• WolfhunterGer@feddit.de
    link
    fedilink
    English
    arrow-up
    14
    ·
    1 year ago

    KDE Connect is also available through Google Play and most likely signed with a different key as the F-Droid Version. Since Play Protect checks the App signatures, it probably detected this discrepancy and determined the App was fake. Not really an Assholedesign as this is a valid concern if a normal user downloads an app from the internet.

    • deweydecibel@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      edit-2
      1 year ago

      It could just ask before removing shit. Remove the permissions, freeze the app, prompt the user to confirm they meant to install it from somewhere other than the playstore. Hell, since it can detect F-Droid is installed, maybe use some context clues and ask the user to confirm this app was installed from there?

      More importantly, can you tell it to ignore certain apps? I don’t know, I’ve had Play Protect turned off forever. If not, that’s absolutely asshole design.

      • glibg10b@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        More importantly, can you tell it to ignore certain apps?

        Yes, but it stops ignoring them after a while

    • gressen@lemm.ee
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      On the other hand it’s a valid case to have the app installed by means other than the play store. I can’t imagine they have found this discrepancy in signatures for the first time.

      • Jajcus@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Probably most other apps are correctly signed with the same certificate on both sites.

        • leinardi@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          No they are not: F-Droid builds a signs the apps independently. Source: I have apps on both stores.

          • JoeyJoeJoeJr@lemmy.ml
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            You can actually sign the F-Droid app yourself, if you use reproducible builds.

            There’s reasonable odds the signatures still won’t match though, because Google requires App Bundles now, and then they build and sign the APK, rather than allowing the developer to build and sign their own APK.

            Technically you can use the same key (see “Best Practices” of this page), but it’s kind of shady, and requires giving your private key to Google.