It's the combination of both factors that counts. Even if Google Play has a lower malware rate, a user is still far more likely to try to install apps through Google Play given the sheer size of its catalog and its prominent, default placement on people's devices.
Perhaps if you're the highly motivated type who would excel even without ai. But it's far too easy to become like maths students who learn only how to use a calculator instead of how to actually add fractions.
> This is honestly some of the dumbest false equivalence I've ever read. Entering a birth date (that doesn't even have a check for truthfulness) during account setup when the system is first installed equals returning escaped slaves or turning in jews? I'm actually baffled by this comparison. And no, I don't particularly care about North Korean laws.
How did the world come to this when the internet long predated smartphones and so many "apps" are little more than bookmarked wrappers around websites?
Don't know why this was downvoted. Some people prefer to access online services from the safety of a web browser sandbox than through an always-installed wrapper app.
I think all the software the scammers used was in the google play store. I don't think they sideloaded anything.
But I'm not entirely sure. I wasn't there, and she's not tech literate. She was so rattled when I spoke to her about it that it was hard to get a clear story out of her about what happened.
The one-day waiting period is so arbitrary. Have they demonstrated any supporting data? We know google loves to flaunt data.
Something like Github's approach of forcing users to type the name of the repo they wish to delete would seem to be more than sufficient to protect technically disinclined users while still allowing technically aware users to do what they please with their own device.
Brother, there's an entire genre of scamming where the scammers spend months building rapport with their victims, usually without ever asking for anything, before "cashing out". One day is nothing.
Wouldn't a wait time like 2 hours with some jitter make it more difficult for a scammer to pursue the case? People aren't going to be willing to stay on the phone for hours at a time. With 24 hour wait, the scammer could just schedule another call for the next day.
This is obvious to anyone with a brain. I'm not familiar with scam logistics or the videos you mentioned, and the exact same line you put in quotes is what first came to my mind.
tl;dr of this post is that Google wants to lock down Android and be its gatekeeper. Every other point of discussion is just a distraction.
I think the more important aspect is that people will have 24h to slow down, think, and realize that they are being scammed. Urgency and pressure is one of the top tactics used by scammers.
Scammers will definitely call back the next day to continue. But it is quite possible that by then the victim has realized, or talked to someone who helped them realize that they are being scammed.
There's been some reporting recently where I live about a case of some woman being scammed.
She went to a bank to transfer the scammer money. They told her no. She came back the next day. The police got involved and explained everything to her. Then she came back the next day. After that, she apparently found another location which let her transfer the money.
There's basically zero chance a 24 hour (or any amount of a) cool off period will help these people.
It's not one example. The scammers purposefully target people like these. That's their business.
Like, I'm sure there's a small amount of people who normally wouldn't get scammed but fall for it in a panic. But, is that really such a big concern for Google that they absolutely must continue stripping user freedoms from us? Is the current 30s popup which needs 3 confirmations not enough? Will the new one really work?
> helping some people is great even if it doesn't help everyone
It's kind of funny, but I very much agree with this. It's just in this case, it's hurting everyone (in ways most don't even realize) so that you can help a few people.
It's like putting everyone in prison, because some people might commit a crime and this would save some victims. A bit of an overreaction, no?
Right, this friction makes it much harder for a scammer to get away with saying something like, "wire me $10,000 right now or you won't see your child ever again!" as the potential victim is forced to wait 24 hours before they can install the scammer's malicious app, thus giving them time to think about it and/or call their trusted contacts.
The sheer arrogance that you think someone manipulated successfully will just re-think the situation and ask their friends/family. The naivety to assume all scammers are impulsive fools and don't do this for a living, as their primary line of work.
So Google's going to add some nonsense abstraction layer and when this fails to curb the problem after a 24 hour wait, it will be extended more maybe a week, and more information must be collected to release it. We all know how this goes.
Sure, but what about a 30 minute delay? 1 hour? 2 hour?
24 is just so long.
But also, my expectation is that a scammer is going to just automate the flow here anyways. Cool, you hit the "24 hour" wait period, I'll call you back tomorrow, the next day, or the next day and continue the scam process.
It might stop some less sophisticated spammers for a little bit, but I expect that it'll just be a few tweaks to make it work again.
24 hours is long enough to get them off the phone, and potentially talking to other people who might recognize the scam.
There will be some proportion of people who mention to their spouse/child/friend about how Google called them to fix their phone, and are saved by that waiting period.
Sure, but wouldn't 35 hours do the same trick? Or 5 hours? Or 10 hours and 28 minutes? :)
The question is, why exactly 24 hours? The argument is that the time limit is set to protect the users and sacrifice usability to do so. So it would be prudent to set the time limit to the shortest amount that will protect the user -> and that shortest amount is apparently 24 hours, which is rather.. suspiciously long and round :)
You've got to pick some time value (if you choose this route at all), and if the goal is to prevent urgency-coercion it needs to be at least multiple hours. An extremely-common-for-humans one seems rather obvious compared to, like, 18.2 hours (65,536 seconds).
Unless you want to pick 1 week. But that's a lot more annoying.
Well, I guess 24 hours gives a good change to include at least one window where a vulnerable person might be able to speak with a trusted contact.
Someone who lives in another timezone or works weird hours etc. Our routines generally repeat on 24hour schedules, so likely to be one point of overlap.
Have you ever watched Kitboga? Scammers call people back all the time. They keep spreadsheets of their marks like a CRM. It takes time to build trust and victimize someone, and these scammers are very patient.
It sounds like the 24 hour advanced flow should be completely removed then to protect these people. Right? It can't be perfect so to follow you, it should not exist.
P(malware) = P(nalware | Google Play) * P(Google Play) + P(malware | non-Google Play) * P(non-Google Play)
It's the combination of both factors that counts. Even if Google Play has a lower malware rate, a user is still far more likely to try to install apps through Google Play given the sheer size of its catalog and its prominent, default placement on people's devices.
reply