Michael Carbone via guardian-dev:
On 4/29/21 10:26 AM, Nathan of Guardian wrote:
On 4/29/21 8:52 AM, Mark Murphy wrote:
On Thu, Apr 29, 2021, at 08:47, Abel Luck wrote:
There was some discussion about this almost a year ago
https://lists.mayfirst.org/pipermail/guardian-dev/2020-June/thread.html
However no particular conclusions were reached other than "it sucks."
FWIW:
https://commonsware.com/blog/2020/09/23/uncomfortable-questions-app-signing.html
https://commonsware.com/blog/2020/11/30/initial-responses-uncomfortable-questions.html
The initial post definitely struck a nerve in the community -- a surprising
number of developers took it upon themselves to pester Google developer
relations members on the topic. However, after that late November post, I
have not seen much on this subject coming out of
Mountain View. I suspect that I'll be writing another post, perhaps tomorrow,
pointing out Google I|O sessions that might be of relevance on this subject.
Thanks for resharing these excellent posts, Mark.
"However, policies can change, at any time, for any reason, without warning.
Or, as some guy in a dark helmet once said
<https://www.youtube.com/watch?v=jsW9MlYu31g>:
I am altering the deal. Pray I don’t alter it any further."
I think it is time we speak up about this issue more, if only to get
some more attention on F-Droid.
I am sharing within Access Now and we will ping EFF since they are likely better
positioned to publicize and advocate on this topic.
It seems like this requirement to give Google your signing keys and use Android
App Bundles is partly a push to lock developers into Google Play. I wonder if
there are some people working on big tech monopolies that could also push on this?
There is also another important choice we can push here: real, FOSS, privacy
respecting options like CalyxOS. Calyx has made huge strides in making
Google-free Android usable and secure. And CalyxOS of course builds on key
projects that we know and love, like F-Droid, microG, Tor, and more. And key
apps like Telegram, Tutanota, are available from f-droid.org.
Also, it is important to ensure that APKs remain a viable distribution method
since they are easy to redistribute, and that keeps the Android ecosystem much
more flexible than iOS.
.hc
--
PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
_______________________________________________
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To unsubscribe, email: [email protected]
