What we talk about when we talk about sideloading

Posted by rom1v 5 days ago

What we talk about when we talk about sideloading(f-droid.org)

1510 points | 627 commentspage 7

gmueckl 5 days ago|

I know that this is a controversial take here, but this sideloading crackdown is just fallout from the inevitable disaster that is mixing general purpose computing with high security and reliability requirements.

There's just no way at this time in which a single computing device can run software with high reliability expectations (emergency calls), high security expectations (controlled calling/texting, banking, money transactions) at the same time as random crap from the internet and keep the user safe and secure.

The HN community is far to fixated on their own use cases to properly understand this issue and its implications which can potentially upset a person's entire existence.

AAAAaccountAAAA 5 days ago||

If that "disaster" was so "inevitable", it would have happened ages ago.

It's not like it was somehow possible to accidentally sideload apps. You have to first find the correct option from the system settings to enable sideloading, and then approve the specific app source you want to install from.

It is not like how things are/were on Windows. Back in the turn of the millennium, it was easier to catch malware than it was to install useful apps. For former, you only needed to double-click on an email attachment, for the latter, you needed to actively to go look for the website of the app developer, and download it from there.

Android already was pretty much at the sweet spot between security and freedom, what it came to sideloading. What Google should have done was to crack down on the scam apps in Play Store. However, they are not going to do that, since it would cut their profits.

gmueckl 5 days ago||

Disasters can hapoen slowly. This one did, in a series of decisions from multiple actors. The main inflection point was allowing third parties develop for phone platforms. Then banks erc. went through a process that ended up forcing the use of a smartphone exclusively for a lot of applications that are sensitive. The same device runs random code downloaded through various means (app stores, preinstalled bloatware installing even more crap on cheap phomes, websites, embedded webviews for ads...). This is now an entrenched status quo spread across multiple actors and unaligned interests.

MostlyStable 5 days ago||

I always buy this argument....to the extent that the more powerful, dangerous capabilities are still allowed but locked behind some (one time) process that indicates you have a base level of knowledge and understanding. If you want to make it default safe for normies, fine, but let me turn my own device into the dangerous thing it is capable of being.

The version of the your view that we are actually getting is _incredibly_ paternalistic and condescending to the general populace. The kind of society that is capable of protecting everyone from every conceivable harm comes with the kinds of tradeoffs that no one, not even the people who actually need the protection, are going to want.

gmueckl 5 days ago||

Sadly, your view isn't less paternalistic in reality. It effectively amounts to telling people who have better things to do than care about their personal IT security to just suck it up. Billions of smartphone users worldwide are in this position.

Look, I'm not saying that this outcome is ideal and I hate the idea of a single, almighty platform gatekeeper. But with the world being what it is right now, draconian device lockdowns of some kind are the best option that is immediately available.

fngjdflmdflg 5 days ago|

`abd install` will still work as per[0] so to me sideloading is still possible, so the statement 'Google’s message that “Sideloading is Not Going Away” is clear, concise, and false' is not correct.

I think users should be able to install whatever software they want, without any charge or other external permissions, but at the same time device and OS makers should be able to make it difficult to do so, within reason. Apparently scam apps are more common in some countries than others and is actually a problem in some countries, although I'm not sure.[1] Google did cite that as the reason for the change.[2] However, combined with the way Google has been locking down Android APIs more and more, (eg. the file system, but other APIs as well) it is concerning. At the same time those changes were also about security. I think every phone should be able to have full root permissions if you go through enough hoops without having to install another ROM. That seems to solve most of the issues here.

[0] https://android-developers.googleblog.com/2025/09/lets-talk-...

[1] see eg. https://techcrunch.com/2024/02/07/google-starts-blocking-use... at the end of the article for some examples

[2] https://android-developers.googleblog.com/2025/08/elevating-...

pmontra 5 days ago||

So are we going to download APKs from fDroid to our computers and then adb install them to our phones? For every update? I see a lot of people, even developers, giving up.

bpye 5 days ago|||

This actually seems worse from a security perspective to me than allowing installing apps on device.

Your email client from F-Droid has an RCE? Too bad - better hope you update manually!

fngjdflmdflg 5 days ago||||

You can run adb from the phone itself via wireless debugging. From what I understand, you can do this via Shizuku or Termux, and there are apps that can give you a user interface for this. What changes is that users have to enable developer mode to get this, which adds another warning label. Although admittedly they may remove this feature or add more hoops to jump through to use it.

celsoazevedo 5 days ago||

Wireless debugging not only requires an initial setup, but it also requires being connected to a Wi-Fi network to work. Considering the number of Android users in countries where many don't have Wi-Fi, it's not an option for many.

There's also the problem of some banking apps refusing to work if developer tools are enabled.

MattTheRealOne 4 days ago|||

This is what people defending this are overlooking. While it may still be technically possible to sideload apps, the additional barriers to entry will be enough to push at least some app developers away from Android development. So while it is possible for some users to avoid direct impacts of this change, the overall fallout will be unavoidable.

floppyd 5 days ago|||

"adb install" is such a far cry from a normal install that it's laughable to call it an alternative or jumping though hoops "within reason". I imagine it won't allow to update an app without another adb install, for one thing. And controlling adb is even easier for google, so how long till you can "adb install" only from within Android Development Studio and only if you have a verified account? Because otherwise all the spooky skammers would be installing stuff on people's phones willy-nilly!