Open Letter to Google on Mandatory Developer Registration for App Distribution

Posted by kaplun 8 hours ago

Open Letter to Google on Mandatory Developer Registration for App Distribution(keepandroidopen.org)

347 points | 289 commentspage 3

boje 7 hours ago|

Uh, is having Aurora Store as a signatory a good idea? It's literally a Google Play Store bypassing tool.

octoclaw 7 hours ago||

The real issue is that mandatory registration doesn't actually stop scammers. It stops hobbyist developers and small open source projects.

Scammers will use stolen identities or shell companies. They already do this on the Play Store itself. The $25 fee and passport upload haven't prevented the flood of scam apps there.

Meanwhile F-Droid's model (build from source, scan for trackers/malware) actually provides stronger guarantees about what the app does. No identity check needed because the code speaks for itself.

The permission-based approach someone mentioned above makes way more sense. If your app wants to read SMS or intercept notifications, sure, require extra scrutiny. But a simple calculator app or a notes tool? That's just adding friction for no security benefit.

jeroenhd 6 hours ago|

The permission problem also affects normal apps. Things like KDE Connect quickly become useless without advanced permissions, for instance.

No permission system can work as well as a proper solution (such as banks and governments getting their shit together and investing in basic digital skills for their citizens).

umairnadeem123 4 hours ago||

[dead]

hbn 4 hours ago||

> periodic re-confirmation

This just trains everyone to blindly click "accept" thus adding zero security while making the UX terrible for people who know what they're doing

AlotOfReading 4 hours ago||

Why is that an acceptable middle ground for you? I trust f-droid apps a lot more than anything installed from the Play store. The same restrictions should apply to Google's store as others.

dsl 6 hours ago||

Dear Undersigned,

I have an APK I would like you to install on your personal phones. No, I won't tell you who I am.

Please let me know when you are comfortable with this.

nickorlow 6 hours ago||

If I want to run a piece of software on my phone, I shouldn't need to go ask google whether they're cool with it

mixologic 56 minutes ago||

This is already true if you want to run a piece of software on an iPhone, on MacOS, on Windows, on any video game console.

jhasse 2 hours ago|||

Sure thing, as long as it doesn't require any permissions. I have installed multiple apks on my phone from unknown people. Note that Google's requirement is also for completely permissionless apps like games.

bigstrat2003 6 hours ago|||

Nice strawman. People want the ability to decide for themselves whether or not to install some APK, they are not saying every APK under the sun is trustworthy.

dsl 6 hours ago||

It is a simplification, not a strawman.

If you want to make the decision to install Hay Day, the user should be able to know that it is the Hay Day from Supercell or from Sketchy McMalwareson.

99.9% of apps should have no issue with their name being associated with their work. If you genuinely need to use an anonymously published app, you will still be able to do that as a user.

nickorlow 5 hours ago|||

> If you genuinely need to use an anonymously published app, you will still be able to do that as a user.

I'm pretty sure the goal of Google's changes is to make it so you can't

NicuCalcea 5 hours ago|||

Android already tells users when they're installing software from outside the Play Store and shows big scary warnings if Play Protect is turned off. What else do you want? If I want to install something from Sketchy McMalwareson after all that, that's my phone and my business.

zem 6 hours ago|||

sure, point me to the fdroid page for it

exe34 6 hours ago||

No.

rprend 6 hours ago|

Side loading is an interesting hobby horse for hackers. It causes material harm to a lot of people. But hackers want to keep it anyway for themselves for ideological and aesthetic reasons.

mhitza 6 hours ago||

Who says that Google is the one to decide what open source software I can install on my mobile Android computing device?

rprend 5 hours ago||

Wym? Google says it’s the one to decide. They are doing this because side loading causes fraud. There is pressure and lobbying (like this open letter) to stop them from locking it down.

mhitza 3 hours ago||

It was a catchy rethorical question. Desired emphasis on the fact that a smartphone is a computing device.

If you like to not be able to run whatever software you want on your computer, and the one your family owns, that's your thing.

Its another pretense, like disabling full disk encryption, where people came with these ideas (instead of other options), because its convenient to them to pretend its the right thing.

rprend 30 minutes ago||

When systems scale you have to look at the effects in aggregate. Android is a tool used to manage billions of people’s finances. If you allow unreviewed apps, people get scammed by fake banking apps.

You might say people shouldn’t be so dumb, or that we should educate them, but the fact is that it happens. If you allow unreviewed apps, people get scammed at a higher rate. If you allow a backdoor, people get scammed at a higher rate. People still get scammed with app store review, but the difference between 1%, .9%, and .8% is millions of lives ruined.

I’m a hacker at heart and I like general purpose computers, but when a tool becomes essential, it can ruin lives. You have to consider your externalities. Otherwise you are a factory dumping pollution in the river.

This debate is an interesting collision between the well being of the general public versus a tiny, elite class (hackers) and their ideology.

TJTorola 6 hours ago|||

Ideological is carrying a lot of weight there. Perhaps you can be more specific about the ideological arguments you are hearing that are not worth it?

rprend 5 hours ago||

Walled gardens have less fraud and malware because it's less open. But developers prefer open source decentralized software. Of course, we are technologically literate enough to avoid the fraud. It's similar to drug decriminalization or the legalization of sports gambling.

jrm4 4 hours ago|||

Citation please; and remember your answer is incomplete without a comparison to the safety of NON sideloaded apps.

hypeatei 6 hours ago||

Okay, then every book, every email, every text message, every comment, and every letter should be signed by a third party that's verified your ID. After all, there's speech which can cause material harm and free speech is just an ideological thing. It'd be dangerous if we allowed unsigned messages to be sent between people.