I see this kind of sentiment on HN a lot and it's weird to me. Like, what's the issue with discussing on a hacker forum ways that Google is making Android worse for hackers? Especially considering the alternative is iOS and it's much worse in that regard.
"Exception" has a meaning. Exceptions are supposed to be used for just that, unexpected situations. Not being able to parse something is not an exception. It's a normal thing. RegEx doesn't throw an exception when there's no match. Array.indexOf doesn't throw an exception when it doesn't find a something.
It's really nice to able to go into the debugger and say "stop on all exceptions" and not be spammed with the wrong use of exceptions
An invalid URL in a config file is exceptional. An invalid URL typed in by a user or from an external source (eg the body of an API request or inside of some HTML) is Tuesday.
Null checking can be fine if a failure mode is unambiguous. However, if an operation can fail for many reasons, it can be helpful to carry that information around in an object. For example with URL parsing, it might be nice to be able to know why parsing failed. Was it the lack of protocol? Bad path format? Bad domain format? Bad query format? Bad anchor format? This information could theoretically be passed back using an exception object, but this information is eliminated if null is returned.
Unfortunately this installs it as a user cert and only works for app that explicitly request it. To work everywhere you need to install it as a system cert which requires root
Interestingly ios (which is generally more locked down for dev stuff like this) allows users to install certs for all apps without jailbreak
Yes, well, this is a story about American senators being contacted by their American constituents about an American bill that will affect how Americans interact with this app while in America. So it is a bit relevant here
True, but any US ban will have effects beyond just the US. It's also important to remind folks that what TikTok is doing is no different than what Meta (et.al.) is doing.
If cloudflare have thr certificate’s private key and are advertising the A record they have access to everything you send, from emails to credit card numbers.
This is incorrect, if you distribute an app outside the play store you do not need to use their payment system, even by the letter of the law. The rule specifically applies to play store apps. It's common for developers of more technical apps (like VPN apps) to publish two nearly identical versions - one to the play store that doesn't support iap and one to f-droid/their website that takes payment via credit card.
It's possible the people writing this complaint may be referring to the fact that you can't link to or reference those options from the play store edition of the app, but I think they might just be misinformed.
There is a compounding effect of this though, the fact that the Play Store doesn't allow this greatly dampens development of libraries that would make it much easier for developers to add this functionality to their apps, making people more likely to rely on the Google's payments and just dealing with its cut.
You can believe it's fair, what you can't do is claim they support aftermarket app stores while they also take actions to stamp them out. You have to acknowledge that the situation Google has created conveniently and heavily discourages aftermarket app stores on multiple levels. You are effectively obligated to publish on the Play Store, and in doing so you face increased maintenance burden for creating non-Play versions.
Google doesn't "stamp out" side-loading. They don't make it immediately obvious (and they don't have to), a user so concerned needs to dive a little into the operating system and permit them, but the option is there for anyone interested.
This is in stark contrast to Apple where you may not do anything outside of the One Apple Way(tm), which in this case means you will go through the Apple App Store or pound sand.
They have deliberately and knowingly made it difficult by showing warnings and making users jump through hoops. I think evidence that it was deliberate and intentional was revealed in one of the many lawsuits in the form of meeting notes and reported speech, if I remember right.
Not stamping out side-loading, although that is heavily impacted by many of the same issues, but stamping out aftermarket software stores.
Apps installed from aftermarket stores:
- Cannot auto-update themselves, it requires user intervention for every individual app for every individual update.
- Cannot update at all if they were initially installed from the Play Store without uninstalling and losing all data in the process.
- Require multiple hoops and scary messages for the average user.
- Require extra maintenance burdens for the developer who essentially has to maintain two forks of the same application, further complicated by point 2.
- The payment issues mentioned upthread.
All of this makes aftermarket stores second-class citizens, all the while Google claims it welcomes them with open arms. Aftermarket stores aren't the only area where Google does this, either. Plenty of Android-of-yesteryear's customizability and openness has atrophied heavily while Google continues to profit off the bitrotting scraps that are left.
Google knows that they just have to make it inconvenient enough that 99% of people won’t do it (or really even know it’s an option). So yes, if you squint really hard you can kind of make it look like Google is a good guy here. But if we’re talking about how it actually pans out in reality, Google is no better than Apple.
Gogle can do whatever they want to qpython and termux, 99% of the population will not care at all