It seems that Google wants to make using app bundles a requirement for new apps on Google Play in 2021: https://www.youtube.com/watch?time_continue=320&v=cMr-b660Esw
This would mean developers have to upload their signing keys to google play even though there's no technical benefit in doing that. You can achieve the same efficient download sizes by using bundletool locally and uploading all generated apks. But it seems google will stop allowing that and just wants your signing keys.
@a1batross They work, but currently increase the maintenance overhead significantly. THe issues tracking that is here: https://gitlab.com/fdroid/fdroidserver/-/issues/82
@fdroidorg Google is slowly but surely walling off their garden, it seems. It wouldn't surpise me in the least if they're going to crack down on sideloading in the future, which would be the point at which I'll stop using Android.
If I was in the market for a completely walled off garden, I'd choose Apple.
@fdroidorg They can F-Droid off.
@fdroidorg Doesn't centralise all the signing keys makes it a terrible terrible terrible idea from a security point of view? If someone manages to leak them it would wreak havoc in the app ecosystem. I'll start preparing popcorn while I wait for it.
i read about app bundles and thought that they key you upload to google must be a subkey of your upload key which you can revoke.. no way. i was surprised to find out that you give them the master key, and the one you keep for yourself is worthless, it only authenticates you to google.
@fdroidorg What's the point of a signing key if you have to give it to Google anyway? They might as well just generate a signing key for you transparently.
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!