The assault on a user’s freedom to install whatever they want on what is supposed to be their phone continues. This time, it’s Samsung adding an additional blocker to users installing applications from outside the Play Store and its own mostly useless Galaxy Store.
Technically, Android already blocks sideloading by default at an operating system level. The permission that’s needed to silently install new apps without prompting the user,
INSTALL_PACKAGES
, can only be granted to preinstalled app stores like the Google Play Store, and it’s granted automatically to apps that request it. The permission that most third-party app stores end up using,REQUEST_INSTALL_PACKAGES
, has to be granted explicitly by the user. Even then, Android will prompt the user every time an app with this permission tries to install a new app.Samsung’s Auto Blocker feature takes things a bit further. The feature, first introduced in One UI 6.0, fully blocks the installation of apps from unauthorized sources, even if those sources were granted the
↫ Mishaal RahmanREQUEST_INSTALL_PACKAGES
permission.
I’m not entirely sure why Samsung felt the need to add an additional, Samsung-specific blocking mechanism, but at least for now, you can turn it off in the Settings application. This means that in order to install an application from outside of the Play Store and the Galaxy Store on brand new Samsung phones – the ones shipping with OneUI 6.1.1 – you need to both give the regular Android permission to do so, but also turn off this nag feature.
Having two variants of every application on your Samsung phone wasn’t enough, apparently.
I wish everyone would do that. Mobiles need more protection from users themselves.
Why???
Because when you install just one app from an unknown source, you can get any type of malware on your device. That’s why everyone starts installing anti-viruses in the first place on Windows. Mobile companies have learned the lesson well. If you can compile apk yourself, ok, you can install it. Otherwise get it from application store only. And don’t forget, some countries expect that you should use a state-approved app store. You don’t need to simplify this process.
trial_version,
The windows security model is quite a bit worse because there’s no application sandboxing,
Unfortunately this isn’t allowed either. Naturally the companies pushing walled gardens don’t want to give customers this right because their goal is actually about maximizing control over us. Users who build/install their own apps from source goes against vendor control.
Can you name a single country where this is the case? I’d guess north korea, where technology imports are strictly regulated. But mostly I think the state censors are exploiting their influence over the tech companies existing app stores, including google and apple. Apple’s app store became a censorship jail precisely because it is a coercive walled garden, these concepts are inseparable. The difference on android is that google hasn’t coercively restricted owners to their app store and owners are free to sideload even when the app store is state censored.
“The windows security model is quite a bit worse because there’s no application sandboxing,”
As an application developer, I don’t believe in a better “model”. There will always be some bugs in the CPU, which allows for some level of access to your data. Many applications you can install from alternate sources (and some even from Google Play) request PHONE permission, which allows them to spy on you.
“Users who build/install their own apps from source goes against vendor control.”
You can do it even on iOS, if you’re a developer.
“Can you name a single country where this is the case? I’d guess north korea, where technology imports are strictly regulated.”
There is no open internet in North Korea, I believe, nor mobile phones are in the wild.
As most Russian banking apps has been removed from official app stores, there are only a few state-controlled stores that you have to install yourself. For example, https://www.rustore.ru
Of course, you can still use PWA.
trial_version,
I’m a bit perplexed by your response. The possibility of hardware vulnerabilities, while problematic in it’s own right, doesn’t mean we shouldn’t even try to build secure operating systems.
Being a “developer” is not quite sufficient. You also need to be accepted into apple’s developer program, paying your dues and being in good standing to deploy your own software to your own devices. And even then you are restricted to the number of apps you can deploy and devices you can deploy to. You may feel inclined to defend apple’s restrictions on owners, but there’s no denying these restrictions exacerbate censorship issues.
I’m not following your logical connection between this and the need to protect users from themselves in the context of our discussion thread.
I don’t feel protected as long as I can still install apps. That needs to stop. The preinstalled ones are all one needs.
j0scher,
So you feel that you need for some one else to protect you from yourself? I cannot emphasis just how much I disagree with you on this. Maybe you could enable child controls for yourself and throw away the key. No reason to make others suffer though.
Edit: Was this sarcasm? If so, it completely went over my head, haha.
Yes, it was sarcasm 😀
Hahaha, you got me good! It’s getting harder and harder to detect sarcasm 😀
I dont feel protected as long as vendors can silently modify the system without my approval. Every modification should be user approved. Every system should allow sideloading (if you know how to).
Sysau,
In light of the recent CrowdStrike disaster, we may have to learn the hard way just how catastrophic vendor updates can be. Crowdstrike obviously deserves blame for botching the update, but the companies were just as irresponsible for allowing untested bleeding edge updates on production servers. IT departments would never allow their own employees to do what crowdstrike were doing, Inside of IT departments I’ve worked at, even windows updates are staged to prevent exactly these kinds of faults. And yet it’s unbelievable that so many major companies were somehow giving crowdstrike a free pass at their infrastructure.
/offtopic
I like it. make it harder but not impossible. and by harder I mean “you choose to expose yourself to this. beware of consequences”
Isn’t this exactly what “REQUEST_INSTALL_PACKAGES” is for already ? Why not reinforce the user consent mechanism for this instead of adding another setting ? They literally added a setting to allow another single setting to work. That looks like a valid definition of enshitification to me.
Some people pres “ok”, “ok”, “ok” without reading anything.
Also I don’t know how it happened. it but some time ago I accidentally installed some adware in my tablet. And I am not usually careless with those things. It was extremely annoying, it constantly opened some ad video. I couldn’t uninstall it and I had to do a factory reset.
Changing the entire ecosystem because you are careless is a sledgehammer to crack a nut. This sounds like a *you* thing.
It has actually been shown in the past, that protecting the user from themselves, they need to make an extra click actually helps to prevent a bunch of problems.
Lennie,
It depends how you define “protecting the user from themselves”. Most of us in this thread agree that there’s nothing wrong with having warnings/mechanisms to prevent careless accidents. However if you actually mean taking control away from owners, which is what I take “protecting user from themselves” to mean, that’s repressive. We need to fight this so that we don’t loose freedoms on our own hardware. The harms aren’t just hypothetical anymore, walled gardens are already being exploited by state actors for the purposes of censorship and it’s going to get worse.
Whether or not samsung have plans to push their own walled garden down the line, I think we need to be very careful not to normalize owner restrictions that would facilitate this in the future. It becomes much harder to claw back freedoms after the fact once restrictions are normalized,
I definitely did mean: put scary message in place which doesn’t have default of just continue.
worsehappens,
Yep C5523 describes the way android already worked before.
Agreed.
Supporting normal installations of applications on Android and iPhone devices should be made mandatory by law.
Exactly. And Smart TVs and so on too. Someone should lobby the EU to make a law like “If an electronic device can install applications through an ‘app store’ it must also allow the installation of apps from outside the app store such as the app developer’s website, without further restrictions on those apps or the need to use a second device to install the apps.”
j0scher,
I agree with you here, but I am really confused at the logical gap between this post and “I don’t feel protected as long as I can still install apps. That needs to stop. The preinstalled ones are all one needs.”. What’s going on? Haha.
The other day I rented a car and by chance this happened to be brand new Volvo, where IVI was Android based. Basically like a tablet tweaked for automotive needs. My first interest was privacy – how much I can configure privacy-related settings. For this I was able to go pretty far, as like in a typical Android tablet. However my next interest was installing either F-Droid or OsmAnd – but here I hit an upright wall and found no easily visible solution. And as it was a rental car, then heavier hacking was not an option.
So @j0scher, yes you are totally right – ability to configure and sideload stuff on your smart-tv, car IVI or other similar gadgets should be available to those, who are interested.
And when we talk about smart-tv’s then there is another a heavy problem. Neither LG, nor Samsung update browsers in their webOS and Tizen. Which means that multimedia sites that you used via browser will sooner or later stop working (websites are updated and old rendering engines are not able to figure out new html/js/css/etc code) and then you have two options: app or external computer connected to tv. And with app you immediately use the privacy benefit of browsers (control cookies, delete cookies, delete history, etc).
Fortunately, there are other makers of Android phones that won’t be doing this (like, say, UniHertz).
Those that want this type of user “jail” can continue buying Samsung.
Those that prefer to get their Android apps from, say, F-Droid can still go elsewhere.
Sadly, Unihertz seems to mostly ship oooold Android versions. Looking at the Titan series, Android 10 or 11. WTF. They’re selling these as NEW. I do appreciate the lower prices, hardware keyboard (would take a bit for me to get used to again!), but the screen resolutions are rather low (although fed into the lower price, which I get).
I get if they were still selling with Android 13, 14 isn’t that old, and it can sadly take time for smaller companies to update.
Sure, valid point.
Unihertz doesn’t claim to have latest software, just inexpensive hardware in various formats.
Versions of Android was never really an issue for me – I don’t use many default Android apps, especially none that require an account. And most of my apps from F-Droid don’t care about Android version.
What attracted me to Unihertz was the Titan with its _physical (!!!) keyboard.
[ I had originally hoped to get a Planet AstroSlide (but boss said too costly) or the FxTec Pro1 (order cancelled, supply chain issues) ]
What got me to buy two other Unihertz models – on my own dime – was my year-long experience with the Titan’s build quality and the prices for those models.
Really don’t want to sound like a shill for Unihertz, but there it is.