How is this going to be enforced if you are just downloading apks? It states they will enforce verification across sources outside of the play store. This doesn’t sound possible unless they just make stock android unable to side load

  • tomalley8342@lemmy.world
    link
    fedilink
    English
    arrow-up
    20
    ·
    3 days ago

    How is this going to be enforced if you are just downloading apks? It states they will enforce verification across sources outside of the play store. This doesn’t sound possible unless they just make stock android unable to side load

    apks will have to be cryptographically signed through Google’s developer console, and this signature will be checked by the operating system at install time regardless of where you got the apk from. It’s like how windows has signed applications for smartscreen, except in this case all applications must be signed through Google, and in order to sign it, you have to let Google know where you live, and unsigned applications will simply be denied instead of just being presented with a warning.

    • tomyhaw@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      6
      ·
      3 days ago

      Makes sense. Is Google play store just apk files as well? I thought there was some other special sauce with it as well besides just running spyware in the background. This all sounds like a good way to get full names for YouTube add less app makers…

      • tomalley8342@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        3 days ago

        You are likely thinking of google play protect, which does the same verification on their platform’s end (to try to remove bad actor developer accounts as soon as possible), and the local device end as well (to remove said developers apps if they are already installed on your device). But yes, at the base level, what arrives on your phone from the play store are just signed apk files. That’s why mirror sites like apkmirror or apkpure can do what they do, by extracting said apks after they have been released onto the play store.

        • EarMaster@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 days ago

          That’s not quite all of it. It can also do diff updates (so you don’t have to download the whole apk), staged rollouts and different builds for different devices. And of course it provides APIs for license management, in app purchases, update notifications, etc. All of this could be achieved by using other services (like F-Droid) or custom build websites, but the convenience for the everyday user isn’t quite the same.

        • tomyhaw@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          2
          ·
          3 days ago

          Thanks for the explanation. So essentially custom roms with Google play services removed will actually be needed to download to he good apps like new pipe and the like