Readit News logoReadit News
realusername commented on Google will allow only apps from verified developers to be installed on Android   9to5google.com/2025/08/25... · Posted by u/kotaKat
brookst · an hour ago
As someone working on a product that relies on Play Integrity and PAT to give legit mobile users zero captchas while challenging non-attested clients, I promise you are quite wrong here.

The benefits may not be sufficient to offset the harms you see, but if you don’t understand how and why these capabilities are used by services, I’m also suspicious you understand the harms accurately.

realusername · an hour ago
Using Play Integrity for captchas is completely useless, criminals are using unmodified devices farms on racks anyways.

Betting on Play Integrity to solve that is betting that devices will become more expensive in the future, that's quite obvious that the opposite is happening, they are getting cheaper and cheaper.

realusername commented on US threatens extra tariffs, export bans, for nations that regulate Big Tech   theregister.com/2025/08/2... · Posted by u/belter
mike_hearn · 2 hours ago
The EU has no leverage. Its own institutions are all 100% Microsoft shops with zero interest in changing that. The US has sanctioned staff at the International Criminal Court meaning MS suspended their Outlook accounts, and the ICC seems to have done .... exactly nothing. The chief prosecutor there had to open up a new personal account at Protonmail instead, although Protonmail keeps talking about leaving Switzerland due to new surveillance laws also so it's unclear how long it'll remain European (and of course Switzerland isn't in the EU anyway).

Simply put: can the EU do without US tech? No. Can the EU Commission do without extra tax revenues from US tech? Yes.

realusername · 2 hours ago
The opposite is also true, what Big Tech can do without the EU? It's their most profitable market and it's not like they are going to make up for the loss by selling in China.

The US tech industry doesn't have as much leverage as they think they do, the hardest part to replace is the hardware, which mostly isn't built in the US anyways

That reminds me of Mark Zukerberg which threatened to leave a while back... and denied it soon after realizing the bluff didn't work.

realusername commented on Google will allow only apps from verified developers to be installed on Android   9to5google.com/2025/08/25... · Posted by u/kotaKat
pimterry · 3 hours ago
I think Play Integrity is the fundamental issue here, and needs to go. That's the crux of the issue.

Allowing apps to say "we only run on Google's officially certified unmodified Android devices" and tightly restricting which devices are certified is the part that makes changes like this deeply problematic. Without that, non-Google Android versions are on a fair playing field; if you don't like their rules, you can install Graphene or other alternatives with no downside. With Play Integrity & attestation though you're always living with the risk of being cut off from some essential app (like your bank) that suddenly becomes "Google-Android-Only".

If Play Integrity went away, I'd be much more OK with Google adding restrictions like this - opt in if you like, use alternatives if you don't, and let's see what the market actually wants.

realusername · 2 hours ago
This is only allowed to exist because the justice system and politicians are mostly tech illiterate.

Play Integrity is not compliant with any antitrust legislation, that's painfully obvious. The sole and only purpose of this system is to remove non-Google Android forks.

realusername commented on US threatens extra tariffs, export bans, for nations that regulate Big Tech   theregister.com/2025/08/2... · Posted by u/belter
pu_pe · 2 hours ago
This is aimed at the European Union, India and Brazil, who have all recently been mulling Big Tech regulations. It seems to be the reward for the massive support Trump has been given by the tech sector.

It's likely the EU will cave but together with other ongoing threats, this might throw India and Brazil closer to China's orbit.

realusername · 2 hours ago
I don't see why the EU would cave in, Big Tech is more profitable than anything the EU sells to the US and they are paying close to nothing right now.

But the EU leadership is so weak now that we never know, even if it doesn't make sense.

realusername commented on Google will allow only apps from verified developers to be installed on Android   9to5google.com/2025/08/25... · Posted by u/kotaKat
gblargg · 6 hours ago
I think of it as manual installation, since I also have to manually update it. The app stores automatically install and update it (they find the appropriate APK for my device, download it, run the installer, and do the equivalent each time a new version is released).
realusername · 3 hours ago
This is a software limitation of the device, technically there's nothing preventing the app to auto-update like on Windows.

We could also imagine a mechanism to provide an update URL in the app metadata. The OS could query this URL periodically to check for updates.

So it's still a direct install, it's just that direct install support is limited on phones.

realusername commented on Google will allow only apps from verified developers to be installed on Android   9to5google.com/2025/08/25... · Posted by u/kotaKat
87636899376 · 18 hours ago
Official announcement: https://android-developers.googleblog.com/2025/08/elevating-...

More info:

https://developer.android.com/developer-verification

https://support.google.com/googleplay/android-developer/answ...

Personally...we all know the Play Store is chock full of malicious garbage, so the verification requirements there don't do jack to protect users. The way I see it, this is nothing but a power grab, a way for Google to kill apps like Revanced for good. They'll just find some bullshit reason to suspend your developer account if you do something they don't like.

Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.

> we will be confirming who the developer is, not reviewing the content of their app or where it came from

This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.

TFA had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.

On the flip side, that's one less platform I care about supporting with my projects. We're down to just Linux and Windows if you're not willing to sell your soul (no, I will not be making a Google account) just for the right to develop for a certain platform.

realusername · 10 hours ago
> Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps

Of that they still refuse to sandbox the play store.

It's easy to see that there's a pattern on what they are copying from GrapheneOS.

realusername commented on Google will allow only apps from verified developers to be installed on Android   9to5google.com/2025/08/25... · Posted by u/kotaKat
black3r · 16 hours ago
> This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.

Requiring company verification helps against some app pretending to be made by a legitimate institution, e.g. your bank.

Requiring public key registration for package name protects against package modification with malware. Typical issue - I want to download an app that's not on available "in my country" - because I'm on a holiday and want to try some local app, but my "play store country" is tied to my credit card and the developer only made it available in his own country thinking it would be useless for foreigners. I usually try to download it from APKMirror. APKMirror tries to do signature verification. But I may not find it on APKMirror but only on some sketchy site. The sketchy site may not do any signature verification so I can't be sure that I downloaded an original unmodified APK instead of the original APK injected with some malware.

Both of these can be done without actually scanning the package contents. They are essentially just equivalents of EV SSL certificates and DANE/TLSA from TLS world.

realusername · 10 hours ago
> Typical issue - I want to download an app that's not on available "in my country" - because I'm on a holiday and want to try some local app,

The solution here is just to get rid of artificial country limitations which make some users download APKs. None of those make sense in the online world anyways.

realusername commented on Google will allow only apps from verified developers to be installed on Android   9to5google.com/2025/08/25... · Posted by u/kotaKat
earthicus · 11 hours ago
This certainly won't solve the problem, but I would at least like to banish the term "side load", which is a kind of Orwellian word that takes something everyone used to do all the time and makes it sound obscure and a bit nefarious. Maybe we, the tech literate, can start calling sideloading a "free install" or something. When asked, we can clarify that the 'free' stands for both freedom, and not paying middlemen 30%.
realusername · 10 hours ago
I call it "direct install" personally. It's how you are supposed to be able to install programs, directly from the source.

If anything, it's the playstore and appstore which are side channels.

realusername commented on Google will allow only apps from verified developers to be installed on Android   9to5google.com/2025/08/25... · Posted by u/kotaKat
realusername · 11 hours ago
The wild west is on the play store and the app store right now, Google and Apple get most of their money from casino game apps stealing from users.

And both companies don't do anything about it because they are loaded with money from those scams.

Give me a break, it's never been about security.

realusername commented on From M1 MacBook to Arch Linux: A month-long experiment that became permanenent   ssp.sh/blog/macbook-to-ar... · Posted by u/articsputnik
imcritic · 3 days ago
What's there to hate in it?
realusername · 3 days ago
It's hard to describe, when you never used a mac in your life, it feels weird with plenty of ghost inputs.

To each their own but I really don't want my laptop to imitate that.

r

u/realusername

KarmaCake day8211August 4, 2014
About
email: hn [AT] alex-min.fr
View Original