zlacker

[return to "Delayed Security Patches for AOSP (Android Open Source Project)"]
1. gessha+Xl[view] [source] 2025-09-07 16:55:56
>>transp+(OP)
> We want to make sure that if you download an app from a developer, regardless of where you get it, it's actually from them. That's it.

In what scenario is this a serious threat because I can't think of any.

◧◩
2. wmf+Rm[view] [source] 2025-09-07 17:02:37
>>gessha+Xl
People are installing banking apps that are actually from criminals. Basically app phishing.
◧◩◪
3. const_+Ht1[view] [source] 2025-09-08 02:37:47
>>wmf+Rm
The reason this happens is that greedy companies like Google have made apps the de facto way to get anything done.

There's 0 reason you should need an app to fucking pay for parking. Why do you then?

Because running mostly unsandboxed native code on customers devices is a fantastic way to steal data and build profiles. Browsers just don't cut it - they're too safe, too secure, too abstracted.

Let's be honest here - what is a banking app? Web forms, some more web forms, and then to top it off, some web forms. I mean, hell, half these apps are just web views with spywa - I mean analytics - slapped on top.

[go to top]