PSA: Starting in August this year, for newly published Android apps, Google will require that *they* sign apps, not you. This means that the Android security model is fundamentally broken, because the app is signed by the distributor and not by the developer. (1/3)
Conversation
Note that this does not affect already published apps. However, this development is deeply troubling and disturbing.
Details: android-developers.googleblog.com/2020/11/new-an (3/3)
3
23
127
Replying to
It can't directly circumvent it but it can do it by uninstalling the app and reinstalling it in the background since the OEMs building it into their OS grant it those privileges. Play services can backup the app data beforehand and restore it after installing the new variant.
1
Backup service support can be disabled but that hurts usability. It disables backups on an OS like GrapheneOS where the OS backup service is end-to-end encrypted via a seed phrase even though the implications aren't the same. There's the new device-to-device backup mode anyway.
Replying to
Is that using the "android backup" mechanism, or can it actually backup all private app data? Android backup isn't used by all apps, so the user might notice.
1
Replying to
Using the standard backup mechanism. Apps don't have a choice about whether they support it anymore. They can still blacklist files or provide their own implementation of the backup service for themselves, so they can disable it by blacklisting files or using a no-op service.
1
Show replies