F-Droid claims Android developer authentication is a 'threat disguised as protection.'

Android app developers will soon be required to register their personal information with Google, and a security measure called 'Developer Verification' will soon be implemented, making it more difficult to install apps from developers who do not register. F-Droid, an app distribution site that will be severely impacted by this measure, has criticized the system as a 'threat disguised as protection.'
What We Talk About When We Talk About Malware | F-Droid - A free and open-source Android app repository
With the full implementation of developer authentication, Android will compare app information with information registered with Google during installation and block installation if they do not match. This will not affect regular apps as before, but users who build (create) and install their own apps will be blocked by this mechanism because they will be overwriting the original information.
Even after the introduction of developer authentication, it is still possible to install unauthenticated apps, but the process becomes complicated, requiring a 24-hour wait after the initial verification.
Google announces details of 'Advanced Flow,' enabling secure APK sideloading on Android - GIGAZINE

F-Droid is a site that guarantees the security of apps by either publishing apps signed by developers as is, or by building and reviewing open-source software itself and making the entire build process public. If developer authentication is introduced, all apps distributed on F-Droid will require a complicated procedure during installation, which will deal a major blow to F-Droid.
F-Droid sharply criticized the developer authentication system itself, calling it a 'virus disguised as a seemingly harmless process.' They argued that it was trying to undermine Android's 18-year tradition of open software development under the guise of 'protecting' devices.

First of all, developer authentication only verifies whether personal information is registered with Google, and does not verify whether the app itself contains malware. Google is promoting the introduction of developer authentication because 'a large amount of malware is flowing in from (unauthenticated) apps installed from sources other than Google Play,' but even with developer authentication in place, it is impossible to eradicate malware. F-Droid points out that 'it may only slightly delay the activity of an already identified attacker when they try to distribute malware again with a new signing key, until they create a new account.'
F-Droid argues that there are more effective ways to combat malware. For example, a verification system that only activates if an app's requested permissions are suspicious, or a system that allows users to pre-select trusted curators and certification bodies to facilitate app installation. Nevertheless, Google tries to verify every single app.
One of Android's attractions was the ability to install apps from sources other than the official Google Play store, but this appeal has drastically decreased since the introduction of developer authentication. Furthermore, the fact that all apps will be under Google's supervision could potentially hinder competition.

F-Droid also raises concerns about the requirement to agree to
One example is filtering tools like ad blockers. Not only have these been removed from Google Play for years, but some have even been classified as malware. F-Droid argued, 'How long will it take until all ad blockers are designated as malware, banned from installation on Android devices worldwide, and all developers who create this kind of software are permanently identified as malware creators? Such action is perfectly aligned with Google's commercial interests as a global advertising technology monopoly and is perfectly in line with the wording of its Terms of Service.'
F-Droid also questions Google's claim that 'over 99% of apps from Google Play developers are already registered.' F-Droid points out that this is because those 99% of developers were already bound by the Google Play agreement and were automatically included in the registration list without sufficient explanation or consent.

' Keep Android Open ,' a movement opposing developer certification, has reportedly garnered signatures from hundreds of thousands of developers and more than 70 organizations worldwide. F-Droid stated, 'If you look at internet searches and social media polls, it's clear that opposition to this program is overwhelming and condemnation is almost universal.'
Related Posts:
in Software, Smartphone, Posted by log1p_kr







