Comment on Google Confirms Non-ADB APK Installs Will Require Developer Registration
Wispy2891@lemmy.world 2 days agoyes, of course malware is distributed via apk.
But what’s the difference between:
- malware that signed anonymously and then, when its signature is identified, it’s removed via play protect
- malware that is signed with a stolen identity and then, when its signature is identified, it’s removed via play protect
?
Does not change anything for malware distribution, except bother them for a dozen minutes meanwhile they “verify” their stolen ID
killeronthecorner@lemmy.world 2 days ago
Because it can be invalidated. That’s the difference.
It’s absolutely not foolproof, but nothing is. Most actions corps take for this stuff only slows down the spread. Hackers and bad actors innovate way faster than companies can keep up with. So companies cast a wide net with their solutions. And the cycle continues.
Knock_Knock_Lemmy_In@lemmy.world 2 days ago
Apks can be invalidated after installation?
Wispy2891@lemmy.world 2 days ago
with the new system, you must go online to check if the license for that app is still valid or revoked. But the current system works almost the same: if there’s an internet connection play protect checks the signature against an online malware db and prevents installation.
From a couple years ago, google has the power to remotely install/uninstall any apk on your phone without your consent
killeronthecorner@lemmy.world 2 days ago
No, the certificate can be invalidated preventing future installations for other users. If you already have it you’re SOOL