zlacker

[return to "Google will allow only apps from verified developers to be installed on Android"]
1. abeyer+6G[view] [source] 2025-08-25 22:02:59
>>kotaKa+(OP)
Even aside from the privacy implications (which aren't trivial themselves,)

Doesn't this make it prohibitively difficult to do local builds of open source projects? It's been a long time since I've done this, but my recollection was that the process to do this was essentially you would build someone else's (the project's) package/namespace up through signing, but sign it locally with your own dev keys. A glance at the docs they've shared makes it sound like the package name essentially gets bound to an identity and you then can't sign it with another key. Am a I misremembering and/or has something changed in this process? Am I missing something?

◧◩
2. dvdkon+RW1[view] [source] 2025-08-26 10:12:01
>>abeyer+6G
If so, then this change will likely make it illegal to distribute APKs of GPLv3 software, since the recipient couldn't run their modified version.
◧◩◪
3. weirdp+Il2[view] [source] 2025-08-26 13:12:39
>>dvdkon+RW1
And thus accelerates Google's push away from APKs, preferring instead for all developers to embrace their proprietary App Bundle format. Complete with ad hoc signing performed by the Google Play store at time of download. The bundle is also customized to the device, meaning an .aab file ripped off a device won't necessarily be loadable on another device since it could have different configurations/hardware that happen to limit it.

I think anyone who works as a dev knew this was Google's endgame the moment they started circling the wagons with the app bundle stuff. It was already getting weird before that, but it was uncharacteristically out of step with historic Android.

[go to top]