https://kotlinlang.org logo
Join Slack
Powered by
If you're worried about the upcoming Android devel...
# android
g
If you're worried about the upcoming Android developer verification by Google, there is a lot of FUD and misinformation out there -- don't believe it. Here's the real scoop.

https://youtu.be/A7DEhW-mjdc

not kotlin but kotlin colored 4
👀 1
💩 3
d
"don't believe it" lol. It is a shit show, it is privacy invasive and puts Google extremely powerful position where they decide what users can and can not install on their own phone.
☝️ 5
g
I agree that there is a lot of incorrect understanding of the situation, and I'm glad that Google is starting to give more info on how it will work. But I also agree with David, it's not like removes worries. It still has a lot of problematic areas
d
I think moving to protect users are fine, but limiting the freedom of the entire userbase along the way is not. On my computer I can install what ever app I want, w/o Google, Torvalds, Microsoft or Tim Cook having a say. Why shouldn't it be the same on mobile? With this "feature" you literally can't cut Google out, they will always be in the power position of deciding what is good for you. What is next, deciding what websites I can visit because some websites are harmful as well? Why should they not limit that too? It is just like on an airport right, you have to make sure the websites are good so you don't board the wrong website?
❤️ 3
g
Also by their own words, it will be free, no gov id necessary account, which perfect for targeted scams, when scammer asks users to install their app (all those stollen bank accounts data etc) I understand that it makes some types of scam more difficult and more expensive, but for some types (quite popular ones actually) it's pretty much useless, especially concidering how far fetched and invasive the solution is
☝️ 2
> Why shouldn't it be the same on mobile To be honest, it happens this way specifically because mobile are way more popular than desktop If it would change in a way that windows/macos would work on mobile, it would happen there Desktop is just too niche now, but everyone have a phone
d
Also, just the ability to be able to do this is madness. US gov might put pressure on them to remove some developer and suddenly they'd have to do it. They will also make mistakes themselves, incorrectly banning developers and we all now how easy Google is to get hold of, lol.
👍 1
g
Not even only US government, a lot of other too
d
True, they'd have the same problem in other countries.
g
My take on this, that honestly a part of problem is terrible UX of permissions requests and overboard with them. Users learn to absolutely ignore all of them, because every single app asks multiple of them, including valid cases with permissions where user have to go to settings
☝️ 1
d
E.g our app helps with avoiding censorship and focuses on increasing privacy. I can totally see e.g Russia forcing Google to ban our app in their country. Suddenly users would have no way of reaching free and open internet in autocracies.
I agree, there are plenty of steps that could be taken that would make it harder to install malicious third party apps, while still allowing it to be open.
g
I can totally see e.g Russia forcing Google to ban our app in their country
About russia, it was relatievely recent case which absolutely enraged me. When Apple, who technically doesn't work in Russia, removed VPN from Appstore for users in Russia
🤢 1
d
We've had the same happen for our app, currently not blocked on Play Store, but F-droid took it down in Russia.
👍 1
g
😢 2
d
A lot of users get our app through word of mouth and being able to send a apk, or get it through GitHub.
2
g
It's obvious that a lot of you (maybe all) didn't actually watch the video. If you are a developer for a company, there will be no need for YOU to register. Your company will be the one registered. If you are just doing this for fun, hobby, etc, you won't need to register, you'll still be able to load via ADB. The only time you'll need to register is if YOU want to distribute signed apps to people's phones. I think this is perfectly fine. It keeps bad actors from installing bogus apps on unsuspecting users. If you want to be anonymous, you're in the wrong business.
☝🏻 1
@David how do your users know you're not keeping track of what they do and say through your app and ratting them out to the KGB? If only there was a way they could trust the app... 🤔 That's what Google is trying to do.
I think a lot of people think "Well, I don't install apps from nefarious app stores, so I don't care about the bad actors. Google quit trying to rule my life." That's all fine and dandy until your grandma gets her life savings stolen.
g
I watched this video
But you didn't read our discussion, because none of your points are relevant
I specifically explained, that a targeted scam is not protected by those changes
And those changes absolutely do not protect user privacy as in you imaginary example with KGB
d
I also watched the video, and you make the assumption that Google are good guys and always will make good decisions. You obviously didn't, as Andrey wrote, read our discussion. And just reiterated bad talking points that are not actually covering the problems with this solution. Regarding our users, our app is open source, you can read the source code, you can reproducibly build our app to ensure what we ship is what we say it is. We don't require user information, e.g email, and we have a track record of staying true to our mission. This is not the case for Google and users' privacy.
> I think a lot of people think "Well, I don't install apps from nefarious app stores, so I don't care about the bad actors. Google quit trying to rule my life." That's all fine and dandy until your grandma gets her life savings stolen. > Same goes for websites right? And phone calls, and sms. So it makes sense to go through Google and ask nicely that you are allowed to call your grandma so she doesn't get scammed by you right? I hate these bullshit talking points. "Mass surveillance is good because think of the children." And there is totally no way this could be misused by a government or the company itself right? They will always make the right decision. /s
💯 3
b
If I buy a computer, I should retain the right to install whatever software on that computer that I want to. Should the manufacturer include options that allow a user to be more secure by default? Sure, why not. Should the manufacturer decide unilaterally for me that I can not do something with the computer that I purchased? That's a lot more problematic. The more friction that Google imposes on my ability to use my purchased hardware and software the way that I see fit, the more likely it will be for to search for another option. Android is was that option compared to the other duopoly option in the ultra-mobile computing space.
g
I did read your discussion and I respectfully disagree with all your points. I think you all are getting upset about nothing but that's your right. My point of posting this is to enlighten people on the ACTUAL implementation of developer verification from the horse's mouth and to dispel the FUD that's going around about it. Is it the best solution? Maybe not, but it's WAY better than the alternative.
b
Maybe we watched separate videos, but the part of the video that I watched said that Android will need an "should be always online internet connection so that the device can dial home anytime someone wants to install software on a computer they own", or... "just use ADB".
And that users won't have a choice in how they manage those capabilities for the computers they own.
I don't see any FUD here. These are Google's own statements about their implementation.
g
And that users won't have a choice in how they manage those capabilities for the computers they own.
Users are being protected from something they don't understand -- i.e. they don't realize that bad actors can steal their identity, empty their bank accounts, or steal the hard work that a legitimate developer puts in his app. I would think as developers that last one would hit home.
I don't see any FUD here. These are Google's own statements about their implementation.
I'm not saying there's FUD in this discussion, but others I've seen have said that you won't be able to use ADB to install apps without registering as a developer with Google and that sideloading would also be discontinued.
b
Until they verify that you can still allow apps to be installed without going through the OS-locked process and without ADB, then yes, "sideloading", aka, installing software on a computer I own, is discontinued.
And they made it very clear in that video that "users can't disable this, because if they disable it, then users aren't protected any more, and we're doing this to protect users, so yes it'll be on all the time".
And no, "just use ADB" is not a sufficient enough workaround.
👎🏻 1
4 Views
Open in Slack
PreviousNext
Powered by