this post was submitted on 07 Oct 2025
598 points (99.0% liked)

Technology

75792 readers
2553 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
598
Google Confirms Non-ADB APK Installs Will Require Developer Registration (hackaday.com)
submitted 20 hours ago by mesamunefire@piefed.social to c/technology@lemmy.world
221 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Wispy2891@lemmy.world 2 points 3 hours ago* (last edited 3 hours ago) (1 children)

yes, of course malware is distributed via apk.

But what's the difference between:

  1. malware that is signed anonymously and then, when its signature is identified, it's removed via play protect
  2. malware that is signed with a stolen identity and then, when its signature is identified, it's removed via play protect

?

Isn't exactly the same stuff? Or there's someone that is actually thinking that criminals will use their real ID card for the verification?

Does not change anything for malware distribution, except bother them for a dozen minutes meanwhile they "verify" their stolen ID

[–] killeronthecorner@lemmy.world 1 points 3 hours ago (1 children)

Because it can be invalidated. That's the difference.

It's absolutely not foolproof, but nothing is. Most actions corps take for this stuff only slows down the spread. Hackers and bad actors innovate way faster than companies can keep up with. So companies cast a wide net with their solutions. And the cycle continues.

[–] Knock_Knock_Lemmy_In@lemmy.world 1 points 2 hours ago (2 children)

Apks can be invalidated after installation?

[–] Wispy2891@lemmy.world 1 points 41 minutes ago

with the new system, you must go online to check if the license for that app is still valid or revoked. But the current system works almost the same: if there's an internet connection play protect checks the signature against an online malware db and prevents installation.

From a couple years ago, google has the power to remotely install/uninstall any apk on your phone without your consent

[–] killeronthecorner@lemmy.world 1 points 2 hours ago

No, the certificate can be invalidated preventing future installations for other users. If you already have it you're SOOL