|
|
|
|
|
|
by altfredd
1876 days ago
|
|
|
> in theory, since Google controls the OS, it can also make it lie to you Google controls Android, but it does not control every other OS and every piece of hardware. If someone downloads an apk with their own custom Google Play client, running on their own computer, they can check whether it was tampered with. In the past a tampered apk from Google servers would have been signed by wrong key (because the proper key is controlled by developer), pointing to Google as culprit. Now it will be signed by "developer's" key (shared with Google), creating plausible deniability for Google and US intelligence services. > "Super Secret Messaging App" asks the OS to load encrypt.so, its custom encryption library, and the OS can deliver a no-op library and say "Here it is!". The app wants to check the file's hash, the OS can intercept the hash method's return value This sounds extremely labor-intensive. Who will write all those no-op libraries? Who will pay for it? |
|
|
As to the labor and cost-intensive issue, the examples mentioned were, what if Google gives up the fight about end to end encryption under regimes that demand it (e.g. China, Australia). There's your answer of who's writing, or at least paying...