• refalo@programming.dev
    link
    fedilink
    arrow-up
    4
    ·
    4 months ago

    I don’t consider a personal dev’s identity documents and signing keys to have much bearing on “safety”.

    • DeprecatedCompatV2@programming.dev
      link
      fedilink
      arrow-up
      2
      arrow-down
      3
      ·
      4 months ago

      You’re not a developer, you’re a company, even if you’re doing business as an individual.

      The signing key requirement has pros and cons. Cons being that Google can now impersonate developers and inject code at will. This seems somewhat irrelevant in face of the control they already exert through Google Play Services, but it’s obviously bad nonetheless.

      Pros being that Google can now keep the signing key secure behind a Google sign-in instead of relying on individual developers to maintain good opsec.

      • refalo@programming.dev
        link
        fedilink
        arrow-up
        2
        ·
        4 months ago

        I don’t disagree but for me personally it’s too much, so I have decided not to publish on the play store anymore.