| ▲ | janice1999 11 hours ago |
| Developers, including non-US citizens, are forced to give Google their government ID to distribute apps. This enables Google to track and censor projects, like NewPipe, an alternative open source Youtube frontend, by revoking signing permissions for developers. |
|
| ▲ | codethief 11 hours ago | parent | next [-] |
| This. Side loading being restricted is only one part of the problem; the other is mandatory developer verification for apps distributed through the Play Store. |
|
| ▲ | MishaalRahman 11 hours ago | parent | prev | next [-] |
| >Developers, including non-US citizens, are forced to give Google their government ID to distribute apps. Developers can choose to not undergo verification, thereby remaining anonymous. The only change is that their applications will need to be installed via ADB and/or this new advanced flow on certified Android devices. Either way, you can still distribute your apps wherever you want. If you verify your identity, then there are no changes to the existing installation flow from a user perspective. If you choose not to verify your identity, then the installation will still be possible but only through high-friction methods (ADB, advanced flow). These methods are high-friction so anonymous scammers can't easily coerce their victims into installing malicious software. |
| |
| ▲ | Evidlo 10 hours ago | parent | next [-] | | My friend's little kid likes to make games that he and his friends can play. As far as I am aware, these apps don't require any permissions. Are apps like this more dangerous than browsing to a website? I thought they were entirely sandboxed from the rest of the device? | | |
| ▲ | Aachen 7 hours ago | parent [-] | | Not quite. You can do a lot of stuff that requires no permissions, or at least not ones that the user has to confirm (e.g. you get internet permission, sensor access, always run in the background etc. by default, but you do need to declare this in the manifest file iirc), which isn't possible on websites like that (a website will ask before it lets a site do limited things while you think the tab is closed) Depending on your threat model, it might be mostly harmless |
| |
| ▲ | codethief 2 hours ago | parent | prev [-] | | > Developers can choose to not undergo verification, thereby remaining anonymous. The only change is […] "The only change" – with all due respect, are you even listening to yourself? The "only change" is that you, as a developer, will be completely excluded from publishing apps in the Play Store and that people effectively won't be able to install your app anymore! (Unless you were targeting only e.g. F-Droid users to begin with, which very few apps do.) In essence, you are cutting down on the privacy of tens of thousands of honest developers around the world in the name of protecting users from scammers and you're pretending that 1) it's a nothingburger and 2) developers have a choice. |
|
|
| ▲ | occz 11 hours ago | parent | prev | next [-] |
| That's not correct - the flow described in the post outlines the requirements to install any apps that haven't had their signature registered with Google. That means those apps still keep on existing, they are just more of a hassle to install. |
|
| ▲ | izacus 9 hours ago | parent | prev | next [-] |
| This is downright wrong. |
| |
| ▲ | Aachen 7 hours ago | parent [-] | | Care to elaborate then? It's in line with the announcements I've heard |
|
|
| ▲ | 2OEH8eoCRo0 11 hours ago | parent | prev [-] |
| I don't see that on the page |
| |
| ▲ | janice1999 11 hours ago | parent | next [-] | | They already announced it. Here they only mention the special case where it does not apply: > In addition to the advanced flow we’re building free, limited distribution accounts for students and hobbyists. This allows you to share apps with a small group (up to 20 devices) without needing to provide a government-issued ID or pay a registration fee. i.e. Government-issued ID and fees are needed for more than 20 devices, e,g, every app on F-Droid | | |
| ▲ | ai-inquisitor 11 hours ago | parent | next [-] | | Enforcement of the device restriction would also mean they also are collecting information from your device about the app. | |
| ▲ | Evidlo 10 hours ago | parent | prev [-] | | Isn't this a huge loophole? Couldn't a scammer just make many variants of their malware? | | |
| ▲ | Aachen 7 hours ago | parent [-] | | If there were a reliable way of identifying people making multiple accounts, it wouldn't be anonymous now would it? This not a loophole but inherent to an anonymous system The trouble is, the accounts aren't meant to be anonymous. Pseudonymous at best, depending also on the country (a lot of places require government ID before you can assign a phone number, or have a central government querying system for mapping IP addresses and timestamp to the name and address of the subscriber that used it at the time). It's not like they let you create infinite Google accounts without supplying an infinite amount of fresh phone numbers or IP addresses. You also agree to the general Google privacy policy, which allows them to do anything for any purpose last I checked (a few years ago) unless you're a business customer (but then you've got a payment method in use, and they don't accept cash in the mail), such as fingerprinting as part of reCaptcha |
|
| |
| ▲ | codethief 11 hours ago | parent | prev [-] | | https://developer.android.com/developer-verification Note that the OP is about side loading, i.e. installing apps from non-Play Store sources and thereby circumventing developer verification. |
|
