VideoLAN @videolan App Stores were a mistake. Currently, we cannot update VLC on Windows Store, and we cannot update VLC on Android Play Store, without reducing security or dropping a lot of users… For now, iOS App Store still allows us to ship for iOS9, but until when?

  • deweydecibel@lemmy.world
    link
    fedilink
    English
    arrow-up
    62
    ·
    edit-2
    8 months ago

    From their Twitter:

    If you wonder why we can’t update the VLC on Android version, it’s because Google refuses to let us update:

    • either we give them our private signing keys,
    • or we drop support for Android TV before API-30, and all our users on TV API<30 can’t get fixes.

    It’s not much, just dozens of millions of people use Android TV before Android-11…

    Maybe we should tell users to buy new TVs? #electronicWaste

    I can’t speak to why they’re not updating on FDroid but seeing as how it’s much more difficult to get people to use FDroid on Android TV, I don’t think it will help them with that issue anyway.

    • stoy@lemmy.zip
      link
      fedilink
      arrow-up
      88
      ·
      8 months ago

      Google requiring their private signing key is insane, and goes completely against the concept of private/public keys.

      Why is Google asking for this?

      • Synnr@sopuli.xyz
        link
        fedilink
        arrow-up
        35
        ·
        edit-2
        8 months ago

        See also: NSA PRISM

        Member when all the companies listed released a PR statement within 24 hours of each other, all very basic and denied allowing the NSA direct access to their users?

        I member.

      • Kindness@lemmy.ml
        link
        fedilink
        arrow-up
        27
        ·
        edit-2
        8 months ago

        C-I-A Confidentiality, Integrity, Accessibility. They don’t need the keys for C or A. Only one option remains. To modify the code and pass it off as code VLC wrote or signed off on.

        Likely to install malware and re-sign. Brazen identity theft.

        Maybe I’m wrong, they could use VLC’s private keys to gobble encrypted communications too.