• refalo@programming.dev
    link
    fedilink
    arrow-up
    6
    ·
    5 months ago

    Publishing on the play store now requires giving out personal identity documents (like drivers license or passport), full legal name/phone number/email/tax ID/etc., as well as your private signing keys.

    That’s a hard nope for me.

    • Maddier1993@programming.dev
      link
      fedilink
      arrow-up
      7
      arrow-down
      1
      ·
      5 months ago

      I am not an android developer, and privacy wise I don’t try to put the toothpaste back into the tube. I would have been fine with everything except the last one. What happens when there is a data breach on Google?

      • slazer2au@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        5 months ago

        No one will be able to google it because they will squash any results to protect Alphabets share price.

        • lad@programming.dev
          link
          fedilink
          English
          arrow-up
          2
          ·
          5 months ago

          Lol, that would feel like world-scale schizophrenia¹, you know something happens, but there’s no proof it’s real


          1

          although it would be correct to call it mass gaslighting

    • DeprecatedCompatV2@programming.dev
      link
      fedilink
      arrow-up
      2
      arrow-down
      3
      ·
      edit-2
      5 months ago

      I’m surprised this wasn’t already the case. You’re distributing potentially malicious code to users’ devices, and they expect a base level of safety from the Play Store. You’re free to publish elsewhere, so it’s not like Apple’s policy.

      • refalo@programming.dev
        link
        fedilink
        arrow-up
        4
        ·
        5 months ago

        I don’t consider a personal dev’s identity documents and signing keys to have much bearing on “safety”.

        • DeprecatedCompatV2@programming.dev
          link
          fedilink
          arrow-up
          2
          arrow-down
          3
          ·
          5 months ago

          You’re not a developer, you’re a company, even if you’re doing business as an individual.

          The signing key requirement has pros and cons. Cons being that Google can now impersonate developers and inject code at will. This seems somewhat irrelevant in face of the control they already exert through Google Play Services, but it’s obviously bad nonetheless.

          Pros being that Google can now keep the signing key secure behind a Google sign-in instead of relying on individual developers to maintain good opsec.

          • refalo@programming.dev
            link
            fedilink
            arrow-up
            2
            ·
            5 months ago

            I don’t disagree but for me personally it’s too much, so I have decided not to publish on the play store anymore.