savagejen3d ago

Android is going to be adding developer ID verification for any developer that wants their app to be sideloaded onto more than 20 devices.

You might be wondering: how are they going to track that? Well it turns out they already have been. Google Play Protect is sending the hashes of the apps you install back to Google's servers.

Your unique device identifier, your account info, and the apps you run are stored on Google's servers, even for a local install of a sideloaded app.

Show threadsavagejen3d ago
Imagine you live in a country with an authoritarian government and you are a dissident using @torproject. Congrats, the government now has the ability to find you by forcing Google to comply with a legal order for information about all people that have Tor on their phones.
Show threadsavagejen3d ago

It used to be possible to bypass Google collecting this data about what apps you run by disabling Google Play Protect.

With the new 20 device limit, Google is rolling out a new system service called the Android Developer Verifier Service that you can't disable in the same way.

Google is stripping you of the ability to protect the privacy of the list of applications you choose to install on your personal phone that you own.

Show threadIty Kitty [unit X-69]3d ago
@Savagejen the verification service is a part of the same optional thing as play protect though (GMS)
Show threadsavagejen
@tranquillity The current plan unless the EU lays the smack down on it is that it will not be optional on devices that have play services installed. You can still run degoogled android like graphene just fine without it.
Jun 22 at 3:43amWeb
Show threadIty Kitty [unit X-69]2d ago
@Savagejen first, fuck Graphene, I don't run Nazi software
Second, Google explicitly said that they plan to make it optional and afaik it currently is, now whether to believe google or not is another thing but it's still just a binder service that'll be trivial to patch away with one magisk module, and third, GMS is not mandatory unless you're one of the unlucky souls that ended up with a weird Samsung or something (and even then it can still be rooted, just might no longer be doable by a preteen with a laptop. Might be lucky and have one of the funni exploits if you buy an old device tho (like it using test APEX keys so you can bypass dm-verity)), and fourth, I would presume the EU would be rather all for this, given how happy it is being with ID verification, as long as they can make sure the data gets sent to European Nazis instead of American ones
Show threadTruhe2d ago
@tranquillity Nazi software?