Hi) Could you help, please, how does this affect e/os? Android Developers Blog: A new layer of security for certified Android devices
1 Like
I no expert on developing for sure. But just reading it I donât think it will effect Lineage or eOS or any custom ROM really. I believe they are talking about GPS appsâŚ
developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store
So, it seems to be up to the developer.
What might change though, is that Google might plug the loophole to access Playstore through aurora, app lounge or similar apps.
I have taken a look at the website of F-Droid. They have not released an official blog article yet, but there are two or three statements on their Mastodon account: F-Droid (@fdroidorg@floss.social) - FLOSS.social
They share a message where developers (or average users) can give feedback to Google about this imminent decision: FLOSS.social
So they (obviously) seem not happy about Googleâs decision, but have not released an official statement yet.
It mostly donât but if like me you rely mostly on fdroid App, it means that any phone with the label Android Certified will not be able to use frdoid if the dev of the app has not given its gov ID to Google to sign its app.
Itâs not a huge problem if you only use playstore, for me itâs a huge issue as most app I use are not on playstore and probably not sign.
Malware and phone scams leading people to install software outside the store is the most well-meaning interpretation as to the reasons.
Whatâs grinding in the rumor mill as to the strategic reasons for increasing control (as the slower code drops to AOSP, no Pixels vendor fixes etc too)?
- that Apple had way more munition before the DMA and got away with having notarization still? (also the recent, subpar performance of Google lawyers in a DMA workshop)
- being able to conform to political sanctions more easily (geopolitics) or worse, easier jurisdictional bans of apps?
- (unlikely, but also ranâŚ) competition: Amazon going generic Android, moving away from FireOS and not making it too easy on them? other markets?
2 Likes
On the surface this would seem to be a reasonable way to cut down on scam apps, which Google claims are 50x more prevalent on sideload sites.
Being Google, though, one may rightly have suspicions that this is a Trojan horse for some other nefarious scheme. Here are some possible sides effects of the new policy
(source: Android Developer Verification - Consumer Rights Wiki):
===
â˘Alternative app stores
F-Droid faces serious challenges with the repositoryâs build-from-source model conflicting with developer verification requirements. Alternative stores must make sure all hosted apps come from verified developers, effectively extending Googleâs verification to all distribution channels.
â˘Educational development
Educational institutions face challenges as well:
- Student projects require individual verification for testing
- Sample code from textbooks becomes unusable without verification
- Classroom demonstrations need verified developer accounts
- Research projects face additional identity disclosure requirements
===
Thereâs more in the article, which is worth a read. But those were the bits that jumped out at me.
Of course, an obvious worry for e/OS users is whether App Lounge can continue to provide anonymized Google Play downloads for users. Google says theyâre not going after alternative app stores, but as always the devil is in the details.
This is a big worry for me as we install all of our apps via anonymous mode. I have had a look at all of them and some (example âOrganic Mapsâ) are labelled fdroid@organicmaps.app.
All apps have been installed from the Murena app lounge.
I donât understand fully the implications of what Google are planning to do. Does this mean that:
- some opensource apps that I use will no longer function or I would not be able to update / reinstall them?
- would anonymous mode still work or would I need to log into Murena / Google Playstore to install any apps?
Excuse my ignorance on this. I donât use many apps but, the ones that I do use are quite important to me.
I was thinking about retro console manufacturers (Retroid, Ambernic or Odin), they are all using stock Android, although Linux support is sometimes great (but doesnât cover all chipsets).
I donât understand fully the implicationsâŚ
@linux_fangirl if youâre running a customrom, very likely install restrictions will be patched out. AppLounge isnât installing apps, itâs fetching apks and give them to system facilities (package manager) doing the install.
This isnât about the customrom Android niche, but the majority on official Android, installing from 3rd party appstores (F-Droid etc). See the remarks at Torsten Grote: "People saying "But I use a degoogled custom ROM, âŚ" - chaos.social and Arstechnica quotes, emphasis mine:
Google plans to create a streamlined Android Developer Console, which devs will use if they plan to distribute apps outside of the Play Store. After verifying their identities, developers will have to register the package name and signing keys of their apps. [âŚ]
Google says that only apps with verified identities will be installable on certified Android devices, which is virtually every Android-based deviceâif it has Google services on it, itâs a certified device. If you have a non-Google build of Android on your phone, none of this applies. However, thatâs a vanishingly small fraction of the Android ecosystem outside of China.
2 Likes
Thanks for explaining. I thought that because our phones were originally Android, they would also be affected by this. All the more reason for people who want the choice of what apps to use on their own phones to be theirs, to use custom roms or buy phones from Murena (and other similar suppliers). This change of policy from Google seems similar to the âwalled gardenâ approach by Apple.
This topic was automatically closed after 30 days. New replies are no longer allowed.