this post was submitted on 12 Oct 2023
267 points (93.5% liked)

AssholeDesign

7575 readers
1 users here now

This is a community for designs specifically crafted to make the experience worse for the user. This can be due to greed, apathy, laziness or just downright scumbaggery.

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] WolfhunterGer@feddit.de 213 points 1 year ago (7 children)

KDE Connect is also available through Google Play and most likely signed with a different key as the F-Droid Version. Since Play Protect checks the App signatures, it probably detected this discrepancy and determined the App was fake. Not really an Assholedesign as this is a valid concern if a normal user downloads an app from the internet.

[–] gressen@lemm.ee 35 points 1 year ago (3 children)

On the other hand it's a valid case to have the app installed by means other than the play store. I can't imagine they have found this discrepancy in signatures for the first time.

[–] Jajcus@kbin.social 5 points 1 year ago (2 children)

Probably most other apps are correctly signed with the same certificate on both sites.

[–] leinardi@lemmy.world 25 points 1 year ago (1 children)

No they are not: F-Droid builds a signs the apps independently. Source: I have apps on both stores.

[–] JoeyJoeJoeJr@lemmy.ml 11 points 1 year ago

You can actually sign the F-Droid app yourself, if you use reproducible builds.

There's reasonable odds the signatures still won't match though, because Google requires App Bundles now, and then they build and sign the APK, rather than allowing the developer to build and sign their own APK.

Technically you can use the same key (see "Best Practices" of this page), but it's kind of shady, and requires giving your private key to Google.

load more comments (3 replies)