zlacker

[return to "Google will allow only apps from verified developers to be installed on Android"]
1. 876368+tk[view] [source] 2025-08-25 20:01:04
>>kotaKa+(OP)
Official announcement: https://android-developers.googleblog.com/2025/08/elevating-...

More info:

https://developer.android.com/developer-verification

https://support.google.com/googleplay/android-developer/answ...

Personally...we all know the Play Store is chock full of malicious garbage, so the verification requirements there don't do jack to protect users. The way I see it, this is nothing but a power grab, a way for Google to kill apps like Revanced for good. They'll just find some bullshit reason to suspend your developer account if you do something they don't like.

Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.

> we will be confirming who the developer is, not reviewing the content of their app or where it came from

This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.

TFA had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.

On the flip side, that's one less platform I care about supporting with my projects. We're down to just Linux and Windows if you're not willing to sell your soul (no, I will not be making a Google account) just for the right to develop for a certain platform.

◧◩
2. kllrno+hv[view] [source] 2025-08-25 21:02:02
>>876368+tk
> But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.

The internet permission has nothing to do with ads? It's a hidden permission because:

1) Internet connection is so ubiquitous as to just be noise if displayed

2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar

◧◩◪
3. zrobot+SK[view] [source] 2025-08-25 22:30:26
>>kllrno+hv
I mean, I just did a quick look over the installed apps on this phone and ~1/4 of them would work perfectly well without an internet connection, things like a level or GPS speedometer that use the phone sensor or apps for Bluetooth control of devices [like 0] . Why would something like a bubble level app need internet access for anything besides telemetry or ads? I realize I have way more of these types of apps than the average user, but apps like this aren't a super-niche thing that would be on 0.1% of devices.

I just tend to give Google little benefit of the doubt here, considering where their revenue comes from. Same as when they introduced manifest v3, ostensibly for security but just conveniently happening to neuter adblocking. Disabling access to the internet permission for apps aligns with their profit motive.

◧◩◪◨
4. kllrno+x11[view] [source] 2025-08-26 00:48:21
>>zrobot+SK
There's plenty of actually problematic stuff Google does (like this change in the article), there's no need to make up whack ass conspiracy theories, too.
◧◩◪◨⬒
5. zrobot+941[view] [source] 2025-08-26 01:11:55
>>kllrno+x11
Huh? Not sure how this qualifies as "whack ass". There's an internet permission built in to the OS that Google chose to not expose to the user. The parent poster was claiming there is no reason anyone would want that permission, I then pointed out a whole category of apps that don't need internet to function for anything besides ads and telemetry. All of this is factual info.

So rather than just dismissing the argument via insulting language, can you provide a reasonable alternative explanation for why this setting isn't exposed to the user?

◧◩◪◨⬒⬓
6. kllrno+io1[view] [source] 2025-08-26 04:48:51
>>zrobot+941
The internet permission is exposed to the user, it just can't be revoked by the user. But that's true of like 100 other permissions, too. It's the default case that permissions are not revokable.

And I did provide 2 reasons why that's the case for Internet specifically, neither of which were even attempted to be refuted in this comment chain

◧◩◪◨⬒⬓⬔
7. zrobot+sT1[view] [source] 2025-08-26 09:41:43
>>kllrno+io1
OK, so this is getting ridiculous. The internet permission isn't exposed to the user, unless you are saying that 'exposed to the user' is the same as 'system default and can't be modified'. The user has no way to see or modify that permission.

I pretty solidly refuted your first reason (internet connection is ubiquitious, apps don't need it). I pointed out that there are whole categories of apps that don't need a network connection. You never bothered to refute my argument and are now claiming that I didn't address that point. You claim it is a 'ubiquitous' permission, but haven't said why a level sensor app that just reads the MEMS gyro sensor would need a network connection at all. So that's point 1 sorted, which I already addressed and you are pretending wasn't refuted.

Point 2 was "2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar"

I never addressed this, because it seemed extraneous to the discussion. This data exfiltration is purely a hypothetical at this point, since apps can always rely on a network connection. Sure, if the network setting was exposed to the user and was able to be toggled, there might be ways to bypass that. But that is hypothetical, and relies on hypothetical security loopholes. No apps are currently doing this, since apps can't have their network permissions toggled. The possibility of potentially bypassing the system network permission toggle doesn't seem germane, since it's a hypothetical. To use your words, it's a 'whack-ass conspiracy theory' and not a germane concern.

You've resorted to ad-hominem by insinuating that my viewpoint as a conspiracy theory and haven't even attempted to address my point that there are whole categories of apps that don't need network connections. You also are trying to claim that I haven't addressed points you made, while ignoring my argument that rebutted those claims. I'm sorry, but since you want to engage in this way,why are you so addicted to the taste of Google boot leather? Why are you trying to say that Google doesn't want to protect its ad network? Android apps using Google adsense to serve ads to users clearly benefits them, I don't even see why this is controversial.

[go to top]