That says when Google distributes an app via the Play Store, Google must be able to name the developer.
You’re thinking of the DSA (Article 30), in force since last year. The CRA is on top (or beside) of that, starting in 2027. Some are also pointing the finger at the RED (Article 3 3.). That’s the one that made Apple do USB chargers.
I expect phones are going to become a lot more locked down, especially in the EU.
It does not say that when I distribute an app via my website, Google has any obligations whatsoever.
Yes. Google is only demanding verification for certified phones.
Zak@lemmy.world 1 week ago
What I quoted was CRA Article 23.
It clearly doesn’t impose any obligations on an OS vendor with regard to app installation where the OS vendor isn’t a party to the transaction.
General_Effort@lemmy.world 1 week ago
You’re arguing that a dev shouldn’t be seen as supplying to Google just because their apps run on a Google system. I agree, that could be a valid argument, but I am not too sure if it would work in court.
Google is certainly following the spirit of the law. Maybe there is a tiny loophole here but imagine Google leaves that open. A few people install some shady app store full of malware and scams. Would a court find that Google had fulfilled all its legal obligations to protect its users?
Zak@lemmy.world 1 week ago
I’m saying there’s no reasonable interpretation of this provision where a dev would be seen as supplying to Google by distributing an app that runs on Android without using Google’s store. Given the broader context of the CRA, it should be more clear; the CRA is about supply chains, and generally imposes obligations on entities acting as links in the supply chain. Google can’t sell apps if it doesn’t know where they came from.
The fact that Google plans not to forbid installation of unsigned apps via ADB would be a huge loophole if the intent was to force OS vendors to control all app distribution for those operating systems.
General_Effort@lemmy.world 1 week ago
Here’s a definition:
I don’t think it’s a stretch to say that such apps are components “placed on the market separately”. In fact, I think it’s exactly within the meaning. In any case, even if not, such loopholes are usually plugged by some of the vague, general obligations.
I don’t think ADB installation is a loophole. Once you poke around in the insides of a device, you’re generally on your own. I expect that devices are going to become more locked down before these regulations enter into force but only as far as absolutely necessary. Google doesn’t want to lock out the next generation of devs. Unless or until there is some fuss about people doing something bad and this is declared a loophole.