You're engaging in a false equivalency. All spying is bad, but some is worse than others. In this case, what Adups does is far worse than what any other company, even Google, does (that I'm aware of). It has nothing to do with being Chinese.
In fact, it wasn't all that long ago that a firestorm erupted when it was discovered that several US carriers had installed very similar software in US phones.
Ok, in other words, you trust that community more than you trust the manufacturer and Amazon.
I do, too. It's a matter of a combination of incentives and track records.
Commercial corporations have no incentive to make my personal well-being and privacy a priority. They prioritize profit. And the track record of commercial entities makes it very clear that they adhere to those priorities.
Hobbyist communities have very different incentives and priorities. I don't think that they can be trusted completely, either, but the track record for them is vastly better than for companies.
This is not merely "spyware"-- this is actual spying, by a foreign power.
Agreed, although I'm not sure that "by a foreign power" is actually meaningful. Spying is spying, and it doesn't matter much whether the entities doing it are part of the same nation as you.
It does matter a little, though. If I have to be spied on, I'd rather it be by China (who has no real power or authority over me) than the US (who does).
I completely understand the appeal of PWAs to developers.
I don't understand the appeal to users. And my selfish reason for hoping they don't catch on is because it will reduce the amount of software that I will have available to me, since there's no way I'm going to allow complex Javascript to run.
I actually think of both of those as upsides, not down. Perhaps not for the average user, but personally I like being able to switch side-loading on and off (it helps to prevent accidents), and I don't like automatic updates.
I will never trust a fucking web application the way I would a native application, because we have seen time and time again, the web isn't something you can trust.
While there are plenty of native application developers who can't be trusted, I think you're right. The web seems to have a MUCH larger number of them. Like you, I have a much lower trust of anything web (or cloud) based by default.
Experience has taught me that this is entirely justified.
In PWAs, service workers allow you to store data on your device - so that the next time you load the page, the last information you saw is there again without loading time.
You mean like cookies?
Here's an honest question: I don't see a single reason why, as a user, PWAs are in any way beneficial, and I can think of several downsides to them. Can you tell me why I would want such things to run on my devices?
So that sounds pretty cool that android will let me completely bypass their store to get those features and even distribute say, an enterprise "app" without needing Google Play or any other marketplace.
You have that right now. Android allows you to install apps without a marketplace being involved in any way.
It's a cost/benefit thing. There are certain thing for which push notifications can have some value. But I have yet to see that value exceed the cost of push notifications.
That's why it needs to be an external firewall. The systems behind the firewall don't have privileged access, and they are no more (or less) capable of subverting it than systems outside the firewall.
Nothing wrong with that. Regardless of how wealthy you are, it's smart to recognize what is really important to you and to cheap out on everything else.
It still matters, because it reduces the number of entities that can spy. Your stance is the same as saying that if security can't be perfect then it isn't worth doing. That's an unsupportable position.
This is technically untrue. I can replace the broadband system with any of several options. What is true, though, is that all of the options are still proprietary binary blobs so from a security point of view it's a difference without a distinction.
But perfect security is impossible with anything, so we all make tradeoffs. My tradeoff is that I accept that I need to run that binary blob and can therefore not completely trust the device.
But I can, at least, minimize the issue by ensuring that the blob is the only attack vector.
Slashdot Mirror
that's a *PRIVACY* issue, not a *SECURITY* issue.
Privacy issues are security issues.
You're engaging in a false equivalency. All spying is bad, but some is worse than others. In this case, what Adups does is far worse than what any other company, even Google, does (that I'm aware of). It has nothing to do with being Chinese.
In fact, it wasn't all that long ago that a firestorm erupted when it was discovered that several US carriers had installed very similar software in US phones.
However the version of Adups it used was not the version that was stealing people's info.
It's not the version that made the news, perhaps, but do you have any reason to think it's any different in terms of spying?
Ok, in other words, you trust that community more than you trust the manufacturer and Amazon.
I do, too. It's a matter of a combination of incentives and track records.
Commercial corporations have no incentive to make my personal well-being and privacy a priority. They prioritize profit. And the track record of commercial entities makes it very clear that they adhere to those priorities.
Hobbyist communities have very different incentives and priorities. I don't think that they can be trusted completely, either, but the track record for them is vastly better than for companies.
This.
Any smartphone that I haven't placed my own OS on is a smartphone that cannot be trusted to even a minimal extent.
This is not merely "spyware"-- this is actual spying, by a foreign power.
Agreed, although I'm not sure that "by a foreign power" is actually meaningful. Spying is spying, and it doesn't matter much whether the entities doing it are part of the same nation as you.
It does matter a little, though. If I have to be spied on, I'd rather it be by China (who has no real power or authority over me) than the US (who does).
I completely understand the appeal of PWAs to developers.
I don't understand the appeal to users. And my selfish reason for hoping they don't catch on is because it will reduce the amount of software that I will have available to me, since there's no way I'm going to allow complex Javascript to run.
If my choice is limited to just between those two, then yes.
I actually think of both of those as upsides, not down. Perhaps not for the average user, but personally I like being able to switch side-loading on and off (it helps to prevent accidents), and I don't like automatic updates.
Thank you for your thoughtful reply. I really do appreciate it.
So "progressive" is just a fancy way of saying "not broken" then?
I will never trust a fucking web application the way I would a native application, because we have seen time and time again, the web isn't something you can trust.
While there are plenty of native application developers who can't be trusted, I think you're right. The web seems to have a MUCH larger number of them. Like you, I have a much lower trust of anything web (or cloud) based by default.
Experience has taught me that this is entirely justified.
Yes, it really does.
In PWAs, service workers allow you to store data on your device - so that the next time you load the page, the last information you saw is there again without loading time.
You mean like cookies?
Here's an honest question: I don't see a single reason why, as a user, PWAs are in any way beneficial, and I can think of several downsides to them. Can you tell me why I would want such things to run on my devices?
So that sounds pretty cool that android will let me completely bypass their store to get those features and even distribute say, an enterprise "app" without needing Google Play or any other marketplace.
You have that right now. Android allows you to install apps without a marketplace being involved in any way.
It's a cost/benefit thing. There are certain thing for which push notifications can have some value. But I have yet to see that value exceed the cost of push notifications.
It's not clear that we all want web browsers to enable web apps to be more like native applications.
I think it's clear that plenty of people don't have a desire for this. And plenty of people (or at least me), actively want for this not to happen.
As someone who blocks Javascript by default, the fewer sites doing the PWA thing, the better.
That's why it needs to be an external firewall. The systems behind the firewall don't have privileged access, and they are no more (or less) capable of subverting it than systems outside the firewall.
Not Android-specific.
Pretty much every product or service that has access to data about you does this. There are no angels.
Nothing wrong with that. Regardless of how wealthy you are, it's smart to recognize what is really important to you and to cheap out on everything else.
It still matters, because it reduces the number of entities that can spy. Your stance is the same as saying that if security can't be perfect then it isn't worth doing. That's an unsupportable position.
This is technically untrue. I can replace the broadband system with any of several options. What is true, though, is that all of the options are still proprietary binary blobs so from a security point of view it's a difference without a distinction.
But perfect security is impossible with anything, so we all make tradeoffs. My tradeoff is that I accept that I need to run that binary blob and can therefore not completely trust the device.
But I can, at least, minimize the issue by ensuring that the blob is the only attack vector.
Even if iPhones are spying-free, you'd still have the problem of being forced to use an iPhone.
Personally, that's a nonstarter. iPhones are too locked down to be terribly useful to me.
People aren't paying for their Android phones?