Maybe because I'm from a different era, but installing anything on a device from a website is an extremely risky game. There is a reason we moved toward using a web browser to do functionality that was typically done on desktop.
I'm not one to worship Google's walled garden(which is just marketing jargon), but at least that has some layer of verification and malware detection.
I still dream of a web app based future. Then we only need to security proof 1 app.
> A new set of Android malware, phishing, and adware apps have infiltrated the Google Play store, tricking over two million people into installing them.
GP said it has some layer of protection of malware, not that it has 100% protection. And yes in my own experience Google Play Protect has successfully caught malware. The goal is to provide some better-than-zero protection.
But is it better than going to the developer website that uses SSL and downloading directly? A consolidated app store is a single point of failure after all. Hard to say it's actually better. There's also no need to bundle the malware scanner with the app store since all it does is scan your device. You can have a malware scanner without an app store.
I don’t think he was suggesting that walled garden is perfect in this regard, but that it is much safer than bypassing it, so instances such as you list don’t really refute his point (assuming that was your intention).
> Maybe because I'm from a different era, but installing anything on a device from a website is an extremely risky game
You are (just like me) from a different era. /s
I was trying to compile rust (for mozilla) and i was shocked to see that it connects to the internet during the build process to download crates (i presume these are some kind of libraries). Then you have js with npm and the menu is served.
Even if the web browser has a container, this can be compromised during the build process.
why would you try to compile Rust? You can just download it already built.
> i was shocked to see that it connects to the internet during the build process to download crates
how else is it supposed to get that software? unless you want to manually download 100 crates and put them into the correct folders, this is a normal process.
That's like saying "in a native-based future we only need to security proof the OS". There's no free lunch, you always need to check both the sandbox layer and the application.
Browsers have a truly remarkable track record when it comes to security. We have been able to run untrusted code for nearly two decades now without a large scale breach.
That's because browsers don't do all that much compared to an operating system (although they are catching up). On the other side, since Windows XP, security of the OS's has been steadily improving as well. What breaches do you mean anyway?
Once you push broad access to user data and hardware to browsers, you'll get ransomware there, too. Meanwhile, native sandboxing keeps advancing.
So no, web will not remain the safer option forever.
> We have been able to run untrusted code for nearly two decades now without a large scale breach
None that we know of. Keep in mind that not so long ago the browser did not have access to filesystem except to save files.
Now the browsers have access to filesystem, camera, microfone, they can act as servers, they have access to USB devices.
Which era is that, though? There was a decently-long stretch of time between shrink-wrap software being common (I think my last boxed software purchase was probably in the late 90s), and the advent of the App Store (2008). During that time, downloading things from a website was the primary method of installing software.
Also, it's not like people were installing this app from a random sketchy website; it appears to have been available on third-party Android app stores, which are the only option in China, since the Google Play Store isn't allowed there.
> I still dream of a web app based future.
Right there with you, but sadly, I don't think it's a realistic hope.
With the capabilities web apps have gathered over the years, I don't feel very comfortable with using random web apps either. As an added downside, random blog posts and ad iframes can now try to access the same APIs real web apps can. The more we move to a web app based reality, the more we're going to see exploitation of browsers and their many features.
We'll never get our one security proof app because security proof apps can't do things like rendering and file manipulation at acceptable speeds.
Downloading apps from websites is almost always a red flag in my opinion. If an app can't be in Google's app store for whatever reason, it surely can appear in another.
The only APKs I've downloaded come from Github/Gitlab because open source apps aren't always on F-Droid, and APKmirror because my phone is rooted, and I consider myself to be a power user. I'm really surprised an app like this is popular enough to get downloaded installs at all, though perhaps the Chinese app ecosystem is different enough that I simply can't understand.
I'd hate to have to resort to web apps for absolutely everything on my phone. Messengers and such need optimisations for battery usage and resources and browsers don't offer any of that. The overhead of web applications is also quite significant. Don't get me wrong, I use several web apps for small things like weather sites and a simole game here or there, but there has to be room for both or the mobile experience will get worse for everyone.
therefore I can't download Netflix from Google Play for some absolutely idiotic reason even though the stupid app works perfectly afterwards. They just hate me for wanting to sync my clipboard automatically, I'm guessing.
> The more we move to a web app based reality, the more we're going to see exploitation of browsers and their many features.
True, but as the GP pointed out, we only have to secure one app, and fixing a security issue in it saves you from anyone exploiting that flaw in any other app.
Sure, you can make the same argument of an OS-level flaw, but that leaves people with older devices out in the cold, as they often don't receive OS updates anymore. The browser is just an app, and as long as it supports the OS running on the older devices, you get those updates years after your device vendor stopped supporting you.
We're never going to solve all security issues (at least not until "perfect" AI starts writing our software), but I'd much rather run apps in a a browser than on the device directly, even with Android/iOS's app sandboxing tech.
> I'm really surprised an app like this is popular enough to get downloaded installs at all, though perhaps the Chinese app ecosystem is different enough that I simply can't understand.
From the article:
> The malicious versions of the Pinduoduo app were available in third-party markets, which users in China and elsewhere rely on because the official Google Play market is off-limits or not easy to access.
I'm not one to worship Google's walled garden(which is just marketing jargon), but at least that has some layer of verification and malware detection.
I still dream of a web app based future. Then we only need to security proof 1 app.