Maybe I'm misunderstanding something, but we are talking about non-rooted consumer Android, right? Google <i>already</i> has complete control over those systems. That hypothetical oppressive regime could simply ask then to embed their spyware in the next OS update (or have them remote-install a spy app of their choice via the normal play services process[1])<p>What more potential for abuse would this change bring that isn't there already?<p>[1] <a href="https://www.quora.com/How-Google-play-remote-installation-of-android-apps-works" rel="nofollow">https://www.quora.com/How-Google-play-remote-installation-of...</a>
Personally I would say App Signing is the smallest worry. Far bigger are:
1. Mandatory XCode for iOS build/debug
2. Mandatory yearly payments for Apple if you want to release iOS App
3. Mandatory DRM for iOS apps, even for Open Source apps
4. Horrible Apple certificate/provision profile system if you have multiple devices
This is exactly how iOS works today; in fact Apple recommends you upload your LLVM IR to them and tag your assets as well so they can recompile and recombine your apps for hardware you don't know the existence of yet. Which is nice if you trust Apple…if you don't, then it is very difficult to actually verify that what you're downloading from the App Store is actually what you submitted to the company. With resigning and FairPlay and all the wrappers that Apple applies, it is <i>really</i> difficult to do any sort of verification here :(
I’m starting to question the whole app store distribution mechanism. The web is clearly not the best platform for mobile, but as mobile developers, maybe we should make a stand and only develop for the web. Pushing mobile os manufacturers to improve their platform for web, instead of having us cooperate to publish in their own private garden.
Linux distros work this way. Some group of people (distinct from sw authors) compile and sign the packages, and distribute them.<p>I guess in this case the code will not be publicly available, so regular joe will not be able to inspect and recompile.<p>So rather than app signing, the real issue here is lack of trust for the company.