This screen that shows on when installing really bugs me. It is purely based on the integer value targetSdkVersion, without considering our security model, public audits results, track record over 10+ years, exclusive use of memory safe languages, or even what our code actually does. It is as if marked anything that comes from Google as containing ads and trackers. 1/2

I will go one step further and say that calling an "unsafe app" by this standard is dishonest. It seems that some at also agreed, since the older version of that screen was honest: "Blocked by Play Protect" instead of "Unsafe app blocked". Looks like the team is still focused on protecting their , this time using scare tactics. 2/2

Show thread

@eighthave I'm against #monopolies, but I fail to see a clear monopolistic behavior here. This check does not prevent running sideloaded apps, but it displays to users that there is some indication of potentially outdated and therefore unsafe apps. The targetSDK version is one of the few (and not that bad) programmatically checkable values.
Increasing the targetSDK version is just good practice, as it tightens the SELinux sandbox of apps and can enforce better/more private API usage.


@mynacol I agree that bumping targetSdkVersion is good when there is no cost. When there is a cost, then devs should do a cost-benefit analysis. The targetSdkVersion sandbox also breaks features that people rely on, means giving users real choices.

Looking at the new screen, it looks like Google has blocked installing the app. Many users have said as much. That's the monopolistic part.

And F-Droid v1.17 will have a higher targetSdkVersion. That cost a lot of dev time and money.

@eighthave What sandbox restrictions break existing features? Maybe we developers have to change APIs/add new permission requests etc., but fundamentally all the stuff the F-Droid client does should be possible.

(Except for the stuff #Termux does, there is currently no method known how to support current targetSDK versions)

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml