Android

20380 readers

573 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.

Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below

Rules

Stay on topic: All posts should be related to the Android OS or ecosystem.
No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.
Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.
No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.
No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.
No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.
No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.
No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.
No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!
No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

See thread

Chat and More

founded 2 years ago

MODERATORS

126

Let's talk security: Answering your top questions about Android developer verification (android-developers.googleblog.com)

submitted 6 days ago by limerod@reddthat.com to c/android

84 comments fedilink hide all child comments

Does this mean sideloading is going away on Android?

Absolutely not. Sideloading is fundamental to Android and it is not going away. Our new developer identity requirements are designed to protect users and developers from bad actors, not to limit choice. We want to make sure that if you download an app, it’s truly from the developer it claims to be published from, regardless of where you get the app. Verified developers will have the same freedom to distribute their apps directly to users through sideloading or through any app store they prefer.

Making APKs available to your test team

If your team’s current test process relies on distributing APKs to testers for installation using methods other than adb, you will need to verify your identity and register the package. This also applies if you make APKs available to your test teams through Google Play Internal Testing, Firebase App Distribution, or similar solutions through other distribution partners.

Do I still need to register my apps if I’m only distributing to a limited number of users?

We recommend you register. It's a simple, one-time process that will allow anyone to download and install your app. However, if you prefer not to, we are also introducing a free developer account type that will allow teachers, students, and hobbyists to distribute apps to a limited number of devices without needing to provide a government ID.

What can I do to prepare for developer verification?

The best way to get ready and stay updated is to sign up for early access. We’ll start sending invitations in October.

We recommend you participate in developer verification because, even though verification is not required to develop apps with Android Studio, you will need it to distribute apps to certified Android devices. Apps installed through enterprise management tools on managed devices will also be installable without being registered.

you are viewing a single comment's thread
view the rest of the comments

[–] pulsewidth@lemmy.world 19 points 6 days ago (2 children)

Imagine if every program on your PC had to be verified by Microsoft, or Canonical.

Fuck that noise.

This won't increase security. This just allows Google to tighten the reigns on their system to push out alternative app stores and enhance their monopoly. What do you think will be in the developer agreement - guarantee there's clauses preventing YouTube frontend apps (Freetube, Grayjay) and root alternative apps (Magisk, Shizuku). If it's not there on day one it will magically appear in a few months - and then the rug will be pulled from under those devs and they'll be banned from working on Android again on anything, potentially sued, and Google will be able to enforce it because they know exactly whom the devs are and have their government IDs.

[+] EarMaster@lemmy.world -10 points 6 days ago (2 children)

I totally agree with you that having Google as the only one able to assign these certificates is a problem. This needs to change (and I rely heavily on the EU to enforce this), but I still think that everyone who is publishing an app to an undisclosed number of people (and therefore there is no implicit trust by design) should identify him- or herself to some authority.

[–] pulsewidth@lemmy.world 8 points 6 days ago* (last edited 6 days ago)

Why? Google is demanding personal ID for devs, but we have no idea who wrote code for the Google apps we install - was it a Californian, was it slopped together by an AI, was an NSA analyst supplying code? Sorry, Google deems that's all private. Code is closed. Trust us.

Now, open source devs who value their privacy are forced to give it all up for users to continue using their vettable code that has earned them user trust over years or decades - just to give Google direct power over them. Power to ban from the store, power to sue, to litigate - you presume for benevolent reasons, however there is not much reason to believe this, given Google's history.

Google has repeatedly spread malware through their store and it has had real world impacts, so if they want to improve their security and more thoroughly vet the devs that they charge to use their store to distribute their code, fine - that's their call. But that's not all they're doing, is it - they're demanding ID from any dev that uses any storefront, even if that storefront is completely out of Google's hands and has over a decade of never distributing a single piece of malware.

Don't be fooled, this is a ploy to kill third party apps and third party stores, while enabling Google to strike at any devs of apps they take issue with.

[–] Lfrith@lemmy.ca 3 points 5 days ago

I agree if someone makes something like the ice app for their country the government should be able to track them down if they want. There shouldn't be a way for citizens to distrupt things for any reason. We need government to control every aspect of our lives and key is to make everything trackable for a safer world so the authorities in power can remain in power.

Every action should be identifiable. Including lemmy. It disturbs me that such a site where people arent required to provide real IDs exists.