date:20170523

Re: [guardian-dev] Google's new App Signing service

2017-05-23 Thread Hans-Christoph Steiner


That's a nice feature indeed.  I'm really afraid they're just going to
remove it entirely.  ChromeOS doesn't have that option, for example.
You have to put the whole device into developer mode.

.hc

Nathan of Guardian:
> That said, at Google IO, I think in the security talk, they made a big
> deal to point out the evolution of "Unknown Sources" to the ability to
> approve it for just one app, enable to support third-party app stores. 
> 
> On Tue, May 23, 2017, at 08:55 AM, Hans-Christoph Steiner wrote:
>>
>> I think the more practical, less paranoid read of this move is Google
>> trying to take control over more of the Android ecosystem.  If they can
>> get app developers to let Google to the whole release process, that will
>> make it harder to also release the app on other app stores.
>>
>> .hc
>>
>> Elmor:
>>> This is not only happening on mobiles. Since about one year, your add-ons 
>>> on Opera and Firefox are "verified". If developers do not let their add-on 
>>> veriefy, they are suspended.
>>>
>>> What also poped into my eyes was point "3. Permanent Enrolement". If you 
>>> have a well going app and the name is in all ears and mind, you will lose 
>>> that name should you decide to get out of the GPAS.
>>>
>>> If Michael's and Nathan's fears - I do share them - are true, then apps can 
>>> only be securely downloaded and installed from developers own website.
>>>
>>> Tricky move.
>>>
>>> elm-
>>>
>>>
>>>
>>> On May 19, 2017 3:12:04 PM GMT+01:00, Nathan of Guardian 
>>>  wrote:
 On Fri, May 19, 2017, at 07:29 AM, Michael Rogers wrote:
> Paranoid people might suspect that this simultaneous move by Apple
 and
> Google is the result of political pressure to provide some means of
> adding/removing functionality, such as end-to-end encryption.

 You read my mind.

 +n
 ___
 List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
 To unsubscribe, email:  guardian-dev-unsubscr...@lists.mayfirst.org
>>>
>>
>> -- 
>> PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
>> https://pgp.mit.edu/pks/lookup?op=vindex=0xE9E28DEA00AA5556
> 
> 

-- 
PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex=0xE9E28DEA00AA5556
___
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To unsubscribe, email:  guardian-dev-unsubscr...@lists.mayfirst.org

Re: [guardian-dev] Google's new App Signing service

2017-05-23 Thread Nathan of Guardian

That said, at Google IO, I think in the security talk, they made a big
deal to point out the evolution of "Unknown Sources" to the ability to
approve it for just one app, enable to support third-party app stores. 

On Tue, May 23, 2017, at 08:55 AM, Hans-Christoph Steiner wrote:
> 
> I think the more practical, less paranoid read of this move is Google
> trying to take control over more of the Android ecosystem.  If they can
> get app developers to let Google to the whole release process, that will
> make it harder to also release the app on other app stores.
> 
> .hc
> 
> Elmor:
> > This is not only happening on mobiles. Since about one year, your add-ons 
> > on Opera and Firefox are "verified". If developers do not let their add-on 
> > veriefy, they are suspended.
> > 
> > What also poped into my eyes was point "3. Permanent Enrolement". If you 
> > have a well going app and the name is in all ears and mind, you will lose 
> > that name should you decide to get out of the GPAS.
> > 
> > If Michael's and Nathan's fears - I do share them - are true, then apps can 
> > only be securely downloaded and installed from developers own website.
> > 
> > Tricky move.
> > 
> > elm-
> > 
> > 
> > 
> > On May 19, 2017 3:12:04 PM GMT+01:00, Nathan of Guardian 
> >  wrote:
> >> On Fri, May 19, 2017, at 07:29 AM, Michael Rogers wrote:
> >>> Paranoid people might suspect that this simultaneous move by Apple
> >> and
> >>> Google is the result of political pressure to provide some means of
> >>> adding/removing functionality, such as end-to-end encryption.
> >>
> >> You read my mind.
> >>
> >> +n
> >> ___
> >> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> >> To unsubscribe, email:  guardian-dev-unsubscr...@lists.mayfirst.org
> > 
> 
> -- 
> PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
> https://pgp.mit.edu/pks/lookup?op=vindex=0xE9E28DEA00AA5556


-- 
  Nathan of Guardian
  nat...@guardianproject.info
___
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To unsubscribe, email:  guardian-dev-unsubscr...@lists.mayfirst.org

Re: [guardian-dev] Google's new App Signing service

2017-05-23 Thread Hans-Christoph Steiner


I think the more practical, less paranoid read of this move is Google
trying to take control over more of the Android ecosystem.  If they can
get app developers to let Google to the whole release process, that will
make it harder to also release the app on other app stores.

.hc

Elmor:
> This is not only happening on mobiles. Since about one year, your add-ons on 
> Opera and Firefox are "verified". If developers do not let their add-on 
> veriefy, they are suspended.
> 
> What also poped into my eyes was point "3. Permanent Enrolement". If you have 
> a well going app and the name is in all ears and mind, you will lose that 
> name should you decide to get out of the GPAS.
> 
> If Michael's and Nathan's fears - I do share them - are true, then apps can 
> only be securely downloaded and installed from developers own website.
> 
> Tricky move.
> 
> elm-
> 
> 
> 
> On May 19, 2017 3:12:04 PM GMT+01:00, Nathan of Guardian 
>  wrote:
>> On Fri, May 19, 2017, at 07:29 AM, Michael Rogers wrote:
>>> Paranoid people might suspect that this simultaneous move by Apple
>> and
>>> Google is the result of political pressure to provide some means of
>>> adding/removing functionality, such as end-to-end encryption.
>>
>> You read my mind.
>>
>> +n
>> ___
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>> To unsubscribe, email:  guardian-dev-unsubscr...@lists.mayfirst.org
> 

-- 
PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex=0xE9E28DEA00AA5556
___
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To unsubscribe, email:  guardian-dev-unsubscr...@lists.mayfirst.org

Re: [guardian-dev] Google's new App Signing service

Re: [guardian-dev] Google's new App Signing service

Re: [guardian-dev] Google's new App Signing service

3 matches

Site Navigation

Mail list logo

Footer information