Comment by blueg3

6 days ago

There's a lot of misinformation here.

> I guess it means the Play store will be the only way to install an app

No, non-Play stores will still work, but developers will need to register a developer account with Google that is tied to some real identity. They already need to do this to distribute through the Play store, but now it'll apply regardless.

This is to make it harder for scam apps to churn app signatures. Kind of like requiring code-signing, but with only one CA.

> That users won't be able to install what they want

No, sideloading will still work, but it won't work if the APK isn't signed by someone in the Google developer registry.

> and that they would need a google account to install apps

Nope.

> That app developers have to go through google to distribute their apps, with identity verification etc.

They don't need to distribute through Google, but they will need to be involved with Google and do identity verification.

> However, I'm also reading here and there that it is a threat to alternative ROMs. To me it sounds at the contrary as an amazing opportunity, as they can strip this verification and be the only truly open Android, or am I missing something?

You're being misinformed. They won't even need to strip the verification. The verification is only for certified Android -- OEMs that partner with Google. Custom ROMs and the OEMs that aren't certified (Amazon, some Chinese manufacturers) won't have verification.

The target audience for verification and who would ever use a custom ROM has basically zero overlap.

3 comments

blueg3

Reply
kevincox  5 days ago

I mostly agree with your points.

> > That users won't be able to install what they want

> No, sideloading will still work, but it won't work if the APK isn't signed by someone in the Google developer registry.

So the user can't install what they want. They can only install stuff signed by developers Google has "approved".

Yes, in the happy situation this is everything except for developers that Google has revoked. But technically it is only approved developers.

  • blueg3  5 days ago

    That's pedantically fair. I broke up a longer statement:

    > That users won't be able to install what they want and that they would need a google account to install apps

    It was split up because "need a Google account to install apps" is strictly untrue, but "won't be able to install what they want" is more nuanced.

    I did clearly say, "it won't work if the APK isn't signed by someone in the Google developer registry".

    So, it depends on what the user wants.

    If they're running certified Android; otherwise it doesn't matter.

    It is only for registered developers, so of course that very much depends on the registration system.

    • kevincox  5 days ago

      Yeah, I get you. I think the main misunderstanding from the original comment is that the *user* won't need a Google account, only the *developer* (signer to be technical) will.