PSA: Starting in August this year, for newly published Android apps, Google will require that *they* sign apps, not you. This means that the Android security model is fundamentally broken, because the app is signed by the distributor and not by the developer. (1/3)
Conversation
This Tweet was deleted by the Tweet author. Learn more
You don't have to distribute apps via the Google Play Store. On devices with Play services and the Play Store, the Play Store is granted the ability to do background installs and uninstalls anyway. Play services is set as a backup service so it can back up and restore app data.
1
1
4
This Tweet was deleted by the Tweet author. Learn more
I don't see how making that into an APEX module is a problem. It doesn't impact us either. Baseline Android doesn't include Play services or the Play Store. Including them involves giving them a bunch of privileges which includes ability to silently replace an app with another.
1
1
1
Which permission allows replacing apps without data loss? Not even adb can do that.
1
The combination of the ability to install/remove apps in the background with being whitelisted as a backup service. Device-to-device backup support (see Android 11 release notes) implies ability to back up even if the app disables backup support.
Play services and the Play Store are built into the OS as a core part of it. They're granted a lot of powerful special privileges including things not available via adb (adb backup is deprecated and can't do as much as a backup service built into the OS like Play services).
developer.android.com/about/versions is how it's going to work in Android 12 but Android 11 supposedly supports it. I don't really think it actually shipped in the intended / documented form for Android 11 though. It has constants, etc. for it but doesn't seem to be fully implemented.
1
1
Show replies