262
submitted 3 days ago* (last edited 2 days ago) by jksalcedo@lemmy.ml to c/opensource@lemmy.ml

Does anyone here actually support Google's Developer Verification?

I don’t. I’ve put a warning about it in my repo because I’m against policies like sideloading restrictions, forced ID verification.

Curious what other devs here think. Is Play Store still worth the hassle?

you are viewing a single comment's thread
view the rest of the comments
[-] vapeloki@lemmy.world 7 points 3 days ago* (last edited 2 days ago)

Yes I am.

I spend a long time of my career in IT Sec.

80% of android users will freely install whatever APK from wherever.

Info stealer infected fake apps are a massive risk to a huge part of the user base.

Yes, it will get a little bit more complicated to sideload. But nobody is prevented from it.

And everybody that is against user protection (and yes, this is fucking user protection, just not for you) is invited next Christmas to de-worm the android devices of my family without wiping them.

EDIT for all those that only read the memes. Sideloading will NOT be disabled. You have to jump though extra hoops.

Yes, the way they do this is not even testable yet and we can argue over details.

I support the principal idea, as someone who had to live with the fallout of people who installed "it support apps" because someone told them to

[-] ItsAlwaysDNS@sh.itjust.works 49 points 3 days ago

Most scam apps are in the Google Play Store btw

[-] flyingSock@feddit.org 8 points 3 days ago

maybe because it was to easy to upload to the googleplay store. Maybe there should be some kind of verification of the person uploading. How could this be accomplished?

Joking aside I don't think side loading should be encoumbered like this, but for the official app store it makes sense.

load more comments (2 replies)
[-] thingsiplay@lemmy.ml 30 points 3 days ago

Spoken like a true Microsoft and Google agent.

load more comments (4 replies)
[-] lime@feddit.nu 21 points 3 days ago* (last edited 3 days ago)

so the real-world id requirement is also user protection? play store is basically an info stealer at this point.

[-] altkey@lemmy.dbzer0.com 12 points 2 days ago
  1. Google being a private american company that claims the authority of what is okay and not okay on most devices over the world is problematic, especially in the context of ICE tracking apps, VPN apps, private messaging apps etc. They take this power but don't take responsibility and would not be put into court if this measure would be proven useless if not harmful. I still remember how they complied with deleting Navalny's app from russian app store and nothing stops them from revoking said IDs as well if they don't like what dev does for a reason they'd not care to explain.
  2. The side-benefit of that is a manifest v3-style hunt for those who still use their computing devices without watching ads. Alternative apps for social networks and google's own resources is probably the only category I know half-savvy people still intentionally install, sometimes going out of their way for that. While this seems small, adblocking was too, and piracy was never anyone's problem, but by totally crumbling it once again some CEO can get a bonus.
  3. We are talking about Google's Android, they had around 15 years to fix the swiss cheese their OS is, to clean obvious garbage from their app store, with modern phones you need to jump through the hoops to enable apk installation and even more hoops to root it, and it still isn't perceived as safe, but does feel like a closed garden iPhone without benefits of having an iPhone - quality basic apps, curated store and need of israeli hack tools to reliably break in. Small scammers still get their bread and butter by sending links to infected files, big scammers vacuum everything you ever have with no explicit user's agreement, and I don't see how that would change with ID requerement they are no bank or government to ask for, but they'd, soon.

I think you should invite people to join you on not one, but two Christmasses to compare before and after. I'm sure they won't magically fix things this time, at best it would be a little setback not changing much in the end. What it would do is directly giving Google even more power while hurting open source community, alternative appstores and OSes.

[-] hneerqe@lemmy.world 12 points 2 days ago

80% of android users will freely install whatever APK from wherever.

I should care because? Do they care about me not wanting google shoved in every aspect of my life?

load more comments (10 replies)
[-] Cassa 17 points 3 days ago

so your family's devices get their apps from outside the play store?

people are effectivly prevented from sideloading. not "just a little more complicated"

[-] iByteABit@lemmy.ml 14 points 2 days ago

of course nana uses adb exclusively to install apps on her smartphone, after all this is a totally real story about user protection right?

[-] TrickDacy@lemmy.world 11 points 2 days ago

80% of android users will freely install whatever APK from wherever.

A ridiculous and absurd lie. 90% have zero clue what one is, let alone go into the developer settings (there are one, maybe two settings you have to enable) to change the settings to even make that possible. Why are you lying about this? It's weird.

[-] vapeloki@lemmy.world 3 points 2 days ago

I am lying? OK, so is:

I have over 2 decades of background in hardcore IT-Sec, i know my stuff. And you? What is your qualification, where are your sources?

[-] TrickDacy@lemmy.world 7 points 2 days ago* (last edited 2 days ago)

I have over 2 decades of background in hardcore IT-Sec, i know my stuff. And you? What is your qualification, where are your sources?

I wonder if a statement like this ever once convinced anyone of anything. My guess would be it nearly always has the opposite effect. You basically told me that whatever I know doesn't matter because "trust me bro". For all I know, you're the worst source ever for literally every topic. Your articles didn't back you up. Why do people bother with shit like this? "I'm an expert so what I say goes" is idiotic and in no way addresses the common sense point I was making: the average person definitely doesn't know or install apks because of fucking course they don't. If you said 80% would if scammed, that's at least plausible but I'm not even sure I could believe that. The well is poisoned now in any case so you're not convincing anyone here after this... Whatever masturbatory shit this was. Or just shilling for a corporation? Who the fuck knows

[-] zod000@lemmy.dbzer0.com 6 points 2 days ago* (last edited 2 days ago)

He just using the old "Argument from Authority" logical fallacy. I've worked with tons of people, even those that did in fact "know their stuff", that thought it was perfectly valid to dismiss others because of their experience being more extensive than others. Ironically, after I'd prove these people wrong in serious matters (usually several times), I somehow got added to the nebulous authority whitelist in their head. I don't want to just be believed became I'm dammit, believe me when I'm correct and provide evidence!

load more comments (6 replies)
[-] TrickDacy@lemmy.world 4 points 2 days ago

Given that your first article says nothing about 80% I'm not continuing to click your links.

I was being generous when I said 90%.

Source: I have ever spoken to another human.

load more comments (12 replies)
[-] skyline2@lemmy.dbzer0.com 8 points 2 days ago

Alternate stores like Accrescent and FDroid are blocked by this policy, and Google refuses to implement any mechanism for authorising at the store level either. Store level authorization is an obvious alternative to verification of each individual app.

Both Accescent and FDroid have some oversight processes in place, and do not contain "random" APKs. Googles actions show the real motive, which is control... not security.

load more comments (7 replies)
[-] avidamoeba@lemmy.ca 7 points 2 days ago

for all those that only read the memes.

For someone who possibly considers themselves better informed than others, you're seem to be missing the fact that Google's plan had no option for sideloading unverified apps until a sizeable outcry from us (a lot of professional developers and users). Unverified app installation was only allowed (via new hoops) after this action. For now. The fact that Google's plan did not have an option for installing unverified apps shows us what they really want. Therefore it won't be surprising if they make it increasingly difficult or impossible in the future.

load more comments (4 replies)
[-] Pollo_Jack@lemmy.world 7 points 2 days ago

At least make it a toggle, like you need to request access for your account for your phone.

Kneecapping everyone because idiots exist is idiotic.

load more comments (2 replies)
[-] curbstickle@anarchist.nexus 5 points 2 days ago

So with your career in ITSec, you're aware of the massive amount of malware found in the play store? That it has historically been the main distribution vector for malware?

You have to jump though extra hoops.

You are downplaying the hoops here by a lot. To install software on my own phone.

Stop calling installing software "side loading". Its nonsense.

load more comments (10 replies)
this post was submitted on 15 Jul 2026
262 points (100.0% liked)

Open Source

47928 readers
255 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 7 years ago
MODERATORS