On 19/05/17 21:00, Hans-Christoph Steiner wrote:
>
> With iOS, you need to use Apple tools to decrypt your official app
> binary, so there is no way to verify that Apple isn't inserting
> anything. With Android, we'll still be able to compare APKs. So if you
> submit an app that was
That's a nice feature indeed. I'm really afraid they're just going to
remove it entirely. ChromeOS doesn't have that option, for example.
You have to put the whole device into developer mode.
.hc
Nathan of Guardian:
> That said, at Google IO, I think in the security talk, they made a big
>
That said, at Google IO, I think in the security talk, they made a big
deal to point out the evolution of "Unknown Sources" to the ability to
approve it for just one app, enable to support third-party app stores.
On Tue, May 23, 2017, at 08:55 AM, Hans-Christoph Steiner wrote:
>
> I think the
I think the more practical, less paranoid read of this move is Google
trying to take control over more of the Android ecosystem. If they can
get app developers to let Google to the whole release process, that will
make it harder to also release the app on other app stores.
.hc
Elmor:
> This is
This is not only happening on mobiles. Since about one year, your add-ons on
Opera and Firefox are "verified". If developers do not let their add-on
veriefy, they are suspended.
What also poped into my eyes was point "3. Permanent Enrolement". If you have a
well going app and the name is in
With iOS, you need to use Apple tools to decrypt your official app
binary, so there is no way to verify that Apple isn't inserting
anything. With Android, we'll still be able to compare APKs. So if you
submit an app that was reproducibly built, then you can compare the
Google APK to your own
Is there any plausible way to get them to only apply verifiable
modifications? Such as compression using algorithms proven to preserve
original behavior?
I'm aware that would require a ton of resources (both in development and
computationally), but is it doable?
- Sent from my phone
Den 19 maj
On Fri, May 19, 2017, at 07:29 AM, Michael Rogers wrote:
> Paranoid people might suspect that this simultaneous move by Apple and
> Google is the result of political pressure to provide some means of
> adding/removing functionality, such as end-to-end encryption.
You read my mind.
+n
It's interesting that this is happening at the same time Apple is
introducing bitcode, which similarly allows Apple to optimise the app
and sign the optimised version. This makes it very hard for developers
to verify that their users are receiving their apps without any
added/removed
Lol, so it turns out that F-Droid was a pioneer and innovator, years
ahead of Google ;-)
Looks like a play to give Google more info on releases, since all
releases must go through them. It would also encourage developers to
use Google as the gatekeeper for app releases. I guess this could also
Just logged into Play and found this:
https://support.google.com/googleplay/android-developer/answer/7384423
"Google Play
Google Play App Signing Terms of Service
Effective as of May 17th 2017
By enrolling Your application (“app”) in Google Play App Signing (GPAS)
service, You consent to be
11 matches
Mail list logo
