The "feature" isn't being rolled out to the US yet, so it doesn't appear that any official statement has been made one way or the other by the US government.
Google is orchestrating buy-in with world governments. They've already signaled that this is happening everywhere, no matter what, and its just a paced rollout unfortunately.
Yeah, it is pretty amazing but not surprising. The Register has taken to a certain kind of sensationalism as of late.
I found this interesting:
> "Every piece of code written by Russians isn't automatically suspect, but popular packages with no external oversight are ripe for the taking by state or state-backed actors looking to further their aims," Smith told us in an email. "As a whole, the open source community should be paying more attention to this risk and mitigating it."
Uh, I guess? The nature of open source is supposed to be that the dev provides the effort and the code, and that's where the guarantee stops. It is up to the people who uses it to implement and ensure security. People treat OSS like it is a business product that must have drop-in replacement ready at all times.
The modern nature of development is perhaps my biggest gripe as a professional. There is little care given. Projects begin with importing dozens of other packages and libraries that we never look at, let alone fully understand. And it is normalized.
Duke is also trying to merge its two NC operations into one entity.
NC also gave Duke permission to pre-charge customers for infrastructure which isn't built, and has no guarantees of being finished. Specifically, power plants.
And before people say: this won't happen. It literally happened in other states with Duke, a company that continues to charge customers for years for plants it has long abandoned even breaking ground on.
If you live in one of the handful of cities with municipal power: hold tight. The prices are already crazy in NC when comparing Duke areas (almost all of the state) to the handful of municipal energy areas (Apex, Wake Forest, High Point, etc). Duke will have charges around $0.16-$0.25kwh with surge pricing doubling that easily. But the municipal energy areas often have flat fees, the cheapest of which that I found is $0.08kwh.
The research linked in the article said some areas of Virginia (where there are lots of data centers going online) can expect a 25% increase in energy rates. That's insane. People need to prioritize living in areas where the community cuts out the entities like Duke, or rightfully handcuffs them with municipal-level contracts to keep rates reasonable.
And thus accelerates Google's push away from APKs, preferring instead for all developers to embrace their proprietary App Bundle format. Complete with ad hoc signing performed by the Google Play store at time of download. The bundle is also customized to the device, meaning an .aab file ripped off a device won't necessarily be loadable on another device since it could have different configurations/hardware that happen to limit it.
I think anyone who works as a dev knew this was Google's endgame the moment they started circling the wagons with the app bundle stuff. It was already getting weird before that, but it was uncharacteristically out of step with historic Android.
> The bundle is also customized to the device, meaning an .aab file ripped off a device
.aab-files don't ever make it to devices, they're just for transporting the app from the developer's system to Google for further processing and then pushed back out to devices as regular .apk files (albeit indeed split up across multiple files).
> won't necessarily be loadable on another device since it could have different configurations/hardware that happen to limit it.
For the purposes of independently archiving apps it is a bit annoying, sure, but the only hard dependency is having the correct CPU architecture for apps containing native code, and in practice almost everything runs on ARM, with only the 32- to 64-bits-transition providing some potential roadblocks. (Or I suppose if you wanted to run an app taken from a phone on an x86-based emulator.) Otherwise, you'll "only" be missing additional languages and display densities for graphics resources, but the system already needs to be able to fall back to whatever language and graphics resources are available in case the developer didn't even include them in the first place.
Plus for a while Google itself had a feature in the Play Store that allowed sharing free apps to nearby devices via Wifi, including apps with split APKs. (Though I never tried it in practice and it seems that last year they removed that feature again, so yeah…)
Interesting choice to cherrypick and then straw man one part of one example.
They didn't say the government should get to decide where someone drives; it was the OEM, BMW in their example. That is basically what Google is doing here by locking down a previously open-ish platform.
Having a license doesn't mean you are restricted in where you can go unless we start considering the fringes like provisional (learners') permits complete with curfew. Therefore, your example doesn't fit. But OP's does, because it is equivalent to asking "do you think your refrigerator should refuse to cool items manufactured by an entity it doesn't like... to Keep You Safe(tm)?" Maybe you buy from non-verified cottage industry workers at the local farmers market. People who maybe didn't upload their PII and licenses to the refrigerator manufacturer, so it refuses to operate until you remove the offending item. Out of the utmost respect for your safety, of course.
Imagine if Charter Communications/Spectrum decided to block you from using their service and modem/routers from accessing any media created by Universal (owned by their rival, Comcast). It doesn't really have anything to do with safety, but they could pearl clutch and blame it on some risqué content that Universal releases via its imprints.
Google is orchestrating buy-in with world governments. They've already signaled that this is happening everywhere, no matter what, and its just a paced rollout unfortunately.