It's the garbage that the people behind this ""movement"" do. The website itself is loaded with lies and AI-generated text. They've been botting comments on HN for ages now.
The person who accused you of astroturfing is likely not a person at all. More likely, it was Kimi.
It's not about paying Google. People can buy gift cards with cash and do that; that's not the problem, especially not for commercial use. It's everything else that they're imposing or could impose on a whim and whose device it is they're putting restrictions on.
I should not have to enter into a business relationship with google just to hand my non-technical friend an APK any more than I have to enter into a business relationship with the Linux Foundation to hand my friend an AppImage.
Scammers cannot talk people past a 24 hour wait. This attack is built upon pressure and operates at a scale that makes stealing many identies, building different-enough apps to avoid getting flagged by Google and signing them all non-viable.
Yes. That attack is a very real attack. The attacker gets access to the victim's phone and sideloads additional apps that appear to be the victim's legitimate banking application. The victim logs into it and sees a fake balance (as the app is fake). Pressure and other social engineering tactics are invoked and the scammer walks away with all of the victim's money.
With that reasoning every action would be justified to stop scammers. Google should capture all your calls and check if there could be scamming going on, right?
The current malware situation at android store situation does not help to carry that point:
I sorta get that reasoning, but is a 24 hour cooldown really going to stop scammers? They're already used to multi-day scams, so wouldn't they just say they'll call back in a day to finish the process?
Yup. The specific scam here is built upon preventing the victim from talking to trusted individuals. A cooldown breaks the spell.
Complex, multi-day pig butchering stuff is not what Google is going after here or would have any hope to defeat. But they can deal with banking malware.
> Google doesn't want millions of people to have every cent of their money stolen.
Megacorporations like Google do not care a single bit about ordinary people. They only care about making more money. How do they make more money? By preventing people from installing NewPipe and Blokada.
And most Android banking malware is distributed through unsafe sideload installs (as opposed to much safer Gatekeeper-style installs, which is what is coming) and are fed to victims through complex attacks involving obtaining a victim's personal information and calling them while credibly pretending to be a local authority or a bank representative. You can read about this wherever you get news about cyber crime.
This is a scourge in South East Asia and Google can do some good here. The only cost is whining from non-technical people. Everyone else will go pay $25 or whatever and sign their app.
Unless they do something google doesn't like, or trip one of their many automated systems that ban them without recourse. Or they are compelled to revoke a key by a government.
Revocations are for apps being malware and nothing else, much like macOS Gatekeeper (Apple doesn't even revoke certs used by Warez groups to sign cracked apps).
Automated bans can be an issue, but that's an edge case. Google already had the functionality to 'revoke' an app if ordered to do so by a legal authority.
It is much more important to make a real world attack - something that is draining wallets of ordinary people across Thailand/Brazil/SEA in general - harder to achieve. One thing is a political goal of some people in the west, the other is an ordinary person not having the money to feed themselves because a scammer stole it all.
I can't trust Google will keep to that, sorry. Nor can I accept harms being twisted into a further centralised accumulation of power (especially when Google, with all their resources, could likely do much more to prevent these scams than grabbing that power for themselves)
Well, the very good news is that Google is not seeking your trust. You have no say at all. This is the new system, it benefits actual real people over HN commenters and you will just have to deal with it.
Google doesn't have the ability to change the way banking apps work with regards to transferring money from one account to another in Malaysia/Brazil/Thailand. That would be a matter for the national Governments. This is the best approach available.
The person who accused you of astroturfing is likely not a person at all. More likely, it was Kimi.
reply