> It's not clear at all that a scammer is on the phone, instructing people to click through every warning that they see while sideloading a malicious app.
Google claims this to be a very common or majority attack vector.
"The Global Scam Report also found that scams were most often initiated by sending scam links via various messaging platforms to get users to install malicious apps and very often paired with a phone call posing to be from a valid entity."
> If you're first attaching your account to the device, you simply check a box that says this is an advanced user's phone.
I completely agree this is a perfectly valid solution but what about those who already setup their device? The security of the checkbox only works if you click it before someone attempts to scam you.
They've been claiming since 2023 that sideloading has been a favored attack vector.
"The Global Scam Report also found that scams were most often initiated by sending scam links via various messaging platforms to get users to install malicious apps and very often paired with a phone call posing to be from a valid entity."
Googles total revenue in 2025 was about $400 billion across their entire company. It's hard to estimate how much money scammers steal in general but if you take an estimate[1] that each of the 300,000 forced laborers generates $300-400/day then you end up at a figure of 40 billion in scams, and considering android has most of the market in the regions the scammers target you can be pretty sure those are android owners being scammed through android devices.
They're also growing rapidly, so those numbers might already be double in 2026
No. Their stated implementations should be also privacy preserving as they are using on-device LLM models. Not sending your calls or texts to a datacenter.
I am quite genuinely curious what you think the best solution to prevent someone instructing a tech illiterate person over the phone to click through every permission warning about a malicious app they're installing is? No amount of scary menus will work. I feel like they only have 2 options, which is to limit some permissions without any exceptions (making their platform more closed), or make it harder to install apps as a whole.
I understand usually the megacorporation is simply being anti-consumer with these kinds of changes, and who knows maybe this is the same. But I think this might be an actual exception. They seem to be actually implementing a lot of high effort scam protection features recently in android so unless they did all of that just as an excuse to make side loading harder then they've fooled me.
For more context, the the "reason" they're increasing the friction in sideloading is to prevent one extremely specific scam where someone instructs you over the phone to download a malicious android app, which then steals your banks 2 factor verification code from your notifications and sends it to the scammers. The 24 hour limitation does seem specifically designed to prevent that so I'm inclined to believe them.
None of the comments here seem to discuss or even mention how this situation looks from googles perspective? I feel like HN readers are not aware of the scale of the problem they face or their motivation behind these changes.
If you look at the rate of growth of the call/text scam industry I think it's entirely possible that android owners are getting scammed out of more money than google themselves makes on the android platform as a whole. It's at least not that far off. Which doesn't even account for the humanitarian issues which they probably feel partially responsible for.
I think you could do foveated rendering efficiently with rasterization if you "simply" render twice at 2 different resolutions. A low resolution render over the entire FOV, and a higher resolution render in the fovea region. You would have overlap but overall it should be less pixels rendered.
Shadertoy got hugged to death by this shader a few years ago and it had a custom "please go away" banner for a little while. Funny seeing it show up again on HN front page.
At 14:40 in the video they show the footage to a cop who's immediate reaction is
"To be honest with you. {talked over} you decide to change lane. How come you, did you think to change lanes or you just kinda froze up in that moment?"
He clearly thought they had plenty of time to react to it.
Google claims this to be a very common or majority attack vector.
"The Global Scam Report also found that scams were most often initiated by sending scam links via various messaging platforms to get users to install malicious apps and very often paired with a phone call posing to be from a valid entity."
https://security.googleblog.com/2024/02/piloting-new-ways-to...
> If you're first attaching your account to the device, you simply check a box that says this is an advanced user's phone.
I completely agree this is a perfectly valid solution but what about those who already setup their device? The security of the checkbox only works if you click it before someone attempts to scam you.