Comment by simonask
3 months ago
It's pretty clearly an attempt to establish a clear chain of trust. If you are making a malicious app, the first thing you want to do is hide your identity. It is incredibly important that users can know whose code they are running, and who is responsible for the behavior of the malicious app that destroyed their life.
I can't say whether the specific implementation will be an improvement, but that is clearly the intent.
Meta and Google have not shown themselves to be "malicious" in sense that is relevant to this discussions. Whatever shady practices they may or may not have is very likely entirely within the law, and they are strongly motivated to protect people's personal data, because they will not have users (i.e., their product) if their platforms are insecure.
Meta has been shown to be malicious, up to an including violating permission controls to exfiltrate cookies from the browser with the facilitation of an android app.
The only reason, and it is the only reason, you do not view Meta as a malicious actor is because they've told you many times they are not.
Most Meta and Google products could be described as keyloggers or spyware. Many break permissions expectations - for example, Google apps have special privileges that allow them to circumvent some permissions on Android.
In addition, both Meta and Google products are primarily ad driven, with the majority of ads being scams. Again, virtually identical to other malicious apps.
Is any of this legal? Maybe, maybe not, you signed a EULA. But if all it takes is a EULA, then most android malware is not malware, and we're back at square one: play protect will not do anything.
And, to be clear, this is intentional. It is not Googles intention to squander malware because they rely on malware. No malware on Android and they go bankrupt.
It is their intention to further extract value out of the Google play store by leveraging their mandatory 30% cut. As well as making Android a more locked down platform and thereby more attractive to advertisers and DRM distributors.
I'm sorry, but I don't think it's reasonable to equate the shady business practices of organizations like Meta to crypto-blackmailing malware.
That's just one type of malware - spyware is also malware.
The only difference between a malicious app exfilitrating your cookies through an exploit and Meta exfilitrating your cookies through an exploit is you trust Meta won't use your cookies to impersonate you, steal your browser sessions, drain your bank account, etc.
But that's just pure trust. Meta could easily have a leak - Experian had a leak and people lost millions of dollars.