I think Google is trying to solve the problem at the wrong level - people do not really understand their computing devices enough to understand the risks, they never had to learn or were taught how to use such devices, they were only told it's easy and to not ask questions. The interfaces are designed in a way that allows them to get by with almost no understanding of anything. Which is why such solutions may also be bypassed by a determined attacker. Such scams only really expose this fact. So there is no good way to differentiate between the two groups.
My solution is educating about smartphones and computers first. Not in an in-depth way, but people need to understand what "application", "verified" means and what are the risks. I think android cleaned up the abstraction enough to make this possible.
Being able to tell if an app came from a trusted company or not is a good thing, but I would rather such a solution be managed in an OS-independent way, not controlled by Google. Applications not authenticated by a company should not be second-tier citizens, but there should be a clear warning (and the users should already know the difference before even seeing this warning).
I think the scams and phishing also expose another important problem that nobody tried to tackle yet - you can't authenticate calls, sms messages or emails. There is no good way of telling if it's actually your bank calling you, or if it's just a scammer.
In the end, we also need to accept that not all scams can be prevented, at some point if someone is calling as a friend of your family member, and is asking to urgently transfer money to an unknown account, and you fall for this... I really can't think of a technological measure that would've helped, it's only you and your common sense.
> My solution is educating about smartphones and computers first.
98% of people literally do not care and/or are too dumb to understand. You could force them at gunpoint to sit in the education class, and give them a simple basic quiz afterwards, and they'd get half the answers wrong. They will continue to not even read what's on their screen, and just click the big highlighted button every time they see one.
Yet somehow they are not too dumb to get a driving license or operate a gas stove. I would argue that operating a car is much more complicated than operating a smartphone.
At some point, if you are unwilling to learn basic facts about your environment, and you don't have a guardian, then you will get hurt. I don't necessarily mean by a computer. I think that's fine and I don't think a patronizing solution by a corporation that clearly wants more control over society is a necessary help.
How many people are gullible enough right now to plug a phone to a laptop over USB and execute an exe on an operating system with no sandboxing at all? ADB even seems to work over webusb. (at that point you may as well give up on hacking the phone, but I digress). That's exactly why I believe the problem is more complicated and why Google's solution is not really fixing anything, not for the users.
There's going to be a lot of people who don't have a laptop/desktop handy right now - because they're out of the house, because it's unplugged in a cupboard, or because they borrow it from a friend or use an internet cafe when they need that. So a requirement to use that and connect your phone to it is effectively similar to the 24 hr waiting period: time to think, time to mention it to a friend who's heard about this scam before. This is why phones are such an attractive target in the first place.
What do you mean by impossible in this case? Can't you just have the coin-operated parking meters back? Where I live, in EU, parking meters even take cards.
EDIT: I guess "just" is doing some heavy-lifting, so I won't argue this further, but "impossible" isn't the word I would use either. The city could revert this decision, definitely if enough people wanted them to (that's... I know, the hardest part). I just agree with the OP that we technically could go back to slightly less-digital society.
> Where I live, in EU, parking meters even take cards.
Unfortunately, a more accurate way of putting it is: stuff takes cards in lieu of coins. Like, where I live (also EU), ticket machines in buses and trams have gradually been upgraded over the past decade to accept cards, and then to accept only cards.
It's a ratchet. Hidden inflation striking again. Cashless is cheaper to maintain than cash-enabled, so it pretends to be a value-add at first, but quickly displaces the more expensive option. Same with apps, which again, are cheaper to maintain than actual payment-safe hardware.
It's near impossible to reverse this, because to do that, you have to successfully argue for increasing costs - especially that inflation quickly eats all the savings from the original change, so you'd be essentially arguing to make things more expensive than the baseline.
a few years ago the vending machines in my office building started accepting credit and debit cards for an extra fee of $0.35 per transaction. just recently they stopped accepting bills and coins leaving cards as the only option, but are still charging the extra fee.
I feel like this kind of glosses over the fact that a lot of people (I'd say an overwhelming majority) prefer the cashless options anyway.
I don't know if I have any friends who miss carrying coins and cash, or who miss carrying individual bus/subway tickets, but if they do, they're awfully quiet about it compared to the friends who happily say they can't remember using cash.
I'd say that if anything, cashless things are catching up to the general public.
Personally, I'm in favor of keeping things cash-friendly because people shouldn't be forced to be cash-free, but that's only to support a small minority of people.
Overwhelming majority prefers shit[0] - people pick from what is made available to them, not from what could possibly exist, and they don't have direct say whether or when what's available changes.
These cashless solutions are just another thing[1] being pushed from top down; the passengers only notice when they suddenly find themselves unable to buy a ticket for coins, but by that point, the decision has long been made, so people only get to whine and complain, or otherwise express opinions that are not actually listened to by anyone with power to change things.
This is not saying that all those solutions are bad or inferior. Just that nobody is actually checking with people whether they want it or not; technology is deployed as fait accompli, and regular people just find ways to cope.
--
[0] - Like flies, I suppose. There's millions of them, they can't be wrong!
[1] - Like most technology, really, both software and hardware.
That, + logistics and logistics security in general. I agree, the costs are real; in general, anything physical with mass = costs. So the cost savings are real too - my point is that those are instantly eaten by inflation, so going from cash to cashless and then back to cash isn't a no-op; rather, the first leg quickly turns into a no-op, then the second leg would be increasing costs.
Place where I park my car for work (Gosford, Australia) just got rid of cash payment, they now take card payment only (apparently there is also going to be an app, but they haven’t launched it yet). I think the number one reason is they are upgrading to a new system, and the parking technology vendor doesn’t provide cash payments as a standard option-probably they could implement a custom integration to enable it if they thought it was essential, but cash payments are so rare, it would be a difficult decision to justify. The carpark is owned and operated by the local government, so they need to justify their decisions, either as commercially viable, or else as producing substantial public benefit, but I think both arguments would be difficult to sustain in this case.
It’s kinda easy to justify though from a financial standpoint. If the parking meters take cash, you need all the hardware to accept and secure the cash. Then you need somebody to go around at some point and actually physically collect the cash. Then someone has to reconcile the cash, etc.
So at least from that angle I see it as an easy “government is actually trying to be more efficient” argument.
As a user cash is a pain in the ass. I have to count it out, keep it in my pockets, etc. So much easier to just tap my phone or my card. But yeah that’s a tradeoff in the classic “You’re trading X for convenience”.
Even then with cards they may still need to consider fraud via skimmers, or that the equipment can be vandalized. Going app-only (or vastly reducing the availability of payment machines) means less upkeep for them, but it also moves the kind of fraud to where people have replaced the information or QR codes to scan. It seems like a parallel to what google and whatever entities are pushing them to make these changes are trying to do, at some point someone has to put in work to keep the system working securely and everyone wants to delegate it to someone else.
At least in Australia, skimmers haven’t really been an issue for a long time. Everyone uses paywave / nfc payments. The ticket machines I’ve seen installed lately don’t even have a way to insert the card or a pin pad.
They are in theory still possible to destroy but it’s a lot harder and the little electronics left are cheaper to repair.
There should be a legal requirement then, that there's an office you can go to and buy vouchers with cash, which you can use on the machines. There's no need to collect the cash from all the meters but you can still pay cash.
Don't pay and when you get a fine take them to court and state you don't have a bank card. There's jo wat a council can legally require you to enter into an agreement with a bank to use council run facilities, it's likely nobody's challenged them on it though.
Every council I've lived in has still taken cash for every type of council fee, despite their "official" statement being they don't.
> There's jo wat a council can legally require you to enter into an agreement with a bank to use council run facilities, it's likely nobody's challenged them on it though.
Is there some law saying they can’t?
This is a carpark. If you own a car, you are legally required to hold a CTP insurance policy as a condition of registration-so to be able to use the facility, you legally need to be customer of one type of private financial institution; given that, is it really problematic if council requires you to be a customer of a second kind as well, when close to 100% of the population are?
The next level of parking enshittification is pay-by-license-plate, which is starting to become widespread here in Perth, Australia, even for locations that are free parking, and locations that have parking machines. Surveillance just ratchets upwards.
There are places in EU too where parking meters have disappeared and payments are only done through apps. And I am talking about public space in the street, not private parkings.
I do believe that. Pointing out that I live in the EU was completely unnecessary, I meant that I live somewhere in the EU, I didn't really mean to compare it to the US.
The other problem, in the US at least, is that cash is very low value (inflation), and dollar coins never caught on. I'm not trying to carry around $6 in quarters to park for 2 hours. And that's a pretty inexpensive parking spot.
No, they're implying that you need a lot of coins to pay for parking.
If you need $6 to pay for parking, and the largest commonly available coin is a quarter, that means you need 24 coins to pay. If the value of currency was such that the parking only costed $3, or if dollar coins were more common, you'd need less coins to pay.
And maintain them, which I suspect costs even more. Parking meters do fiddly work, out in all weather, where people hate them and do all kinds of vandalism.
It doesn't surprise me that they want to make hardware maintenance your problem.
I parked in a garage in downtown Tacoma, Washington. The only option to pay was via an app. So I downloaded the app (by walking outside to where there was cell service, because I was, you know, underground in a garage) at which point it threw an internal server error when adding my card. There was no attendant on duty, and no way to pay with a credit card. So I left - just drove out of the garage. Then a few months later I got a fine for $75 for not paying. Then I called them to dispute it, and they offered to waive most of it, but it was still more than if I had been able to pay the fee initially.
I'm sure it was sold to the garage as a way to "maximize revenue and unlock operational efficiency". And sure enough, look, the revenue number is up and to the right. Working as designed.
Seriously, I don't understand why these stories have to so often end with someone just giving in and paying. Our society is so disenfranchised. I understand that doing it the right way by sending them written notice that it's an invalid debt takes time and effort, but there are options between that and just giving in and validating their nonsense.
You're right, I pasted this into Claude and it seems to think that there are many avenues. And Claude even named the parking operator by name because they're facing a class action for this very thing:
Claude wrote:
> The broader trend is in your favor. App-only parking companies are facing a wave of legal action nationally. A major class action lawsuit against Metropolis Technologies (one of the largest app-based parking operators) alleges they violated consumer protection laws by failing to provide adequate means to pay for parking and then penalizing consumers for not paying. Lanier Law Firm Tennessee's Attorney General secured a nearly $9 million settlement against Metropolis for similar practices, requiring them to implement clear signage, maintain staffed customer support, and automatically issue refunds when their technology malfunctions.
It's just so exhausting to deal with this kind of thing, I've been super busy and it's not worth it to me to fight over $30, which is exactly the bet these scummy companies are making. I think LLMs lower the cost of drafting serious sounding letters to the point where that should be my first impulse rather than giving up and paying them, which rewards the behavior.
Of course it's not impossible; but very incompatible with the agenda per which everyone must become a digital slave, guilty by default, surveilled 24/7, deprived of all privacy, freedom and rights, with TOSes replacing the charade that there is for law now, and impenetrable screens instead of human interaction.
> Can't you just have the coin-operated parking meters back? Where I live, in EU, parking meters even take cards.
That costs money. Coin operated machines routinely are targeted by vandals, with each case making easily 100x the damage for loot. And card-acceptance also has its issues, the terminals need a data uplink, someone needs to take care of the machines. That's why so many (especially private parking lots) shift over to purely app based schemes. Orders of magnitude less tech you need to worry about.
>Regina city council made the decision to remove the coin option at downtown meters as part of the budget deliberation process, said Faisal Kalim, the City of Regina's director of community standards.
Yes, I read the linked article. Yes, the city made this decision. The decision could be reverted. I understand that this is a type of thing the OP (top-comment in the thread) is wishing for.
I don't see the "impossible" in my understanding of the linked article.
Coin-operated meters means someone have to come around checking the meter, collect coins, check the parking tickets. One person can only cover so many devices per day.
Then you have mechanical maintenance, with that comes disputes with "it was broken, it didn't accept the money" and so forth.
I've probably forgotten a number of other related things, but compare the above to digital solution.
Parking app, where the customer pays only for the parked time, no fiddling with money or keeping track of time. The parking attendant checks much quicker by just scanning the license plate while walking the rounds (could be done via car and a mounted camera even).
Analog just costs more, and citizens doesn't want taxes to go to things that are not strictly necessary.
It was possible for many decades already, budget and maintenance-wise. You can at least accept a credit card as an alternative. Yes, it's not perfect, but the fully digital alternatives also have drawbacks, as pointed by OP.
Things that were possible become impossible. Once Britain ruled the seas with wooden sailboats. Those boats are not perfect but could they win today’s naval battles? Also no.
"The decision could be reverted." Do you often buy a new car and revert that purchase to purchase a different new car? I guess you don't often use your own money so no big deal.
Why the snark? Did I misread? I don't often buy a new car, do you? I really don't understand what your last sentence means.
I don't even think this a fair comparison, it's more like keeping the old car just in case or for other family members. But I think I specified enough what I'm arguing already, yes this is unlikely, just not impossible.
I found one parking lot in the EU where there were only signs, and the signs not only pointed to an Android+iOS only, attestation-protected app, rather than a website, but an app that, at least on Android, was region-locked to only allow installations from people with the local country set correctly in Play Store (something completely different than the country Google sets for your account, for some reason).
It was a public lot, and the only lot in the town, as far as we could tell.
They are saying that things that have already been dumbed down can't go back. Obviously that's just their opinion, but I would guess that most people agree with them.
> because you are annoyed about some temporary problems
I mean, all problems are temporary, time is money etc. etc. And there are signs that suggest that some of these problems (namely freedom to run your own software) are not going to get resolved soon. Is there something deeper in your thought that I missed?
> These kind of posts get a lot of upvotes, but they do nothing to change corporate behavior.
I don't understand, we are on a discussion forum. Of course writing comments here does not influence what Apple does, that's not what HN is for, I think (I hope) that everyone already assumes that. Why do you feel the need to point that out?
I do? It's a trivially comparable thing? I'm not even talking about ALL prescription drugs. I'm talking about the fact that some have interactions that can kill you. Having "life savings gone" consequences from a random app install is that level of danger.
A non-trivial number of people should probably have to go see a specialist before being able to unlock sideloading in my opinion... which means we probably all would have to. It's annoying, but I actually care about other people.
I have a hard time with this because it's the world we've lived in forever. Everyone knows installing an "app" installs an executable.
Doesnt android require a specific permission to be user-accepted for an installed app to read notifications? I think it's separate from the post-notifications permission.
This seems to be an issue of user literacy. If so, doesn't it make more sense for a user to have the option to opt into "I'm tech illiterate, please protect me" than destroy open computing as we know it?
this. just like how when you start playing a hard esoteric game like an RTS or MOBA, they ask you what your degree of comfort/experience with the genre is to avoid making a pro player go through the tutorial and vice versa.
In an ideal world where governments and corporations weren't trying to lock us into a closed system for massive surveillance and control, during the installation/setup of a mobile phone should be a question about tech literacy and protection. Selecting any option that isn't "I'm tech illiterate, please protect me" should be very annoying. There should be many warnings in uppercase bold red letters telling the user it can be dangerous and listing those dangers. But if I'm a developer and want to patch my kernel or modify the system as I please, I should be able to do so. If i want to install a malware app in a burner phone to study its behavior (or just for fun) I should be able to do so.
There would probably be one or two grandmas that would still somehow choose the pro hacker mode and get scammed down the line, but I think that minuscule amount of harm done is very much preferable to closing out *literally everyone else* from using the devices THEY BOUGHT.
It might not "solve" the problem, but I'd expect it to significantly address the problem no?
I've heard much criticism of it being too heavy-handed, but I don't think I understand criticism that it won't improve security. Could you expand on that?
No. You seem to be implicitly arguing that that unsigned apps are inherently less trustworthy than PlayStore apps. That's a claim that needs to be proven first. And based on the huge amount of documented data exfiltration performed by Google-approved apps, I'm going to say that claim is false.
I'm arguing that a curation process that includes security review is likely to produce a more secure set of software. Admittedly it might be completely ineffective, but I think that's an unreasonable assumption. So some review is more secure than no review. Now I'm not saying "better", you could argue it's a false sense of security, but it's still more security.
> I'm arguing that a curation process that includes security review is likely to produce a more secure set of software
I actually totally agree! There is no external entity users can rely on to make sure apps they download are legitimate. I read the thread from root to this comment and I don't see it mentioned, so I'm not sure if you know this and are just arguing something else but...
There is actually nothing about testing or verifying apps themselves in the announcement made by Google. It's just about enforcing developer verification in some Google service and "registering the apps".
EDIT: I checked your profile, and I now see that you actually work at Google, on Android... Is there something I misunderstood about these announcements?
> you could argue it's a false sense of security, but it's still more security
Well here I don't agree, I would much rather be aware of the dangers than think I'm safe when I'm actually not.
To add to that, I think it's important to point out that the problem of people not understanding how to safely use their devices is in big part caused by technology companies racing to get widest adoption everywhere, both in terms of location and in terms of industries. I'm not against "intuitive UX design" in general, but at it's extreme, it just fuels incompetence. We shouldn't now let them pick the most convenient option, the option that just happens to also increase their powers over the users, as a way to "fix" the problem.
> how is a UI designed that doesn't fuel incompetence?
I'm specifically talking about UX ("how a user interacts with and experiences a product, system, or service"), not necessarily UI.
> how does it do that? (i am not getting hung up on "intuitive", i just mean you argue that the currently used design fuels incompetence)
tl;dr We have a product, we want to make money, we need people to use the product. One of the things that stand in the way, is people not understanding how to use our product. We will make sure they can get started as fast as possible, and not mention how they may hurt themselves with the product, that would scare them away. Hurting yourself with our product is in the broad "don't do stupid things" category. We will never explain the "framework" (in case of an OS I mean apps, that apps can interact with each other and your data, how you can or cannot, control that), even in broad terms. Just click this button and get your solution.
It started with PCs and people not understanding how to not lose their documents. Now that every device is connected to the internet, the problem became worse.
You can now say that "sideloading" is stupid anyway, but this is not the only problem. Another thing that people still usually learn by painful experience is backups. There are fake apps, on both stores. Another thing, in-band signaling. You cannot trust email, phones, whatsapp, messenger... Even if your friend you often chat with is messaging you, they could've just been hacked.
Try to explain that you also cannot trust websites and that even technical people don't have a good way of telling if an email of a website is real.
But at least enrollment is fast and adoption metrics are growing. Since we are already in "move fast and break things" mindset, we will think about fixing such issues when it actually becomes a problem.
To be clear, I'm not saying that making technology easy is always bad, that you should always expose the user to "the elements" and expect them pipe commands in the shell. But I think that often the focus is on only making enrollment fast. "Get started"
What if we actually expected people to understand something about technologies they want to use?
What if we actually expected people to understand something about technologies they want to use?
but that's what we have now, and it's not working.
the implied question is: what if we don't allow people to use technology unless they can demonstrate that they understand it?
is that really something we want to do? this sounds like gatekeeping, elitism, and anti-innovation because if if less people are going to use a technology, then there is less motivation to build it.
remember, i think it was someone at IBM that said that the potential for computers is some small number? and then it grew beyond anyone's wildest expectations?
do you think that would have happened if we had required understanding before we let anyone buy a home computer?
besides education, i don't know how to approach this issue.
> but that's what we have now, and it's not working.
My entire point is that education is the opposite of what we have now. That users are not expected to understand or know anything about IT technologies they use. Not the case with cars, recreational and prescription drugs...
> the implied question is: what if we don't allow people to use technology unless they can demonstrate that they understand it?
It's not exactly my point, but in extreme cases, maybe. I genuinely think that nobody has even tried to educate people about computers. Like, have you seen IT classes in schools? Assuming you are lucky enough for the classes to have any content, you will probably get some lessons in Word and Excel. Maybe some programming. Maybe Paint. But actually using the computer? Dangers of the internet, importance of backups, trusting websites, applications and emails? The concept of application and difference between applications and websites? And those technologies are not "developing" like they were 20 years ago, they are probably here to stay.
> is that really something we want to do? this sounds like gatekeeping, elitism, and anti-innovation because if if less people are going to use a technology, then there is less motivation to build it.
And the alternative Google and Apple present is giving them paternalizing control over the most popular computing device. The say over what people can do with their devices. After they made sure that these devices are embedded into our lives.
I would much rather we slowed down with innovation for a second and resolved such issues first, because the way I see it, it's literally manipulation (also see: dark patterns).
As for the gatekeeping and etilism - Assuming we want a "computing license" (not necessarily what I'm arguing for), is "driving license" also gatekeeping and etilism? Or maybe some amount of gatekeeping is good?
As for anti-innovation - I genuinely think we might have had just enough innovation in the field and it may be time to slow down a little, take a step back and evaluate the results. And I honestly don't see much innovation in apps/computers/web space besides maybe AI, and governments are already working on regulating that.
> do you think that would have happened if we had required understanding before we let anyone buy a home computer?
Home computers were very harmless before the internet, but that's an aside. Assuming the tech is actually useful, not just slightly more convenient than "traditional" alternatives, then yes, I'm sure it would have still grown to sizes it has grown to today. Maybe a bit slower.
> besides education, i don't know how to approach this issue.
Same, I generally do think this whole situation needs more consideration.
Assuming the owner gave the shop the pin. If so, the shop can already steal a lot of data from the phone. Why bother with persistent malware at this point?
You already have to trust the repair shop with your data. Installing persistent malware on phones is already illegal. What's the point of this extra software protection in this case? To prevent a 0.00001% chance hack? The type of hack that would put the repair men in jail?
Not to even mention that modern phones are basically unfixable.
> So basically all the stuff that makes apple devices actually measurably better has to be opened up so that some rando can make a half hacked together attempt at compatibility?
Only the interfaces and protocols. This is not the interesting or expensive part, unlike the implementation. Apple can still have the best implementation of the protocol, and a lot of people will believe that this is the case.
> For what?
So that people are not locked into the ecosystem when they buy the device. The price for the phone is what they pay, not what they will be forced to pay later, for example by only being able to choose airpods or apple watch for full experience later. For example.
> I don't want random bluetooth earbuds from the petrol station to be able to access an API that lets them send transcripts of my calls anywhere they like
First, don't buy them, you don't have to. Second, technically, the API exposed by the device will first need to allow them to connect somewhere online and send any data. That's a separate issue.
Not to mention that, hypothetically, if bluetooth airbuds were able to send data somewhere by themselves, a malicious airbud manufacturer could still use the protocols by reverse engineering them. Not necessarily the case with legit manufacturers. Such lockin only stops legitimate, non-malicious actors.
> and I definitely don't want a low barrier to entry for devices that can airdrop me stuff or paste to my macbook if I'm out and about.
Allowing everyone and anyone to airdrop you stuff is a bad idea anyway. The protocol was reverse engineered too.
> I'd be happy because I have never once bought a non-apple device that I care about connecting to my phone. I'd have to buy a new monitor but that's ok.
And a lot of other Apple users wouldn't be happy.
> All consumer tech right now is literally rebadges or mild modificatioins of stuff from AliExpress and I don't want that in my nice clean ecosystem.
A lot is not. Again, just don't buy it, you have to choose to let such devices to connect to your device.
> If these competitors want to actually compete then how about they make something that's actually better in some way instead of just hamfistedly copying whatever Apple comes up with?
A lot of the time they legitimately want to, but Apple locks them out of certain features. For example, AFAIK, Garmin watches (legitimate company! with an original take on a smartwatch, definitely not copying Apple) are locked from accessing certain iOS features Apple Watch can access.
I replied to someone else in the same vein but having had a garmin watch in the home there was nothing that it would have done better if it was able to work with Apple's proprietary stuff. If random devices of unknown provenance were able to freely connect with Apple devices then the security of Apple's ecosystem would take a hit. This would be bad.
> I replied to someone else in the same vein but having had a garmin watch in the home there was nothing that it would have done better if it was able to work with Apple's proprietary stuff
> If random devices of unknown provenance were able to freely connect with Apple devices then the security of Apple's ecosystem would take a hit. This would be bad.
Random devices are not able to connect over bluetooth to your device without your consent. Then, the bluetooth device can only get as much information as the companion app will allow it to get.
Besides, we have that on Android (and PCs) and the security of these "ecosystems" is not worse because of it.
Your argument seems a little bad faith. Sure, random devices aren't able to connect to my phone without my consent but Apple devices only need that consent once. After they're on my apple account they can connect with my other apple devices seamlessly, no companion apps at any stage.
My AirPods move from my phone to my macbook all by themselves based on which device needs audio and my macbook can ask for my iphone's camera and mic at will. My Apple devices can do this because they have hardware level security to allow for this. The EU wants the same capabilities to be extended to non-apple devices.
This would mean that Apple would have to let devices connect without a companion app and possibly make a backdoor in their hardware security layer or worse allow anyone to incorporate their hardware security into any device.
If some aliexpress buds were able to do that then this would definitely pose a problem. Bad actors should not get access to Apple's proprietary security tech and that tech is one of the reasons that Apple devices have capabilities which non-apple devices do not.
edit: Your original comment makes a couple of good points re: the cost of lockin for consumers. However, I would like to point out that this cost isn't a problem when the locked in devices are as good as they are. Apple's devices routinely either come near to the top or sit at the top of the list of best X devices from many different review sources. If their locked in devices were worse this would make sense but often they are much better than all of their competition. I wouldn't buy any AirPod competitors because they genuinely don't actually represent better value even when they are cheaper than AirPods. Similarly with other devices, I've tried almost everything at one point or another. The first time I used Android I installed it myself on an HTC HD2. When I ditched windows I went with linux before I went with Apple. I've had powerful self built windows machines and Asus gaming laptops and a google pixel and a pebble and tried many more devices without actually owning them myself. Nothing has ever come close to my apple silicon macbook, my old iphone which I'm still using, my 2nd hand cheap ipad mini or my apple watch. I don't buy apple devices because I'm locked in and have no other choice, I buy them because they actually represent good value for me and my use case.
My solution is educating about smartphones and computers first. Not in an in-depth way, but people need to understand what "application", "verified" means and what are the risks. I think android cleaned up the abstraction enough to make this possible.
Being able to tell if an app came from a trusted company or not is a good thing, but I would rather such a solution be managed in an OS-independent way, not controlled by Google. Applications not authenticated by a company should not be second-tier citizens, but there should be a clear warning (and the users should already know the difference before even seeing this warning).
I think the scams and phishing also expose another important problem that nobody tried to tackle yet - you can't authenticate calls, sms messages or emails. There is no good way of telling if it's actually your bank calling you, or if it's just a scammer.
In the end, we also need to accept that not all scams can be prevented, at some point if someone is calling as a friend of your family member, and is asking to urgently transfer money to an unknown account, and you fall for this... I really can't think of a technological measure that would've helped, it's only you and your common sense.
reply