| I mean, it's a blog by a company whose business model is built on selling privacy snakeoil. > but I’m not certain; it used not to be possible on Android, but they shifted to resigning stuff a couple of years ago Yeah, and where was the outrage about that? With the stroke of a brush, all apps on the Play Store were backdoored in one go. Whether or not the apps currently have any backdoors in them is completely irrelevant because it is effectively exactly the same thing! The apps could be patched any moment and no one would be the wiser. With the signing key known only to the developer, you have near 100% confidence (as long as the developer keeps the key secure) that Google hasn't manipulated the app. With the signing key in Google's hands, you have ZERO confidence. Or more precisely, you can have exactly as much confidence as if no signing had taken place, making signing a complete farce. Yes, it still protects you from manipulation by a 3rd party between you and Google, but it's still a major loss of trustworthiness. |