[redxdev]

Re: 1 - Sure they can. The play store has the ability to both uninstall and install apps without direct user input. Even if the OS itself blocks updating an app with a different key, it doesn't block uninstalling and then reinstalling with a different key to my knowledge.

AABs are hardly required for Google to inject their own code into apps. And honestly, why would you even be concerned about them injecting code into third party apps? If they really wanted to be malicious they could use system apps that they fully control anyway.

I do have concerns with Google removing the ability for developers to sign apps but Google themselves acting maliciously isn't why.

[Avamander]

> Re: 1 - Sure they can.

Sure they can't. Data is lost.

> AABs are hardly required for Google to inject their own code into apps.

Much harder for Google (or anyone legally mandating them) to get caught with AABs though.

> And honestly, why would you even be concerned about them injecting code into third party apps?

... in addition to a bunch of security issues. Also makes it possible to do forced monetization, like YouTube has done.

[redxdev]

> Sure they can't. Data is lost.

I believe it's possible to keep an app's data on uninstall. It's not the default behavior, but that doesn't really matter in this case.

> Much harder for Google (or anyone legally mandating them) to get caught with AABs though.

Not really. And what does "legally mandating them" even mean? This is a policy change for the play store, it has nothing to do with legality.

> ... in addition to a bunch of security issues. Also makes it possible to do forced monetization, like YouTube has done.

The "security issues" exist regardless of this policy change - as I've already said, Google could easily do whatever they want with your phone anyway due to control over system apps and the OS. I have security concerns with Google being the sole owner of the signing keys, but that's not related to Google themselves acting maliciously.

As for "forced monetization", that's just reaching - if they were going to force monetization on apps that weren't their own then they just need to require it of developers on the play store. How does the ability to ship modified bundles make this any easier for them?

[Avamander]

> I believe it's possible to keep an app's data on uninstall. It's not the default behavior, but that doesn't really matter in this case.

It's not and it does matter.

> And what does "legally mandating them" even mean?

Not sure how what's unclear about "legal mandate". If the law says, Google complies.

> The "security issues" exist regardless of this policy change - as I've already said.

They don't exist to the same extent, you repeating them doesn't make them more universal or true. Other vendors and forks exist, the simple existence of Google Play didn't mean every app is compromised by Google, now it will.

> Google could easily do whatever they want with your phone anyway due to control over system apps and the OS

Google doesn't control every vendor, controlling all signing keys is much easier than quite literally backdooring the OS for simply Google. There's a large difference in how visible any such malicious actions would be.

> As for "forced monetization", that's just reaching

Are YouTube's forced midroll ads "reaching" as well? There's no fundamental difference, they monetized someone else's content.

Controlling signing keys allows to simply patch the ads in. I'm not entirely sure why you don't see how it makes it easier for them.

[redxdev]

> It's not and it does matter

I was mistaken - you're right that you can't keep app data. It still doesn't matter because they already have easier ways of running whatever code they want on phones with Google play.

> Not sure how what's unclear about "legal mandate". If the law says, Google complies.

I mean that I don't understand what your original statement was. Is it that governments can force google to hand over your signing keys? I agree that it is a concern, it just isn't the issue I was commenting on. I didn't mean to bring that into this - I just didn't understand your meaning.

> Google doesn't control every vendor

They don't need to. They already have system apps on every phone running Google play, which is the exact same list of devices that will be affected by this change. You're right that they don't control every (or even most) OS vendors for Android, but they don't need to.

> Are YouTube's forced midroll ads "reaching" as well? There's no fundamental difference, they monetized someone else's content.

I'm not debating whether midroll ads are right or wrong, I'm debating the technical merits of this incredibly roundabout method.

"Patching ads in" on an app-by-app basis is nonsense - why not just add it to some hooks in Google play services? Not to mention they'd have to make sure it doesn't break the apps themselves. Why waste the time and money? Hell, force app developers to insert code into their own apps by changing the policies on the store. I bet it's result in a lesser outcry than if they did it secretly. Signing keys as a conspiracy to show more ads is ridiculous when they have better vectors elsewhere.

[UncleMeat]

> Sure they can't. Data is lost.

So? Presumably you are going to continue to interact with the app.

> .. in addition to a bunch of security issues.

What security issues?

> Also makes it possible to do forced monetization, like YouTube has done.

Forced monetization is an even stupider conspiracy than NSA spying since it would require wide use rather than targeted changes. This would be plainly obvious since there are loads of people who decompile apps and the signature on the code section would be broken.

[Avamander]

> So? Presumably you are going to continue to interact with the app.

It changes a lot. Apps losing their data is much more disruptive than the silent replacement incorrectly touted earlier.

> Forced monetization is an even stupider conspiracy than NSA spying since it would require wide use rather than targeted changes.

So? YouTube did it on content creators' content. Obvious yes, but directly enabled by the lack of dev-controlled signing keys.