New warning issued to millions of Android users
Millions of Android users now find themselves caught in the middle of an extraordinary debate between Google, regulators and app developers. Make no mistake, not only does this signal a big change for Android from which there’s likely no turning back, but it also narrows the gap with the iPhone in more ways than one.
We’re talking about sideloading, the freedom to download and install apps from almost anywhere, in stark contrast to Apple’s walled App Store. Piece by piece, that freedom is being curtailed, with users having to actively change settings or ignore warnings to take risks that were once part and parcel of the Android experience.
Just last month, Google made its latest move to curb sideloading, enabling app developers to force users to use the Play Store instead of third-party stores or direct installs. And Samsung, the leading Android OEM, has gone even further, shipping phones with maximum restrictions in place that disable sideloading by default.
It has been clear that Google is going in this direction, but now we have no doubt given the public statements from one of Google’s engineering leaders, one of the risks in installing applications from official external channels.
Many power users are unhappy with this turn—Android was the anti-iPhone choice given the sideload, among other things. It’s in the DNA. But it also risks burdening regulators, who are on a mission to introduce choice even if that choice comes with a host of hidden threats from which most users cannot protect themselves.
That debate has come to a new head this week, with Epic Games filing a lawsuit against Google and Samsung for blocking automatic sideloading within Samsung’s user interface, which they claim stemmed from collusion between Android and its major OEM, describing it as a “coordinated effort to block competition in the distribution of apps on Samsung devices.”
Google has hit back, with VP of Security and Privacy Engineering Dave Kleidermacher slamming Epic’s suit as a “meritless and dangerous move” and critically noting that “Google and the security community have been warning users for years next to the real dangers associated with downloading apps directly from the web… Doing this for a game is deliberately misleading; it’s about the user’s security. And Epic’s lawsuit puts their corporate interests above user protection.”
It’s clear that Google’s comments don’t seem to be aimed at Epic’s products specifically, but rather at the broader risks of unregulated app distribution.
In response, Epic’s Tim Sweeney posted that “The 21 steps required to install the Epic Games Store on new Samsung Android devices are full of deliberate dead ends and scary scam screens that characterize Epic as an ‘unknown’ source (you you all know us) and equally dangerous software (you all know it isn’t).
Google says it had nothing to do with Samsung’s decision to automatically block sideloading, and in reality it makes perfect sense for the phone maker to do just that. Sideloaded apps have a much, much higher risk of malware than those that have passed through the Play Store’s cleanup, although the latter are far from immune. And while Google Play Protect and new live threat detection will bolster protection, for the everyday user, the risks of sideloading outweigh any benefits.
But Epic’s points get to the heart of the matter—there’s no middle ground between official Google (or Apple or Samsung) stores and the unregulated danger zone of unregulated apps, promoted by phishing and hacking attacks, that carry loads of dangerous. There has to be something in between, and in providing such a compromise other issues like high app store fees can be addressed.
Sweeney pointed out that “Windows and MacOS demonstrate multiple successful and proportionate approaches to blocking malware. None involve blocking safe software from reputable companies or portraying known software as unknown as Google and Samsung are doing, describing the “Google scheme [as] dishonest and deceptive.”
A middle ground would be great, or at least some form of accreditation for app stores beyond the official ones. Most phones don’t have virus protection and aren’t designed for indiscriminate installations, so the PC/Mac model won’t work.
Apple is also facing regulatory pressure to break down its walled garden, which has included the introduction of sideloading semis in Europe. But the iPhone maker has issued stern warnings to users and regulators that by doing so the threat to iPhones and their users increases massively.
Sideloading, he warns, opens “new avenues for malware, fraud and scams, illegal and harmful content, and other privacy and security threats,” and also “compromises Apple’s ability to detect, prevent, and take action.” against malicious apps on iOS and supports users affected by issues with apps downloaded outside the App Store.”
There are no easy answers here.