With Android developers finally let loose with real hardware, some of the limitations of the Android SDK are coming to light - though it seems that applications coming out of the Googleplex aren't limited in quite the same way. The first evidence of a hierachical strata of developers comes with access to APIs for installing …
I guess they are using a certificate for identifying who is actually trying to install on the phone, because what if I hijack the dns so the marketplace points to somewhere naughty?
I am guessing there might bea security problem getting patched here, because it's the first place people will try to hack in order to obtain the same status and install malware..
Bring on the Anti-Fanboi rants
Come on, I know you're out there. All those people who flamed us iPhone owners and Apple for the restrictions Apple has (sometimes wrongly, occasionally rightly) imposed. I'm waiting to see all those spleens venting in the light of this news that Google is just like any other company that thinks it has a winner...
Nobody should be surprised at these restrictions, they were predictable (and indeed predicted). No company investing a large amount of money in something like this isn't going to turn over their potential cash cow entirely to all comers. They at least need to get their investment back and make their own large pile of cash first...
"At this point, we think it is too dangerous to give _Google_ blanket access to install applications without the user being involved. That may change in the future, but for now that is the way it is."
There - Fixed That For You!
Storm in a Teapot?
So Google wont let user made applications install hidden stuff willy nilly. How is this bad? I wish Windows warned me before installing SecuROM on my PC. This seems like making much ado about nothing - what is is that user apps cannot do exactly? Can they still function? Is the only thing they arent allowed to do is install other apps? Does that matter?
I also dont see how this gives Google more cash.
Apple is still far more restrictive than Google.
Open Souce right?
This all seems a bit of a non-issue to me. Unless the repository is signed with some 4096 bit encryption and implements all manner of other, ultimately circumventable, security this will not stand up even one month. It is sure to be the very first thing people attack. All google has done is ensure a fragmented install process.
It would have been much better to open the install API and do some sort of real time contact back to google for virus scan / black list. That would raise hackles too, and ultimately probably not work anyway, but this, however well intentioned is naive to the point of stupid. Google is falling victim to the trap all successful companies do - they read their own press. Didn't learn a damn thing from microsoft did you boys?
Look for hacks in the IMMEDIATE future. This is child's play compared to the roadblocks apple has tried to erect. It's practically illegal to unlock an iPhone and best I can see it IS illegal to write a program for it. Now, exactly how far did that got them.
"At this point, we think it is too dangerous to give a third party application blanket access to install applications without the user being involved."
Actually, It's dangerous, creepy, and really fucking stupid to allow _ANY_ application blanket access to install applications without the user being involved.
When MS does intrusive and monopoly cementing stuff like this, you can guarantee the freetard jihad will be out in force, and it will be interesting to see just how hard Google can squeeze it's cheeks before their collective tongue is ejected from it's greasy corporate sphincter.
If it's unsafe, why can Marketplace do it?
Surely if something is unsafe, then it's unsafe.
Anything that Google do to make marketplace safe can be done by third parties as well.
Missing the point?
Maybe I'm missing the point here but why would you want to allow any application to "install other applications onto an Android phone without warning, or alerting, the user" in the first place, even Android Marketplace? If Google want to promote security, they should apply to themselves the same security rules they apply to everybody else: don't install anything on the phone without user consent.
I think it's the reverse.
It's good if a 3rd party has to ask me if they can install something on MY PHONE.
If Google can install crap on my phone without asking me then that's the real problem.
Google and Apple are both lock-in vendors. Anyone with a clue has known this for years. Googleization refers to a way of defeating the spirit of GPL Version 2, so they could hardly be more famous for systematic lack of openness.
For those of us that care about the freedom to do what we want with our kit, there are products on the market: http://www.openmoko.com/product.html
... for some definition of "open".
this is great, what mobile Linux needs!!
The thing that has been holding back Linux for so long is a way for commercial software companys to distribute apps without giving raw binarys and having different package managers deal with it in different ways. Now google is coming a long and finally giving mobile Linux a way to go commercial. Mobile Linux will lead the way at beating the iPhone at a game that the mobile software market should have taken 10 years ago, and Symbian (which is being open sourced also) will be forced to play catch up. Laugh all you want you iPhone zombies, mobile Linux will give a lot more choice which will result in more creativity, more power for less cost.
yeah Im a mobile Linux fanboi, no denying, and this is what I will buy as soon as it gets cellular connectivity: http://openpandora.org/
The problem isn't that 3rd party vendors can't install things without asking, it's that google CAN install things without asking. Apart from meaning that I now am required to trust google, it also provides them with a competitive edge. Just like Micorsofts control of the base install of the Windows platform gave it an edge in Internet Explorer vs. Netscape.
well im happy
You may mock Windows Mobile for being sluggish compared to its newer brothers, you may call it dull when you compare it to the beautie of its new brothers, you may even go as far as saying its c**p but you know what?
I like it.
I can do what ever i like on it and it just workes, i can install more or less what ever i like on it, and it works, i dont have to live in fear that it will be switched off by someone else or have its applications removed, i dont need to worry about it keeping track of everything i do and i can have all the security of the faster web browsers that may or may not be open source because i choose. its my phone and i do what i want with it.
Now, the point im making is actually this, buy what ever you like, after all its you thats going to be using it, stop all this BS about this is better than that and so on because it really doesnt matter if you like it, all it does it get other people up who are daft enough to take the bate and attack right back. Not one of the now four main PDA OSs beats all the others in everything, all are good, and equally all are bad, lets just chill a min and have a real think about whats important and get on with it.
Id like to remind you that Google has open sourced Anroid, and that there is potential for it to be expanded beyond its current form. I can see a lot of other mobile Linux OS's building in compatibility to Android but still continue to run their own flavor of mobile Linux, openmoko probably will be the first to do this. Google has huge market access by default, there is nothing wrong with them designing an framework that forces software access through their channels, they built Android with their own money, if commercial software companys dont like Google, they can go somewhere else. This is still a huge improvement over Symbian which has tight control on who can develop for that OS.
I suppose I will stick with S60 and WinMo a little longer, at least long enough to see Android properly tamed. No it aint ever going to happen on the BeJaysusPhone, jailbreaking is impressive but reactive e.g. jailbreak phone then wait for next s/ware update then wait for jailbreakers to unlock it again. Too much hassle.
Nothin to see here
I fail to see the problem here.
If i want to install software on my linux box i need my root password. Sure, i can set up yum, apt-get etc.. to automaticly update or install software via cron. But again i would need root access for that in the first place. Java MIDlets also require user consent to install.
Ok, so where is the problem?
Surely no app should install stuff itself
quickly going off Android.
For the most part, in a embedded system, "it's open-source" is a non-sequitor, reinstalling an embedded system is less of a trivial matter then reinstalling a computer, and a large section of the population cannot manage that. That said, lets go back over the points of my post:
1) I souldn't have to trust google will only install things I want on my phone without my permission.
2) I souldn't have to trust google will not lose their key, thereby forceing me to trust someone else to only install things I want on my phone without my permission. (really, with all the companies/government agencies losing information, do you think this is something that shouldn't be considered?)
3) Google should not use their monolopoly status in one market to acheve an advatage in another. (a monopoly in android application distrobution should not equal an advantage for your android apps)
Frankly the third point, while it stands on it's own, is still the lowest of my conserns.
Having embedded this type of a backdoor in the system, I would require a full audit of the code in order to think about trusting it. Again, the cost/benifit of doing that is a no-brainer, yes I CAN audit it, but they have already proven that it has to happen in order to trust them. It's far more cost effective to go with a company that has not earned my distrust.
If you can't guess, I will not be buying one.