ozonedMar 24, 2024

VLC - App stores were a mistake

https://lemmy.world/post/13486264

VLC - App stores were a mistake - Lemmy.World

VideoLAN @videolan App Stores were a mistake. Currently, we cannot update VLC on Windows Store, and we cannot update VLC on Android Play Store, without reducing security or dropping a lot of users… For now, iOS App Store still allows us to ship for iOS9, but until when?

Show threadbionicjoeyMar 24, 2024
Reminder that VLC is on F-Droid
Show threaddeweydecibelMar 24, 2024

From their Twitter:

If you wonder why we can’t update the VLC on Android version, it’s because Google refuses to let us update:

  • either we give them our private signing keys,
  • or we drop support for Android TV before API-30, and all our users on TV API<30 can’t get fixes.

It’s not much, just dozens of millions of people use Android TV before Android-11…

Maybe we should tell users to buy new TVs? #electronicWaste

Show threadstoyMar 24, 2024

Google requiring their private signing key is insane, and goes completely against the concept of private/public keys.

Why is Google asking for this?

Show threadKindness

C-I-A Confidentiality, Integrity, Accessibility. They don’t need the keys for C or A. Only one option remains. To modify the code and pass it off as code VLC’s wrote or signed off on.

Likely to install malware and re-sign. Brazen identity theft.

Maybe I’m wrong, they could use VLC’s private keys to gobble encrypted communications too.

Mar 24, 2024 at 8:10pmWeb