Did they add another one?

https://news.ycombinator.com/item?id=47442690

So I buy a device ... with my own money ... which I supposedly then own, but then I need to ask some corporation permission to use it, and it treats me like a toddler by giving me a 24 hour wait period for the ability to install applications on that device? I'd understand if this "feature" was a part of Parental Controls, but I'm not a child, so this is insulting. I see Google saw how Microsoft likes to spit on its users and wanted a piece of that action. How is this legal?

I never bought into the apple ecosystem for the exact reason of not being able to feel ownership over my own device.

However i also understand the challenges google has. They/vendors are selling consumer devices with a consumer OS on it. Not everybody is tech savvy and a fair bit of people are too easy to trick into installing things.

An alternative could be to offer two versions(perhaps on phone activation). A business like version where a business(and people on HN) get full access. MDM and all. And average Joe mamas version that comes with more guard rails activated.

I can personally live with that 24 hour wait once, if it helps protect the average people from scammers etc.

> Not everybody is tech savvy and a fair bit of people are too easy to trick into installing things.

Almost nobody is tech savvy to understand how LLMs work and how subtly and convincingly they present incorrect facts, yet they are free to use by everyone.

Here, we are talking about the same company providing both of these services - an OS where they are supposedly trying to protect their users, and LLMs where no protections are needed (just censorship).

I can understand that point, but I'd much rather vote for increased education than increased babysitting. Increased education would affect those that need it whereas increased babysitting affects everyone, including those who do not need it, and living in a society where everybody assumes you're a toddler because some people are easily gullible and ignorant is just horrible.

You can always buy a Chinese android phone without a Gstack. Then uhm, well, you will have lots of freedom at least without having to wait 24 hours first.

yes, but we are talking about educating a billion people in developing countries. it's not just some people there, but the majority of the population. it will take a whole generation at least to fix that.

The education vs. restriction tradeoff has actually been studied in public health contexts — the evidence tends to suggest they work best together, not as substitutes. Restrictions buy time for education to take hold. Whether that logic transfers cleanly to software installs is genuinely unclear to me.

Just look how state works with solving all kind of problems with legislative regulations that, in the end, remove freedom of choice peace by peace. Neither you give responsibility to individuals to learn even from mistakes or take all of it. Of course because of our "safety".

This post is propaganda. You don't own the phone. The term "buy" is defined as "revocable anytime lease".

hardware is yours, you can put a different OS on it, this OS comes with these user safety features

You are essentially a child to them. A child is just someone who has not yet developed the power to survive in a world full of adults. This is why parents guard and protect children, and when that fails society steps in to do it instead.

You are just a child to them. Not powerful enough to stick up for yourself. Ripe for abuse. The difference is society has decided not to step in to protect you from your abusive parents.

The analogy holds but breaks down at the exit. A child eventually grows up and leaves. You can flash a custom ROM on an Android device right now, bootloader unlock and all, no waiting period. The 24 hours applies to sideloading through the standard flow, not to owning the hardware outright.

Parenting without love makes tyranny.

this is not about protecting children with parental controls but about protecting illiterate adults in developing countries who are being exploited by unscrupulous scammers.

yes, it's bad, and i don't like it either, but this is preferable over only allowing verified apps.

It's a one time 24 hour wait.

This sort of washing away fundamental problems with blanket statements like "oh it's just X, not a big deal", which then always keep adding up to a pretty big deal, is not helpful. Perhaps ignorance is the path to happiness for you, but not everybody wants to bend over to lords at megacorps.

I'm just stating a fact since the linked article wasn't correct at the time of my comment and it seemed like some people assumed it was every time.

Give them an inch...

And I'm 100% sure they will stop there... Yup! No evidence to believe the contrary.

“They only want your firstborn. You can make more kids."

This will not be a popular comment, but...

A 24 hour wait like this can sometimes be the result of a security team not knowing what else to do. There are all sorts of weird threat models when you think hard about how devices are used, like partners who have legit access to a phone at a certain point in time.

What's next? I buy a car which I cannot drive in certain locations unless I ask for permission and wait 24h? Daddy Car Dealership please let me drive in this location, pretty please?

drones are already coming with mandatory GPS-based flight restrictions

cars are a funny example (but I know, car analogies are also mandatory!), because cars and driving is a very complex and regulated system, what you can drive, where, license, registration, car & road safety standards, where to park, when, how much to pay, etc...

this is the right answer. google is simply at a loss. they are not doing this to gain control, they are doing this because developing countries are demanding it. and those developing countries are the future markets with a lot of growth potential. so from google perspective they can't afford to ignore those markets, but also from a development perspective it would be unfair to deny those people access to modern technology just because they lack the education to avoid being scammed.

you buy your hardware, you don't buy the software, you buy the license to use the software according license terms

If the hardware wasn't locked down on so many devices, this wouldn't be an issue because people could choose to use a different OS.

Right so by this logic, if I buy an electric car, and they decide to not let me drive on dirt-roads because the software won't allow me to and I need to ask special permission and wait 24h to be able to, that's also totally fine then, right? Do you not see the ridiculousness of this premise?

if you have problem with this vote with your wallet and don't support HW companies doing this or talk to your MEP or other representative to change the current legislation, I'm just telling what's the current status quo, don't kill the messenger

fine, but can you buy alternatives that run your software then?

yes, you can, if you think running something else other than Android/iOS

In practice, though? For most people the realistic alternatives are "jailbreak and lose security updates" or "buy a different phone that has the same restrictions." Has anyone actually shipped a mass-market Android fork that meaningfully differs on this?

The license argument only gets you so far. We shipped an Android app last year and the real constraint was never what users owned — it was what they'd tolerate setting up. Most people won't dig through settings to sideload anything. Google knows this too.

Following this logic, adding a checkbox "I swear this app does not contain malware" to app publishing process would solve the problem with malicious apps on Play Store, right?

I hope consumers return these phones in droves like Windows RT and Windows 10 S. The issue is that sideloading isn’t an immediate concern—users would only realize the limitation later, when it’s too late to return the device.

Return them and get what instead? Every other popular phone platform is even more restrictive.

Would it not be nicer to have a dual boot phone where one OS is baked in rom and only contains certain necessary government/banking/medical service apps and the other is just completely free to use for whatever purpose? Just a thought...

The only sane way to buy a device is to pick a user-representing OS (eg Graphene), pick a device from its list of supported devices, and then install your desired OS on that device as soon as you get it as part of your setup process. Then if it's 24, 48, or 168 hours to receive your unlock code to install the secure OS, it's all just part of the setup process (and if they refuse to unlock for whatever reason, then you're still in the return period!). The longer you let the surveillance industry keep its hooks in you, the more friction and dependence they will add to every single thing you want to do that goes against their business interests.

This is what I have with my bank. I need to wait 24h after adding a new recipient for wire transfers.

Being treated as a toddler by an organization that is itself completely disfunctional is mzking me angry.

There should be one screen each for self signing individual apps and it's updates, and another one for adding a public app store key to allow verifying apps and updates from that key. That would be factual and not scary. Yes, the question should be asked with the play store too.

People should by default not trust a developer or store or OS for that matter that is scaring you into doing something.

WHy not just add a hardware switch to allow Android sideloading?

Are these multibillion companies so incompetent to not think about it?

If they add a switch people might use the switch. You are confusing the excuse with the reason.

It’s not incompetence, it’s malice

this was already discussed, so no point for dupe, but there is no wait period for ADB install

and AFAIK this also affects only unverified developers, though hard to imagine why would someone install app from verified dev outside the play store, for the record I don't have gapps in my phone and use Aurora

> Think of it like an ID check at the airport

That's an interesting way of selling this.

I may be missing something, but what does the title have to do with the article? There is no mention about any waiting or mandatory reboot. What does OP have in mind?

yeah i was researching and accidently added an old article while copy pasting the link, the orginal blog was released yesterday on developer blog and is prob linked below.

I would have added it here, but i don't want hn to be label my account as spam

More Google bullshit about how they must have total control over the device you bought. And lawmakers won't move against it because they can use that total control for their own purposes by proxy.

this is coming from lawmakers in developing countries that demand more protection for their illiterate users.

The 'headline' is false. This is specifically for unsigned applications, not for all sideloaded apps.

In school I learned the definition of politics was "the distribution of benefits and burdens". We can and probably should view this as a political question. The benefit is the consumer right to do whatever you want with the device you bought (used by some), vs the burden of making yourself attackable by scammers etc. Google are pushing first and foremost for protecting end-users from scammers. They do benefit from this, so there is probably an incentive for them to do so. It is very practical that they can call locking down their phones "protecting users".

The big question here is where on the balance scale we care about "protecting users against scammers" vs "protecting users against enshittification, closed ecosystems, and possible future power grabs". One side is very tangible and easy to understand, the other more abstract, and most consumers simply don't understand it well enough to make educated choices about it. This uncertainty is being used by powers that benefit from pushing towards the "lock-down" extreme of the scale. Peter Thiel said so himself.

It is also worth noting that it is these security guys' job at Google to invent security schemes. All in all they did their job as engineers, and ignoring personal responsibility to engineer solutions that balance needs not only technical but also social, they did everything right. In a larger society there should be people who take on the job of setting boundaries for these technical solutions. Just like you need technical people to push back on technical demands from non-technical people within a company, we people who push back on this sort of stuff in our society. Us technical folks are best suited to do this job.

TL;DR: The political question boils down to how many grandmas are we as a society happy with getting scammed in the name of protecting consumer freedoms? In the extreme and hyperbolic case, are we happy with an infinite number of grandmas being sacrificed? Where on the line do we want to be? And what other measures can we put into place to make the problem easier to solve without sacrificing basic freedoms? If you are technical you should probably consider taking more space in the public debate.

>A new layer of security for certified Android devices

May I purchase a non-certified android device now? Because frankly, fuck you.

Not if you want to run any of your banking apps or all sorts of things. The open android I knew and loved is long gone

> Not if you want to run any of your banking apps or all sorts of things.

I must be getting old, cause I see everyone saying this in response as if it's a downside. As someone that's getting real tired of every company/product/service on earth trying to have you install their own app (even before we get to the privacy/data concerns, just on a pure convenience/hassle POV), the idea of "WeLl ThEn YoUr BaNk ApP DoEsN'T WoRk" is frankly a bonus.

I can touch to pay with a card , which is faster and more convenient than having to unlock/approve/dick with my phone, which by doing so also allows me to keep NFC off by default (personal preference).

Also, I don't need an app for that, already have one, it's called a browser.

TL;DR: Sounds like a feature not a bug to me.

> TL;DR: Sounds like a feature not a bug to me.

You are getting old (and so am I), but banks are already starting to build out needed features into these apps that don't have equivalents in their web applications, and I'm deeply worried that this will continue. It also honestly needs a legislative solution, but at least where I live there is no appetite to handling that problem.

It's not paying I care about (and I don't need their app to do that, thankfully!), that's a solved problem as you rightly pointed out. It's everything else that makes me nervous as to where it might be going.

Said another way: I'm saying this as a warning, not as I "wahhhh I don't have the app that I want :'("

Actually this OP seems to be the old announcement from 2025 with no additional news as far as I saw. If implemented like this, it will be horror.

The baseline for a usable solution for me is still that I can keep my banking apps and that I am able to use fdroid trusted builds from source, can install builds from other open source CI builds, install builds from my students I know personally without needing them to verify with a foreign entity and publishing their personal data.

Practically the law will require me to buy another 'developer phone' the for work. Actually allowing more profiles like the work or hidden profile would allow users to at least chose per profile and could at least put their banking apps into a sandbox where they work (requirement would be that Google wallet can also run from such a profile) . I actually would be very happy to run the main profile without any Google play services like Graphene does: I guess a lot of data protection risks would be solved by this.

yeah i accidently added an old article while copy pasting the link, the orginal blog was released yesterday on developer blog and is prob linked below.

I have asked the admin to update this with the latest blog, as i can't update it myself nor i can remove the submission

This is so outrageous I wouldn't mind it being on the front page every day until they back off.

Do you think they'd care?

I must have missed that yesterday.

It could be worse. Do this after you buy the phone and then in 24 hours its like normal.

no because, from what I understand you have to do this on a per-app (per version even?) basis

No. From TFA: "There is a one-time, one-day wait"

For now.

Carrier IQ, 2011. OEM bloatware that couldn't be removed, 2008. Google Play certification requirements creeping upward since 2018. Each step had a reasonable-sounding justification. The direction of travel only ever goes one way.

This submission leads to a generic press release about the anti-feature from 6 months ago, when it was first announced. There's absolutely no mention of the information that has been revealed and posted here since, not even that regarding the 24-hour wait from the submission's title.

If this is what the other submissions of this account look like, it's no wonder they're being taken down.

i have requested the admin to update the link there, i can't change it for some reason

OP account has only five comments in total, and three of them are copy-pasting exact the same words.

it was an error on my part, my keyboard kind of suck they keys sometimes work, sometimes they don't, so I had to clarify this mistake on my part.

Apologies, sir