Hacker News: 87636899376

New comment by 87636899376 in "Google will allow only apps from verified developers to be installed on Android"

87636899376 — Mon, 25 Aug 2025 21:26:40 +0000

> 1) Internet connection is so ubiquitous as to just be noise if displayed

That doesn't make it any less useful.

> 2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar

I've heard claims that the Internet permission is flawed, yes, but I've never managed to find even a single PoC bypassing it. But even if it is flawed, don't you think Google would be a bit more incentivized to make the Internet permission work as expected if people could disable it?

New comment by 87636899376 in "Google will allow only apps from verified developers to be installed on Android"

87636899376 — Mon, 25 Aug 2025 20:41:53 +0000

"Hidden" isn't exactly right. It's completely inaccessible, unless you use a custom ROM like LineageOS. But it is a real permission:

https://developer.android.com/develop/connectivity/network-o...

New comment by 87636899376 in "Google will allow only apps from verified developers to be installed on Android"

87636899376 — Mon, 25 Aug 2025 20:01:04 +0000

Official announcement: https://android-developers.googleblog.com/2025/08/elevating-...

More info:

https://developer.android.com/developer-verification

https://support.google.com/googleplay/android-developer/answ...

Personally...we all know the Play Store is chock full of malicious garbage, so the verification requirements there don't do jack to protect users. The way I see it, this is nothing but a power grab, a way for Google to kill apps like Revanced for good. They'll just find some bullshit reason to suspend your developer account if you do something they don't like.

Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.

> we will be confirming who the developer is, not reviewing the content of their app or where it came from

This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.

TFA had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.

On the flip side, that's one less platform I care about supporting with my projects. We're down to just Linux and Windows if you're not willing to sell your soul (no, I will not be making a Google account) just for the right to develop for a certain platform.