Publish on Google Play Store

[starkle]

Installing apps from the Google Play Store currently provides the most robust chain of trust on stock Android systems as well as GrapheneOS. Installing AppVerifier from there would be more secure and convenient than the currently recommended options for basically all platforms of interest.

Accrescent is currently recommended as the most secure way to install AppVerifier. However, the process of verifying one's Accrescent installation in the first place is basically equivalent to the one outlined for AppVerifier anyway. I believe the recommendation should be the other way around: Install AppVerifier securely (from Google Play Store or manually), then use it to verify Accrescent and your other apps.

[soupslurpr]

I don't think I want to make AppVerifier available on the Google Play Store mostly because of the Play App signing requirement for new apps. This means that the AppVerifier on the Google Play Store would NOT be signed by me and instead be signed by Google.

[matchboxbananasynergy]

One reason to consider Play Store would be to reserve your app's app IDs. Anyone can upload an app with your app IDs, and when they do that, you can never upload them in the future, and they will conflict whenever someone opens Play Store, as they'll be told they have an update for your apps, when it's those copycats instead,

Just something to consider!

[soupslurpr]

I'd do that but the registration is too annoying

[starkle]

Are there specific concerns you have with the Play App Signing requirements? From a user's perspective, I can only think of a couple:

1. The same app being available with different signatures can cause conflicts.
   • Solution: Use a different app ID for the Play Store variant.
2. Google has the power to push a malicious update to people or an individual.
   • This is not a realistic concern for basically anybody. Perhaps a disclaimer could be placed in the app description for those who might be impacted by this.

I think the benefits of obtaining AppVerifier from the Play Store are significant, and outweigh the downsides of Play App Signing.

[soupslurpr]

If Play App signing was optional, I would be fine. My issue is that it is not optional so I must use it. They let you use your own signing key before.

[starkle]

Right, I'm aware of that. I struggle to see what's undesirable about that compared to the significant benefit. AppVerifier in particular when installed from the Play Store would extend that robust chain of trust to all apps, including Accrescent. No apk would need to be manually verified on a separate PC with apksigner again.