VideoLAN @videolan App Stores were a mistake. Currently, we cannot update VLC on Windows Store, and we cannot update VLC on Android Play Store, without reducing security or dropping a lot of users… For now, iOS App Store still allows us to ship for iOS9, but until when?
TIL that my country has bended over the copyright trolls and blocked Archive.is, need a VPN to view…
Okay, but are they still releasing updates via other channels? The newest version on their website is 3.5.4, the same that I got through the play store.
But why is fdroid so behind?
I don’t think app stores are the problem. I think big company app stores are the problem, such as the Google Play Store and the Apple App Store. I think something like F-Droid where you can add your own app sources or Droid-ify that has a ton of sources by default you just need to enable is the way to go.
Fdroid is the obvious answer me thinks. Anyway love you guys/gals at videolan still haven’t come across a piece of software that destroys every other in its field in every aspect.
I dont think that works for windows?
On Windows you should be downloading from the website.
Thats not secure. Isn’t the pount of the Windows Store that packages are signed by developers and verified when downloaded?
deleted by creator
You can pay a one time fee if $25 to get Microsoft to sign your app on the Microsoft store, or you can pay $400+ per year to buy your own certificate. So Microsoft Store is sadly the cheap way to release apps on Windows. (Without users getting scary warnings from Windows and AV about installing unsigned aoftware)
deleted by creator
The certs are sold by certificate authority companies, and Microsoft doesn’t get a share of that, though I’m not sure.
Yeah, software being signed says nothing about it not being malicious or insecure, but it does prove the author is what it says, and if it is malicious then the responsible party is clearly visible.
For non-commercial hobby/open-source software the certificate price is prohibitive, so the only 2 options are Microsoft Store or accepting that users will see the scary warnings, and of course complain to the developer about it.
You don’t have to use the visual studio to package in MSIX
deleted by creator
Reminder that VLC is on F-Droid
They’ve not updated it there either though. It seems to be less of a case of can’t update Android and more of a case of won’t update Android
From their Twitter:
If you wonder why we can’t update the VLC on Android version, it’s because Google refuses to let us update:
- either we give them our private signing keys,
- or we drop support for Android TV before API-30, and all our users on TV API<30 can’t get fixes.
It’s not much, just dozens of millions of people use Android TV before Android-11…
Maybe we should tell users to buy new TVs? #electronicWaste
I can’t speak to why they’re not updating on FDroid but seeing as how it’s much more difficult to get people to use FDroid on Android TV, I don’t think it will help them with that issue anyway.
Google requiring their private signing key is insane, and goes completely against the concept of private/public keys.
Why is Google asking for this?
See also: NSA PRISM
Member when all the companies listed released a PR statement within 24 hours of each other, all very basic and denied allowing the NSA direct access to their users?
I member.
C-I-A Confidentiality, Integrity, Accessibility. They don’t need the keys for C or A. Only one option remains. To modify the code and pass it off as code VLC wrote or signed off on.
Likely to install malware and re-sign. Brazen identity theft.
Maybe I’m wrong, they could use VLC’s private keys to gobble encrypted communications too.
What exactly is the issue preventing them from updating the Android version?
Also, if that’s the case, it sounds like “App stores were a mistake” is a bit misleading, since the particular app store isnt the problem.
Basically, modern app stores have changed how they work and now require the signing keys, VLC feel this is a bad thing and refuse to update. Banks are okay with it, but VLC feel more strongly than banks.
Banks are okay with it, but VLC feel more strongly than banks.
I mean banks are known for horrible security practices all around so that makes perfect sense.
Banks aren’t run by the people that develop the apps. They have no idea what a signing key is, they just want the app available and updated.
In addition to the private key thing, the Play Store is requiring them to drop support for APIs older than API 30 unless they provide the key.
Which in effect means VLC can no longer be updated on AndroidTVs running Android 11 or earlier.
Which is millions of customers, according to VLC
Shit, my own TV is not even on android 10
I know at least one person who’s phone isn’t even on version 10.
and yet the fdroid version was updated last month!
I just checked it’s 23 February 2023. Last year…
