[guardian-dev] Google's new App Signing service

Hans-Christoph Steiner hans at guardianproject.info
Tue May 23 10:24:21 EDT 2017 

That's a nice feature indeed.  I'm really afraid they're just going to
remove it entirely.  ChromeOS doesn't have that option, for example.
You have to put the whole device into developer mode.

.hc

Nathan of Guardian:
> That said, at Google IO, I think in the security talk, they made a big
> deal to point out the evolution of "Unknown Sources" to the ability to
> approve it for just one app, enable to support third-party app stores. 
> 
> On Tue, May 23, 2017, at 08:55 AM, Hans-Christoph Steiner wrote:
>>
>> I think the more practical, less paranoid read of this move is Google
>> trying to take control over more of the Android ecosystem.  If they can
>> get app developers to let Google to the whole release process, that will
>> make it harder to also release the app on other app stores.
>>
>> .hc
>>
>> Elmor:
>>> This is not only happening on mobiles. Since about one year, your add-ons on Opera and Firefox are "verified". If developers do not let their add-on veriefy, they are suspended.
>>>
>>> What also poped into my eyes was point "3. Permanent Enrolement". If you have a well going app and the name is in all ears and mind, you will lose that name should you decide to get out of the GPAS.
>>>
>>> If Michael's and Nathan's fears - I do share them - are true, then apps can only be securely downloaded and installed from developers own website.
>>>
>>> Tricky move.
>>>
>>> elm-
>>>
>>>
>>>
>>> On May 19, 2017 3:12:04 PM GMT+01:00, Nathan of Guardian <nathan at guardianproject.info> wrote:
>>>> On Fri, May 19, 2017, at 07:29 AM, Michael Rogers wrote:
>>>>> Paranoid people might suspect that this simultaneous move by Apple
>>>> and
>>>>> Google is the result of political pressure to provide some means of
>>>>> adding/removing functionality, such as end-to-end encryption.
>>>>
>>>> You read my mind.
>>>>
>>>> +n
>>>> _______________________________________________
>>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
>>>
>>
>> -- 
>> PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
>> https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
> 
> 

-- 
PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556

More information about the guardian-dev mailing list