Code Transparency and ensuring verifiability for apps

Whatnoww

Since Google has introduced new Play Signing requirements, how do we ensure that new apps on the Play Store aren't tampered with by Google? I've seen that Google has somewhat thought about this in the form of Code Transparency: https://developer.android.com/guide/app-bundle/code-transparency

But does this actually provide any guarantee's at the system level? App signing requirements at least meant that the OS would protect you from threat models where Google is trying to send you a targeted APK due to the OS rejecting the non-developer signed package, but does Code Transparency do anything at all outside of being able to verify after being compromised?

de0u

Whatnoww I wonder if AppVerifier checks the developer signatures. I looked quickly at the documentation and couldn't tell. @soupslurpr ?

soupslurpr

de0u checks them for Play App signing? No.

de0u

soupslurpr Thanks for replying so quickly. So it seems as if end users may not have an easy way to check Google.