Comment by janice1999

4 days ago

Developers, including non-US citizens, are forced to give Google their government ID to distribute apps. This enables Google to track and censor projects, like NewPipe, an alternative open source Youtube frontend, by revoking signing permissions for developers.

16 comments

janice1999

Reply
MishaalRahman  4 days ago

>Developers, including non-US citizens, are forced to give Google their government ID to distribute apps.

Developers can choose to not undergo verification, thereby remaining anonymous. The only change is that their applications will need to be installed via ADB and/or this new advanced flow on certified Android devices.

Either way, you can still distribute your apps wherever you want. If you verify your identity, then there are no changes to the existing installation flow from a user perspective. If you choose not to verify your identity, then the installation will still be possible but only through high-friction methods (ADB, advanced flow). These methods are high-friction so anonymous scammers can't easily coerce their victims into installing malicious software.

  • Evidlo  4 days ago

    My friend's little kid likes to make games that he and his friends can play. As far as I am aware, these apps don't require any permissions.

    Are apps like this more dangerous than browsing to a website? I thought they were entirely sandboxed from the rest of the device?

    • Aachen  4 days ago

      Not quite. You can do a lot of stuff that requires no permissions, or at least not ones that the user has to confirm (e.g. you get internet permission, sensor access, always run in the background etc. by default, but you do need to declare this in the manifest file iirc), which isn't possible on websites like that (a website will ask before it lets a site do limited things while you think the tab is closed)

      Depending on your threat model, it might be mostly harmless

  • codethief  4 days ago

    > Developers can choose to not undergo verification, thereby remaining anonymous. The only change is […]

    "The only change" – with all due respect, are you even listening to yourself? The "only change" is that you, as a developer, will be completely excluded from publishing apps in the Play Store and that people effectively won't be able to install your app anymore! (Unless you were targeting only e.g. F-Droid users to begin with, which very few apps do.)

    In essence, you are cutting down on the privacy of tens of thousands of honest developers around the world in the name of protecting users from scammers and you're pretending that 1) it's a nothingburger and 2) developers have a choice.

codethief  4 days ago

This. Side loading being restricted is only one part of the problem; the other is mandatory developer verification for apps distributed through the Play Store.

occz  4 days ago

That's not correct - the flow described in the post outlines the requirements to install any apps that haven't had their signature registered with Google.

That means those apps still keep on existing, they are just more of a hassle to install.

2OEH8eoCRo0  4 days ago

I don't see that on the page

  • janice1999  4 days ago

    They already announced it. Here they only mention the special case where it does not apply:

    > In addition to the advanced flow we’re building free, limited distribution accounts for students and hobbyists. This allows you to share apps with a small group (up to 20 devices) without needing to provide a government-issued ID or pay a registration fee.

    i.e. Government-issued ID and fees are needed for more than 20 devices, e,g, every app on F-Droid