Does anyone here actually support Google’s Developer Verification?

I don’t. I’ve put a warning about it in my repo because I’m against policies like sideloading restrictions, forced ID verification.

Curious what other devs here think. Is Play Store still worth the hassle?

  • curbstickle@anarchist.nexus
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    2 hours ago

    So with your career in ITSec, you’re aware of the massive amount of malware found in the play store? That it has historically been the main distribution vector for malware?

    You have to jump though extra hoops.

    You are downplaying the hoops here by a lot. To install software on my own phone.

    Stop calling installing software “side loading”. Its nonsense.

    • vapeloki@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      55 minutes ago

      I k ow that the Playstore is also full of crap, I don’t deny this.

      But, just because our back window does not close correctly, do you leave the front entrance open?

      Not the best analogy maybe, but a visual one

      • curbstickle@anarchist.nexus
        link
        fedilink
        English
        arrow-up
        2
        ·
        46 minutes ago

        Except you have it backwards. The play store is the primary vector. The play store is also pre-installed on Android devices, and even without the whole verification nonsense, you still need to allow a different app repository to install.

        Not cleaning their own play store up first means it has nothing to do with what they are claiming. And lets be candid - they have absolutely not.

        The analogy is bad specifically because its not reflecting the issues anywhere near accurately. This is closing a window on the second floor while the front door is wide open with a sign that says “Come on in!”.

        • vapeloki@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          41 minutes ago

          That assumes that Google does not do anything about the appstore and that is objectively not true.

          Is it enough? No ideas, but still, it does not change the need for better endpoint security.

          • curbstickle@anarchist.nexus
            link
            fedilink
            English
            arrow-up
            2
            ·
            38 minutes ago

            I firmly disagree. The issue has nothing to do with the endpoint. They have done very little with the play store relative to this massively impactful change to installation practices in creating a walled garden - precisely the reason many, myself included, chose not to go with iOS in the first place.

            So the very idea that this is an endpoint security issue rather than an app store issue is, to me, laughable at best.

            • vapeloki@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              32 minutes ago

              Then we agree to disagree.

              I think we are manly on the same page, but different opinions on priority and that’s fine.

              I declare both as a risk.

              From my perspective, with this change, we could make Google directly reliable for malware in the appstore.

              While this started as a very anti consumer change, as long as sideloading stays possible, this is a good measure.

              • curbstickle@anarchist.nexus
                link
                fedilink
                English
                arrow-up
                2
                ·
                edit-2
                23 minutes ago

                we could make Google directly reliable for malware in the appstore.

                There is no reason they shouldn’t be now. Developer verification for the play store is one thing. Developer verification for installing an application on your own device is wholly separate.

                I declare both as a risk.

                And one is substantially higher risk than the other. Namely, the play store. As we recently saw with tens of millions of downloads from just a handful of apps in the play store. Does requiring this developer verification on a device resolve that problem? No. Not even remotely, does it?

                While this started as a very anti consumer change

                As long as it impacts the device use (it does), it still is.

                I’m leaving Android over this. I doubt I’ll be the only one.

                • vapeloki@lemmy.world
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  12 minutes ago

                  I’m leaving Android over this. I doubt I’ll be the only one.

                  Good! I hope alternative mobile operating systems get traction out of this!

                  And again, there is no verification need anymore! That is exactly why I am so pissed about this debate in general.

                  Is the workflow simple? No. Is the 24hour period comfortable? No. Do I understand why? Yes, but one or two hours would be enough

                  • curbstickle@anarchist.nexus
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    7 minutes ago

                    Good! I hope alternative mobile operating systems get traction out of this!

                    We’ll see. The plan for now is a tcl flip with hotspot and a clamshell linux box in my pocket.

                    And again, there is no verification need anymore!

                    Please read the very first sentence in that slide. Then read through those steps again (and look at the steps inside of those steps).

                    Yes, there is a need still, or there are a series of annoying, anti-consumer steps involved, in an effort to have a walled garden.

                    Android and Google are not worth supporting over this. Again, not dealing with the play store first and thoroughly tells me this has nothing to do with security. If it did, they wouldn’t be going this route.