Hans-Christoph Steiner @eighthave@librem.one
Joined Aug 2019
#Google presented their AI-based app review at #DMAWorkshop. Many apps are falsely flagged by #GooglePlay. Lots of trusted app developers built their reputation on free and open source software #Nextcloud #Signal #Thunderbird and more. These developers welcome more scrutiny on their source code. Why doesn't Google Play allow app developers to upload source code to provide more accurate reviews? How about requiring Google's own apps go through the same review?
Given that technical details are key to many of the questions of #DMA enforcement, why doesn't #Alphabet include technical staff in these compliance workshops? It feels to me that they want to stick strictly to an evasive legal strategy rather than constructively engage with the technical community around #Android.
#Google #DigitalMarketsAct #DMAWorkshop #EC #EuropeanCommission
A question to #Google about whether they could allowlist apps for sideloading they know to be legit. They punted and gave a weak attempt at a technical reason. They say their is a 100 million apps out there, so how could they ever? And malicious apps can impersonate the Application ID. Sure, true, but they could also allowlist based on all the signing keys, which cannot be simply faked and they already manage in #GooglePlay
#DigitalMarketsAct #Alphabet #EuropeanCommission #EC #DMA #DMAWorkshop
https://eupolicy.social/@ilumium is posting lots of key info about the #DigitalMarketsAct Follow him for more!
Good morning from the #EuropeanCommission #DigitalMarketsAct compliance workshop on #Alphabet that is focused on things like #Google #search #browser choice #GooglePlay #Android and more.
When does #Apple plan to fix the security issues that only affect third party browsers? #Safari is not affected by these leaks but it affects all the other browser vendors. Eg:
* Inability to tunnel like Safari does, hence protect user's privacy
* Tunnel audio/video traffic
* Stop leaking IP addresses through share sheets and WebRTC
An open call to #Android #developers! The #EuropeanCommission needs help evaluating #GooglePlay's #security claims. I'm going to do what I can. Anyone with knowledge of how app installation, uninstallation, sandboxing, signing, etc. could really help here. If you want to contribute, please reach out!
I think #Apple's strategy is just wast everyone's time and delay so they can push things through the courts. Their #monopoly profits on #iOS are just so vast that this approach will mean biggest profits than actually engaging with the democratic process and complying with the #DMA . It feels almost pointless listening to Apple's answers, they mostly just rehash more marketing points and waste time with blah blah.
#Crowdstrike is a great example for how not to do interop. #microsoft acknowledged that and changed their malware scanning interop setup so that all scanners, including their own, no longer have highly privileged access to the operating system.
#Apple comes out fighting again, lots of stalling and pure marketing claims rather than concrete answers.
#Google funds this #EU think tank to put out policy papers saying #DigitalMarketsAct will break their lovely #PlayProtect scare screens, making us all less safe and "it require[s] Google to allow developers to insert links inside their Play Store apps".
https://ecipe.org/publications/eu-dma-undermine-security-mobile-operating-systems/#_ftn13
As I've always said in relation to the #DMA, let @fdroidorg compete on trustworthiness. I'd love to see this think thank include analysis malware rates of #CalyxOS with #FDroid and compare that to #GooglePlay #security
This is the example of the kind of feature that the #DigitalMarketsAct is driving #Google to implement. It could have been implemented long ago, but there was no pressure for Google to do so. Notice how they implemented it in #PlayServices, not Android. Apps that implement this are then tied to Google's proprietary stuff. That's their way of maintaining control of the ecosystem. https://www.theverge.com/2024/11/21/24302562/android-restore-credentials-transfer-restore-key
On my own time, I have to read a ~50 page document produced for the #EuropeanCommission in order to effectively participate in a two hour meeting where #FDroid is pitted against #BigTech on the #DigitalMarketsAct and its requirements around installing and allowing other #AppStore options.
Its all NDA'ed so I can't ask for help.
This game is really rigged for the megacorps. Wish me luck! Here's to fighting the good fight!
More fun with #DigitalMarketsAct meetings! This time I'm in some meetings organized by the European Commission, run by a super expensive, multi-national consultancy. We are in with well paid representatives of #BigTech, some academics, and a couple public interest techies like me. Volunteers like me are again driving the key points that will make or break the #DMA. I applied to #FordFoundation to fund our work, but was rejected. How can we in the #EU get more people paid to represent users?
So maybe #PlayServices is a special case here, maybe not. But all of the apps that #Google requires to be in the bundle do not require special privileges, so can easily be built into Android devices in a way where they are easily uninstallable, e.g. disabled and deleted. I'm thinking Maps, Gmail, etc.
After 2018, #Google stopped publishing data about malware coming via sideloading. Today in the #DMA workshop they made big claims that sideloading is much more likely to be malware. Since they are making claims based on that, they should again release that publicly.
https://transparencyreport.google.com/android-security/overview
#Google said it has no involvement of OEM's including app stores by default. To ship an #GooglePlay device, it has to comply with secret NDA'd "GMS Compliance", which requires OEMs to justify to Google pre-installed app store needs to access the same APIs that Play uses to install and uninstall apps. Somehow, I don't think Google will stop requiring OEMs be granted permission by Google to include the app stores of their choosing.
Joined Aug 2019
