Comment by alerighi
15 days ago
I don't thing Google will enforce this verification as an option that cannot be disabled. Not because they care about open-source, but because there are contexts where Android is used where the device doesn't have an internet connection to contact Google services to verify apps that are installed by whatever deployment method is used. I talk about all the industrial contexts where the devices (terminals that operators use) doesn't connect to the internet but to a local network that is only used to communicate internally with the server the application is using.
By the way, if that is truly implemented and not bypassable using some methods such as some developer option, I think that I will return to running a custom ROM (hoping that they would not start restricting also the possibility to unlock the bootloader, fortunately that is up to the manufacturer and you would still find phones with unlockable bootloader, or just get an older phone).
It probably doesn't require a network connection for basic checking, as the signed key can be cryptographically checked even when offline as long as Google preloads their public keys to the phones
> It probably doesn't require a network connection for basic checking, as the signed key can be cryptographically checked even when offline as long as Google preloads their public keys to the phones
But of course it does nonetheless: https://developer.android.com/reference/android/content/pm/P...
This is for "certified" Android devices, I'd imagine the industrial systems Android is flashed to aren't certified.