Android @lemdro.id Nemeski @lemm.ee 2mo ago

Apps can now block sideloading more easily and force downloads through Google Play

www.androidauthority.com Apps can now block sideloading more easily and force downloads through Google Play

The Play Integrity API has made it easier for apps to check whether you installed or bought them from Google Play.

100

You're viewing part of a thread.

Show Context

100 comments

It's the same system, it's all part of play integrity. And that also applies to this bullshit, why does McDonald's care if I didn't install their app from the play store?
- Can't you use the website instead? Is the MCDonalds app necessary for orders? I use hermit to sandbox webapps for services which do not require a app.
  
  Oh I don't know if mcdonald's specifically does this, I've never used the app, I just used it as an example because that's what the guy above was talking about as well.
  
  IIRC they did coupons exclusively in their app a few years ago where I lived (haven't checked since), and they hiked the price of everything, so if you don't install the app, you get a 20% surcharge in effect.
  
  That goes for every single shitty chain store as well.
- Why should I know? I'm not a McDeveloper.
  
  If I had to guess, I'd assume it's because there's a payment system in their app and they don't want people monkeying around with it and stealing food.
  
  McDonald's was just an example, the point is most apps don't need to do that at all.
  
  I do happen to know how payment systems like that work, and thankfully those are all cloud-based, the only thing the app does is start transactions and check with the server if they're paid. If they implemented it well, as I suspect a big corpo like McDonald's probably would, their own order screen also checks server-side if orders are paid. Not much you can do from the app side to mess with that.
  
  the only thing the app does is start transactions and check with the server if they’re paid
  
  Yeah, but the whole PCI DSS thing means that the app must still be secured. That doesn't necessarily mean that it has to be tied to Google Play, but explain it to them.
  
  Afaik that only applies if the app is processing payments, which in this case it shouldnt be.
  
  A lesser standard still applies if it either embeds or redirects to a payment page. Again, shouldn't mean shit, but still.
  
  🤡
  
  If apps like fidelity will run on aurora store withithout safety net and other bullshit, then shiti McDonalds app can take the risk too.
  
  You are poorly educated on the iseue or a bootlicker

100 comments