Skip to main content
“Google would have to monitor all apps outside the Play Store that it has previously reviewed.”

Dr. Qian is asserting that Android would be less, not more safe if it notarized apps because they could become compromised over time — requiring Google to follow up.

He also suggests users could be desensitized to the new warning screens and just click through. (But doesn’t that apply to any warning screen? What’s the point of mass warning screens at all if we assume desensitization by default?)

And, he suggests, a bad actor could steal the key to sign bad apps, making them look like good ones. He says that’s not just a theoretical risk.

(I’ll point out that a Microsoft signing key got stolen and led to the theft of US government emails.)