These two days, there was a news that "Xiaomi proposed to prohibit Android phones from extracting APK files, which was rejected by Google". The news said that a tweeter named mishaal Rahman on the Internet broke the news, saying that Xiaomi developers "intend to completely prevent Android device owners from copying APK files from their phones".
The reason for this is that APK may contain some private resources. In order to protect user security, it is best to obtain APK only from Google play and trusted third-party application market.
Many netizens who don't know the truth directly blew their hair when they saw this. I came for Android's free and open ecology, which is loved by the people. Do you think Xiaomi wants to engage in closed ecology?
But in fact, I looked at the developer's code carefully and found that it only restricts device users from extracting APK files by using ADB shell (the command-line development tool used when debugging applications on computers).
For Android users in Chinese Mainland, this operation must be familiar: you have a favorite game, but you can't find a place to buy it or don't want to spend money on it.
So you will go to a crowdsourcing website to find the APK of the game and download it to your mobile phone for installation.
So where did the APK on the website come from? Those who have purchased the game restore the game into an installer by means of ADB shell and so on.
The developer's proposal is to prevent cracking the anti-theft version.
This is completely different from the previous essence of "completely preventing Android device owners from copying APK files from their phones". Because these two lines of code will not affect the operation of users downloading APK from a third party or transmitting APK to each other and installing APK.
As a result, this starting point was misinterpreted and made a big news, which attracted a lot of scolding.
As for why Google disagrees, one reason is that these two lines of code are not so practical.
According to foreign developers, this practice can only stop ordinary users. Users with certain technical ability can extract APK with ADB pull as before by installing a debug version of Android system.
As long as one or two people install the debug version of the system and extract the APK for sharing, this protection measure will be useless.
It's like you confiscate the keys of all the residents in the world, but as long as there is a locksmith, the residents can finally enter their own house.
Coincidentally, the vast majority of ordinary users usually do not use ADB to capture all kinds of software. Those who do this are a little level users. This code can't stop these technology parties at all.
If we take a closer look at the messages of both sides under this project, we can find that the essence of this storm lies in the difference between the application market ecology of the two places.
Xiaomi developer proposed that he always felt that it was unsafe and inappropriate to export data directly, and took those paid download applications as examples
For example, after a person pays for an app, he grabs the APK and puts it on various platforms for others to download and install, which brings huge losses to developers.
However, foreign developers think it has nothing to do with what users do. Those paid applications should check whether users have paid. For example, you can judge whether the app has been paid by querying the purchase record of Google play account, equipment and installation program.
This is because there is a relatively unified application market of Google play overseas, which is almost monopolized. This operation is common sense in the eyes of foreigners, but it is not applicable to the Android ecological environment in Chinese Mainland.
Looking at Chinese Mainland, in so many application markets, which one do you think is the "largest"? I'm afraid it's hard to have a specific answer.
For example, I spent money on an app in the Xiaomi app store last year, but this year I changed my Huawei phone. If I install that app on Huawei's mobile phone, there will be no purchase record in Huawei's mobile phone application market.
However, as an Android user, it is very common to change the system every other year. I am a genuine user who has paid for it, but I have become a pirated user at Huawei. Who can stand it?
In view of this situation, the Android application market in Chinese Mainland basically has no ecology of paying for downloading, and developers cannot rely on the app store to determine whether current users have paid.
It is good for manufacturers, software development companies and independent developers to have a perfect ecology of paid download applications. Unfortunately, the fundamental problem can not be solved by two lines of code.
In addition, Xiaomi developers also mentioned another problem, which is about the leakage of resources such as pictures in APK.
Because APK is essentially a compressed package, users change its suffix to Zip and so on can be easily decompressed, and then you can use some pictures inside. This will involve copyright issues.
The answer of foreign developers is also very direct: picture resources should be protected by copyright law.
From the beginning, the Xiaomi developer raised his doubts: under the high authority of the developer mode, it is a very dangerous thing that all the data in the user's mobile phone can be extracted.
Moreover, everyone can see these data through APK. These data belong to the user's personal privacy, and the third party should not have this permission. Therefore, he made some restrictions with those two lines of code.
At least on the surface, the developer is thinking about user privacy. But in fact, foreign developers think that the things in APK are not private resources at all, and their code can't stop people who really want to see these resources.
Anyway, after a long discussion, the proposal was finally rejected by Google.
On the surface, the two sides stick to their own words and cannot understand each other. In fact, the essential reason is very simple.
To put it bluntly, the Xiaomi developer initiated this modification because he saw some problems in the Android system itself and listed the reasons one by one It's just a pity that these problems are not a problem in the eyes of foreign developers. Moreover, the code is not good enough. Naturally, there is no need to talk about solving the problem
In fact, the way to protect charging applications is not to raise the extraction threshold of APK. No matter how high your threshold is, there are experts who can cross it. Instead of doing these things, it's better to think about how to build a more reasonable charging verification system for applications.