top | item 45912568

(no title)

v3xro | 3 months ago

What prohibits Google from offering a way to register your long-term app signing key without identity verification, publishing apps that are still verified by their automated tooling and then opting in to the usual denylisting/app store banning methods if those apps are malicious? This identity verification requirement is basically just an easy way for illiberal governments to find ways to crack down on apps they do not like (such as say, ICEBlock or whatever)

discuss

iggldiggl|3 months ago

Banning all apps signed by the same key is already possible. Requiring signing keys to be anonymously registered with Google would add some friction to simply rotating your signing keys when you get caught doing something naughty (depending on how much Google account creation and key registration can be automated against Google’s anti-bot protection, though), but definitely not as much as full identity verification and payment of 25 USD (even if that isn't foolproof, either, and has the annoying side effect of unfortunately slowing down small-scale freeware developers at the same time, too).