(no title)
jbk | 8 months ago
Native NDK is another can of worms, with updates linked to SDK or sometimes not, unclear documentation about device and API compatibilities, compiler behavior changes and other requirements (like the 16K one) that impact so many 3rd party native libraries.
But, of course, the rules on the uploading and the changes of the Console, that changes so often is what makes it painful.
The absolute nightmare is about giving Google the root signing key of your application, the unfinished business about app bundles (which should reduce the size of the downloaded app, and more often than not, make it bigger), the changes in compliance, letters to sign for different countries, the compatibility for Google form factors (XR, TV, Auto, Automotive), Inline installs and other Teacher Progams, Play for family and so on.
All of this changes non-stop and is very poorly documented :)
At least, the Play Store is still GPLv2 compatible, so for now, we're saved (VLC)
petedoyle|8 months ago
I wish more people talked about this. At Amazon, I helped with the early threat modeling around adoption of "App Signing by Google Play", which requires sending your app's root signing key to Google (and is now required, with no publicly-available opt-out for new apps.) It would have added some nice things for Android devs: app bundles, smaller downloads, instant apps, etc.
That said, we imagined the following scenario, and were unable to find a reasonable mitigation at the time:
It seems plausible the US government could send a NSL (or similar) to Google and force them to distribute modified APKs for apps like Signal (ex: to exfiltrate keys). This would be nearly impossible to detect, especially if the modified APK were distributed to only an individual user, or a small group. A few people raised concerns [1], but I don't recall Google ever giving a reasonable response.
[1] https://commonsware.com/blog/2020/09/23/uncomfortable-questi...
Edit: clarify no opt out applies to new apps
nixosbestos|8 months ago
I didn't trust stock Android before, and I felt the sinking-gut feeling as soon as I realized where "upload root signing key" was going, but spelling it out here puts a ... fine point on things.
Thanks for the comment.
codethief|8 months ago
> It seems plausible the US government could send a NSL (or similar) to Google and force them to distribute modified APKs for apps like Signal
Since when do you have to hand over your signing keys to Google? I seem to remember the Signal devs saying that they preferred publishing their app on Google Play as opposed to F-Droid because in the former case they control the signing keys. Has this changed?
baobun|8 months ago
Would be nice to get a confirmation of this as it sounds wild.
ashishb|8 months ago
Thanks for sharing this. I agree with your sentiment as one of my Android apps use vox SDK. However, my experience is very limited compared to you to write about it.
> The absolute nightmare is about giving Google the root signing key of your application,
I haven't and I don't think it is required.
> the unfinished business about app bundles
Can you elaborate what's unfinished here?
> the compatibility for Google form factors (XR, TV, Auto, Automotive),
My app is disabled for Android Auto in production. If I re-enable, then it gets rejected during the review. I have never been able to precise fix the issue they are raising to let me re-enable Android Auto.
For Chromecast (TV), I have to run a web server inside the app to serve the media.
jbk|8 months ago
It is required, as soon as you have Android TV support, for example.
https://android-developers.googleblog.com/2022/11/app-bundle...
See https://dev.to/npomepuy/vlc-for-android-updates-on-the-play-...
pjmlp|8 months ago
However a good way to minimise headaches with NDK is to stay by the Google rules, it is a complement to Java/Kotlin, with a specific set of APIs, and not a way to pretend Android is GNU/Linux.
flohofwoe|8 months ago
jbk|8 months ago
Debugging and testing is just for the non-believers.