• Hey Guest. Check out your NeoGAF Wrapped 2025 results here!

Updated Google Play Store TOS might threaten RetroArch Android

Z

Zombie James

Banned
http://www.twitlonger.com/show/n_1spso0o

"Apps or SDKs that download executable code, such as dex files or native code, from a source other than Google Play."

This would mean no more Core Downloader, since RetroArch relies on dynamic library execution for running separate programs.

I really don't feel like creating a separate standalone app for each and every core that we support, so this alone might kill off RetroArch Android's viability on the Play Store.

I am unsure whether to delist RetroArch from the Play Store or to let it stay there until something happens to it. I don't really feel like jumping through these hoops and self-neutering the app since it really is enforcing a kind of walled garden that is unhealthy to the developer and that really limits the potential of any program to be able to do what it needs to do.

It might remain on F-Droid. I am unsure whether it's worth it to jump through their hoops, it's not as if RetroArch Android has ever made us a single cent, and that was never the intention. But to then have to jump through countless hoops that limit the potential of the app seems like giving up on too much creative freedom and too much effort for little to no gain from our perspective.
Click to expand...

Hm, that's unfortunate. For some reason I thought that "downloading executable code" restriction was always there?
 
The fuck? Android apps from the Play Store could download native executable code behind your back without root? No wonder there is a whole virus ecosystem on Android, jeez.
 
Wowfunhappy said:
Meh?

You can always sideload on Android, right? What's the big deal? RetroArch isn't on Steam either.
Click to expand...

Yeah, I would certainly prefer the Play Store to be a secure source of applications, anything else gets side-loaded at my own peril.

I still can't believe Google let Play Store apps download unverified native executable binaries from 3rd party domains for so long. It's crazy. It shouldn't even be a TOS requirement: it shouldn't be possible at all on a technical level: the fact it is possible means the code signing of the apps from the Store was a completely worthless security measure since they could just fetch new unsigned code from wherever they wanted.
 
M3d10n said:
The fuck? Android apps from the Play Store could download native executable code behind your back without root? No wonder there is a whole virus ecosystem on Android, jeez.
Click to expand...

They would only be restricted to user space though, if they don't got escalation they can't steal critical data or mess with your system --at least not too badly, right?
 
nullset2 said:
They would only be restricted to user space though, if they don't got escalation they can't steal critical data or mess with your system --at least not too badly, right?
Click to expand...

The problem is that the downloaded code didn't go through the security checks performed by Google Play when an APK is submitted and could very well contain code that obtains root access or breaks the sandbox through known vulnerabilities. Even if it's completely innocent, the downloaded code could be vulnerable on its own right. For example, a while ago Google was rejecting apps containing an old version of libPNG because it was found to contain a serious vulnerability, but binaries downloaded from 3rd party servers would still be able to use the vulnerable libPNG since they aren't vetted.
 
It's not that hard to upload all cores to the Play Store separately. It's the right thing to do, plus it might be better for exposure for the emulator itself and will save them on hosting (I'm not sure how they're hosting the cores now, but the download speeds aren't great from my experience).

Seriously, it's probably a net positive.

M3d10n said:
The fuck? Android apps from the Play Store could download native executable code behind your back without root? No wonder there is a whole virus ecosystem on Android, jeez.
Click to expand...
There are built-in systems to protect from malicious code, but the problem is that downloading outside could introduce new security vulnerabilities via outdated libraries.
 
You must log in or register to reply here.

Similar threads

Head of Grove Street Games threatens us something might be coming tomorrow
2
59
454
MrRibeye replied
Nintendo Store app for iOS/Android released (with a neat playtime feature)
32
1K
I collect VHS tapes replied
Playstation Store is garbage
2 3
100
1K
Arsic replied
CloverPit coming to iOS & Google Play on Dec 17
7
417
nowhat replied
Free-to-play Unreal Engine 5-powered cinematic love adventure game Silent Whispers announced for PC, iOS, and Android
Trailer 
11
370
Gonzito replied
Top Bottom