Neither developers nor consumers should be comfortable with this, as this breaks the trust model and is extremely worrying. The site is of course downplaying it given its name, which is a huge shame.
Speculation for fun: I always thought popular apps can use private apis or are handled in a special way by the OS itself. If yes, perhaps this is related.
Then again I found no source for that - and some certificate rollover seems more likely.
FTA: “The update text is appearing on apps that have not been updated in some time, as well as apps that received recent updates, so it's not clear what the apps have in common.”
⇒ I think that’s unlikely. If some optimization got broken that produces results that bad that it has to be fixed, users would have noticed in those apps that “have not been updated in some time”.
Then again I found no source for that - and some certificate rollover seems more likely.
⇒ I think that’s unlikely. If some optimization got broken that produces results that bad that it has to be fixed, users would have noticed in those apps that “have not been updated in some time”.