this post was submitted on 19 Jul 2024
17 points (94.7% liked)

Android Development

539 readers
1 users here now

Welcome to the programming.dev Android development community!

The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] DeprecatedCompatV2@programming.dev -1 points 3 months ago* (last edited 3 months ago) (1 children)

I'm surprised this wasn't already the case. You're distributing potentially malicious code to users' devices, and they expect a base level of safety from the Play Store. You're free to publish elsewhere, so it's not like Apple's policy.

[–] refalo@programming.dev 4 points 3 months ago (1 children)

I don't consider a personal dev's identity documents and signing keys to have much bearing on "safety".

[–] DeprecatedCompatV2@programming.dev -1 points 3 months ago (1 children)

You're not a developer, you're a company, even if you're doing business as an individual.

The signing key requirement has pros and cons. Cons being that Google can now impersonate developers and inject code at will. This seems somewhat irrelevant in face of the control they already exert through Google Play Services, but it's obviously bad nonetheless.

Pros being that Google can now keep the signing key secure behind a Google sign-in instead of relying on individual developers to maintain good opsec.

[–] refalo@programming.dev 2 points 3 months ago

I don't disagree but for me personally it's too much, so I have decided not to publish on the play store anymore.