.png)
2 hours ago
2
This is my personal opinion, but I think another implementation that would be about as safe as the current Google implementation, whist keeping the same level of security that Google currently managed to achieve with only allowing ADB sideloading to be untrusted is to allow external verifiers that has not been trusted to be sideloadable but only through the use of adb install, not directly through the on-device package installer.
That way, if you wants sideloading to be the way it currently is right now, you can, by sideloading a dummy verifier you created, but since you can only by doing so via adb, that adds enough of a barrier to scammers since now they have to either take over two devices or have the user set up Wireless ADB on their phone, which leads to the same kind of scenarios where even the new verification scheme will be useless.
