Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

We were just reading "Android security in 2016 is a mess"[1] 2 days ago and now we have another great example for it.

https://news.ycombinator.com/item?id=13056288



"Windows is a mess because you can install a virus executable on it."

"You can't install Windows software outside App Store anymore, MS is taking muh freedoms."

You can't win.


There absolutely is a trade-off here between freedom to operate and likely security (with the exception of highly skilled technical people with a lot of time on their hands, who can likely have both).

Personally I'd say that most non-technical computer users are better off using a more locked down/secure OS (e.g. iOS) as they are generally ill-equipped to manage an open computing platform with the current level of threats that there are out there.


You can win. Sane defaults. Allowing the potentially unsafe method "expert mode" is OptIn. I wouldn't buy a car if the dealer held the only key to the hood, still I don't expect everyone to be a grease monkey nor do I think it remarkably safe.


What's "insane" about explicitly having to opt-in to 3rd party application installs in Android ? That switch existed for years and was praised upon. The media opinion only shifted after Android becoming most widely distributed phone OS. It's just easy clicks.

Android is fine.


I'm in agreement with you and that's what I was saying or tried to say. Opting into 3rd party installs is fine with me, having the option disabled is a "sane default".


I agree with the first comment, but Android is "not fine".

The lack of a sane updating model is a real security problem.


Yeah, Android's not fine. The business model, the weak full disk encryption, inability to set strong FDE password separate from your pin, centralization around Google Play Services, moving AOSP into GAPPS iteratively, forced obsolecense via carriers/hardware producers

Long way to go.


Android could let me add a specific source so I don't have all-or-nothing security.

For example, I only wish to install apps from HumbleBundle and F-Droid (in addition to the default play store). Any other APK that lands on my system is still untrustworthy.

Of course, this would probably require additional signature on the APK, since I think all 3rd party sources are just providing raw APKs.


You actually can win.

Apple makes the choice with iOS to be closed. People hate on that because they distrust a centralized authority with good reason, however it is far safer for those who don't mind giving up control.

Google makes the choice with Android to be open. People hate on that because they want the system to be safe, however it is in the control of the end user for those who don't mind taking responsibility for the safety of their own device.

Both absolutely win at what they are trying to be.

MS on the other hand tries to pretend to be both while actually not delivering the benefits of either. That is certainly a way not to win.


You definitely can't win, but those two complaints are not mutually exclusive. Instead of locking down apps to solve the first problem, in theory Microsoft could have redesigned Windows to make third party executables less of a risk. Obviously that's harder, but it's not hypocritical to make both those statements.


I'm not exactly a fan of those, but I think MS is already doing that with UWP, which apps weren't exactly greeted with rejoice.


UWP apps can't be run outside of the MS store. So that's the lock-in he was talking about. It would be nice if Microsoft enabled "mini-VMs" for legacy x86 apps at least.

That way it could shoot two birds with one stone - make x86 apps a little slower and more resource intensive, and thus give both users and developers a reason to switch to UWP, while at the same time it would also make legacy x86 apps vastly more secure.


I think you can sideload them since 1607 (or even 1511?), there's a developer switch in new Control panel for that.


Windows 10 allows you to turn on sideloading. Going through the Windows Store is no longer a requirement.


but then again, how is that different from android of today?


The problem with that is that you can't tell programmatically if a potentially risky action is performed by a program acting as the user's agent or by a program acting on behalf of some malicious fuckwit.

You can just forbid it, sure, but then you're reducing the usefulness of your platform.


Except Microsoft provides updates for Windows longer than any other popular desktop or mobile operating system. So if crap gets installed because of an OS vulnerability either you didn't update or it that flaw will be patched as soon as possible.


Uhm, definitively let me install software on my computer when/how I want? Get the security model right, works for unix.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: