Good! I'm looking forward to having to uninstall a crypto miner on my mom's phone because it told her the only way to play a slots app is to allow third-party apps.
Computers overflowing with naively self-installed adware/malware is a recurring and persistent problem with some relatives of mine. Nothing you can say stops them from inadvertently doing it again, they simply lack the sophistication to understand, and then complaining that their computer is slow or doesn't work anymore. Putting these people on iOS is a godsend, these kinds of issues don't happen there.
Am I misunderstanding something or couldn't this just be made an optional setting?
So users can lockdown the ability to install stuff if they want without overcoming various hurdles (maybe allow users to add customised message so if a user tries to do it a message will pop-up saying "Your Son/Daughter/whoever has said you should never disable this! Call them before doing this if someone has asked you to!").
I feel like there is so many options/info hidden from consumers about their devices that really shouldn't be. And preventing it or hiding it only really serves the companies themselves, not the end user.
Far too defeatist an attitude and a poor comparison that plays directly in companies that want walled-gardens hands.
Fortnite is an immensely popular game people search for to buy, whereas malware etc are almost by definition not something you think "gee whiz, might go buy that".
For the type of user being discussed it seems very simple to just say/have a setting of "only allow downloads from official app store" combined with the above. Although tbh this may all be rendered moot by AI LLM security style tools that can actively monitor and prevent users from doing stuff like this.
Nope, my parents had 20 things installed on their Android devices because they clicked yes to something.
I insist on the fact that you should respect the end user’s choice of platform and not try to change the platform to earn your 30% more. If you really hate it - don’t develop for Apple. I mean at the end of the day you can tell your customers buy an Android phone and see what they prefer - your app or the Apple eco system.
You need to first go to the settings to allow installations of Third Party Apps, then you get a warning of Google Play Protect that you have to expand, and then you have to confirm that you know the App is a security risk and explicitly go forward with the installation.
Your parents did this on purpose
We don't get by just fine - there are lots of viruses. But it is much easier to install an iPhone app than a program on your computer, so it is definitely more likely.
Nokia’s Threat Intelligence Report of 2021[0] shows that Windows made up over 23% of all malware infections, in 2020[1] that was almost 39%.
They seem to have skipped 2022 and 2023 doesn’t seem ready yet.
More interesting however is looking at Android since Google has made efforts to match iOS in sandboxing the last few years, as well as the context provided with the statistics.
Where 2020 “only” saw Android come in at 26.64% with iOS coming in at 1.72%, in 2021 Android accounted for a whopping 50.31% of the infections while iOS didn’t even register on the charts.
Let me repeat that again: over half of all infections in 2021 were on Android devices.
Were these super sophisticated attacks? Let’s see, because Nokia, understandably so, dedicated significant sections of their reports to Android.
In 2020 they stated (emphasis mine):
> In the smartphone sector, the main venue for distributing malware is represented by Trojanized applications. The user is tricked by phishing, advertising or other social engineering into downloading and installing the application. The security of official app stores, such as Google Play Store, has increased continuously. However, the fact that Android applications can be downloaded from just about anywhere still represents a huge problem, as users are free to download apps from third-party app stores, where many of the applications, while functional, are Trojanized. iPhones applications, on the other hand, are for the most part limited to one source, the Apple Store.
In 2021 they stated (emphasis again mine):
> Among smartphones, Android devices remain the most targeted by malware due to the open environment and availability of third-party app stores.
> […]
> The number of Trojans targeting banking information through Android mobile devices has skyrocketed, putting millions of users around the world at financial risk.
> […]
> Banking Trojans can arrive on smartphones in a variety of ways, often disguised as common and useful apps. When run, they request a variety of permissions needed to perform their desired behavior, then often remove their icon from the application pane, effectively disappearing from the device. In many cases, the apps never provide the promised functionality that enticed the phone's owner to install them and are forgotten quickly after disappearing. However, they remain installed and continue to run as background tasks, using a variety of tricks to collect user information. These may include capturing keystrokes, superimposing their own transparent overlays onto bank login screens, taking screenshots and even accessing Google Authenticator codes.
So it looks like in most cases users are being tricked to install malware and grant permissions.
This all also explains why the whole “muh sandbox” argument carries little weight.
Not only is the sandbox but a single layer of a bigger Swiss cheese model, the sandbox isn’t gonna help your mom if she’s tricked into granting permissions.
So I ask you again to define “just fine”, because from where I’m standing Windows making up more than 20% of all malware infections is far from “just fine”, let alone Android’s more than half.
And I know you said x86, but the two and a half Linux users don’t really make a significant dent in statistics, nor is x86 the relevant platform for this discussion.
On top of that you can bet your ass that iOS users will be prime targets, certainly more desirable targets than random Android and Windows users, because of potential ill gotten gains.
This sounds like a false dichotomy. It's possible to opt-in for a "dev" mode which gives the user more choice, but not implemented because of the potential profit loss.
Imagine arguing against press freedom because a relative might fall for some disinformation.
Of all the arguments in support of Apple's prohibition against third party browsers, your mother's gambling addiction is the saddest, most bizarre, and by far the least convincing.
