197
Man, good thing they aren't a monopoly or anything. Imagine the horror they could unleash
Paradoxically, this move towards trying to make things more secure is actually gonna make things LESS secure.
Because it means that now the only way for people to continue using alternative apps is for them to be shipped with debug keys (the ones used during development) which are fundamentally insecure since they allow anyone to produce an apk and be accepted as a valid update of the app..
You still can release an apk that works by using a debug key.. the problem is that debug keys have essentially "public" credentials. Until now, it was possible to use your own credentials and ensure the app is secure by protecting your own keys and credentials, which is what F-droid was doing. Now this no longer is possible. I don't think this is the end of F-droid, but it'll be the end of F-droid using mechanisms for verification that used to be built-in on Android.
But I expect F-droid should be able to have it's own system for verification, before installing, that is parallel and independent of the apk signing process. They could have signatures in a separate file, outside the APK. This also has the additional paradoxical result that in order to ensure that the apps installed are safe, it's MORE important now to have a store app alternative that you trust and that can implement alternative signing/verification methods.
So... if anything, this move from Google makes Android less secure and makes key signatures within the apks kind of moot for any store that isn't Google-owned... however, it also means installing a non-Google owned store with some level of security guarantees is much more important now.
What making things more secure? Google was absolutely NEVER concerned about the security and privacy of their user, it goes directly against their core interest as an advertising company. This move is 100% about taking control over their user and developers on their platform and is exactly 0% about doing anything to improve the security of their user.
Google is not even trying to pretend otherwise, notice how Google is only requiring verification of the developer's, and absolutely not doing anything about verifying the actual apps from those developers, just like they have not really done anything meaningful about security checking the apps submitted on their Play Store since ever.
That's why it's a paradox. They are claiming to do something for security, where in actuality their stricter policies are doing the opposite. This move essentially renders apk's built-in signing mechanisms worthless. Android is going down the path now of being as insecure as MS Windows when it comes to app installation.
This is not gonna stop rogue apks from outside Google's store, it's just gonna make them less secure.
This is not gonna stop alternative stores, it's actually gonna make them more important for further security checks.
This is not gonna give Google more control over Android, it's gonna make it easier for abusers to gain control.
I suspect a step Google could take is start adding extra warnings and layers of confirmation when it comes to installing apps making use of debug keys to try and deter users from doing it.. but this could then annoy developers, numb users to the warnings, and strengthen the case regarding anti-competitive behavior.
Is it a paradox, or is it just lying?
I'm just calling it a paradox because they are making it less secure by enforcing stricter security.
It's like how creating stricter regulation against drugs sometimes results in more problems with drugs than when the regulation was more relaxed. To me, that's a paradox.
Generally, a stricter security policy results in more security, but there are times it gives the opposite reaction when the stricter policy causes a trend that popularizes alternative methods that are actually less secure. There's always the social factor, and that one is not easily predictable... in fact, it could be that I'm wrong and most devs will decide to register with Google, or simply stop supporting official Android firmware, instead of relying on insecure debug keys. We'll see.
What could go wrong! It's not like Google is known for arbitrarily deciding to prevent people from doing things with no clear explanation nor way to talk to a human. This will go great!
They also don't just abandon hundreds of major projects, services, and apps when they seemingly get bored with them, or they don't generate enough revenue...
"Don't, be evil"
Its the time for SailfishOS! (While we figure out something more long-term, sailfish is an interim solution)
If Google ends up winning, the only things I see possible are to fork AOSP completely and make lineage and graphene operating systems in their own right, instead of in name only, or go to Linux Mobile, and if none of that is possible, then go back to desktop and declare mobile to be dead.
I am not carrying around my desktop computer.
Oh boy, my friend, do I have the perfect product for you. They make this thing called a laptop that takes the usefulness of a desktop and makes it so that it fits in your lap. Can you believe it?
Well, you convinced me. I'm going to get rid of my lightweight handheld computer that can also make phone calls so I can carry around a laptop that by default will not make a phone call.
LMAO
I don't know much about the Linux phone scene, but I'm taking a look at Ubuntu Touch again.
I think they offer a way of virtualizing it, so I might do that to try it out since I've never played with it before.
Humanity requires a safe mobile OS and Android was it for so very long. Hopefully, the Google accountants / shareholders work out the significant potential losses if they drive the evolution of an industry of new OS and new hardware options. Suspect that they will push their monopolist beast as far as they can get away with. They'll have a dollar cost that they are willing to risk in the coming debates.
On the bright side, maybe this will prove to be the impetus for a working Linux phone.
I just started developing my own app, so love this extra random burden. /s
this post was submitted on 29 Sep 2025
197 points (99.0% liked)
F-Droid
9687 readers
38 users here now
F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.
Matrix space | forum | IRC
founded 4 years ago
MODERATORS