This has already been in place in IOS since 2014 and Android since 2016. And both stores have additional methods such as checksums and file payload lists to enable intergrity. Even the Windows store now with Windows 11 does the same thing
So let’s assume for the moment we are talking about “legitimate” apps that a user might want to install but the developers don’t want to pay Apple’s and Googles significant fees. In your model who maintains, updates and audits what would essentially a good-app, bad-app, unknown-app registry? And who staffs and more importantly funds the resources to manage and maintain it on an ongoing basis?
Answer; It ain’t going to be voluntary and it won’t be without cost either. So does the developer pay a fee to some “body” to get their app recognized by these methods? To me that doesn’t seem fundamentally different than the App stores. Thus my belief that at least right now, the only option to enforce this is legislation that creates and enforces it. Which again is beyond the users control.
One other possible remedy would be that we go back to the days of paid upgrades that “funds” the ongoing resources to implement it. And one of the primary reasons that all of the OS makers stopped charging for OS updates was because many users didn’t upgrade because of lack of perceived value.
Not to mention I’d think you especially, as well as many others would have issues with any costed upgrade to fix what essentially is a flaw that should not have been there in the first place.
“To go a step further, if the .apk is not from the Store, then Google should allow other organizations to register as official signers (eg. Epic) for their distributed .apks. Similar, to the above, the OS will show to the user, that “this app has been verified by [organization]”, the version, and link to the app url. This will clarify the concept that other, reputable organizations can also distribute apps outside the Store— and habitually checking for a reputable source is important .”
See above, and who should pay for the significant costs associated with such as system to maintain it, update it, police it. And who decides… It’s a wall garden by another name.
Great in theory but again how do they actually implement, maintain and “police” this. And who should bear those costs???
SO in regards to “safe mode” that is a staggeringly difficult option to actually develop and maintain both technically and operationally. To start with, most safe modes (think the Windows version many of us are somewhat familiar with) block offsignificant access and features of the underlying OS when running in that mode. Even Microsoft 's flagship app suite Office, is hobbled/restricted to the point of being just barely usable in “safe mode”.
So what if a small 3rd party app requires access to key portions of the OS to even perform even basic functions? Duet, the screen sharing app on Android/windows comes quickly to mind. In your “safe mode” scenario, Duet simply wouldn’t function. So then what?
I agree, conceptually they aren’t. But actually implementing them is far more complex than you seem to believe, for all of the reasons I’ve cited before. And who bears the costs to actually do it? And “Mr Free Market” doesn’t that implicitly create significant barriers to entry?
As I keep repeating myself, this is extremely complex and multifaceted and something I have few solid answers to and which every company in my “realm” so to speak continues to think through and struggle with.
And I’ve already stated my extreme discomfort with what we’ve come to accept as part and parcel of todays operating systems and applications which is that they are never “finished” and that it’s acceptable to release with known flaws and vulnerabilities. And the only way I see to even start to change that is with some type of standards which have to have some type of legal enforcement behind them or they will be ignored
Again I have HUGE problems with all of this, and I’ve been vocal here and in my job about many of these as well. How many times I talked about the Spectre vulnerabilities which are still with us for the most part even in something like Intels Alder Lake which is Intels newest chipset.
TLDR the users already are bearing a disproportionate amount of the burden for their own protection while having little to no access to effective tools to do so. And it ain’t a learnin thang…