I bought to… run a program.
The public unironically: Oh man, I hope you don’t get arrested.
Found the Rossman subrsciber. 📎
Sideload refers to moving files between two devices, like P2P
Since Google’s goal is to improve security
Is it though? Really?
The security of their bank balance.
No.
What ulterior motive do they have for blocking sideloading?
Essentially banning any apps that would hurt googles profits.
I thought that was pretty obvious.
It’s not. They already allow multiple app stores so they are not profiting off of every app.
EDIT: people keep downvoting me like I’m bootlicking or disagreeing. I’m actually trying to understand what the suspicion actually is over ending sideloading. There’s definitely a security case to be made, but people don’t seem to buy that. What actually ARE you thinking?
Since Google’s goal is to improve security
This is an obvious lie.
they want to improve thier AI and datamining capabilities.
What am I not seeing? How does this improve datamining capabilities?
Target can track your purchases when you shop at Target, but can’t really do that when you’re shopping at a local store. Same applies here.
But you can’t shop at Target with some random app, only the Target app. Even a small business has an accessible pathway to publish their app. Besides Fortnite and my gimbal nobody out here trying to educate customers on how to install their apk file.
They mean a physical Target store, not a phone app. Target can track customers walking in and out the door and what they buy, how long they stay, etc. but they can’t track anything about you if you just go to a different store, especially something like a small business which isn’t hooked into the ad data sponge.
Also if the CEO of target decides he really doesn’t like a popular shirt and is able to force everyone to only shop at target, then he can come a lot closer to snuffing out the existence of that shirt.
Some apps let you watch YouTube without being a YouTube app.
They never specified who’s security…
Whose*
Who’s = who + is
Whose = an indication of possession
I will always remember this grammar rule thanks to the show “Whose Line Is It Anyway?” because I would see that title every morning before school.
The question is still valid, even if the meaning changes.
Their revenue probably felt very threatened.
I’m not sure why google is over engineering this, proper mainline distros have this solved since forever. Let the community setup trusted repos with gpg keys, then let me trust the repos. If Fdroid trusts the package and I trust Fdroid, who should care?
Probably because they want to target software that cracks theirs to avoid ads, like ReVanced.
Then why aren’t they already doing that by blocking DuckDuckGo?
The DuckDuckGo app blocks all apps from sending to Google (and other advertisers) tracking/ad data on a system level. And it’s freely available on the Play Store (has been for years.
https://play.google.com/store/apps/details?id=com.duckduckgo.mobile.android
If they wanted to prevent apps from blocking their ad abilities, this app would never have been allowed on the Play Store.
Antitrust lawsuits and plausible deniability
Does it actually block ads in apps?
Blokada 5 blocks ads in apps and it was removed from the google store years ago. You have to sideload it in order to use it.
There’s a neutered version on the google store, but it doesn’t block ads effectively.
Google also removed an addon called Adnauseam, which clicked ads in additional to blocking them. That way, advertisers still have to pay site owners for your visit. Google removed it without justifiable reason, then kept it removed since there was no sufficient backlash.
It’s the main reason why I switched to Firefox. That kind of abuse is for useful idiots.
If they blocked it now, people would just sideload it.
Thank you random lemming, didn’t know about duckduckgo-s tracker blocking capabilities, have it installed now.
Because it was never actually about security to begin with. That’s obviously BS. Google just wants control.
If Google wanted to add developer verification without being evil, it could use SSL certificates connected to domain names. I think the whole concept is ill-conceived, though I’ll admit to a modest bias against protecting people from themselves.
They couldn’t. Domains and SSL certificates can be obtained very easily anonymously and thus wouldn’t let Google identify the developers of malicious apps, which is the goal of this
The trouble is Google’s definition of malicious apps. Are adblockers malicious? How about alternative apps for YouTube? Based on the recent history, I don’t think you will be able to install those apps on the phone you purchased.
Yes, I agree. Google will use this to control the Android app ecosystem beyond the Play Store and I don’t like it either
You can sure as shit know that NewPipe and Smart Tube Next won’t be getting a licence. Fuck Google so fucking hard.
It provides a way to open an investigation into a malicious developer without giving Google the ability to ban anyone it doesn’t like.
Yeah I mean some form of asymmetric encryption/validation would work but it stops the real reason why Google wants to implement this.
The problem with that is that certificates expire before someone would want to keep using the app.
It need only check at install time.
Correction: SSL certificates can expire before someone would want to continue being able to install any given app.
Sure, the developer needs to keep the certificate up to date and re-sign the APK on occasion.
So any APK I download will just expire at some point in time that’s probably really annoying to know, and then I have to dig through the internet again so I can install the app again?
Another option is to allow otherwise-valid signatures after expiration. It’s generally still possible to check them.
That completely nullifies the entire point of signature validations.
If it’s anything like how Windows does it, you would still be able to override it. It just gives you a scary warning and hides the option unless you click “more info” or something.
These two are identical for software.
Code signing certificates work a little differently than SSL certificates. A timestamp is included in the signature so the certificate only needs to be valid at the time of signing. The executable will remain valid forever, even if the certificate later expires. (This is how it works on Windows)
Doesn’t work, the reason they can expire is to make certificate rotation possible. If an expired ssl certificate is cracked it doesn’t matter because no browser will accept the expired certificate, with your idea the expired certificate just signs an app with the date of 1984 and it works.
Certificates in SSL can’t change the date because that date is signed by a certificate higher in the hierarchy.
This isn’t “my idea”, this is how the industry already does code signing. You can’t sign something with a date of 1984 because your certificate has a start and end date, and is usually only valid for 1 year.
You can read more about how this works here: https://knowledge.digicert.com/general-information/rfc3161-compliant-time-stamp-authority-server
Then you need a Trusted Third Party, right? Still requires some though on how to prevent that third party from blocking applications they don’t like but I can see how a group of trusted authorities could work.
The trusted 3rd party in this case is actually multiple 3rd parties. There’s several options for trusted timestamping just like there’s multiple trusted root CAs for SSL. Since the timestamping service is free and public, anyone can use it to sign anything, even self-signed certificates. There’s no mechanism to deny access, at least for this portion.
There’s always a risk the root CAs all collude and refuse to give out certificates to people they don’t like, but at least so far this hasn’t been a problem. I don’t have a better solution unfortunately. If we could have a 100% decentralized signing scheme that would be ideal, but I have no idea how you would build such a thing without identity verification and some inherit trust in the system
This is actually worse than integration in Play Protect which can be disabled very easily. Now you can only install unsigned apps via ADB which means just developers can do it.
And very annoying too since some government apps don’t like it when you have developer mode on.
Not only government. I can’t see my daughter’s insulin pump status if I don’t disable developer mode.
I believe I got a notification that it disables NFC payments when developer mode is enabled. Which I know not as many people use it in the U.S. but some do.
Shit, I’ve disabled developer mode and still can’t access my bank app
Or anyone with a computer who installs ADB. You don’t have to be a developer.
Nah you can’t realistically distribute your app with adb requirement. No one will bother to go through such friction.
Although you are correct, you still don’t have to be a developer to find use in ADB. I’ve used it and I’ve never been interested enough in developing for Android to do more than install the SDK for it once.
Knowing what an SDK is already puts you in the 1% most knowledgeable users
deleted by creator
Leaving ADB open to unverified apps is more than I was expecting. ADB is reasonably straightforward to use even without actually being an Android developer.
There was never any way they’d integrate it to play protect and still allow play protect to be disabled. I prefer this to being required to use play protect personally, though the services do seem somewhat redundant. Presumably the whole point of doing this is to create an Apple style walled garden (which is of course very profitable). Google likely doesn’t want to fully lock it down and risk legal trouble, they just need to make it difficult enough that the masses don’t bother installing unapproved apps that may not act in Google’s interests.
I still hope the EU takes legal action against this anyway.
I don’t think this adds anything tbh as peoppe with adb would always be able to bypass this. The issue is that this kills distribution and thats exactly what Google wants - have full competitive control. Once they don’t like your app they’ll block your account and what do you do with your customer base? Give them adb install instructions? That’s basically a death sentence for any app.
We hope that Google keeps its word and preserves ADB installation
lol, adb is the first loophole that will be closed.
I don’t know, even people here are already considering it a loss of the only way is through ADB, because it’s not practical for everyday usage. But it’s better than nothing.
why can google not just code something like this into android:
allow apps from:
( ) All sources (how it is now; allow each app to install apps from external sources)
( ) Just Google Play
( ) Apps which have been verified by Google Developer ProgramBecause they want to stop people from using ad blockers.
Option 1 is a potential cause of “lost” revenue.
Late stage capitalism absolutely forbids anything that could cause that, even if the cost of implementation outweighs any potential gain.
Because it’s Google
bing! thy turkey’s done
Taking Google at their word for a moment, it’s far too easy to scam the clueless masses into selecting the first one. Might work okay if it’s strictly an ADB command, tho.
Taking Google at their word for a moment
And why should we do that?
I’m inclined to think that’s not the job of an OS vendor to prevent. Sure, put a warning label on it, but it’s the user’s device; once they say they know what they’re doing, that should be that.
The implication here is, if they implement this, is that they volunteer to assume liability, should e.g., your bank account be drained despite undergoing their forced strict lockdown on paid and owned devices.
Fat chance, because laws are meaningless to crime syndicates
It might be a reasonable trade for users to make if Google assumed liability. In fact, that would be an interesting way to implement laws to discourage practices like these.
but they could make it be google play or samsung store only as the default as a compromise
That would just continue to ensure lock-in, and at least the EU would never go for that (& neither would I). Sideloading should still be allowed.
Google’s Play Store security has never been all that stellar, anyway.
That would give users choice, and corporations want as many people as possible to be incapable of making decisions for themselves.
I can see it already:
() Just Google Play (safe)
() Verified apps (not recommended)
click on Advanced settings
() All sources (Unsafe. Will probably kill your cat and burn down your house)
tick the box
Are you sure?
click yes
ARE YOU SURE?
click yes again
ONE HUNDRED PERCENT SURE?
wait for the 30 seconds timer to count down
click yes
( ) I do not love my cat and want him to die.
tick the box
( ) I accept the very real risk of my house burning down
tick the box
Please wait 24 hours for the change to apply. You can reverse it at any time from this menu.
get spammed every hour for the next 24 hours with notifications asking me to fix my security settings
get a bigass ⚠️ every time I turn on the phone
every once in a while the change just straight up reverses and I have to do it all over again
We should embrace oldschool SciFy and go for (DIY) Cyberdecks.
Thankfully, for those of us without the time for all that there are Linux phones such as this one I’m considering.
I’d love to play around with something like this, as a programmer myself, but unfortunately the cost is prohibitive in my country.
Yeah, that’s why it’s still in the “considering” phase for me as well - especially considering Trump’s tariffs crap. It also seems a tad underpowered for the price, and they still don’t have the promised removable battery replacements in their store.
It’s worth remembering, though, that the cost covers the constant software updates, as well as their user support. As such, it’s much like the Apple model of business, except much more open - so in the end it’s probably worth it.
Yo I’ve never seen this one. Thanks for the link!
Which means I can make an app for this “Sideloading” by shizuku…
I heard of shizuku before how does it work? Does it need root?
It uses adb
deleted by creator
So a lot of speculation and we don’t know much except 2 paragraphs in the FAQ… I’d like to mention though, they’ve recently stripped the Pixel devices of their status as developer devices and now push for their emulator for development. Once they follow that kind of logic, there isn’t really a reason to keep ADB working as is, at least not on real devices.
I honestly think that this is just not going to happen. It’s already a giant pain in the ass to install apps from anywhere else than Play Store. With Shizuku it got much, much better.
You may want to re-evaluate how you’re installing non-Play apps. I use F-droid all the time and never had anything even approach “inconvenient.”
Like I said, Samsung does this crap in certain regions, specifically South Korea. I’m using Shizuku now and couldn’t be happier.
AAAAAaaaaaaaaaaaahhhhhhhhhh, ok, say no more. Samsung used to be much easier to work around and they’re really joining the “lock it down!” club lately.
Huh? Downloading an apk and clicking open with -> package installer is nothing but straightforward.
It nags me a lot, sometimes downright blocks me from installing without adb shit. Samsung.
What kind of apps are you installing? I’ve never ever had any issue with installing APKs on Samsung, you just have to allow the app that triggered it to install APKs one time and every subsequent time, it just works.
In some regions, afaik, you just CANNOT install certain apps without adb, this in my experience includes: KDEConnect, Fdroid, Newpipe…etc. The list changes time to time.
What region are you in if you don’t mind me asking? It works perfectly fine in Singapore.
This simply doesn’t work anymore for all apps on my Pixel 8.
Many I installed manually just redirect to the Play store with the message it could harm your device and you should download from Play.
Pixel 8a on graphene here so I’m not getting this. Maybe on stock
GrapheneOS patches this behavior if apps match their Google play signature IIRC. This is a behavior that apps on the play store can opt into (basically they block operation if they aren’t installed via Play).
It was rather annoying until recently, since some apps require you to be on a certified Android install to find them in the Play store, but don’t actually check play integrity in the app. These apps when installed via Aurora wouldn’t work for me until Graphene patched this.
Pixel 8a on stock here. I have no idea what @Hawk is talking about. I just install any app, that I want. I might had to alter some settings, to do it, but I don’t remember doing that.
