Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If "automatic updates" were optional and off-by-default then users would not be vulnerable to something like SimpleMobileTools

Why not let the user decide

Letting someone else decide has potential consequences

Using F-Droid app ("automatic updates") is optional, as it should be

"Automatic updates" is another way of saying "allow somone else to remotely install software on this computer"

Some computer owners might not want that. It's their decision to make

I disable internet access to all apps by default, including system apps

When source code is provided I can remove internet access before compilation

Anyway, the entire OS is "user-hostile" requiring constant vigilance

It's controlled by an online ad services company

Surveillance as a business



> If "automatic updates" were optional and off-by-default then users would not be vulnerable to something like SimpleMobileTools

The problem is the vast majority of users want this on by default; they don't want to be bothered with looking at every update and deciding if they should update or not.


The vast majority of users want their apps to work. They don't care whether that happens through automatic updates or not.

It's the developers who don't want the headache of not having automatic updates.


"Automatic updates" is "remote code execution (RCE)" by permission

Given the frequent complaints about the former, the notion of "permission" is dubious




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: