Comment by gumby271
I dunno man, it doesn't feel like a "huge safety win" that my computer has to check with a singular US tech company before it will let me use any software on it.
I dunno man, it doesn't feel like a "huge safety win" that my computer has to check with a singular US tech company before it will let me use any software on it.
Right, Google could revoke that signature at any time and my device would refuse to install that software. The exact mechanics don't really matter, the end result is the same, my device will only install software that one company approves of and can change at any time, huge win for security right?
That's only sorta how it usually works. The developer has to check with a singular US tech company before they can sign the software they've given you.
Except yeah, the way this android stuff works is closer to that way. Instead of Google giving out a key for signing, they instead ask for one and tie a developer to a namespace, so yeah, I guess your Android phone has to check whether or not that namespace is "in the clear"