Android
DROID DOES
Welcome to the droidymcdroidface-iest, Lemmyest (Lemmiest), test, bestest, phoniest, pluckiest, snarkiest, and spiciest Android community on Lemmy (Do not respond)! Here you can participate in amazing discussions and events relating to all things Android.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules
1. All posts must be relevant to Android devices/operating system.
2. Posts cannot be illegal or NSFW material.
3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.
4. Non-whitelisted bots will be banned.
5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.
6. Memes are not allowed to be posts, but are allowed in the comments.
7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.
8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.
Community Resources:
We are Android girls*,
In our Lemmy.world.
The back is plastic,
It's fantastic.
*Well, not just girls: people of all gender identities are welcomed here.
Our Partner Communities:
view the rest of the comments
Wait, how? Also, don't they already?
Apps from outside the Play Store? No, because previously your phone had no reason to ask Google anything. You could always not sign in to Google and disable Play Protect and use F-Droid and Obtainium.
But now, it needs to check developer signatures to know if it's a verified developer, and it obviously can't cache all of them as the size would be insane.
And that in turn implies that your phone needs to reach out to Google and be like yo, is this app banned?
That query gives them at minimum the IP of the user, the package name, and the time at which it happened.
And thus they can effectively track anyone using say, privacy apps, making it that much riskier to use them in places where they're not allowed.
For your "safety".
Play store seems to be sending list of all applications to ask for available updates. This is observable because play store offers me updates for apps I installed via f-droid and obtanium.
Not how signatures usually work. You check the signing key (certificate) is signed by google key and you fetch a revocation list (banned developers). Of course, google could implement it in the way you suggest in theory, but I find it unlikely, since it would block offline installation for no reason.
They said it would require network access and that they would have a handful of popular apps preloaded to avoid too much disruption so those can be installed offline. In practice that probably means Google apps, Meta apps and other big corp apps.
They also have you register package names with them, not just a certificate.
I was hoping it would be a certificate situation but we're kind of past Google using the least intrusive and privacy preserving options.
I must have missed that. Well, there goes any possible excuse about security, since they are going out of their way to make it less privacy preserving...