logoalt Hacker News

Android Developer Verification: Threat masquerading as protection

1450 pointsby drewfaxtoday at 3:00 AM595 commentsview on HN

Comments

scotty79today at 10:58 AM

As a user how do I opt out? Can I root my phone and excise this crap with some tool?

If this is disseminated through Play Protect, does disabling Play Protect prevent triggering this?

shevy-javatoday at 10:22 AM

It is time to dismantle - and subsequently forbid - Google. Too much Evil is now concentrated in this greedy adCompany. Mass-infecting so many devices on purpose is beyond compare now.

modzutoday at 8:55 AM

how is graphene these days, or is there a better alternative that can run map apps that depend on google play services (like waze)?

show 1 reply
spwa4today at 8:53 AM

So wait ... Google intends to enforce this on old versions of android?

show 1 reply
RIshabh235today at 8:59 AM

we need to create a new os

show 1 reply
huxfluxtoday at 3:05 PM

We can't let this shit roll boys.

matejzvikltoday at 3:40 PM

ghuu

matejzvikltoday at 3:40 PM

ghhj

TZubiritoday at 1:21 PM

>Should a developer — contrary to our recommendation — elect to register themself with Google as a “verified” developer, they should expect to sign up for an account and pay a fee, surrender detailed personal information and upload government-issued identification

Again, there is a tradeoff between protecting consumers and protecting vendors. If you protect the privacy of vendors, you do so at the expense of increasing risk to the consumers.

I don't want to be polarizing, but narcissistic is the best word to describe the position of this article. I'm assuming that when they are consumers, they would find it reasonable that their vendors provide due diligence and be held to higher standards. When they go to the pharmacy, and they buy aspirins, would they choose a tablet of aspirins from a pharmacy that doesn't ask where the aspirins came from or who the distributor or producer is? If such privacy of the producer were respected then the market would open up to actors that provide low quality, counterfeit, or malicious product.

You can't have it both ways. If you are a vendor, you are no longer an anonymous consumer. Installing a VPN, paying with cryptocurrency, using firefox and duckduckgo to avoid tracking, that's not on the table for you once you decide to be on the other side of the production market.

If you want to make software and distribute it anonymously, go ahead and submit it to one of the many malware riddled distributors that don't do any due diligence like npm, github, AUR, why must you insist on being let in a club that doesn't want you? Is it perhaps because the reputation of such club is higher because it doesn't have malware because it performs such due diligence?

At least if you are going to complain about this, do it with standard language don't co-opt cybersecurity terms, adding noise to whoever cares about actual security. If this is really a problem you wouldn't need to exaggerate or plain lie about it.

show 1 reply
transcriptasetoday at 6:58 AM

I think the most fun part with Google is that if some wayward algorithm decides it doesn’t like you, along with nuking your app and developer account it will probably nuke your 20 year old gmail, your kids Google Drive accounts, your wife’s YouTube premium, the Adsense account of some company you worked for in 2008, and disable your Nest cameras.

And you’ll never reach a human to sort it out.

show 22 replies
yunohntoday at 10:14 AM

While I sympathize with the general negative outrage towards this change, I truly believe that people here fail to empathize with the mainstream users of Android phones.

I personally have seen every single older relative and non-tech friend, end up installing bloateare, spyware, and malware inadvertently - because they have no idea how anything in the tech domain works. And given the widespread popularity of Android (globally 70% vs iOS at 30% market share) and even moreso in lower income demographics, it also leads to rampant piracy of obviously non-essential apps like games and streaming (eg Spotify). In fact, even here on HN, almost everyone who has given their parents an iPhone has extolled the virtues of a secured AppStore/device and the peace of mind it brings.

While there may someday be a way to support both the average user and the HN power user, we are not there yet. It’s hard for me to outright reject Google/Android attempts to secure people’s devices.

show 3 replies
mpfecttoday at 9:07 AM

This is exactly why I use Android over iOS, for software freedom. If Google forces ADV and locks out F-Droid, they remove the single biggest differentiator between the two platforms. Making Play Protect into a forced gatekeeper instead of an opt-in security scanner is a massive bait-and-switch for users who care about digital sovereignty.

m_m_carvalhotoday at 12:37 PM

[dead]

ciefatoday at 11:28 AM

[dead]

selectivelytoday at 8:03 AM

[dead]

Rekindle8090today at 3:51 AM

[dead]

p0w3n3dtoday at 7:15 AM

[flagged]

show 1 reply
ranger_dangertoday at 3:47 AM

> How long before they designate all ad-blocking software as malware, block installation on all Android certified devices worldwide, and permanently designate all developers of this class of software as malware creators?

Classic slippery slope fallacy.

https://en.wikipedia.org/wiki/Slippery_slope

History shows that when a "slope" appears... regulation steps in, technology evolves to solve the problem, or the culture shifts to reinterpret the thing.

In almost every case, the feared "bottom" of the slope was never reached because humans constantly built ramps or bridges along the way.

show 8 replies
charcircuittoday at 7:02 AM

This is not malware. It's an official part of Google Play Services.

show 6 replies
skybriantoday at 6:57 AM

I understand not being happy about what Google is doing, but it seems like F-droid can’t be trusted not to heavily spin things.

show 2 replies