391

VLC - App stores were a mistake (archive.is)

submitted 7 months ago by ozoned@lemmy.world to c/privacy@lemmy.ml

195 comments fedilink hide all child comments

VideoLAN @videolan App Stores were a mistake. Currently, we cannot update VLC on Windows Store, and we cannot update VLC on Android Play Store, without reducing security or dropping a lot of users... For now, iOS App Store still allows us to ship for iOS9, but until when?

you are viewing a single comment's thread
view the rest of the comments

[-] dev_null@lemmy.ml 5 points 7 months ago

You can pay a one time fee if $25 to get Microsoft to sign your app on the Microsoft store, or you can pay $400+ per year to buy your own certificate. So Microsoft Store is sadly the cheap way to release apps on Windows. (Without users getting scary warnings from Windows and AV about installing unsigned aoftware)

[-] doom_and_gloom@lemmy.ml 1 points 7 months ago* (last edited 7 months ago)

Right. My memory is a bit hazy (I don't use the store). What I was trying to address was the revenue funnel they built around the environment. MS still gets a cut of the $400 certs, right?

The UX of the scary warning is to make the user feel safe installing signed software in comparison, but there is no guarantee that a signed app does not contain an exploit. It's an abuse of people's misunderstandings of security, for profit and user share.

Maybe I should have worked through my thoughts a little more before posting, but hopefully this clarifies my sentiment. And like I said, I don't use the store at all, so if I still have some inaccuracies then I welcome corrections.

[-] dev_null@lemmy.ml 3 points 7 months ago

The certs are sold by certificate authority companies, and Microsoft doesn't get a share of that, though I'm not sure.

Yeah, software being signed says nothing about it not being malicious or insecure, but it does prove the author is what it says, and if it is malicious then the responsible party is clearly visible.

For non-commercial hobby/open-source software the certificate price is prohibitive, so the only 2 options are Microsoft Store or accepting that users will see the scary warnings, and of course complain to the developer about it.

[-] WetBeardHairs@lemmy.ml 1 points 7 months ago* (last edited 7 months ago)

The assumption is that legitimate companies who sell software will sign it and that signature proves it came from that company who you trust because of their publicly known legitimacy. It's a bit of circular reasoning. But it does round back towards that legitimacy - if it is found that they violate your trust, they lose public trust and thus lose sales.

Luckily new OSes (cough NOT WINDOWS) are able to sandbox applications and prevent them from accessing resources without declaring the need to access it.

And as for the signing certificate, I think the MS Store will allow any signed app. They just offer the cheaper signing service.

this post was submitted on 24 Mar 2024

391 points (96.2% liked)

Privacy

32015 readers

1090 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS