Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Not the point.

This turns the trust model of the ecosystem on its head.

When I install an app like Signal today - I have cryptographic certainty that it was the code the Signal team intended me to have with 0 tampering.

In the new model - I have to trust that Google, it's employees and processes have not been subverted by another actor.

It is a fundamentally weaker model. I hope Google budgeted some legal time responding to government court orders to spin custom targeted versions of apps for persons of interest. It might also be a tempting honeypot to identify employees that have been compromised by nation-state actors.

It would be interesting to hear what things would have looked like if changing the trust model was off the table. Surely it must have had at least some discussion.



While I completely agree with what you say, I feel it must be pointed out that in the use case of using the bundled Play store application on the device, you have no way of being certain that it is delivering you the correct APK.

It might just as well pull a modified version (there are caveats such as that the device can't already have a valid version of the application setup for this to go unnoticed).

Pulling the apk from Play using something like Raccoon would allow you to verify the signature.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: