this post was submitted on 26 Aug 2025
1966 points (99.4% liked)

Microblog Memes

9036 readers
2772 users here now

A place to share screenshots of Microblog posts, whether from Mastodon, tumblr, ~~Twitter~~ X, KBin, Threads or elsewhere.

Created as an evolution of White People Twitter and other tweet-capture subreddits.

Rules:

  1. Please put at least one word relevant to the post in the post title.
  2. Be nice.
  3. No advertising, brand promotion or guerilla marketing.
  4. Posters are encouraged to link to the toot or tweet etc in the description of posts.

Related communities:

founded 2 years ago
MODERATORS
ReadyUser31@lemmy.world
aeronmelon@lemmy.world
needanke@feddit.org
1966
Language (lemmy.blahaj.zone)
submitted 4 days ago by not_IO@lemmy.blahaj.zone to c/microblogmemes@lemmy.world
230 comments fedilink hide all child comments
 

https://mastodon.social/@Gargron/115093185284473606

you are viewing a single comment's thread
view the rest of the comments
[–] MudMan@fedia.io 1 points 3 days ago (1 children)

For the record, people are misunderstanding what Google is doing. They aren't enforcing full verification of every app, and presumably they're not preventing third party stores, since regulators have already forced their hand on that front.

They are demanding to keep verifiable ID on the authors of every app for the app to be able to launch from any source. Their pitch is not to centralize, which they would like to do but aren't allowed to do, their pitch seems to be to give you a paper trail where you know who made the malware because Google literally has a copy of their ID on file. Microsoft already has this for Windows as a certification system, but crucially on Windows you get a (deliberately very scary) "this app is unsigned and is probably malware" pop up that you can still bypass. It take a lot of unintuitive clicking, but you can still run the software. Google is saying they won't have that workaround at all now on the subset of devices they flag as "Android certified".

In practice this is fairly neutral in terms of security, but it focuses on enforcement and visibility. Besides the very real question of how to even implement this for distributed development or open source applications of the kind that doesn't bother submitting to Google Play, it may also have a heck of a chilling effect on a whole bunch of things you really don't want chilled in terms of privacy and anonimity for developers. It means if you want to control what software can be on ANY phone you need to get to basically three companies across the planet and that's enough. Likewise if you want to go after someone who made a piece of software for whatever reason.

But that's not what the conversation we're having is about, partly because nobody seems to be looking past the headlines, partly because nobody wants to engage with the nuance of the situation and is looking at it from the myopic perspective of principled access at the cost of added complexity when that's not at all what this is about.

[–] bitwolf@sh.itjust.works 1 points 3 days ago (1 children)

I understand the paper trail that this is creating.

But it does come across as Google gatekeeping.

For example, what if I want to build an app, and distribute it outside of app stores with zero involvement from Google? It appears that cannot be done because I'd need to identify with Google through the developer program.

What happens if Google doesn't like that I made a chat app that bypasses censorship in specific country, it gets removed from play store, so i publish it on my website. What if Google gets mad at this and flags my identification?

Suddenly no one can install my app that has nothing to do with Google.

To me, even if it seems like a benign change, I can see how it can be exploited by Google to push whatever agenda they want.

If Google disappeared the day after this is rolled out, would I still be able to add a valid identifier to my apk without Google's involvement?

[–] MudMan@fedia.io 1 points 3 days ago

I don't think it seems like a benign change at all, for those reasons.

Well, for most of them. It IS a concern that every single piece of bootable code on the platform is traceable to a specific person worldwide, for sure. The last one shouldn't be an issue. If Google disappeared you'd still be able to run unsigned code on Android, since on paper this will only apply to "Android certified" devices. Not being certified may remove Google services and the Play Store, but in your scenario those are gone anyway. And there isn't a ton of clarity about whether ID certification will be automatic. I presume it will be, but we won't know until we hear from devs in their early access program.

But apps being persecuted or censored by governments? Sure. That's a very real issue. And Google and Apple deciding what people can run in their devices single-handedly? That's entierly unacceptable.