←back to thread

A theoretical way to circumvent Android developer verification

(enaix.github.io)
194 points sleirsgoevy | 3 comments | 31 Oct 25 20:20 UTC | HN request time: 0s | source
Show context
asimops ◴[31 Oct 25 21:30 UTC] No.45776925[source]
While it is technically feasible, it is not a good idea to try and find a technical solution to a people/organisation problem.

Do not accept the premise of assholes.

I hope we can get the EU to fund a truly open Android Fork. Maybe under some organisation similar to NL Labs.

--- edit ---

Furthermore, the need for a trustworthy binary to be auditable to a certain hash or something would make banning this a simple task if Google would want to go that route.

replies(8): >>45777355 #>>45778228 #>>45778511 #>>45779765 #>>45779867 #>>45780458 #>>45780743 #>>45781937 #
closeparen ◴[01 Nov 25 01:28 UTC] No.45778511[source]
The same EU that's doing Chat Control?
replies(5): >>45778682 #>>45779494 #>>45779799 #>>45780908 #>>45781445 #
rf15 ◴[01 Nov 25 02:03 UTC] No.45778682[source]
The same EU of which parts are trying to make chat control work and are once again abandoning it. Politician get this particular fancy idea every other year in all kinds of countries, not just EU. Overreach out of desperation for a problem that cannot simply be solved is wrong but understandable.
replies(1): >>45780562 #
igor_akhmetov ◴[01 Nov 25 10:17 UTC] No.45780562[source]
Desperation for what exactly? More control?
replies(1): >>45781215 #
ForHackernews ◴[01 Nov 25 12:45 UTC] No.45781215{3}[source]
They are trying to stop crime, including sex/drug trafficking and child exploitation. If you want to have an intellectually honest debate, you need to be clear that private communication apps do make it more difficult for police to conduct legitimate investigations. You do yourself no favours painting all politicians as power-hungry caricatures.
replies(2): >>45781496 #>>45782734 #
1. 0xDEAFBEAD ◴[01 Nov 25 16:04 UTC] No.45782734{4}[source]
If chat control is a good-faith effort to stop crime, why can't Android developer verification be a good-faith effort to stop cybercrime?

If politicians are not all power-hungry caricatures, is it possible that the same is true for businesses?

Android has millions of users worldwide, many of whom are far less computer-literate than HN users. I think it's very reasonable for Google to put speed bumps in front of malware developers trying to distribute through the Play Store. If you're a half-decent dev, $25 is nothing compared to the opportunity cost of your time in developing your app.

This whole thing seems to be a fairly recent announcement on Google's part, so it's unsurprising they're still hammering out details for hobbyist devs? How about making constructive suggestions for ways that Google can protect ordinary people without stopping power users?

replies(1): >>45783469 #
2. ForHackernews ◴[01 Nov 25 17:25 UTC] No.45783469[source]
I think the issue is not about distribution in the Play Store (I don't actually have any problem with that: their playground, their rules) but the fact that they are going to break sideloading and alternative app sources like F-Droid.

I struggle to see any good-faith need to erect additional barriers to protect users from running the programs they want on devices they own, when you already have to be fairly expert to enable developer mode, install via adb, etc.

replies(1): >>45787331 #
3. 0xDEAFBEAD ◴[02 Nov 25 02:13 UTC] No.45787331[source]
That's fair.