Linked by Thom Holwerda on Wed 23rd Aug 2017 23:11 UTC
Android

This is a pretty big change, detailed only a few days ago.

Eagle-eyed users of Android O will have noticed the absence of the 'Allow unknown sources' setting, which has existed since the earliest days of Android to facilitate the installation of apps from outside of Google Play and other preloaded stores. In this post we'll talk about the new Install unknown apps permission and the security benefits it brings for both Android users and developers.

Google goes into more detail a few paragraphs down:

In Android O, the Install unknown apps permission makes it safer to install apps from unknown sources. This permission is tied to the app that prompts the install - just like other runtime permissions - and ensures that the user grants permission to use the install source before it can prompt the user to install an app. When used on a device running Android O and higher, hostile downloaders cannot trick the user into installing an app without having first been given the go-ahead.

This new permission provides users with transparency, control, and a streamlined process to enable installs from trusted sources. The Settings app shows the list of apps that the user has approved for installing unknown apps. Users can revoke the permission for a particular app at any time.

Good move.

Order by: Score:
Comment by Licaon_Kter
by Licaon_Kter on Wed 23rd Aug 2017 23:47 UTC
Licaon_Kter
Member since:
2010-03-19

It might make F-Droid easier to use indeed.

Reply Score: 2

UAC
by nicubunu on Thu 24th Aug 2017 05:50 UTC
nicubunu
Member since:
2014-01-08

Is that much different from Windows UAC? The users will grant access anyway but will also be annoyed by the extra step.

Reply Score: 3

RE: UAC
by avgalen on Thu 24th Aug 2017 11:48 UTC in reply to "UAC"
avgalen Member since:
2010-09-23

I was thinking the same. Previously apps could only be installed from unknown sources if you changed a deep level setting, now it will just show a popup that "normals" will just "next next finish" to continue. I see this as a step back for normals that was put in their by experts that legitimately think this will improve security ;)

However, it does have a benefit: "The Settings app shows the list of apps that the user has approved for installing unknown apps. Users can revoke the permission for a particular app at any time."
So now when you have to provide support you just go to this app and start by blocking everyhing there before continuing

Reply Score: 2

Fake
by agentj on Thu 24th Aug 2017 09:48 UTC
agentj
Member since:
2005-08-19

There should be 3rd option - present fake data to the application.

Reply Score: 6

RE: Fake
by leech on Sat 26th Aug 2017 14:01 UTC in reply to "Fake"
leech Member since:
2006-01-10

I 100% agree with this. Especially since there are so many that ask for access to contacts and such for no damned reason other than to troll your information.

Reply Score: 2

RE[2]: Fake
by Alfman on Sun 27th Aug 2017 02:40 UTC in reply to "RE: Fake"
Alfman Member since:
2011-01-28

leech,

I 100% agree with this. Especially since there are so many that ask for access to contacts and such for no damned reason other than to troll your information.


I was blocked from upvoting, but +1 from me. This is a case where android was designed to serve google's interests instead of the owners, making us less secure and giving us less control over our privacy.

Reply Score: 2

dionicio
Member since:
2006-07-12

We are the last line of defense. Once installed, executables becomes SUBJECTS of confidence. Working sets shouldn't make use of this option.

At least one front is lost forever once You install the FIRST unknown executable: Defense against Stealthiness.

Reply Score: 2

Comment by ichi
by ichi on Thu 24th Aug 2017 15:37 UTC
ichi
Member since:
2007-03-06

Third party applications shouldn't be able to trigger another app install, regardless of whether the user is asked for confirmation or not, nor should it be possible to install an apk just by tapping on it.

It wouldn't be so much more complicated, and yet less prone to malicious installs, if you had no other way to manually install apks other than launching an Android tool that installs apks and selecting the file from there.

Eg. a "local" apps section in the google play app, or just a section in the Android settings similar how you add Google accounts.

Asking for confirmation usually means that the user will just tap "yes", because tapping "no" looks like not getting to do whatever he was trying to do when the dialog popped up.
Before this feature most users were protected by a hidden setting that they probably didn't know that existed. Now they are at the mercy of their fast fingers.

Short of the above suggestion of not allowing installs to be triggered by tapping on apks or by other apps, wouldn't it have been better to just add this feature while also keeping the global setting in place?

Reply Score: 2

RE: Comment by ichi
by nicubunu on Fri 25th Aug 2017 05:57 UTC in reply to "Comment by ichi"
nicubunu Member since:
2014-01-08

Why not? F-Droid, the Amazon store and such are al 3-rd party apps legitimately able to trigger another app install.

Reply Score: 3

RE[2]: Comment by ichi
by ichi on Fri 25th Aug 2017 10:32 UTC in reply to "RE: Comment by ichi"
ichi Member since:
2007-03-06

Because if the point is protecting the user from unwanted/malicious app installations, as soon as you allow third party apps to trigger installs you are allowing every single app to do so, therefore opening an attack vector.

Yes, the user must grant permissions, but you can't expect all users to be knowledgeable on security matters for something as common as a phone.

It's like storing bleach on a place where it's convenient but where it can't be mistaken for a beverage nor reachable by children.

Reply Score: 2

RE[3]: Comment by ichi
by Kochise on Fri 25th Aug 2017 13:21 UTC in reply to "RE[2]: Comment by ichi"
Kochise Member since:
2006-03-03

Because driving is dangerous for yourself and for other people, it requires a license.

Now that smartphones are dangerous for yourself and for other people, it should requires a license.

Bleach, like some music, is dangerous hence it is put outside of reach from some audience.

Reply Score: 2

RE[4]: Comment by ichi
by Alfman on Sun 27th Aug 2017 02:35 UTC in reply to "RE[3]: Comment by ichi"
Alfman Member since:
2011-01-28

Kochise,

Yes exactly. The choice needs to be the owners. If they choose to take off the training wheels, then so what? Most will be totally fine, some may fall and get hurt, but it's their prerogative. The operating system's job is to empower users to make informed decisions, but not to police and jail the owners.

"We're not going to be responsible for what happens outside our walled garden" = fine.

"We're not going to allow independent markets outside of our walled garden" = evil.

Reply Score: 2

RE[2]: Comment by ichi
by dionicio on Fri 25th Aug 2017 14:04 UTC in reply to "RE: Comment by ichi"
dionicio Member since:
2006-07-12

Can't see a secure way to put OS within OS, but in Hardware. Paranoid indeed. Main reason never liked Java.

Modern OS little more than a Psycho manager an everything else embedded. Shouldn't be.

Edited 2017-08-25 14:09 UTC

Reply Score: 2