Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
extraduder_ire 3 days ago

What do you mean by signing? Application signing on android is done by the developer, with their own key. Or by fdroid, in the case of apps built by fdroid in the default repository.

heavyset_go 3 days ago | parent [-]

Things have changed.

Google is doing what Apple does and implementing Gatekeeper-like signature checks to ensure only apps by Google-approved developers can run on Android.

Microsoft does something similar with Windows Defender: you need to buy a developer certificate that can be revoked at any time if you want to distribute your app and have users be able to run it.

We're at a point where we need permission from trillion dollar companies to run the apps we want on the hardware we own.

71bw 3 days ago | parent | next [-]

>Microsoft does something similar with Windows Defender: you need to buy a developer certificate that can be revoked at any time if you want to distribute your app and have users be able to run it.

Clarifying: you CAN run an unsigned app just fine on Windows. A lot of freeware/"indie" (for lack of a better term for small software) programs run just fine, the only thing that happens is the user recieves a warning they have to press "Yes" on (which 95% of people do, because That's The Windows UX[patent pending]).

promano 2 days ago | parent | next [-]

They obfuscate it more than just pressing "Yes". You get a big warning saying Microsoft Defender has protected you, and the only clear option is "Don't run"

https://cdn.advancedinstaller.com/img/prevent-smartscreen-fr...

In order to run, you have to click on "More info", and then a second "Run anyway" button appears.

There's way more than 5% of the Windows userbase that gets confused and can't get past this warning.

heavyset_go 2 days ago | parent | prev [-]

Depends, I ran into this issue[1] a while ago with unsigned binaries.

[1] https://news.ycombinator.com/item?id=40815488

extraduder_ire 2 days ago | parent | prev [-]

In that case they wouldn't be stopping anything, since they haven't started signing anything yet.

I also haven't seen any specifics on how that system is supposed to work, but have seen a lot of speculation and (perhaps not unwarranted) fearmongering.