Mastodawn

148 days to go...

"""
Google announced that as of September 2026, it will no longer be possible to develop apps for the Android platform without first registering centrally with Google.

This registration will involve:

- Paying a fee to Google
- Agreeing to Google’s Terms and Conditions
- Providing government identification
- Uploading evidence of the developer’s private signing key
- Listing all current and future application identifiers
"""

https://keepandroidopen.org/

#FuckGoogle #KeepAndroidOpen

Keep Android Open

Advocating for Android as a free, open platform for everyone to build apps on.

Show thread

Reid

@alice the requirement to upload the private key is particularly sketchy because what other reason is there than to distribute tampered APKs, probably for the purpose of "law enforcement" that will 1000% be done only with a warrant

Show thread

Martin Rust 19h ago

@reiddragon @alice
The web page and the toot say "evidence of the developer’s private signing key" - what does "evidence" mean?

Show thread

Reid

19h ago

@martinrust @alice quite frankly I don't know where that's even from considering the android.com page makes no mention of the word "evidence", though that's not to say it provides any clarity on the matter.

Android | Mehr Möglichkeiten mit Google für Android-Smartphones und -Geräte

Finde mehr über Android heraus und entdecke, wie du mit Android-Geräten das Beste von Google noch besser nutzen kannst – dank hervorragender Konnektivität, leistungsstarkem Schutz, vielseitigen Google-Apps und Quick Share.

Android

Show thread

Khleedril 15h ago

@martinrust @reiddragon @alice I would have thought that it meant you can prove you have the private key by signing a message back to Google with it, and then they verify by using the public key to decrypt.

Show thread

Reid

15h ago

@khleedril @martinrust @alice quite frankly I don't even know how it works anymore. Google has never been clear about it, and an earlier version of it made it sound like Google would hand out keys like a CA hands SSL certs for "verified" developers.

Show thread

River 7h ago

@martinrust @reiddragon @alice i had been under the impression that "evidence" just meant "proof that you have access to that key" i.e. a very basic test where they send you random data, you encrypt it with your Private Key, and they verify with your Public Key. I've done no reading on this topic tho. Is that not the case then?

Show thread

Reid

6h ago

@riverpunk @martinrust @alice I have absolutely no idea because the proof of private keys is brought up on keepandroidopen but there's not a mention of proof anywhere on Google's own pages about it, and the phrasing that is there is so ambiguous it might as well be a confused shrug emote

Show thread

Li ~ Crystal System 6h ago

@reiddragon @alice thats not typically what evidence of the private key means .. however uploading private keys to google has been a thing on google play for awhile .. they have this whole 'google enchanced security' thing where you just give them your keys and that improves security somehow iirc..

Show thread

Reid

6h ago

@Li @alice again, though, read Google's own site and that one never mentions proof of anything. The vague concept of proof of private keys is NOT what Google is saying, it's an interpretation of what google said because they made everything so vague there's no functional difference between Google's posts on the topic and a David Lynch movie: everyone kinda just understands something different and none of it is wrong because the original text technically didn't actually say anything concrete.