Apps from outside the Play Store? No, because previously your phone had no reason to ask Google anything.
Play store seems to be sending list of all applications to ask for available updates. This is observable because play store offers me updates for apps I installed via f-droid and obtanium.
But now, it needs to check developer signatures to know if it’s a verified developer, and it obviously can’t cache all of them as the size would be insane.
Not how signatures usually work. You check the signing key (certificate) is signed by google key and you fetch a revocation list (banned developers). Of course, google could implement it in the way you suggest in theory, but I find it unlikely, since it would block offline installation for no reason.
They said it would require network access and that they would have a handful of popular apps preloaded to avoid too much disruption so those can be installed offline. In practice that probably means Google apps, Meta apps and other big corp apps.
They also have you register package names with them, not just a certificate.
I was hoping it would be a certificate situation but we’re kind of past Google using the least intrusive and privacy preserving options.
I must have missed that. Well, there goes any possible excuse about security, since they are going out of their way to make it less privacy preserving…
Play store seems to be sending list of all applications to ask for available updates. This is observable because play store offers me updates for apps I installed via f-droid and obtanium.
Not how signatures usually work. You check the signing key (certificate) is signed by google key and you fetch a revocation list (banned developers). Of course, google could implement it in the way you suggest in theory, but I find it unlikely, since it would block offline installation for no reason.
They said it would require network access and that they would have a handful of popular apps preloaded to avoid too much disruption so those can be installed offline. In practice that probably means Google apps, Meta apps and other big corp apps.
They also have you register package names with them, not just a certificate.
I was hoping it would be a certificate situation but we’re kind of past Google using the least intrusive and privacy preserving options.
I must have missed that. Well, there goes any possible excuse about security, since they are going out of their way to make it less privacy preserving…