Lol, so it turns out that F-Droid was a pioneer and innovator, years ahead of Google ;-)
Looks like a play to give Google more info on releases, since all releases must go through them. It would also encourage developers to use Google as the gatekeeper for app releases. I guess this could also be some kind key backup. Anyone see anything about their motivations for doing this? I wonder how much data they have on signing keys getting stolen and abused. .hc Nathan of Guardian: > Just logged into Play and found this: > https://support.google.com/googleplay/android-developer/answer/7384423 > > > "Google Play > Google Play App Signing Terms of Service > > Effective as of May 17th 2017 > > By enrolling Your application (“app”) in Google Play App Signing (GPAS) > service, You consent to be bound by these terms, in addition to the > existing Google Play Developer Distribution Agreement (“DDA”) and Google > Play Developer Program Policies (collectively, the “Agreement”). If > there is a conflict between these terms and the Agreement, these terms > govern use of Your app in GPAS. Capitalized terms used below, but not > defined below, have the meaning ascribed to them under the Agreement. > > 1. Key Generation and Storage > > 1.1. GPAS is an optional service that provides a secure means of > handling Your app signing key. > > 1.2. By enrolling Your existing app in GPAS, You agree to give Your > existing app’s signing key to Google and to secure or delete Your > copy(ies) of the key. For new apps, Google will generate a new app > signing key for Your app. > > 1.3. You will have the ability to download and review any APKs you > publish that are signed by Google. > > 2. Automated App Optimizations > > 2.1. By enrolling Your app in GPAS, in addition to the license granted > in 5.1 of the DDA, You grant Google a license to modify Your app APKs to > optimize their performance, security and/or size, for the life of the > app. The modifications, and the timing of which, will be made at > Google’s sole discretion. > > 2.2. For the avoidance of doubt, services provided in GPAS are not > intended to change the purpose of Your app. > > 3. Permanent Enrollment > > 3.1. It will not be possible to retrieve Your app signing key once it is > provided to or generated by Google. > > 3.2. You can unpublish Your app and publish a new app with a new package > name, without opting into GPAS, at any time. > > 4. Optional App Optimizations > > 4.1. Google may offer You app optimizations, separate from the automated > ones referenced in Section 2, that You may choose to apply to Your apps > enrolled in GPAS. > > 4.2. You are not required to accept any of these optional app > optimizations. > > 4.3. If You choose to apply an optional app optimization, You can > opt-out of any you choose at any time. > > 5. Changes to the Agreement > > 5.1. Google may make changes to these terms at any time by sending You > reasonable notice describing the modifications made. Google also will > post a notification on the Google Play Console describing the > modifications made. They will become effective, and will be deemed > accepted by You, (a) immediately for those who opt-in to GPAS after the > notification is provided, or (b) for pre-existing GPAS users, on the > date specified in the notice. If You do not agree with the modifications > to the Terms, You must withdraw from GPAS, subject to Section 3, which > will be Your sole and exclusive remedy. You agree that Your failure to > withdraw constitutes Your agreement to the modified terms. > > © Google Privacy & Terms Help" > -- PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556 https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556 _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
