> We want to make sure that if you download an app from a developer, regardless of where you get it, it's actually from them. That's it.

In what scenario is this a serious threat because I can't think of any.

wmf 2 days ago | parent | next [-]

People are installing banking apps that are actually from criminals. Basically app phishing.

	▲	dvrj101 2 days ago \| parent \| next [-]
		> People are installing banking apps that are actually from criminals. and this identification does nothing about that, this is not to protect users. such phishing are always found on play-store alone.
	▲	const_cast 2 days ago \| parent \| prev \| next [-]
		The reason this happens is that greedy companies like Google have made apps the de facto way to get anything done. There's 0 reason you should need an app to fucking pay for parking. Why do you then? Because running mostly unsandboxed native code on customers devices is a fantastic way to steal data and build profiles. Browsers just don't cut it - they're too safe, too secure, too abstracted. Let's be honest here - what is a banking app? Web forms, some more web forms, and then to top it off, some web forms. I mean, hell, half these apps are just web views with spywa - I mean analytics - slapped on top.
	▲	OutOfHere 2 days ago \| parent \| prev [-]
		Let's not call them banking apps. They're not. They're scam apps. The problem represented in the tweet is deeper. It is about not receiving patches which means the device is basically unsafe to use altogether.

It sounds like EV certificates, and it turned out that in practice no one cared about id verification.

	▲	gessha a day ago \| parent [-]
		This feels like an airplane bullet hole example.