|
|
|
|
|
|
by justonepost
4075 days ago
|
|
|
The rationale was that Google doesn't want a secure code signing mode as it would undermine their thesis that turning off the Google Play store is insecure. At least even MacOS has a App Store + Identified Developers. Though of course, iOS doesn't have that.. |
|
|
I don't quite understand. How do you turn off the Play store?
It is necessary to make a distinction between what you want to believe and the reality. The reality is, that requiring validated keys would put the keys to the "official Android" kingdom into CA's hands. In addition, because Android is an open-source project, any alternative distribution would disable that. It would cause real fragmentation of the platform, where apps would run on one distribution and not on another, the difference would be only the signature. Google (correctly) decided, that they do not have to fight this fight.
A side note: getting CA verified can be problem in some parts of the world. What if you are Chinese? Crimean? You can still use Android as it is; you can't use any platform, that requires to be "Identified" by CA.