Hacker News new | ask | show | jobs
by plst 109 days ago
I really don't think that's a cultural difference. I also grew up and live in the EU. What Google wants just does not solve the problem in any way.

And it's also not actual regulation, just new TOS from a company many are basically forced to interact with.
1 comments
danpalmer 109 days ago
It might not "solve" the problem, but I'd expect it to significantly address the problem no?

I've heard much criticism of it being too heavy-handed, but I don't think I understand criticism that it won't improve security. Could you expand on that?

link
tremon 109 days ago
No. You seem to be implicitly arguing that that unsigned apps are inherently less trustworthy than PlayStore apps. That's a claim that needs to be proven first. And based on the huge amount of documented data exfiltration performed by Google-approved apps, I'm going to say that claim is false.
link
danpalmer 108 days ago
I'm arguing that a curation process that includes security review is likely to produce a more secure set of software. Admittedly it might be completely ineffective, but I think that's an unreasonable assumption. So some review is more secure than no review. Now I'm not saying "better", you could argue it's a false sense of security, but it's still more security.
link
plst 108 days ago
> I'm arguing that a curation process that includes security review is likely to produce a more secure set of software

I actually totally agree! There is no external entity users can rely on to make sure apps they download are legitimate. I read the thread from root to this comment and I don't see it mentioned, so I'm not sure if you know this and are just arguing something else but...

There is actually nothing about testing or verifying apps themselves in the announcement made by Google. It's just about enforcing developer verification in some Google service and "registering the apps".

https://support.google.com/android-developer-console/answer/... https://android-developers.googleblog.com/2025/11/android-de...

EDIT: I checked your profile, and I now see that you actually work at Google, on Android... Is there something I misunderstood about these announcements?

> you could argue it's a false sense of security, but it's still more security

Well here I don't agree, I would much rather be aware of the dangers than think I'm safe when I'm actually not.

link