It seems that Google wants to make using app bundles a requirement for new apps on Google Play in 2021:

This would mean developers have to upload their signing keys to google play even though there's no technical benefit in doing that. You can achieve the same efficient download sizes by using bundletool locally and uploading all generated apks. But it seems google will stop allowing that and just wants your signing keys.

@fdroidorg THAT'S WHY I don't want to use AAB.

Let developers split APKs and upload it to Play Store. Why I should compromise my keys?

Also, what's FDroid plan to support split APKs?

@a1batross They work, but currently increase the maintenance overhead significantly. THe issues tracking that is here:

@fdroidorg Google is slowly but surely walling off their garden, it seems. It wouldn't surpise me in the least if they're going to crack down on sideloading in the future, which would be the point at which I'll stop using Android.

If I was in the market for a completely walled off garden, I'd choose Apple.

@fdroidorg Doesn't centralise all the signing keys makes it a terrible terrible terrible idea from a security point of view? If someone manages to leak them it would wreak havoc in the app ecosystem. I'll start preparing popcorn while I wait for it.

@fdroidorg What's the point of a signing key if you have to give it to Google anyway? They might as well just generate a signing key for you transparently.

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!