[petedoyle]

> The absolute nightmare is about giving Google the root signing key of your application

I wish more people talked about this. At Amazon, I helped with the early threat modeling around adoption of "App Signing by Google Play", which requires sending your app's root signing key to Google (and is now required, with no publicly-available opt-out for new apps.) It would have added some nice things for Android devs: app bundles, smaller downloads, instant apps, etc.

That said, we imagined the following scenario, and were unable to find a reasonable mitigation at the time:

It seems plausible the US government could send a NSL (or similar) to Google and force them to distribute modified APKs for apps like Signal (ex: to exfiltrate keys). This would be nearly impossible to detect, especially if the modified APK were distributed to only an individual user, or a small group. A few people raised concerns [1], but I don't recall Google ever giving a reasonable response.

[1] https://commonsware.com/blog/2020/09/23/uncomfortable-questi...

Edit: clarify no opt out applies to new apps

[nixosbestos]

Well, this is one of those HN comments that I will never forget. Someone wrote (and then removed after a buyer purchased it and required it's take down) a stylometry analyzer once for HN comments. A supposedly senior-y Google-r lambasted some Snowden slides commenting things were impossibly unimaginable inside Google (this was before it has done become widely accepted that internal services at such companies such of course be using some transport security). I got in some silly fight with someone ... 13+ years ago? These are specific things I remember. And now probably your comment.

I didn't trust stock Android before, and I felt the sinking-gut feeling as soon as I realized where "upload root signing key" was going, but spelling it out here puts a ... fine point on things.

Thanks for the comment.

[petedoyle]

Maybe this? https://en.wikipedia.org/wiki/MUSCULAR

[aspenmayer]

Probably one of the two mentioned in this[0] post, which I've included below also:

[0] https://news.ycombinator.com/item?id=43897197

https://news.ycombinator.com/item?id=33755016

https://news.ycombinator.com/item?id=43705632

[codethief]

> > The absolute nightmare is about giving Google the root signing key of your application

> It seems plausible the US government could send a NSL (or similar) to Google and force them to distribute modified APKs for apps like Signal

Since when do you have to hand over your signing keys to Google? I seem to remember the Signal devs saying that they preferred publishing their app on Google Play as opposed to F-Droid because in the former case they control the signing keys. Has this changed?

[jbk]

> Since when do you have to hand over your signing keys to Google?

Since it requires App Bundles, which is mandatory, as soon as you have Android TV support, for example.

https://android-developers.googleblog.com/2022/11/app-bundle...

See https://dev.to/npomepuy/vlc-for-android-updates-on-the-play-...

[petedoyle]

Apologies / small correction:

Apps first published to the Play store before August 2021 are not required to upload their keys [1]. This likely includes Signal.

[1] https://developer.android.com/guide/app-bundle

[jbk]

Unless they use Android TV, for example: See https://dev.to/npomepuy/vlc-for-android-updates-on-the-play-...

[rebelwebmaster]

Google Play also limits APKs to 100MB maximum size while AABs have a higher limit.

[ashishb]

Thanks. TIL.

[danhor]

Just for completeness: For reproducable builds F-Droid can now distribute builds signed by the developer.

[extraduder_ire]

This has been the case for a few years now, and you could always distribute whatever you wanted from your own repo.

[baobun]

The require to get the private key? When they could ask for the cert and just cross-sign? Can't imagine any valid reason for that...

Would be nice to get a confirmation of this as it sounds wild.

[ozim]

Valid reason for them is they would have to spend money on supporting and maintaining cross signing. I can image it is much much cheaper to just store priv key.

So if they can get away with it they just do it, no one is there to stop them.

[jbk]

> Can't imagine any valid reason for that...

Depends of your paranoia level: either because laziness or because of evil intentions...

[bigbadfeline]

> Depends of your paranoia level: either because laziness or because of evil intentions...

They disposed of the "Don't be evil" promise in a very active and energetic manner, seems like we have rational grounds for deciding, without paranoia :)