Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users
Zak@lemmy.world 2 months agoSure, the developer needs to keep the certificate up to date and re-sign the APK on occasion.
Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users
Zak@lemmy.world 2 months agoSure, the developer needs to keep the certificate up to date and re-sign the APK on occasion.
LodeMike@lemmy.today 2 months ago
So any APK I download will just expire at some point in time that’s probably really annoying to know, and then I have to dig through the internet again so I can install the app again?
Zak@lemmy.world 2 months ago
Another option is to allow otherwise-valid signatures after expiration. It’s generally still possible to check them.
LodeMike@lemmy.today 2 months ago
That completely nullifies the entire point of signature validations.
Zak@lemmy.world 2 months ago
How? Expiration doesn’t grant an unauthorized party access to the private key.
pycorax@sh.itjust.works 2 months ago
If it’s anything like how Windows does it, you would still be able to override it. It just gives you a scary warning and hides the option unless you click “more info” or something.