VideoLAN @videolan App Stores were a mistake. Currently, we cannot update VLC on Windows Store, and we cannot update VLC on Android Play Store, without reducing security or dropping a lot of users… For now, iOS App Store still allows us to ship for iOS9, but until when?
Right. My memory is a bit hazy (I don’t use the store). What I was trying to address was the revenue funnel they built around the environment. MS still gets a cut of the $400 certs, right?
The UX of the scary warning is to make the user feel safe installing signed software in comparison, but there is no guarantee that a signed app does not contain an exploit. It’s an abuse of people’s misunderstandings of security, for profit and user share.
Maybe I should have worked through my thoughts a little more before posting, but hopefully this clarifies my sentiment. And like I said, I don’t use the store at all, so if I still have some inaccuracies then I welcome corrections.
The certs are sold by certificate authority companies, and Microsoft doesn’t get a share of that, though I’m not sure.
Yeah, software being signed says nothing about it not being malicious or insecure, but it does prove the author is what it says, and if it is malicious then the responsible party is clearly visible.
For non-commercial hobby/open-source software the certificate price is prohibitive, so the only 2 options are Microsoft Store or accepting that users will see the scary warnings, and of course complain to the developer about it.