158 – Breaking News & Latest Updates 2026
Skip to main content
The homepageThe VergeThe Verge logo.
The homepageThe VergeThe Verge logo.

Sean Hollister

Sean Hollister

Senior Editor

Senior Editor

    More From Sean Hollister

    Sean Hollister
    Sean Hollister
    Epic’s security expert says Epic has paid him roughly $150,000 for his testimony.

    He makes $750 an hour, he tells Google’s lawyer.

    Wonder if a jury will take that into account. Surely, Epic will ask the same question of Google’s expert now.

    Speaking of Google’s expert, a Professor Qian — Google says Qian warned Epic’s expert that agencies like CISA recommend against one of his suggestions (I missed which, sorry), and he admits he didn’t incorporate those warnings into his report.

    Correction: We’re now learning it’s Professor Qian, not Chen. Dr. Zhiyun Qian. I apologize for the error.

    Sean Hollister
    Sean Hollister
    Google is trying to suggest that Mickens is asking the company to enter a “new domain” of security.

    Mickens admits that no popular operating system has ever implemented decentralized notarization but waffles on “new domain,” saying he believes it’s possible for Google to do this relatively easily.

    Sean Hollister
    Sean Hollister
    “Cost to Google: ???”

    “You don’t say how much it would cost Google to scale up its human review teams,” says Google.

    “You don’t say how much Google should charge for a centralized app review process, right?”

    The phrases “Cost to Google: ???” and “Cost to developers: ???” appear on Google’s slide, which is clearly designed to suggest Mickens hasn’t thought his proposal through.

    Sean Hollister
    Sean Hollister
    “In your proposal, Epic would need to come to google and get a token... even on a Samsung Galaxy Phone, correct?”

    Mickens says yes.

    Google’s point seems to be that his proposal would give Google more, not less control and burden, but I’m not seeing the problem with that just yet...

    Now Google’s asking whether Mickens asked any OEM or developer if they’d prefer it that way. “You didn’t ask any OEM whether they’d be willing to accept this change, correct?”

    Mickens says no.

    Google puts a phrase up on the screen: “Would OEMs agree: ???” It appears alongside “Google carries the entire burden for Android App Review” and “Warning screen for any app not reviewed by Google.”

    Sean Hollister
    Sean Hollister
    “In this proposal, Google would bear the entire burden in terms of reviewing apps on Android, right?”

    Google is starting with the expert’s assertion that yes, it is possible to police the internet with notarized apps.

    Here are some of Mickens’ words that are being thrown back at him now, from his written report:

    As a result, Google carries the entire burden for reviewing app, generating tokens, and recalling tokens if, for example, an app that initially passed the review process is later found to be malicious.

    Google is narrowly asking him about his “centralized” approach, though — he also suggested a decentralized one.

    Sean Hollister
    Sean Hollister
    It’s Google’s turn to question Epic’s security expert.

    We’re back from lunch. Let’s see what Google takes issue with...

    Sean Hollister
    Sean Hollister
    Another proposal from Epic’s security expert: Google could notarize apps like PC operating systems do.

    Ever heard of a “signed” application? Mickens says Google has the technology to do the same on Android, either by itself, or by approving third-party reviewing entities to confirm whether apps have been reviewed and sign them to let your Android phone know they’re safe.

    “Would your proposals require Google to police the entire internet?” asks Epic’s attorney, referring to this quote from earlier in the trial.

    “They would not,” replies Mickens, pointing to existing third-party entities like Verisign, Digicert, and GoDaddy — and saying that Google already trusts some of them with websites it displays in Chrome. (I don’t know if I buy that third parties do a good job in the aggregate.)

    Sean Hollister
    Sean Hollister
    In case you’re wondering why I keep calling him “Epic’s expert”:

    Not only did Epic call Professor Mickens as an expert witness (Google will have its own), but the questions from Epic’s lawyer are all in utter lockstep with what Mickens is presenting. Compelling or not — I find the reduced friction compelling! — it’s a fully rehearsed show.

    Mickens has even been asked about the testimony of witnesses that were in this courtroom on previous days, and he’s been ready to go.

    Sean Hollister
    Sean Hollister
    Here is Epic’s (expert’s) proposed alternative to Google’s scare screens:

    “We’re imagining a new world, this is a proposal, it’s not something that’s out in the world right now” he tells the jury, before presenting this mock screen:

    Allow installation

    Do you want F-Droid to be able to install apps?

    Allow Don’t Allow

    Then, if you click allow, and an app has not yet been scanned and reviewed by Google, there’d be a second optional friction screen:

    Allow installation

    The app-to-install has not been reviewed. Are you sure that you want to install it?

    Cancel Install Anyway

    What do you think?

    Sean Hollister
    Sean Hollister
    Prof. Mickens thinks Google should change its scare screens to be “proportional” and “commensurate”:

    We’re seeing this slide on screen:

    Two Core Decisions for User Consent:

    1) Do I want to allow this app to install other apps?

    2) Has the app I want to install been scanned?

    “I agree on a high level that friction, when it’s proportional and commensurate to the risk... is appropriate,” he says.

    He thinks a single screen should be enough to get the user’s informed consent.

    Most Popular

    Most Popular
    1. Meta’s historic loss in court could cost a lot more than $375 million
    2. Apple raises the Mac Mini’s starting price
    3. How the internet’s favorite squirrel dad made the hottest camera app of 2026
    4. These reusable digital Polaroids are a clever way to cover a fridge in memories
    5. AI music is flooding streaming services — but who wants it?