Why did Xiaomi developers submit two lines of code and were sprayed by netizens?

In the past two days, there has been a hot news about “Xiaomi proposed to ban Android phones from extracting APK files, but Google rejected it”.

According to the news, a tweeter named Mishaal Rahman broke the news, saying that Xiaomi developers “plan to completely prevent Android device owners from copying APK files from mobile phones.”

The reason for this is that APKs may contain some private resources, and to protect user security, it is best to only obtain APKs from Google Play and trusted third-party app marketplaces.

A lot of netizens who don’t know the truth immediately get mad when they see this. I’m here for the free and open ecology of Android. The people love to hear it. You Xiaomi actually want to create a closed ecology?

But in fact, I took a closer look at the developer’s code and found that it only restricts device users from extracting APK files using ADB Shell (a command-line development tool used when debugging applications on a computer).

For Android users in mainland China, this operation must be familiar: you have a favorite game, but you can’t find a place to buy it or don’t want to spend money on it.

So you will go to a crowdsourcing website to find the APK of this game, download it on your phone and install it.

So where did this APK on the website come from? It is those users who have purchased the game, using methods such as ADB Shell to restore the game to an installer.

The developer’s proposal, to put it bluntly, is to prevent cracking and anti-piracy.

This is completely different from the previous “completely prevent Android device owners from copying APK files from their phones”. Because these two lines of code will not affect the operation of users downloading APKs from third parties, or transferring APKs from mobile phones to each other and installing them.

As a result, this starting point was misunderstood, making a big news and attracting a lot of scolding.

As for why Google disagrees, one of the reasons is that these two lines of code are not that useful.

According to foreign developers, this practice can only stop ordinary users. Users with certain technical skills can use ADB pull to extract the APK as usual by installing a debug version of Android.

As long as there are one or two people who install the debug version of the system and extract the APK for sharing, then this protection measure will be useless.

It’s like if you took away the keys of all the households in the world, but as long as the locksmith is still around, the households will eventually be able to enter their own houses.

Coincidentally, the vast majority of ordinary users do not usually use ADB to capture various software. Those who do this are all users with a little level of skill. This code cannot stop these technical parties.

If we take a deeper look at the messages of the two parties under this project, we can find that the essence of this turmoil lies in the difference in the application market ecology of the two places.

The Xiaomi developer pointed out that he always felt that it was unsafe and inappropriate to directly export the data, and took those apps that are paid for download as an example.

For example, after a person pays to buy an app, he captures the package and extracts the APK, and puts it on various platforms for others to download and install, which brings huge losses to the developer.

However, foreign developers think that this matter has nothing to do with what the user does, and those paid apps should check whether the user has paid. For example, you can determine whether the app has been paid for by querying the purchase record of the Google Play account, querying the device, and querying the installation program.

This is because there is Google Play, a relatively unified application market overseas, which is almost a monopoly. This operation is common sense in the eyes of foreigners, but it does not apply to the Android ecological environment in mainland China.

Looking at mainland China, among so many application markets, which one do you think is the “biggest”? It is difficult to have a concrete answer to this.

For example, I spent money on an app on the Xiaomi app store last year, but this year I switched to a Huawei phone. If I capture the app and install it on a Huawei mobile phone, the Huawei mobile application market will not have my purchase record.

However, as an Android user, it is very common to change the system to use it every other year. I am a genuine user who paid for it, but when I go to Huawei, I become a pirated user. Who can stand it?

In view of this situation, there is basically no ecosystem for paid downloads in the Android app market in mainland China, and developers cannot rely on the app store to determine whether the current user has paid.

Having a sound ecosystem of paid-to-download applications is a good thing for manufacturers, software development companies, and independent developers. Unfortunately, the fundamental problem cannot be solved with just two lines of code.

In addition, Xiaomi developers also mentioned another problem, which is the problem of resource leakage such as pictures in the APK.

Because the APK is essentially a compressed package, users can easily decompress it by changing its suffix to .zip on the computer, and then use some of the pictures inside. This will involve copyright issues.

The answer from foreign developers is also straightforward: image resources should be protected by copyright law.

From the very beginning, the Xiaomi developer raised his doubts: Under the high authority of the developer mode, it is a very dangerous thing that all the data in the user’s mobile phone can be extracted.

And everyone can see these data through APK, these data belong to the user’s personal privacy, the third party should not have this kind of permission, so he made some restrictions with those two lines of code.

At least on the surface, the developer is thinking about user privacy. But in fact, foreign developers think that the things in the APK can’t be regarded as private resources at all, and his code can’t stop people who really want to see these resources.

Anyway, after a long time, this proposal was finally rejected by Google.

On the surface, it seems that the two sides can’t understand each other’s opinions, but the reason is actually very simple.

To put it bluntly, the Xiaomi developer initiated this modification because he saw some problems with the Android system itself, and listed the reasons one by one. It’s just a pity that these problems are not a problem in the eyes of foreign developers, not to mention that the code is not good enough, so naturally there is no need to talk about solving the problem.

In fact, the way to protect paid apps is not to raise the threshold for APK extraction at all. No matter how high your threshold is, there are experts who can cross it. Instead of doing these things, it is more realistic to think about how to create a more reasonable charging verification system for the application.