this post was submitted on 26 Aug 2025
1966 points (99.4% liked)
Microblog Memes
9036 readers
2772 users here now
A place to share screenshots of Microblog posts, whether from Mastodon, tumblr, ~~Twitter~~ X, KBin, Threads or elsewhere.
Created as an evolution of White People Twitter and other tweet-capture subreddits.
Rules:
- Please put at least one word relevant to the post in the post title.
- Be nice.
- No advertising, brand promotion or guerilla marketing.
- Posters are encouraged to link to the toot or tweet etc in the description of posts.
Related communities:
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You're right, it is an inordinate amount of effort.
So much effort, that I don't believe doing it on the scale Android / Google would need to do is possible.
We see Google, Apple failing at this insurmountable effort all the time. Even Linux has failed at it sometimes with supply chain attacks.
And frankly I don't feel that Google can do better than what they've done already in terms of sideloading. Right now of you don't want to go through the app store, you have to ignore two separate warnings when you side load a malicious app. At that point it's negligence.
Because of that I don't feel that adding this restriction to sideloading will help the situation. I believe it's a cop out, if anything they should direct the effort to the Play Store more. There is plenty of actually harmful malware on the Play Store that we can see in the news is a much larger impact than sideloading applications.
That's probably why no one is empathizing with what you're asking for, there is too much showing this change is in bad faith.
We did have that impossible to screw up device in feature phones. But we traded that for pocket computers that enable us to install, and build apps.
As for Linux, I completely agree with you. It still needs to improve user friendliness. It's improved exponentially lately, and could be argued to be better than Windows, but it's still not as good as smartphone computers which are the epiphany of user friendliness (and ignoring the dark patterns being added).
For the record, people are misunderstanding what Google is doing. They aren't enforcing full verification of every app, and presumably they're not preventing third party stores, since regulators have already forced their hand on that front.
They are demanding to keep verifiable ID on the authors of every app for the app to be able to launch from any source. Their pitch is not to centralize, which they would like to do but aren't allowed to do, their pitch seems to be to give you a paper trail where you know who made the malware because Google literally has a copy of their ID on file. Microsoft already has this for Windows as a certification system, but crucially on Windows you get a (deliberately very scary) "this app is unsigned and is probably malware" pop up that you can still bypass. It take a lot of unintuitive clicking, but you can still run the software. Google is saying they won't have that workaround at all now on the subset of devices they flag as "Android certified".
In practice this is fairly neutral in terms of security, but it focuses on enforcement and visibility. Besides the very real question of how to even implement this for distributed development or open source applications of the kind that doesn't bother submitting to Google Play, it may also have a heck of a chilling effect on a whole bunch of things you really don't want chilled in terms of privacy and anonimity for developers. It means if you want to control what software can be on ANY phone you need to get to basically three companies across the planet and that's enough. Likewise if you want to go after someone who made a piece of software for whatever reason.
But that's not what the conversation we're having is about, partly because nobody seems to be looking past the headlines, partly because nobody wants to engage with the nuance of the situation and is looking at it from the myopic perspective of principled access at the cost of added complexity when that's not at all what this is about.
I understand the paper trail that this is creating.
But it does come across as Google gatekeeping.
For example, what if I want to build an app, and distribute it outside of app stores with zero involvement from Google? It appears that cannot be done because I'd need to identify with Google through the developer program.
What happens if Google doesn't like that I made a chat app that bypasses censorship in specific country, it gets removed from play store, so i publish it on my website. What if Google gets mad at this and flags my identification?
Suddenly no one can install my app that has nothing to do with Google.
To me, even if it seems like a benign change, I can see how it can be exploited by Google to push whatever agenda they want.
If Google disappeared the day after this is rolled out, would I still be able to add a valid identifier to my apk without Google's involvement?
I don't think it seems like a benign change at all, for those reasons.
Well, for most of them. It IS a concern that every single piece of bootable code on the platform is traceable to a specific person worldwide, for sure. The last one shouldn't be an issue. If Google disappeared you'd still be able to run unsigned code on Android, since on paper this will only apply to "Android certified" devices. Not being certified may remove Google services and the Play Store, but in your scenario those are gone anyway. And there isn't a ton of clarity about whether ID certification will be automatic. I presume it will be, but we won't know until we hear from devs in their early access program.
But apps being persecuted or censored by governments? Sure. That's a very real issue. And Google and Apple deciding what people can run in their devices single-handedly? That's entierly unacceptable.