How much was the external audit they are now requiring? As it's most likely not based on company revenue, it's obvious that it's less of an issue for bigger companies who can afford to pay an auditor for their stamp of approval and task a person with talking to Google over a few months every year.
If you read the article, they went through the casa audit, found that it did not improve the security of their app, and came to the conclusion it wasn't worth the time and now money to do it a second time.
> and came to the conclusion it wasn't worth the time and now money to do it a second time.
Especially because they'd now have to go through an other third-party to perform the audit process (not just the security lab, the entire thing), according to the total commander folks[1] that's 75k/year/program.
They say it's "up to 75,000" per program, looking at the actual assessor websites, most require quotes, but tier 2 assessments start at $500 and tier 3 start at $5-6000, and you're in the land of asking for quotes from companies, so "hey we compile the same code into 32 and 64 bit versions" probably does not actually require a 2x cost increase.
> It raises the bar for low effort hackers and improves security.
There are meaningful ways you can improve the security of your app. There are ways to make sure your app passes CASA. I found very little if any overlap between those two when going through the process.