This is a pretty big change, detailed only a few days ago.
Eagle-eyed users of Android O will have noticed the absence of the ‘Allow unknown sources’ setting, which has existed since the earliest days of Android to facilitate the installation of apps from outside of Google Play and other preloaded stores. In this post we’ll talk about the new Install unknown apps permission and the security benefits it brings for both Android users and developers.
Google goes into more detail a few paragraphs down:
In Android O, the Install unknown apps permission makes it safer to install apps from unknown sources. This permission is tied to the app that prompts the install – just like other runtime permissions – and ensures that the user grants permission to use the install source before it can prompt the user to install an app. When used on a device running Android O and higher, hostile downloaders cannot trick the user into installing an app without having first been given the go-ahead.
This new permission provides users with transparency, control, and a streamlined process to enable installs from trusted sources. The Settings app shows the list of apps that the user has approved for installing unknown apps. Users can revoke the permission for a particular app at any time.
Good move.
It might make F-Droid easier to use indeed.
Is that much different from Windows UAC? The users will grant access anyway but will also be annoyed by the extra step.
I was thinking the same. Previously apps could only be installed from unknown sources if you changed a deep level setting, now it will just show a popup that “normals” will just “next next finish” to continue. I see this as a step back for normals that was put in their by experts that legitimately think this will improve security
However, it does have a benefit: “The Settings app shows the list of apps that the user has approved for installing unknown apps. Users can revoke the permission for a particular app at any time.”
So now when you have to provide support you just go to this app and start by blocking everyhing there before continuing
There should be 3rd option – present fake data to the application.
I 100% agree with this. Especially since there are so many that ask for access to contacts and such for no damned reason other than to troll your information.
leech,
I was blocked from upvoting, but +1 from me. This is a case where android was designed to serve google’s interests instead of the owners, making us less secure and giving us less control over our privacy.
We are the last line of defense. Once installed, executables becomes SUBJECTS of confidence. Working sets shouldn’t make use of this option.
At least one front is lost forever once You install the FIRST unknown executable: Defense against Stealthiness.
Third party applications shouldn’t be able to trigger another app install, regardless of whether the user is asked for confirmation or not, nor should it be possible to install an apk just by tapping on it.
It wouldn’t be so much more complicated, and yet less prone to malicious installs, if you had no other way to manually install apks other than launching an Android tool that installs apks and selecting the file from there.
Eg. a “local” apps section in the google play app, or just a section in the Android settings similar how you add Google accounts.
Asking for confirmation usually means that the user will just tap “yes”, because tapping “no” looks like not getting to do whatever he was trying to do when the dialog popped up.
Before this feature most users were protected by a hidden setting that they probably didn’t know that existed. Now they are at the mercy of their fast fingers.
Short of the above suggestion of not allowing installs to be triggered by tapping on apks or by other apps, wouldn’t it have been better to just add this feature while also keeping the global setting in place?
Why not? F-Droid, the Amazon store and such are al 3-rd party apps legitimately able to trigger another app install.
Because if the point is protecting the user from unwanted/malicious app installations, as soon as you allow third party apps to trigger installs you are allowing every single app to do so, therefore opening an attack vector.
Yes, the user must grant permissions, but you can’t expect all users to be knowledgeable on security matters for something as common as a phone.
It’s like storing bleach on a place where it’s convenient but where it can’t be mistaken for a beverage nor reachable by children.
Because driving is dangerous for yourself and for other people, it requires a license.
Now that smartphones are dangerous for yourself and for other people, it should requires a license.
Bleach, like some music, is dangerous hence it is put outside of reach from some audience.
Kochise,
Yes exactly. The choice needs to be the owners. If they choose to take off the training wheels, then so what? Most will be totally fine, some may fall and get hurt, but it’s their prerogative. The operating system’s job is to empower users to make informed decisions, but not to police and jail the owners.
“We’re not going to be responsible for what happens outside our walled garden” = fine.
“We’re not going to allow independent markets outside of our walled garden” = evil.
Can’t see a secure way to put OS within OS, but in Hardware. Paranoid indeed. Main reason never liked Java.
Modern OS little more than a Psycho manager an everything else embedded. Shouldn’t be.
Edited 2017-08-25 14:09 UTC