But the thing is that they are not really making Android more secure with this policy.
They are still allowing APKs signed with debug keys to work… so the only alternative now for any developer that doesn’t want to register with Google is gonna be using those debug credentials to sign their app releases. I expect shipping APKs with debug keys will become more common, resulting in objectively a more unsafe Android ecosystem.
This is not gonna stop rogue APKs from outside Google’s store, it’s just gonna make them less secure, since being signed with a debug key means a malicious APK from a different source can produce another version of the app as an “update” and supplant the original.
This is not gonna stop alternative stores either, in fact, it will make it more important to use stores (as opposed to installing apks from github or so), since at least that way they can still implement alternative methods to check package authenticity before installing, even when using debug keys.
None of that logic matters man. Regulators don’t understand this shit. Do you think the UK’s online age restrictions make anyone safer? It’s all bullshit for their own purposes.
But the thing is that they are not really making Android more secure with this policy.
They are still allowing APKs signed with debug keys to work… so the only alternative now for any developer that doesn’t want to register with Google is gonna be using those debug credentials to sign their app releases. I expect shipping APKs with debug keys will become more common, resulting in objectively a more unsafe Android ecosystem.
This is not gonna stop rogue APKs from outside Google’s store, it’s just gonna make them less secure, since being signed with a debug key means a malicious APK from a different source can produce another version of the app as an “update” and supplant the original.
This is not gonna stop alternative stores either, in fact, it will make it more important to use stores (as opposed to installing apks from github or so), since at least that way they can still implement alternative methods to check package authenticity before installing, even when using debug keys.
None of that logic matters man. Regulators don’t understand this shit. Do you think the UK’s online age restrictions make anyone safer? It’s all bullshit for their own purposes.