GitHub keeps ignoring the massive feedback telling them the new feed is garbage and I just can't wait for them to kill the secret old feed URL so the extension that brings the feed chooser back will break.
I don't understand Google's threat model for Android.
It assumes that it is more safe to either:
Use stock outdated ROM
Use custom rooted ROM with Magisk to hide tainted bootloader
Use custom ROM with intentionally neutralized SafetyNet that always passes
Rather than using an updated custom ROM with self-signed locked bootloader that will actually trigger SafetyNet if malicious software will tamper with it.
Play Integrity API (SafetyNet's successor) has green status for fully verified, yellow for "you have a locked bootloader but you're on a custom ROM/self-signed", and orange-red for everything clearly bad. But the presence of the yellow state incentivizes developers to not trust anything below the green, and that's what happens in the real world.
Unless I'm missing something, I think it would be better if Google would get rid of the yellow status and considered self-signed to be green.
Google will now require developers to get 20 testers and developers will have to "test" their apps for two weeks before launching into public testing or production.
Sorry but where am I, an indie dev who just publishes my small pet projects, supposed to get 20 testers?
It's almost a school class, is a lot of people to get and sign up for your testing. I'm expecting for services to fake these testers to pop up.
@kauko Now if I do a small tool for myself that I think someone else might find useful, it will be hard to publish it for it to get discovered by people with the same goal.
I think the testers requirement is too strict to try to improve QA and they could use warnings instead, like they already do with apps that crash a lot. They already have public testing with such warning, but now they are putting it behind the “QA wall” too. Or they could make an opt-in filter in search for untested apps.
@kauko And I could rationalize if it was 5 people for example (though still kinda stupid), but 20 people is a huge group to find and incentivize to install.
And my main complaint is that it makes it unnecessarily difficult for small legit devs to publish anything, while malicious devs with low quality apps will easily fake that testing data.
@zorinlynx@Eichi@odoben I did some searching and there's a good chance they changed their online presence name to LearWolf. There are some active accounts under that name.
The trails are blurred and it's inconclusive for me if it's the same person, but highly likely.