Overview here
The new owner of the repo has a fresh github account and apparently has the signing keys from Catfriend1 too.
Time will tell if they are trustworthy, but for the extra paranoid it might make sense to pause updates for a while.
Overview here
The new owner of the repo has a fresh github account and apparently has the signing keys from Catfriend1 too.
Time will tell if they are trustworthy, but for the extra paranoid it might make sense to pause updates for a while.
this entire thing has made me really rethink whether I want to swap to the new repo or not.
Why was there no communication about it. The gplay repo maintainer wasn’t informed of anything, no public notice to anyone was given, just a transfer of the repo and a status issue here explaining it.
Obviously the act is genuine as they were able to keep the original keys but like, this entire system seemed really sketchy.
It’s likely because the app will no longer be distributed on Google. They likely removed the Google play signing keys and configuration, which is completely fine. I’ll have a look over their changed when I get home, but I doubt it’s anything nefarious.
I also ditched this stuff when Google decided to start asking for my drivers license and will no longer distribute my apps within their closed marketplace.
I wish it was only the drivers license, I had to give up my Android dev account too because having my private home address + phone number + email publicly available on the dev profile page is completely unacceptable
Yeah exactly, where does it end? next they will be asking for more. I’ll just distribute APKs elsewhere.