top | item 45610903

(no title)

vader1 | 4 months ago

> This is because app stores do a lot of heavy lifting to provide security for the app ecosystem. Specifically, they provide integrity, ensuring that apps being delivered are not tampered with, consistency, ensuring all users get the same app, and transparency, ensuring that the record of versions of an app is truthful and publicly visible.

The Google Play Store does none of this, lol. All apps created since 2021 have to make use of Google Play App Signing, which means Google holds the keys used to sign the app. They leverage this to include stuff like their Play Integrity in the builds that are served. The Android App Bundle format means that completely different versions of the app are delivered depending on the type of device, locale, etc. There is 0 transparency about this for the end-user.

discuss

R_Spaghetti|4 months ago

As a further addition, Google does this for show (it’s not their business model) and is not equipped to deal with the criminals at Meta, as recently became apparent from, among other things, this disclosure: https://archive.is/nWpDZ https://localmess.github.io