Meaning to use your device you need to have a contractual relationship with a foreign (unless you are in the US) third party that decides what you can or cannot do with it. Plus using GrapheneOS is less of an option every day, since banks and other "regulated" sectors use Google Play Protect and similar DRMs to prevent you from connecting from whatever device you want. Client-side "trust" means the provider owning the device, not the user.
Android shouldn't be considered Open Source anymore, since source code is published in batches and only part of the system is open, with more and more apps going behind the Google ecosystem itself.
Maybe it's time for a third large phone OS, whether it comes from China getting fed up with the US and Google's shenanigans (Huawei has HarmonyOS but it's not open) or some "GNU/Linux" touch version that has a serious ecosystem. Especially when more and more apps and services are "mobile-first" or "mobile-only" like banking.
I think Play Integrity is the fundamental issue here, and needs to go. That's the crux of the issue.
Allowing apps to say "we only run on Google's officially certified unmodified Android devices" and tightly restricting which devices are certified is the part that makes changes like this deeply problematic. Without that, non-Google Android versions are on a fair playing field; if you don't like their rules, you can install Graphene or other alternatives with no downside. With Play Integrity & attestation though you're always living with the risk of being cut off from some essential app (like your bank) that suddenly becomes "Google-Android-Only".
If Play Integrity went away, I'd be much more OK with Google adding restrictions like this - opt in if you like, use alternatives if you don't, and let's see what the market actually wants.
It's been that time for years. But it's easier said than done. The closest we've currently got are the various phone-targeted Linux distros out there. But they're not quite ready for serious usage for me; at least not on the Pinephone. Still, that's where to put your time & money if you're serious about wanting a change.
realistically, the end point for moderately tech savvy folks is going to a be two-device setup. one cheap phone for basic communication , all the corpo stuff like banking and shirt-and-tie social media + a wifi hotspot. then a second "practical use" device that uses the hotspot, that you fully control and do your tinkering with.
edit: coming to think of it, teaching people to have a device for the "clean stuff" and separate one for the "stupid stuff" could even turn out to be a benefit.
> Android shouldn't be considered Open Source anymore
That idea died for me long ago, I had used Android since 2009 till 2020. I gave up on the dream of a Linux phone. Ubuntu had a nice sleek Phone UI they were working on. The issue is if nobody builds the phones and no carrier cares, nobody will pick it up. You need to push yourself into the market.
Microsoft could fill this weird gap if they wanted to the key things would be they would have to truly open source the OS. I could see Amazon trying again, but they'd need to invest a lot as well. It's an uphill battle needing a serious flagship phone. Your other problem is most apps need to be migrated.
> "GNU/Linux" touch version that has a serious ecosystem
That is a very hard problem, unless someone with serious name recognition like Linus Torvalds starts to lead that kind of effort, or a big company like Microsoft suddenly decides that putting 1 billion towards GNU/Linux would be in their interest. With small efforts, it will remain scattered.
Crowdfunding has a lot of power if there is name recognition behind the effort. Star Citizen has already gathered $800 million with mostly enthusiasm and a good start. Who is there to lead the effort for GNU/Linux phone development?
Everything coming from China is going to be closed source as well, and it's going to be pretty hard for banks to onboard themselves on open source solutions. I think the ultimate solution is: two phones, one shitty one just for banking/trading/whatever, which only stays at home most of the time, and one Linux phone that we more or less own, for calls/texts/web browsing, which stays with us.
This is the problem - many apps refusing to run on non-blesses platform.
Years ago I loved tinkering with the devices but then I wasn't able to use my bank and it was getting more and more annoying so at one point I just stopped...
The biggest problem are: 1) lack of drivers (so creating custom roms/OS for the devices is problematic), 2) locked bootloaders and 3) many apps requiring PlayServices and other stuff (mostly banks).
There is postmarketOS, it looks awesome but - device support is very lacking and there is no way to have bank and PopularApps (whatsapp/instagram/etc) running on it so it's popularity is microscopic…
Maybe another European Citizen Initiative to force makers to provide those things (bootloader and drivers)?
OpenHarmony is open source. There are also: Ubuntu Touch and Sailfish OS being developed. Actually I am writing this from Sailfish OS. I can login to my bank using a web browser here in the EU. I have Telegram, Signal clients, maps, sideloaded packages, full terminal - I fully control the phone, in contrast to Android. I don't own and don't need Android phone at all. So definitely more people should usealternatives to closed Android/iOS.
I somewhat agree with the protected systems part though. For example, handling payments. Now iOS and Android could both have 0-days that allow fraudulent payments to be made for all I know but there's a certain degree of trust there with 2 large companies.
But then again we still use visa/mastercard duopoly that allows you to make payments so long as your have their card number.
And then again x2; nothing will ever change, we live in a corporate hellscape where men in suits & ties make all the decisions, get themselves wealthier and the general public are too apathetic to band together on anything because they'd rather foot shoot than have someone not from their tribe receive a single cookie crumb.
> a contractual relationship with a foreign (unless you are in the US) third party that decides what you can or cannot do with it.
I see where you're coming from, but companies like Google have local legal representation (e.g. in Ireland for the EU), and have to operate under EU rules if they want to do business here (just like how a EU business has to operate under US rules). If the EU says that you should be allowed to do your own thing - and they have - then Google can either comply or leave.
Don't attribute more power to companies than they have - they want you to believe they can get away with this, but don't echo their rhetoric.
I don't think that the problem is the OS. The problem is access to the hardware. Hardware manufacturers can decide to prevent you from installing an alternative OS on your hardware.
If the law made it mandatory to allow this, it would be a lot easier to go with alternative OSes like GrapheneOS.
> Huawei has HarmonyOS but it's not open
I was thinking at some point that they would go with AOSP and their own Huawei Services on top. Could have been fun. Also I wonder why they don't just support GrapheneOS as an alternative OS.
Alas, no distinction is made between (a) a computer owner that wants to write software to run on their computer versus (b) an "app developer" who wants to write "mobile apps" and distribute them to others for financial gain
The computer owner in (a) is not creating "malware". Any arguments that "verification" is for the protection of users (not commercial benefit of Google) are inapplicable in (a). Unlike the software in (b) the software in (a) only runs on the computer owner's computer, not anyone else's computer. There is no need in the case of (a) for Google to know about what software is running on the computer owner's computer.^1 Surely Google would agree there is no need, i.e., no right, for a computer owner seeking "verification" to know what software is running on Google's computers or the identities of Google employees.
1. None that outweighs the owner's right to privacy. Microsoft, Apple and Google all use _default_ telemetry
> Maybe it's time for a third large phone OS, whether it comes from China getting fed up with the US and Google's shenanigans (Huawei has HarmonyOS but it's not open) or some "GNU/Linux" touch version that has a serious ecosystem. Especially when more and more apps and services are "mobile-first" or "mobile-only" like banking.
This makes me laugh. Not at you, but at the cycle. This was the convo years ago when this was possible, but getting consumers to trust a 3rd party like PalmOS (which was actually pretty darn good compared to android) is practically not possible.
I wouldn't use a bank that made it difficult for me to access my account. I don't know why most people do. I know why a few need to, but not most. There's a lot of unnecessary bedmaking going on in tech.
We're long, long overdue for a 3rd phone OS option. The bank thing has me wondering. Maybe getting a nice, local branch is one of the next sane privacy steps if it lets me escape this phone.
Less and less of AOSP is being updated also, as Google rolls most of its new features and updates behind the Play Services system. Install Graphene and you will see what I am talking about - the SMS app for example hasn't been updated in probably a decade and looks and functions like it did back in Android 4 (KitKat). Same with the other built-in apps. While I used Graphene myself for a solid 6 months, the features you have to give up on using or find some obtuse workaround for aren't appealing to the "normies" who just want their phone to do what they want, no matter the unseen ethical cost (in this case, sacrificing the ability to freely install 3rd party apps).
Someone on another forum said it very well - people like "us" were Google's foot in the door, now along with Apple they have such a stranglehold on the mobile OS space that a 3rd viable and comparable contestant becomes less and less likely by the day.
Throw in how Google starting with Android 16 is not releasing updated drivers with AOSP and Graphene probably doesn't have much life left in it, either.
> or some "GNU/Linux" touch version that has a serious ecosystem
How could this realistically happen? Developers of popular apps adore the control and illegitimate de-facto ownership that client side "trust" gives them, so they'll refuse to make apps for that platform. They'll also use said client side "trust" to block them. Thus, it can't reach critical mass to force adoption by these developers.
I think that the answer are vendor-independent standards.
The main issue being solved here is that security relies heavily on those actors like Google and Apple. Banks, companies etc. have high security requirements (rightly so) and basically need to tick boxes. So if the only way to obtain, say, MFA, is through something only Goole/Apple provides, they will require Google or Apple devices.
If we had reasonable standards alternatives can become a reality.
> banks and other "regulated" sectors use Google Play Protect and similar DRMs to prevent you from connecting from whatever device you want.
This totally sucks but is there anything preventing you from using your bank's website in-browser in your phone, other than the terrible UI, tiny text, and inability to select the correct checkbox?
Tizen already exists...where phone OS' fall down is that ALL of the cellular modems are extremely patent encumbered (althogh Hauwei has a large portion of the 5G ones) and there doesn't exist an open specification let alone open implementation of their interfaces.
Other than depositing checks, I've always thought that phone bank apps are overrated. Banking is too serious for a phone- I'd rather do it on a real computer. I could fairly easily give up banking apps entirely.
Problem is 99.99% of the population probably doesn't care (or even know about the issue). Companies respond to the market. If there is no demand or pressure for something more open, they won't make it.
It doesn't even matter if it's foreign or not, it's a matter of who owns the thing: you buy a smartphone or you buy a service that allows you some use of said smartphone? Fuck services.
There will never be a third large OS unless Google Play Integrity is legislated out of existence. And it looks like governments like Google Play Integrity so that won't happen
I wish Firefox OS had succeeded, my first ever app was for it, it was all so much simpler and so much more free than the locked down systems of both major mobile OSes.
What's even the point of all the bullshit with Google play protect if in the end I can access my bank from a web browser. That stupidity is protecting no one
Not merely a foreign third party: one operating fairly cozily within a country with a hostile and erratic government.
If Trump ordered Google, tomorrow, to put some egregious measure in place in Android (or Chrome, or Google Search), I, personally, would not want to bet that they would refuse him. And frankly, I don't know that I can even imagine the kinds of things he might try to get them to do.
We absolutely need better competition in smartphone OSes—we need it across the board in tech, really, from a wide array of countries.
Computing devices hardware and operating systems should be treated as essential digital infrastructure, with laws in place to ensure that the owner of the device retains full control over it and to prevent manufacturers or developers from over-imposing their control.
Conditioning such rights on the device being "owned outright" will just push the same bad actors to rent you the phones instead of buying them, the same as they did with software licenses. The only way to really fix it is to break up the wealth and power of individuals and corporations based on their total effective power, regardless of the source from which that power is derived.
I see no other way than regulation to force the two to provide drivers and manuals for alternative OS makers.
We should've nipped it with Apple, but there was so much _whatabout_ing that the conversation always go sidetracked with assertions about the free market and what not. It turns out, there is no free market, and we're just living in someone's managed device walled garden.
Very true and this was predictable. That said, I haven't installed any apps for months now since I don't consider Android to be a usable OS anymore. It could be technically, but I have no will to fight Google and manufacturers on their lock down ambitions.
Ironically that degraded phones to be just that. Phones with build-in high quality cameras. For everything else there are better alternatives.
Sure. You will have the right to root, unless on a device with a locked bootloader. /s
Lets just call it what it is and what we all want. "The right to modify". It doesn't give you the right to copy, so it will never break any law protecting intellectual property.
Personally...we all know the Play Store is chock full of malicious garbage, so the verification requirements there don't do jack to protect users. The way I see it, this is nothing but a power grab, a way for Google to kill apps like Revanced for good. They'll just find some bullshit reason to suspend your developer account if you do something they don't like.
Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.
> we will be confirming who the developer is, not reviewing the content of their app or where it came from
This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.
TFA had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.
On the flip side, that's one less platform I care about supporting with my projects. We're down to just Linux and Windows if you're not willing to sell your soul (no, I will not be making a Google account) just for the right to develop for a certain platform.
It's never about security (at least not user's security). It's like you pointed out only about power and locking in customers. They don't care if your phone gets hacked or you bank account drained. They care about the bottom line. Android is fine. Google should have 2 layers if they're worried playstore 1 has only well vetted authors and apps. playstore 2 can be the free for all (mostly) of the current store. These could be two different apps or prominent tags. Choice is good, lock down is bad. Corporate does not like employees or customers to have freedom, that's why it's our duty to fire people like the current US regime who always side with corporations over customers.
> Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.
You've never needed the internet permission to exfiltrate data. Just send an intent to the browser app to load a page owned by the attacker with the data to be exfilled in the query parameters.
> had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.
I don't think we can know for sure before the change is actually in place. Going through Play Protect would certainly be the easiest way of implementing this - it would be a simple change from "Play Protect rejects known malware" to "Play Protect rejects any app that isn't properly notarized". This would narrowly address the issue where the existing malware checks are made ineffective by pushing some new variant of the malicious app with a different package id.
It's a big change for the ecosystem nonetheless because it will require all existing developers to register for verification if they want to publish a "legit" app that won't be rejected by any common Android device - and the phrasing of the official announcements accurately reflects this. But this says nothing much as of yet about whether power users will be allowed to proactively disable these checks (just like they can turn off Play Protect today, even though very few people do so in practice).
> This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.
Requiring company verification helps against some app pretending to be made by a legitimate institution, e.g. your bank.
Requiring public key registration for package name protects against package modification with malware. Typical issue - I want to download an app that's not on available "in my country" - because I'm on a holiday and want to try some local app, but my "play store country" is tied to my credit card and the developer only made it available in his own country thinking it would be useless for foreigners. I usually try to download it from APKMirror. APKMirror tries to do signature verification. But I may not find it on APKMirror but only on some sketchy site. The sketchy site may not do any signature verification so I can't be sure that I downloaded an original unmodified APK instead of the original APK injected with some malware.
Both of these can be done without actually scanning the package contents. They are essentially just equivalents of EV SSL certificates and DANE/TLSA from TLS world.
<< we will be confirming who the developer is, not reviewing the content of their app or where it came from
To be honest, it almost makes me wonder if the issue here is not related to security at all. I am not being sarcastic. What I mean is, maybe the issue revolves around some of the issue MS had with github ( sanctions and KYC checks ).
> Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps
Of that they still refuse to sandbox the play store.
It's easy to see that there's a pattern on what they are copying from GrapheneOS.
The future for security conscious will be something like grapheneOS for phones, but a step further where the device can only securely connect to your home computer and access regular software there. If you must, run segregated, whitelist only networking, virtual machine apps
> But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.
The internet permission has nothing to do with ads? It's a hidden permission because:
1) Internet connection is so ubiquitous as to just be noise if displayed
2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar
"we all know... Play Store... full of malicious garbage" - please point out how that statement is true, given we all know this apparently.
Yes, there are apps out there that try to trick the system and when you use them, instead of looking innocent, it's actually a casino app or something. But Google usually finds those. Are there any apps impersonating a bank? Because that is what regular people care about & think of when someone says "malicious".
They don't care if an app tracks what other apps are installed, what the user taps on, etc. Arguably they should care, but they don't lose money from it.
There's a reason Google is targeting a few specific countries with this first. Malware from APKs downloaded from the internet is more prominent in some countries than in others. The governments themselves are asking for this because educating the public has turned out to be an impossible task for them.
Still an awful solution that will get bypassed easily, of course. But there's more to this than "Google decided to be a bunch of dicks today".
The funny thing is Stallman started his fight like half a century ago and on regular days Hacker News shits on him eating something off of his foot and not being polished and diplomatic, and loves practical aspects of Corporate Open Source and gratis goodies and doesn't particularly care about Free Software.
On this day suddenly folks come out of the woodwork advocating for half baked measures to achieve what Stallman portrayed but they still hardly recognize this was EXACTLY his concern when he started the Free Software movement.
Stallman actively hurts the cause with his behaviour. I'm not only talking about his eccentricities, but also the adversarial and combative language. Yes, Amazon is trying to swindle us, but few people will be convinced of that when you start your argument by calling the kindle an "Amazon swindle" every time, directly implying that anyone who has one is an idiot or even malicious.
Yes, it's unfair that someone can be 100% correct but people won't listen to them because of their appearance or mannerisms. But whining about that unfairness is unproductive. People will never listen to someone who can't stop themselves from eating stuff from their foot in public.
It's possible to believe both that Stallman is over the top and that stuff like this Google action is bad, and even to be right on both. It's even easier to believe that Stallman has had some good ideas but is still a deeply flawed human being, and has also incidentally not been the most effective advocate for his own ideals.
There are people who have been pretty steady in their convictions over decades. Not that we have much illusions about the end game. Stallman has issues, but they're minor compared to the issues that the likes of Google, Apple, Facebook, Amazon and Microsoft have. But they get to hide their nasty little habits behind the corporate veil of respectability.
It's a sad state of affairs when a guy born in 1953 and a 70+ years old is our reference for freedom.
What happened to GenX, Millenials and GenZ ? Why aren't there any more vocal activists doing something? The internet fuked us up. We're full of armchair experts "fighting" the cause laying in our coach.
It is right to highlight the fight for libre software that Stallman championed.
The world would be a much, much worse place without Free Software. We own the obligation to keep the fight up. So many of us profit from it, and so many people depend on it.
This friend of mine dealt with S. - and found a completely irrational part. We tried to steer history for the best, S. let it flow (in that occasion, of course. He just would not listen).
That is severe understatement. Plenty of people and political activists are not polished and not diplomatic ... while still not reaching Stallmans levels. Majority of them, actually.
He can be mostly right but also terrible for his own cause at the same time. Anyone that doesn't see that must not know even the tiniest fraction of the stories, or like him also has a cognitive disability.
No, I hate this change from Google, and everyone involved with it should be ashamed of themselves, but Stallman is an extremest and I don't believe his world would be better than this one.
There's genuine need for application developers to gain access to extremely secure end-to-end attestation of the environment their apps are running in. Its a rare need, but it does exist. There's also genuine need for some consumers to opt-in to a strict security regime.
Google's change forces this draconian, dishonorable regime on all application developers and on all users. Its a change that serves no one except their shareholders.
If this is a thing then the solution they offer is incorrect. A big giant red screen: “warning the identity of this application developer has not been verified and this could be an application stealing your data, etc” would have worked.
What they want is to get rid of apps like YouTube Vanced that are making them lose money (and other Play Store apps)
> What they want is to get rid of apps like YouTube Vanced
I think it is also very telling where they're rolling out first. Brazil, Indonesia, Thailand, and Singapore.
It felt weird that the official press release was quoting entities from these countries, as if it should give confidence to the rest of the world. I can't imagine what these countries would want with apps that can be traced back to a government id...
Vanced and such is more of a First World/Western issue. I don't think you're wrong but I got a strong gut feeling there's other pressures in the works. Just something doesn't smell right...
In addition to the other perspectives already offered here, warning screens such as the one you propose were already shown for sideloaded apps, and these screens worked against Google in their lawsuit with Epic Games. So that's another contributing factor for the policy we're discussing.
It's such a simple and effective solution that could be implemented overnight and 'help to cut down on bad actors who hide their identity to distribute malware, commit financial fraud, or steal users personal data' tomorrow. Mission accomplished, internet saved, and everyone's happy just like a fairy tale out of the early 2000s.
The worst part is the Orwellian opening sentence they start with in their blog post [0]:
> You shouldn’t have to choose between open and secure
2+2=5
Truly the end of an era. I've spent nearly two decades buying Android phones because of a single checkbox in settings that let me have the freedom I consider essential to any computing device that I own.
In a way, it's liberating, I've missed out on a lot from the Apple ecosystem because of that checkbox. Maybe finally I can let go of it now the choice is out of my hands.
The only reason to be surprised by this sentence to associate this corporation for the cool "Don't be evil" Google of 25 years ago.
But in 2025 Google is some kind of IBM, Oracle blob with here a middle age MBA woman trying to gas-light you into an orweilian world she is paving for an awesome remuneration.
Also notice they do not say "open source" once in the post... now it is just "open". It is "open" but not your phone anymore.
Very much my exact feelings. I had the first Android phone ever and even wrote my own APKs and enjoyed the freedom of the mobile platform that let me install my own software. But it's been close to 20 years and maybe it's time to check out the other side, as much as I despise Apple's locked down ecosystem.
This is really bad. I think that most people on HN will agree with that.
The problem is that most normal people (HN is not normal - mostly for the better) don't even understand what sideloading is - let alone actually care.
How can we fix this?
(aside from making people care - apathy enables so many political problems in the current age, but it's such a huge problem that this definitely isn't going to be the impetus to fix it)
This certainly won't solve the problem, but I would at least like to banish the term "side load", which is a kind of Orwellian word that takes something everyone used to do all the time and makes it sound obscure and a bit nefarious. Maybe we, the tech literate, can start calling sideloading a "free install" or something. When asked, we can clarify that the 'free' stands for both freedom, and not paying middlemen 30%.
People install games from Steam or the Epic Store on their computers without Microsoft preventing that or taking a cut all the time (not for lack of trying. I know). But somehow, in the mobile world, we went with total lockdowns and platform extortion as the rule?
I agree that this is a horrible step in the wrong direction but in terms of the solution I have a different take.
I don't think that making "normal" people "care" about sideloading is the answer, because a) it's impossible and b) political change doesn't happen through "normal" people anyway, all political and regulatory change is driven via smaller and motivated groups of people.
The problem is fundamentally that there's a duopoly on mobile OSes that has tons of market power and if they want to dictate a change like "you can no longer install unapproved software," they can just do it.
The solution is to walk away from that duopoly, to suck it up and just stop using their products. We fortunately are able to do this (for now) on desktop and running Linux in 2025 is better than it's ever been, and more people are doing it.
To get Linux or some alternative on phones is a big task, and if you make the switch you're going to lose a lot. But most of what has no desktop equivalent is addictive social media garbage that you should get rid of anyway. The biggest thing I'm concerned about is the state of banking and OTP/2FA.
I think we need to fight for universal electronic access to the financial system as a right without a need for gatekeepers like Apple or Google. In some countries it's already the case that at many businesses you must use your phone to make payments, cash is gone, cards are dying, and you must therefore agree to Apple or Google's rules to use your phone. This is truly how freedom and democracy will die if we allow it. This is way bigger for "normal" people than technical concepts like sideloading. People on the left should inherently understand the importance to liberty of having the right as an individual to buy and sell without some megacorp's permission. For people on the right, well, remember the Bible's "Mark of the beast..."
Secondarily we need to fight for the enforcement of anti-trust laws, which half of HN doesn't seem to even know exist, or feels are in some way unfair, even though they are the cause of these problems. Government needs to reach in and rearrange markets that are dominated by one or two players, it needs to forcefully restructure those companies so that they lose their market power and can no longer force citizens to obey their will. We've done it before, such as ending company towns where you were forced to use the company's scrip at the company's shop to buy living essentials. It's worked, we need to do it again.
Define "normal people".
Due to Chinese phones and sanctions and other geopolitical bullshit a significant part of the world is forced to use alternative app stores already. Yes, these people are very aware of "sideloading". (Due to Google's own previous moronic foot-shooting policy.)
In my case, I've been working on fixing it by doing side work porting apps to offline-first Linux handhelds. With AI it is not hard nor time consuming. You can make personal versions of anything that adds personal value.
The idea that you can hold the beggar bowl out and company mommy will have pity is not realistic. Creating your own ecosystem and cross-fertilising with other liked minded people that is tailored to your approach is far more feasible now than we realise.
> most normal people... don't even understand what sideloading is
Actually, they understand it just fine. The concept is very simple too.
Before this change you could install Android apps without registering your passport/driving license with Google.
After this change you will have to tell Google your real name and home address to install anything on your Android device. This is all. It can take a convoluted form of registering Google account or a more direct form of sending Google your identity documents to confirm "developer privileges". But you will no longer be able to use non-hacked Android devices to install anything without doing those steps.
P.S. I recall that some people still believe that they can create Google account without giving Google your personal details, phone etc. This is simply a self-delusion. If Google does not immediately demand you to cough up a phone numbers under pretense of "suspicious activity", that's because they already know who you are (you probably told them yourself by registering another account elsewhere).
No, "burner SIM cards" aren't real. This is just another form of self-delusion, — this time architected by US security agencies. You don't become anonymous by using those, you become watched.
> This is really bad. I think that most people on HN will agree with that.
I may prove to be wrong but I'm looking forward to seeing how this plays out & genuinely think it could be good, holistically.
There's a number of possibilities:
1. This drives most people to Apple & Android dies. iOS is mostly a better product than Android, with the exception that Android is semi-open. This removes Android's only competitive advantage.
2. This drives most people to Apple which motivates Google to do a U-turn.
3. This drives people to Graphene in such large numbers that it gets financial support, & some banks are pressurised into dropping Play Protect requirements.
I honestly don't know which of these 3 is most or least likely but all move us away from the current stagnant position of Google being the best reasonable option of a set of very bad options. A complete Apple monopoly would obviously be bad in the short term but would at least leave an opening for fresh competitors.
turn people onto sideloaded apps. show them Revanced and NewPipe, show them system-wide ad blockers and bloatware removal and every other thing Google doesn't want plebs to use.
people don't care about "apk side-loading," they care about apps. hook them on forbidden apps, and they'll raise hell when they can't side-load them anymore.
In the EU, you would start a petition to the European Parliament in order to vote on that... Which is a tedious process but has seen some success in some fronts (like the Stop Killing/Destroying Games initiative).
For other countries... Well you get what you vote I guess.
As someone who never comments on HN, I would like to voice my absolute disapproval of this new policy. As these decisions are not made in a vacuum, I have no doubt the recent developments in the political landscape have contributed to this decision (e.g. UK Online "Safety" Act, EU Chat Control, EU Age Verification solution, probably others). Coupled with the recent "mandatory" (read: forced) upgrade of my Pixel 4a, I get the impression Google's attitude towards phones has become equivalent to Apple's: namely, the illusion of choice.
Since there are no viable alternatives, I guess it's time to go back to owning a cheap corporate/government approved phone for official business (i.e. banking), and another one that I actually use.
As an aside, the presentation[0] doesn't really go into the details how they will enforce this (on-device? Remotely? If the latter, can I just remove Play Services from my device to sideload whatever?), but you can apparently submit feedback about the verification process here[1].
I'll just have to disable it and choose a banking app that works on the browser. Tonnes of my apps are sideloaded. Quite a few are on the playstore or the dev might upload their details.
Even aside from the privacy implications (which aren't trivial themselves,)
Doesn't this make it prohibitively difficult to do local builds of open source projects? It's been a long time since I've done this, but my recollection was that the process to do this was essentially you would build someone else's (the project's) package/namespace up through signing, but sign it locally with your own dev keys. A glance at the docs they've shared makes it sound like the package name essentially gets bound to an identity and you then can't sign it with another key. Am a I misremembering and/or has something changed in this process? Am I missing something?
Not just difficult - it becomes impossible. You can no longer develop any android app without Google's approval, just like iOS. The official emulators might not even work.
A repo is just files in a directory, so the namespace can be changed, but the whole thing stinks. Having to setup Android signing keys and needing to provide ID is not fun.
It means you won't easily be able to run builds on Google certified Android devices that aren't from "approved" people.
The article didn't say much about the account approval process, but from the looks of it Google will be able to arbitrarily accept and revoke applications as they see fit. So much for an open platform, bring forth the gatekeeping!
Personally I would be fine with unsigned apps requiring the user to click through a notice before install, or having a setting to toggle to enable unsigned apps. Windows does something similar to this where unsigned binaries get a pop up warning but signed ones are executed immediately.
What they say they want to accomplish could be almost 100% accomplished with self signed certificates. Or public certificates like letsencrypt etc. if you absolutely have to have third party attestation of the key.
The fact they incidentally position themselves as the only gatekeepers rather than accomplishing the same without doing that tells you all you need to know about their intent.
Makes sense why they had to get rid of the "don't be evil" motto. They've been on a roll.
I've seen a lot of similar sentiment on this thread, but the reason I use Android is because it gives me more control than iOS by allowing full-on painless sideloading, and custom distributions like GrapheneOS. They're doing everything they can to turn themselves into a worse Apple. All of the downsides of Apple, but none of the upsides. Apple beats them in every aspect that isn't "openness".
When will the straw break the camel's back? I'm shocked we've let it get to this point with no realistic alternatives. There's no reason a competitive Linux-based smartphone can't exist (no, I'm not counting Android in that).
> There's no reason a competitive Linux-based smartphone can't exist (no, I'm not counting Android in that).
Yes there is. You all don't understand that they will use remote attestation to force everyone to use approved devices with signed apps on signed OSes only
You won't be able to bank, call a cab, write a chat message, watch a youtube video or do anything relevant on a device anymore that isn't signed, approved and controlled by google. They've made us cattle and now they are going to milk us dry.
> There's no reason a competitive Linux-based smartphone can't exist
There is; it's the "phone" part of "smartphone". Being a phone makes the device subject to a lot more requirements (for an obvious example, emergency dialing must always be available and work, and at the same time the phone must never accidentally dial the emergency number).
In my country, only cell phones certified by the government telecommunications agency (Anatel) can be imported, so I can't for instance go to the Jolla or PinePhone store and buy a Linux-based smartphone; if I tried, it would be sent back the moment the package entered the country. (See https://www.gov.br/anatel/pt-br/regulado/certificacao-de-pro... for details.)
> Makes sense why they had to get rid of the "don't be evil" motto.
I hate how this always gets brought up because:
1. Evil has no definition, so it means nothing. They get to define what evil is for themselves. They stated their reasons they think this change is good. You can't prove it breaks their code of conduct.
2. It's straight up false, it's still in their code of conduct:
> And remember... don’t be evil, and if you see something that you think isn’t right – speak up!
If this is enforced via Play Protect, then the whole mechanism can likely be disabled with:
adb shell settings put global package_verifier_user_consent -1
This does not require root access and prevents Android from invoking Play Protect in the first place. (This is what AOSP's own test suite does, along with other test suites in eg. Unreal Engine, etc.)
I personally won't be doing this verification for my open-source apps. I have no interest in any kind of business relationship with anyone just to publish an .apk. If that limits those who can install it to people who disable Play Protect globally, then oh well.
I really hope this ends up being possible! Play Protect seems to jump up every so often and try to scare me into turning it on. Very annoying. I've wanted to disable Play Protect permanently, but never did the query to learn how, so thank you.
The reason I chose the Android ecosystem over the Apple ecosystem, once I found out that the Maemo/Meego ecosystem was a dead end and the Openmoko ecosystem was a non-starter, is that the Android ecosystem allowed me to develop and install my own apps on my own devices whenever I wanted to, without arbitrary limitations like having to periodically plug the phone into my computer to renew some authorization. Additionally, there was even for some devices the possibility of rebuilding the whole operating system with any changes I desired.
If I'm not allowed to develop and install my own apps on my own phone, what advantage does Android have over Apple?
They are cheaper and come full of spyware preinstalled by manufacturer and carrier.
Customer see the price advantage, everyone else see the data harvesting (including Google). Everyone benefits in selling cheap Android phone.
Now you would be pretty stupid to buy 1k€ Android phone like Samsung ones because they still come with preinstalled and privileged Samsung, third party and Google spyware.
For instance, my s23 had 3 preinstalled meta app. 2 systemized app, 1 was Facebook client.
> without arbitrary limitations like having to periodically plug the phone into my computer to renew some authorization
I find it easier to do a git commit once every 89 days and see my app auto refreshed through Testflight for me and anyone else I care to let use it.
If you look at the build system SaaS pricing or even IDE pricing on Show HNs here, the Xcode cloud build and distribution ecosystem is an absolute steal at $9 a month. Private Testflight (with no review) can be more convenient than that desktop cable.
I never really got into "phone" progrmaming, always waiting for the shenanigans to die down. But somehow the shanigans have gotten worse and for a significant chunk of the world population, the phone is the only computation device they have at all.
I never got into it because I was convinced developers would refuse to give up control over distribution when Apple started doing it. I wish I was right, but here we are.
You now need to have an online account to setup and login on a Windows desktop. It's obvious what the trend is and it's not allowing consumers control over their stuff.
i made and released some apps in the early days. Got tired of it and got tired of the reminders from google to add banners, screenshots, submitting icons to support multiple resolutions.. notifications that apps i haven't touched in decade are no longer compatible etc.
so much extra work involved that isn't building the app.
> Google will begin to verify the identities of developers distributing their apps on Android devices, not just those who distribute via the Play Store
This is absolutely unacceptable. That's like you having to submit your personal details to Microsoft in order to just run a program on Windows. Absolutely nuts and it will not go as they think it will.
Microsoft will do this. They just have to go a little more slowly than Google or Apple because there's such a long history and expectation of being able to run any apps. But they're gradually working their way there just like Google and Apple.
Starts with scary warnings for unsigned apps (with a workaround), then they start imposing extra restrictions for unsigned apps, and then they make the SmartScreen workaround more difficult to enable (maybe it needs a registry edit), then they'll remove that workaround in certain markets/editions (maybe the Home version first). Finally they'll remove it everywhere.
How will it go? Where are people going to go? People who draw a hard line on this can’t go to iOS for more freedom. Linux phones aren’t ready for prime time. So what’s left? Going back to a flip phone that doesn’t even have the capability of running apps in the same class?
Isn't it basically the same requirement as Apple enforces for iOS? If you want to build an iOS app which other users can install, you must register (and pay).
It's a step of questionable utility, and I suspect it comes from requirements of (not exactly freedom-loving) governments of Brazil, Malaysia, and Singapore, where the demand for registration will be enforced first. Maybe it will even remain geographically limited.
The article is very light on details. Crucially, it lacks any links to actual Google documents.
To meaningfully challenge it, developers need to agree to withheld supply like a cartel (illegal?) or union.
I think it’s probably close to the union scenario in an industry with a single employer, as there is that one too many relationship (all developers vs Google). Whereas a cartel is a few suppliers conspiring against all consumers.
I’m not sure developers would go to those lengths, and I’m not sure it would work either as the benefit is too high from defecting from such a coalition.
They did it the right way for a very long time and yet people keep buying iPhones, I think I would do the same if I were them, users clearly don't seem to care about openness and freedom to use their devices however they want. I mean, people care about the color of archaic text messages. There is nothing to save.
The nice thing about Windows is that you don't have to. You will need to pay a couple hundred dollars for a certificate and have the first couple hundred people who open your signed executable click through your warnings though.
Yes, you can turn off smartscreen (for now) but opening random executables is getting harder and harder.
Ah, then it would be acceptable if an independent third party who does not share data with Google other than Boolean yes/no was used to do this. I expect that’s their long-term plan anyways, to defuse the predictable backlash and externalize the problem and liabilities altogether, once the initial ID harvesting is done.
Uh, you kind of already do if you don't want to get the scary "unknown publisher" thing, which hides the "yes, I really want to install it" inside the "more info" box. Not even the decency of an "advanced" button.
Installer software signing certificates that will satisfy MS are prohibitively expensive for hobbyists (hundreds per year).
Their comparison to airport security is apt. The US considers airports “constitution free zones”, and apparently they think the same of phones now too.
Cutting through the excuses, this is just another step in converting the US from a democracy to a fascist dictatorship.
Why would it not go as they think it will? The big guy always wins against the little guy. The fact they make this move suggest they know it is a sure bet.
So long as they don't make it very hard to get an ID approval, I don't see why people shouldn't know who developed an app.
Currently the entire ecosystem is riddled with malware, spyware, or adware with shady source information and people have no way to verify the data practices
Thank you, all HNers at Google, for continuing to work there.
And yes, before you ask, I have personally quit a job that paid 3x what I was able to get elsewhere over ethics. And no, I'm not rich, probably bottom 5% in terms of assets among my colleagues, coming from a lower-class background.
Yep, at this point aiding google is simply inexcusable. Taking into account the scale of the harm to humanity, what is being done by these google developers is truly evil. These developers cannot feign ignorance. Not with this level of harm.
I wonder if the individuals implementing this will ever be held accountable for their crimes. I would certainly be in support for it.
What the hell do the antitrust people in the US do? Google should have been chopped to bits a decade ago and Microsoft buying Github is just nonsense. Way too much potential for abuse all around.
We have 2 ecosystems for mobile and the worst case scenario is starting to be clear for Android.
I love GrapheneOS but they can only thrive if Google tolerate them. So in its current form, this is not a medium or long term solution (anymore).
We really cannot afford to think in terms of "Android OS" or open source OS anymore the problem is getting much bigger.
My guess is soon in many "free" countries, ISP will mandate connecting with a "Certified" device (someone was saying that in Brazil only cell phones certified by the teleco government agency can be imported already). And on mobile it is easy to implement since you need a (e)SIM.
The Internet is still hard to control at the protocol level, but the gates are easy to mostly control (your ISP).
In terms of mobile computing I mostly care about being able to access my home network from the places I am 80% of the time (and I can always bridge to the Internet from there).
So the real battle is really at the mesh and multi-hop mobile ad hoc networks. This is the aspect we neglected for 25 years.
Regarding mobile, the battle for Android is lost, time to look into things like B.A.T.M.A.N [0] so we be able to keep another open source mobile platform useful.
For anything "money" related, your bank (which is inevitably regulated) will have to mandate a certified device too.
It will work on (some) Linux too.
Ever wondered why for example the Fedora project [1] is proudly part of things like The Digital Public Goods Alliance [2] who works with many govs and if you really look into it they are all about digital ids and "restoring trust"?
They have the ecosystem by the balls. Phone manufacturers in recent years have been making unlocking & modifying their devices more and more difficult, google and app developers have been cracking down harder on modded devices by implementing TPM equivalents in the hardware to sign and verify that your system is a google-appproved one, and alternatives still are decades behind in terms of app ecosystem.
Oh, yes... Actually I remember: it was a long slow series of accepting small artificial restrictions. I remember people laughing at me at the time. They said it won't matter, they didn't care, that I was paranoid...
> Google notes “supportive initial feedback” from government authorities and other parties:
Ah, then I guess everything is fine. I'm sure they aren't in favour because it gives governments greater control over what apps we're allowed to have on our phones. That would be absurd.
It will be interesting to see how they handle packages from the various f-droid repos. F-droid builds and signs all their apps themselves, so will all of f-droid be covered by a single signing key and developer account? Or will the fact that they take apps from lots of folks bar them from an account?
DO NOT UPLOAD YOUR ID/INFO TO GOOGLE. I put my game on their app store some years ago, and they doxxed me right on the app store. Google posted my name and home address right on the game page. Not great when I was already receiving death threats! Later on, had a rando show up at 3AM one night and had to call the cops out. I moved after that. Google is absolutely not to be trusted to keep this data confidential. If Google demands I do anything with them, I'll just tell my fans to install lineageos or whatever instead -- no way in hell I'm having ANYTHING to do with google ever again. GFY google!
"You may also need to upload official government ID."
This won't end well for Google or the governments involved when the people get so angry that they are forced to roll this back. Switch to an alternative phone OS.
I always wonder, who are the developers doing this? don't they feel bad about going through with these changes or do they fool themselves thinking it's the right thing? is it greed?
many other fields have an explicit or implicit ethics code which we seem to lack. I'm thinking about other fields like medicine, engineering, etc. Probably since the entry level to development is low and anyone can do it, it means there's no way to enforce/teach it?
The usual answer that their livelyhoods depend on it is simplistic, these are the best paid developers in the US, pretty sure they have some sway power. There are doctors in way poorer countries with higher ethics standards.
The core benefit of Android over iOS for me has always been that it's my device, not Google's.
They've been chipping away at this over the years. Safetynet was the first offense, but if they start restricting app installation from sources of my choice (I hate the term "sideloading"), there's not much advantage left.
They saw Apple getting away with notarization under the DMA so they're doing the same.
I must admit the mass demotivation strategy is working really well. Seeing this kind of news every single day, affecting you directly and not even being able to do anything
I cannot resist the urge to point out that we wouldn't have had this problem if people actually sticked to free software instead of "commercial use friendly" open source licensing
This is the same direction that Microsoft is taking Windows. Smart App Control is already rolling out to some regions - no .exe will run without a code signing certificate.
I've grown increasingly hateful towards both my Android and iOS devices over the last decade. The platforms themselves are increasingly user-hostile, and their appstores are crammed full of shitty, privacy-invading, telemetry-hoovering, dopamine-triggering, ad-filled, lipstick-covered apps that are often garbage compared to the pioneering days of mobile. I miss the days of my old Palm Pilot.
Is anyone working on fixing this? We can do so much better.
I think this might backfire in that it might be enough to prompt technical people to seriously start looking for alternatives.
I personally will be extremely unhappy if I no longer can run dns66, newspipe or Firefox with ad blocking on my phone.
I think I might also start spending less time on my phone, which would be a good thing for me and a terrible thing for Google (in aggregate of course).
Google is doing everything in their power to make me move to an iphone... between shit like this, effectively bricking some old models of pixels with un-rollbackable patches that destroy batteries, closing down the android development process, making absurd testing requirements to publish apps, etc.
Google doesn't make better phones, they were just less hostile to the consumer. That seems to be going away :(
- platforms are going to be forced to collect more data about you
- The amount of places without you showing IDs will decrease
- There will be more "moderation". You will not be able to provide nsfw contents, then you will not be able to host controversial topics. I suspect games will be more "kid friendly". No more real doom, gta, or Mortal Kombat for you. I remember how they provided more clothes on women for mortal Kombat
- The rules will always be vague, and used sporadically. Just like YouTube rules, where companies often abuse DMCA just to shut you off, or ban you, if you are not playing nice. Like Schlep.
- Corporations will create pressures on validated users, or ban you for life, but often they will just use "fear" to police people by themselves. Just like people will use "unalive" words, because they know they can get into trouble for saying a different word
- Google will be able to police extensions by banning people
- It is all a boiling frog scenario, where it creeps one law after another until everything is moderated, controlled by corporations
- The safety increases, but freedom decreases
- Free software people will often be mixed in article texts with terrorists, bad actors, predators, pedophiles
- It can happen because people do not understand these mechanisms, and they want "safer" world, in which nobody can get hurt, but it is also a place without you being free
If your businesses idea doesn't work without you being evil, you deserve to go bankrupt. I perceive a tendency to assume it is necessary for a company like Google to maintain full control over our ecosystem to further our progress and maintain order. However, we should know by now that this isn't the case. You don't have to be evil to be useful. See GNOME, GrapheneOS, Steam, KDE, Wikipedia, Linux or Mozilla (previously). Tricking us of their inevitability is their greatest success.
So people from countries US has sanctioned can't even develop and use mobile apps anymore. This will change millions of innocent lives. So unfair and racist. The reason my people are in this mess in the first place is a US coup.
Time for a Steam Phone. Or FirefoxOS reloaded. The general purpose mobile computing market must be sizeable. I cannot believe everybody just puts up with these increasingly draconic restrictions.
> developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer. We believe this is how an open system should work—by preserving choice while enhancing security for everyone
I guess words don't don't have meaning anymore, how can you claim to have an open system in an announcement about closing it down?
It's also telling that the big supporters of this are apparently corporations and governments. Admittedly I don't know what "Developer's Alliance" is but they don't seem to care about developers very much, and I wouldn't surprised if they were just a "pay us to say what you're doing is good for devs" kind of thing
I don't blame Goggle. Apple escaped anti-trust by simply not allowing anyone except themselves to put software on iPhones. Seriously, Apple doesn't allow competitors so it can't be anti-competitive according to the case.
Totally brain damaged ruling, the judge must have been molested by an Android phone at some point, but here we are, and google is now moving closer to an Apple model.
Oh, no! This is the least thing I expected to see as the #1 in Hacker News' front page!
This is a plot twist I never thought it would happen. While the EU [1], Japan [2] , UK [3] and Australia [4] are in the process of forcing Apple to allow sideloading and alternative App Stores, Google, which was far from these obligations, had taken a totally unexpected road to limit/control how sideloading should work.
As a developer of android apps that get distributed outside of the Play store, a Google identity verification system sounds like a nightmare. What if I'm deemed to be politically incorrect? Will Google brand safety exclude me?
These days I don't really want a smartphone at all, but begrudgingly use one for things like mobile banking, receiving SMS tokens, etc.
If someone made a screenless powerbank-shaped Android device, I might be interested. The device would double as a 5g wifi modem, and to access the UI you'd remote in over VNC from a laptop, or unrestricted mobile device like a PinePhone.
I predict Windows will end up going this route before Google backtracks on it.
This is the future; partially fuelled by malware, partially fuelled by the desire for platform control, and partially fuelled by government regulation.
A few years from now: After reviewing the usage of the approved sideloading feature, we discovered no more than 0.01% of users ever sideload an application. For security, sideloading is now disabled on all devices forever.
Ha ha very funny from no-evil-google. The worst most misbehaving apps I've ever had the misfortune of using came from their app store. The best apps I use regularly are from F-Droid, github and ones I baked myself. You take that away and your Android is Nodroid.
Well I guess my next is an apple, but I'm hoping open-source android distros will get more dev resources now. Will happily use a sub-optimal distro over google's.
This of course has nothing to do with security, it's mainly the managements reaction to Youtube alternative apps actually growing in userbase (happy user of one here). And also to ban alternative app stores naturally.
Let us all not forget that YT videos are internet users created not google created, and the only reason why Google thinks this will work for them is their belief there is no competition to YT.
Obviously Google considered and prepared for a huge negative feedback when they have made this decision, so I don't think we can change that.
Having said that I can only see living with two devices going further: one locked down for banking & stuff and another one for freedom.
Unfortunately, I can also envision a locked down internet available only on certified devices in ten years. Absurd? A mere idea of a locked-down Android device looked absurd... yesterday. Just yesterday.
I knew this was coming thanks to the nincompoops bankers and IMDA together with horny uncles who fall for love/job scams here in Singapore. The reason I use android over iOS is that I can load apps for personal automation. I think the current scenario where bank apps refuse to run on phones with sideloaded apps is far more acceptable. Im not sure scammers will not find a way around this. I can still be able pin web apps.
FWIW I'd rather not use my phone for critical transactions its making authorities lazy. The number of times Ive had to fight thanks to "buggy" payment code that deducts money is not funny and banks are getting worse at customer support day by day.
Also what the fuck are the governments doing with tax payer money, instead of going after criminals, we go after citizens.
I don’t have data to support this, but I believe the smartphone is the most widely used device globally on a daily basis. Wouldn’t it make sense to have an Open Hardware Phone and Mobile OS built on an open specification to rival Google’s Android?
What’s stopping us from making this a reality? We have passionate FOSS developers and visionary leaders capable of championing this cause and building a strong community around it.
I had high hopes for Marc Shuttleworth’s Ubuntu Phone. Unfortunately, after the Kickstarter campaign fell through, development stalled. I still believe consumers missed out on a remarkable piece of technology.
That said, I see Ubuntu Touch[1] is still active, though I’m unclear on its current impact or progress. Meanwhile, Smart TVs and smartphones continue to be dominated by Google’s Android OS.
Mobile phone platforms are reverting back to the pre-iOS/Android reality where you have to jump through tons of hoops to even make an app let alone run a viable business with it.
I used to be an android developer and they disable my account because I took too long to reply to their mail. Since then I have been unable to recover it, they never reply to email and process your request to oblivion. Their bureaucracy is even worse than our french administration and that is saying something! At this point google is basically digital sovietism.
> Starting next year, Google will begin to verify the identities of developers distributing their apps on Android devices, not just those who distribute via the Play Store.
Odd little phrase, "distributing their apps on Android devices".
I think "distributing" in this context is in the sense of product distribution, not in the sense of distributed systems.
But "distributing...on" sounds a little odd, like Google is still providing a distribution service. (Contrary to all the precedent of how we've thought of installing software, other than the proprietary, captive-user app stores.)
And so, maybe "distributing...on" makes it sound more like Google is (once again) entitled to gatekeep what you can run on your device/computer.
> However, developers who appreciated the anonymity of alternative distribution methods will no longer have that option. Google says this will help to cut down on bad actors who hide their identity to distribute malware, commit financial fraud, or steal users’ personal data.
Maybe it's not "developers who appreciated the anonymity" (which we immediately try to conflate with bad actors), but that the whole point lately has been to stop the greedy proprietary lock-in app store monopolies, and not have them gatekeeping what everyone else can do.
This is how macOS works, without a signature they will tell you they can't guarantee it doesn't have malware and you need to go to settings and choose to run anyway (and most people don't even know about it).
Microsoft would love to do that too, but it just has too much of legacy software to introduce such a major hurdle.
I rely on an open source app called xDrip to manage my diabetes. It's way way way better than any of the official apps. It's not distributed on the app stores for obvious reasons. Many others rely on this app as well. Are we cooked?
It's starting to look like I may end up with two phones. One with Lineage and most of my apps, hopefully, and another one with Play Protect which hopefully will be just my bank app. Google has become way too powerful and is encroaching step by step on our freedom, it's terrible. Tt's been going on for a long time. It's the IT equivalant of authoritarianism!!
A program is free software if the program's users have the four essential freedoms: [1]
The freedom to run the program as you wish, for any purpose (freedom 0).
The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
The freedom to redistribute copies so you can help others (freedom 2).
The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.
So where do we complain? (Aside from shaming Google on social media or writing to politicians.)
If I look through Google's contact links, it's all oriented around getting help with a problem rather than letting them know I'm going to move to something else if they go through with this. (And yes, even if Apple has the same types of restrictions on app store, if a more open alternative OS didn't work out for me, I'd move to them to punish the one dropping freedom of use.)
> The requirement will go into effect in September 2026 for users in Brazil, Indonesia, Singapore, and Thailand. Google notes how these countries have been “specifically impacted by these forms of fraudulent app scams.” Verification will then apply globally from 2027 onwards.
At least most of the world has until 2027 to install LineageOS or GrapheneOS.
Yeah... They just want to ban NewPipe. It's sad to see Android getting locked down, also with the source closing of the development branches, etc. I can as well buy Apple then, it doesn't matter anymore.
The only silver lining I see is if it allows you to bypass this by enabling dev mode on your phone. If you can't sideload unverified apps even in dev mode, that would be insanely bad.
IF that is the case, I'm actually willing to be slightly inclined to see this as a positive? We should normalize installing apps outside of Google Play, but that means malware becomes a serious issue with people downloading and installing random APKs.
e.g., this may normalize people hosting downloadable APKs whilst also reducing malware risk for "normies", which idealistically could weaken the "monopoly" of Google Play on android.
This has the potential to be disastrous for Google, but maybe not.
Personally: I don't use Apple because I like being able to whip together little apps to side-load without having to check in with a walled-garden mothership. If Google is going to move closer to Apple in that regard... Apple's UX ecosystem is better, so I have far fewer reason to keep using Android.
So what's the solution? What's the reaction of semiofficial Android forks? Should we switch to Huawei now? Should we then have two phones? One with Android fork and one with some other "official" OS?
This was probably the reason Nokia died. Symbian development, already cumbersome and app deployment required some such procedure. I remember there was an joint effort in a china based forum and many of us got a cert and a key for our phones. I was reading Nokia obituaries from its executives and the sorry state of Symbian development and app deployment was not considered as a cause. So here it, is young executives repeating a simplistic and destructive strategy. ibm, xerox, nokia and intel will be very proud.
Everybody DEMANDS Google "do something" about malware, scam and fake apps. So it does.
For an average Joe and Jane, who gets their money stolen, that's a good move. They don't care about technology, they just want their bank, instagram, cat pictures and video calls to work and not get scammed. They are often lured into installing scamware through exactly sideloading APK, completely unaware of the risks.
In the article there's this comment:
> I'm struggling to see the benefit of this new policy. While it's presented as a security measure, the requirement to fill out these forms seems like a trivial barrier for actual malware creators, who will easily abuse the system.
Every scammer will have a different code signing certificate which you can then block if they spread malware. Right now it's a huge mass of scammers and malware authors indistinguishable from each other. And Google could possibly block them all which would also block legitimate applications (now that would spark outrage). Thanks to the new policy it'll be easy to add a single cert to the blocklist.
If you want absolute freedom on your device, just install a different Android - for example Graphene, Lineage, /e/OS, or Calix. They are all Android too.
It's so fashionable these days to go after Google.
This is crazy, this means 10 years from now only terrorists will distribute software. Unacceptable! How many platforms now allow one to build and distribute a binary?
Will it be possible to bypass this limitation for users with rooted devices? If that were the case then I guess that would add more weight to companies who provide firmware and OEM unlocking for android devices: https://github.com/melontini/bootloader-unlock-wall-of-shame
The attempts to roll out digital ID are similar to the perennial efforts to backdoor encryption. When one push fails, the proponents regroup and formulate a new approach. The recent successes with "age verification" have encouraged digital ID proponents. Expect further encroachments, scaremongering and trial balloons.
Natural incentives exist for tech majors to capture this space.
There's an Android app called GPSLogger.[1] It does exactly what it says on the tin. Runners use it to track their own progress. Photographers use it to geotag their own photos.
The thing is, GPS access as a permission is a bit scary. You could imagine some dubious uses for it. Moreover, you could imagine some such dubious uses creating a public relations nightmare for Google. So, Google just forces them out of the Play Store. (Technically, it's a routine renewal, but the GPS permission causes them extra scrutiny, to the point where the author burned out and gave up.[2])
Do we expect that this author should, or for that matter will, give their identity to Google after this? Or is GPSLogger just dead after this change lands?
Sep.2026: "The requirement goes into effect in Brazil, Indonesia, Singapore, and Thailand. At this point, any app installed on a certified device in these regions must be registered by a verified developer."
Any hint why those countries first?
Is it a local law there driving this whole move? Is a critical mass of malware originating from there?
I think time quickly approaches when everyone will have one mobile phone for "banking/crypto" and the other for everything else.
Samsung used to have a very cool feature on their phones (perhaps they still do, I switched away from the galaxy line). It was called Knox and was basically containers for your apps.
Unfortunately it was limited to only one secure container. What I did was I had all my secure apps outside the container. And insecure inside. I had a fake address book that had only one phone number in "My Knox" and any app I installed there I could give all the file and address book permissions it wanted. As I knew it could only see what is inside.
That is what we need, but better. I never tried Graphene, but I wouldn't be surprised if there was such a feature thre already. It's kind of obvious.
Time to move to a dumb phone, I guess. Android is slowly becoming worst of both worlds, none of the privacy features of iOS yet walls of the garden keeps getting higher.
Well that sucks. So basically all the money weve had taken from us for our play store apps is now "just" going to be spent on administering the registration details of 800 million chinese developers and 6 billion bot accounts.
The device maker controlling an app store made no sense always.
Its like saying the browser maker controls what websites you can visit.
We have so many efforts at keeping the web open, shouldn't we apply that to all platforms?
> Since we implemented verification requirements on Google Play in 2023, we have seen firsthand how helpful developer identification is in stopping bad actors from exploiting anonymity to distribute malware, commit financial fraud, and steal sensitive data.
This is truly some orwellian newspeak bull-shit.
For those who don't know, Google Play verification ensures critical apps like banking apps DO NOT WORK in privacy-focused ungoogled ROMs like LineageOS, unless you install the usual google spyware at the OS level. Basically soft-requiring you to buy into the duopoly.
Hmm this is weird. I've recently been considering switch back to Android because of how locked down ios is and it sounds like Google's now gonna do the same thing? Will there be a way to deactivate this?
Everytime i read a news like this i loose more hope for our world to not end up a Cyberpunk Dystopia. Like what am i supposed to do. I am just one man. One vote, one guy who isnt even to good at coding.
This is just an extension of the increasing censorship and government / BigTech control that we have been witnessing in the past few years, with Google seeking the ability to prevent installation of any apps that is on a blocklist controlled by the government. And, like with the iDevices, this will also kill many free independent and open source apps once developers are forced to pay for "developer verification". "Free" apps are an anathema to the App Store business model.
Why even run Android at that point anymore? iOS devices get security updates for longer and have much less data collection than stock Android.
GrapheneOS won't survive the next generation of devices because bootloader unlocking will also go away (https://news.ycombinator.com/item?id=44765939), and without kernel security updates that OS can't continue.
Now there's also no more sideloading, so what purpose does Android even serve anymore?
If you think about it, the only thing that keeps this OS vendor in this duopolistic position is the fact that people rely on a certain proprietary apps. We need ways to do things like messaging and banking in a universal way, just like we can do with email, calls, texts and web. Banking and messaging should be fully universal so we don't rely on specific apps only available on specific app stores. That would take all power away from this satanic US companies!!!
Here's my prediction: Sideloading will become slightly more popular. Google will not disable sideloading or make it significantly more difficult. Alternative APK stores will flourish. Banks and streaming sites will try to block people from connecting from devices with sideloading enabled, but they are slow and people will find workarounds faster. ISPs will not block devices with sideloading enabled. Governments will not ban sideloading.
So "certified" Android devices are phasing out side loading, making Google Play the only way to install an app. This is the norm on iOS, right? And in many jurisdictions, from Russia to Denmark, there is an actively hostile, and rapid, legislative push to prevent or criminalize using E2E messaging apps like Signal.
How long is it until we see countries pushing to just delist Telegram, Signal, etc from the app stores?
Android is dead. With fascism now in power in the US I was going to save myself by degoogling my life anyway. This is the nail in Android's coffin for me.
A fellow developer started a petition to stop Google from limiting app installation on Android devices unless developers provide personal identity documents.
Even though Google has not revoked similar controversial policies in the past, we do our best as much as we can. This change particularly threatens the freedom to build, share, and use software without giving away sensitive personal information. It affects independent developers, FOSS contributors, and even regular users who want to install apps outside of Google Play.
"Just imagine giving sensitive personal, government-issued ID to a corporation to install an app outside Google Play"
Let’s stand together to protect our freedom to create and use software without handing over personal information to a corporation. Every signature, share, and voice counts here
The are apk's floating around from the Ice Cream Sundae days where the developer went out of business and is no longer on Play Store and this is literally the only way to run the app.
I have a Concept2 rower with the old PM3 monitor which is no longer supported by their ErgData app and the only way to connect my phone to my rower is by sideloading the ancient version of the app that supports it. So that's going to break now?
Software developer used to be one of the most 'free' professions. But now you need a stamp of approval from some corporation to get through the day, even if you are nominally independent. And woe to you if they should ever revoke your license to feed yourself. Because 'verified developer' is just another way to say 'not a threat to Google or Google's corporate image'.
Well, there are two options now: Linux phones and forking/deGoogling Android. I still believe the second is far more viable. There never was much reason to do all the work twice when there's sufficiently well licensed source around, and much of the app/phone compatibility is built-in. Maybe it's time I give a chance to /e/ OS or something of the like...
One can only hope a company like Framework, Nothing, or Fairphone actually can produce and maintain some flagship devices running GrapheneOS or similar. The only reason I have been using Android is because of the freedom I have in my apps, customization, alternative app stores,... I hope the EU fights this with all their might. It also seems like a major geopolitical risk too.
I'm getting ready to give up on smartphones altogether. I used to think that surely a sufficiently open phone would come along, and that you could then just run a sandboxed Android emulator on that for whenever you needed some proprietary apps where society has stupidly decided you need them. But that also seems to be getting progressively harder.
So maybe I just give up on actually using a phone for much. Has anyone tried living with cheap Android or iPhone as a source of connectivity and making phone calls, perhaps with the odd app you just can't get through daily life without (see above), and then move everything where privacy and control actually matter the most to a small "pocket computer" that connects to the internet through a connection shared by the cheap phone? Are there any sufficiently compact and nice such devices? Surely they're easier to produce when you don't require a phone baseband and all the things that are needed for Google to certify it as an Android phone?
Considering that Android 5 devices are still alive and well, it will take another 10 years for google to catch up. Hoping in that time Linux based true open source mobile operating systems will make some headway. Another alternative might be PWAs (progressive web apps), that one can "install" on your homescreen, but they could be axed next.
Dick move. Go back to "do no evil" big G. Remember how you used to be the kool kid on the block? Now you've just become the grown up you showed contempt for in your prime time.
I doubt I'll move away from Android too soon, but that definitely makes me reconsider whether any Google services have a right to CPU time on my device.
Sorry, folks, the good times are over. The future of computing is a signed, attested chain of trust from boot firmware through application code, on all platforms people are likely to use -- and remote attestation with user identification if you wish to connect to the network. End users love it because it prevents or reduces all sorts of malicious activity, from bank fraud down to online game cheating, with little to no effort on their part; platform vendors love it because it provides a moat; service providers (banks and such) love it for the assurance that their clients are uncompromised; and governments love it because it lets them surveil users and developers.
The only ones who hate it are devs. And who really cares about a bunch of nerds?
Remember, general purpose computing really boils down in security terms to "arbitrary code execution" -- a bad thing in the infosec field.
This is a result of the current tech being filled with dark design patterns. Tech is designed to be addictive, indispensable, indisputable, mandatory. And at the same time complex, hard, difficult, risky.
We are so used to tech as it is that it is simple to force these bad decisions for the greater good. Because everyone is sure there is no alternative. There’s no other way to design tech, it will always be so complex and powerful that gov and corps can onesidedly decide what is best for the rest of the world.
This might be an area where local AI excels, when ready. No apps. No sharing of personal data. One AI capable of doing what most software does, on the fly, without relying on others to decide what is ok. Remains to be solved who can create and distribute this local AI and whether hardware will be allowed to run “untrusted” AI…
I feel as an Android user, you've always had to put up with a more incoherent overall experience compared to iOS but received some additional freedom in return.
In recent years, Google has been steadily eroding their end of the bargain.
I wonder where that will leave them in the long term. Short term, I think restricting side loading will reduce piracy and drive sales of their subscriptions.
Long term though, I wonder what will set Android devices apart from iOS for the average user, apart from being offered at different price points.
It feels they're playing themselves into a position where they're more directly competing with Apple, ultimately restricting themselves to lower price devices and lower margin sales. As far as walled gardens go, I personally prefer Apple's and I assume most people do.
This is why OS is so important for LLMs and the AI ecosystem in general.
Its also why we should not trust large AI corporations that appoint themselves as stewards of "AI safety". If a company that once had the slogan "don't be evil" can do this, so can all the frontier labs
This will also open the door for targeting you specifically with spyware if software can only be installed from the Play store.
If you are logged in with a Google account that the government doesn't approve of or not signed into an account at all, you may receive a modified app that spies on you.
One of the reasons I switched to Android was the freedom to make apks for my phone and not dealing with certificates, expiry dates, Google's approval, etc.
This is a depressing change if they follow through with this.
And "in the name of security" doesn't pass the smell test if there is no way to opt out.
It is telling that they have not yet released the process for hobbyists and students. While it is clearly just an evil move, in praxis for tech people this could mean just the extra hurdle of signing an APK with your own developer account: I could see a workflow on top of Fdroid (which also just could become a developer and use their keys for all FOSS apps). But I am guessing those evil geniuses will find a way to make it harder and harder. In the end it is not Google that can make the change but rather banks and streaming services that could accept alternative attestations from e.g. graphene, e/OS or eventually also lineage. Problem is the distribution of power, that won't change with out legislators pushing (see in app payment)
Not 75%, not 80% and not 90% but literal 100% of adds YouTube served me for a week were financial scams. It sounds to me the quickest way to fight it, is to make ad publishers finally take responsibility for taking part in crime.
Disgusting, horrifying, but utterly predictable. A dark day indeed, once no major mobile platform allows running whatever code you wish. Sideloading isn't really sideloading if the app has to be signed by the gatekeeper.
Isn't this a death knell for F-Droid, at least for running on most hardware? Since they require their own builds/attestation?
The Overton Window for computing keeps inching towards gatekeepers having total control over devices. I can't help but imagine myself lurching along on the last somewhat open hardware I can cobble together in a couple of decades, because I refuse to drink the verification can to continue...
"A recent analysis by the company found that there are “over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.”
Ok, but what's the real damage? In other words, how many installs and how much money siphoned from users and legit apps?
If this goes through, would it be possible to see a consumer class-action lawsuit? I imagine there is a class of people for whom the sideloading of apps is necessary and removing it renders their phone almost useless. I'd also guess that this market is much larger than Google imagines.
Personally, if I'm not allowed to run the software that I want on my phone, it almost makes more sense for me to get some old flip phone or one of those chinese blackberry knockoffs c.a. 2012. Not out of any principled stance, mind you, it's just that's the level of functionality you'd be reducing me to. Why should I pay $500 when I can find something that gives me the same features on a literal junk pile?
The further into this corporatized "vision" of technology we go, the more I relate the elves in LoTR who basically said "our time is over" and then just leave Middle Earth.
There is no turning back. Generations of developers will grow up thinking every form of communication and technology by virtue of existing needs a corporate groundskeeper. Government identification will be required for most things.
I don't really blame the companies, though. Unfortunately, it actually is the best means to keep a society of the masses functioning more safely online. What makes it all the more sour is that the very idea that things could be different is eroding away, too.
Apple and Google are now competing on being more closed, rather than on being more open. Perhaps because we gave Apple a free pass on curbing our freedoms, and even defended its actions as needed for 'security'
Google (and Apple) want to turn the idea of a phone and computer into that of a gaming console. You use the device according to how they design it, apps are rented, the whole ecosystem is around controlling the experience and maximizing revenue from sites and services. Microsoft seems to be moving in this direction as well (but cannot quite execute for a variety of reasons.. legacy support being one)
Linux really is the only way to have an experience where the computer is your device to do what you want to do with it.
I saw this coming a mile away. Everyone said you could install whatever you wanted on Android, but you were always jumping through some crazy hoops to do so. (compared to a general propose computer)
These companies need to be destroyed by antitrust violations. I am so tired of these tech companies abusing their market position. I want the FTC to stop being toothless and useless and just absolutely crush these companies. The amount of disdain I have for these companies can't even be properly expressed.
We have to find a way to punish Google if they move forward with this. We need the Gemini folks to be worried that this distraction will jeopardize their competitiveness in AI.
Android is getting more closed and iOS more open, I expect more people dissatisfied from both camps. We’ll have less choice overall as they gravitate towards a common middle ground.
Most Android apps are crapware anyways. The only respectful apps that I know are open-source, and are being kicked out the of play store progressively.
I have a horror thought: "We cannot validate your identity as you are of the wrong nationality; therefore, you are not allowed to publish any Android apps."
>Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices.
It's annoying combined with them making that much harder to be a verified developer. I had an android dev account for years and published an app when it was $20 for life but now there's a bunch of hassle involved. If they had the old $20 and upload your passport to prove id it wouldn't be so bad.
The D-U-N-S requirement is the real killer here. It's a business identifier that costs money and requires a registered business entity. Even with the promised 'student/hobbyist' path, this fundamentally changes Android from a platform where anyone can distribute software to one where Google decides who's allowed to code. They're further normalizing the idea that installing software requires permission.
I don't think EU will be OK with that. Not because they care so much about user privacy, because they don't, but because they won't let citizens get tied into US-controlled devices for most critical stuff, like banking, healthcare, eGovernment, etc.
And I do get that Apple does that already, but once Google goes same way, they EU will be forced to acknowledge the status quo.
Now and then I remember this Hyperion book by Dan Simmons where everyone had a cross-like gadget glued to their chests, controlled by a TechnoCore - a civilization of AIs, which enabled people to cast themselves through space portals. As the story unfolds, this cross-like (very nice choice) gadget is revealed to essentially enslaving them.
The story unfolds in 28th century, but it all seems have started in the 21st one.
The desire for people to keep using their currently working devices just got much bigger, and yet another good reason to root.
The infamous Franklin quote always comes to mind when I see things like this happening. Choose freedom over security while you still can, or you'll soon not even have the freedom to choose.
It's also worth reading Stallman's "Right to Read" again, to see how scarily prescient he was.
I use linux on nearly all my PCs / servers. I do think about moving my phone to more open platform (fairphone, or rooting phone), but I don't like phones in principle, so I do not install stuff there. I do not do things on phone.
I have my apps as web pages, so I access them from phone web browser. I do not care about phone apps that much.
I use fdroid for calendar, gallery, and music though.
How does this impact security researchers? Or just student developers or tinkerers? This all seem like bad idea.
I would imagine security researcher could be registered developer but I could also see autobans if that is a thing to their accounts making life complicated.
Also some folks just being locked out of the due to government censorship etc..
While I like to jump on the Google bash train as much as anyone, this is to comply with EU laws.
Apple implemented a similar change for the EU App Store earlier this year to comply with the Digital Services Act (DSA), a regulation that now requires app developers to provide their “trader status” to submit new apps or app updates for distribution.
This truly sucks, since in this day and age we need unmodified phones for banking apps (and I think for oncall my company requires Android/iOS as well). I guess this will be the final push for me to change to iOS, since I already have a bunch of Apple stuff otherwise, and I was holding out on the phone side for this exact feature.
This reminds me of Microsoft's Project Palladium, 20 years ago.
This was the ancestor of TPMs and trusted computing in general embedded in the CPU.
It used to be a huge scandal because people (rightly) feared that it would enable Microsoft to have a say on what can be executed or not, or only allow DRM protected content to play.
> This requirement applies to “certified Android devices” that have Play Protect and are preloaded with Google apps.
I would be fine, if it was mandatory for Android manufacturers to allow installing alternative OSes. Normies could benefit from the added security on their certified Android device, and advanced users could install GrapheneOS.
My favourite part of this thread is that the Google pr team know it's bad and aren't even attempting the usual spin in the comments. I guess they're waiting for it to blow over and just work on the "it's here and it's happening" stage
It would be really nice if all you people with deep insight into this issue would inform politicians of the unacceptable nature of things like this.
-
Submitted FTC and FCC complaints. Likely does no good but going silently into the night isn't going to to fix anything either.
I've been saying in threads on iOS vs Android for years how we're lucky the only other phone OS out there allows sideloading, and the nightmare we'd be living in if it didn't.
Guess we've arrived, I wish people voted with their wallets more, iOS could have added this a decade ago.
If I have to be in handcuffs, I would rather them be high-quality hardware like Apple. So far, the only two things that have held me away from the Apple ecosystem are Linux and Android and the flexibility they offer. Seems like we are just left with Linux now. A very sad day.
For example Telegram they have two app versions one in playstore where google can dictate what channels are allowed and one on their website where google can't force them to take down channels, so now Google will need to approve Telegram second app to be installed on Android?
Potentially stupid question, how will android developers load their apps onto their devices to debug? Will they just have to be verified beforehand? Or is there still a path to installing APKs through ADB and/or Android Studio?
Play Integrity and device attestation need their own torrent-tracker moment, just like DRM did.
GrapheneOS says they won't touch it because it's a cat-and-mouse game. I think that's the wrong call. DRM was the same, yet torrent trackers are still here.
This would affect a lot apps that are not on the Play Store for multiple reasons... and if I'm going to be stuck with what Google thinks I should be allowed to use, then why not use iOS instead? At least software updates would be better and the overall experience more polished.
I have been preparing myself psychologically for this for a long time. I will have to carry a shitty Google phone for anything that requires access to apps, and a proper Linux phone for my own use like browsing and reading/watching videos/listening to music.
This is why I started investing in alternative Linux based solution providers in the smartphone market years ago. It was not if but when Google would take this path.
The only way I want to engage with Google is when it cost them money. I will not give them a penny directly.
The page about developer verification (announcement link 2 in the root post) says that there will be a separate type of account for "student and hobbyist developers". Why? What prevents students and hobbyists from using the regular type of account?
What does it mean to app developers like me? if I want to create an app, in however shape and form and want to run the apk from the adb files... I can't do that? What? Then how do I tinker and learn? My app, I would like it to run regardless!
Wouldn't developers be the most powerful protesters?
Stop making or maintaining Android apps. Make apps warn users about upcoming changes and why they'll lose access to the apps they love. Decrease Google's ecosystem appeal.
Money is king.
It seems that it was only about time… it just feels like the pace of enshittification with big tech being able to get away with anything is crazy!
I’m hoping that projects like Precursor can take off because we’ve buried ourselves in such mountain of complexity that seems like only a billion/trillion dollar big tech company can make an OS.
But then again, some body called BS on browsers and we might have a good option soon in Ladybug!
When I switched from Android to iOS, this was one of the things I missed a lot: the ability to write my own app and side load it on my phone. Even more so with the advent of LLM. Oh well, now I don't have to worry about that.
This combined with the 'age verification' coming to all Google properties means it is a very small step from that new world to full Google verification of everything you visit and everything on your device, at any time, for any reason with the penalty being incontestable ban from your device, apps and data.
Get ready for facebook style 'we are interrupting you for a video selfie because we have detected you are a threat' across all google properties (Android, Chrome, Gmail, Maps...).
> Google wants to combat “convincing fake apps” and make it harder for repeat “malicious actors to quickly distribute another harmful app after we take the first one down
I wonder if this was hastened by groups like DJI, who are too popular to be bound by a silly app store and chose instead to give their users sketchy side-loading instructions for their apps.
Fuck google for this. Awful decision. Guaranteed to be abused when Google or government despots decide that certain apps (or developers) aren't aligned with their interests.
Feeling very frustrated with the way the internet is going lately. This plus OSA + chat control. And compounded by the imperative for AI companies to keep hoovering up any and all data they can get their hands on, wiring it into "agentic" workflows and such.
Some cross platform iOS/Android apps I use have been retired or discontinued because of this ruling. Devs don't want to open themselves up to legal, bullying, harassment, etc.
I think the push for verified developers is a double-edged sword. I got into this space, precisely because of how easy it was for me with my pentium computer a decade ago.
This isn't a big deal to me because I hate smartphones and do everything on PC anyways. The real problem for me is Microsoft, I guess we're stuck with Linux now
I think it would be ok if it was not for the fact that Google will most likely abuse it for other purposes like locking out indie developers even more.
While my confidence is usually pretty low with random repos, I am fairly sure there are more malware on the playstore than there are as .apk on github.
Okay so that removes the last reason to use Android.
This is just another 'it's only about money' move from Google. Only Google approved apps means monetised apps. Monetised means Google gets it's cut. Google gets richer. More in-app purchases, more ads, more money for Google
On the side, I'm even more sad because I feel like the open web can't be the alternative answer to locked down systems. It was the promise and the dream of the many of us years ago, but I'm disillusioned by now. And not only because Chrome and Webkit(on mobile) are a monopoly, but the web keeps failing its users with bad ux and less capapabilities than native. Even the most well crafted web app feels slow and clunky. Unpopular opinion: who makes web standards failed us and browsers independently implementing non-standard anti-user feature(e.g. manifest v3). I really dream of a stripped down browser that just expose some os native apis for making accessible human interfaces, we had flash and we hated it imo we need flash again
I’m sick of half-measures around getting off iOS and Android. If you’re an open-source app developer building for Android, please reconsider and put some of that energy into Sailfish.
You have the power to help turn a passionate subset of people away from Android, and now is the best time to do it. Instead of scattering effort into a dozen fragmented experiments, let’s rally around the best bet we have right now: SailfishOS. I'm not at all affiliated with Sailfish, just someone pissed off and am trying to point folks at the most mature alternative out there. I know it has its problems. I know there's even better alternatives that even less people use but seriously, rather than fragment the frustration around android right now, please, just try to rally around a serious legit alternative. We might actually make meaningful change here but it needs focus.
Blame Apple for this garbage. They have paved the way by trying to circumvent the DMA.
Hopefully the EU slaps everyone with massive fines for these obvious anticompetitive plays. Best case scenario would be an outride ban giving local companies space but I doubt this will happen given how spineless the current commission is.
Clearly for American companies to be tightening the noose like that quoting the approval of authoritarian countries, it means they’re starting to feel the fire. It’s hard to not see the obvious link with them losing against Epic here behind the usual security smoke screen.
Both Apple and Google should have been broken to pieces for their egregious anti competitive behaviour a long time ago anyway.
aside from the obvious power grab, the official announcement mentions that there were discussions about this move somewhere and they claim to receive positive feedback, can anyone point me to these discussions? I can't seem to find them anywhere
has anyone had to help any elderly relative with the million scams they've downloaded from google's app store? google does not give a shit about helping regular people avoid scams, it's all just bullshit.
not even to mention the h1b indian kickback stuff that's about to hit them. couldn't happen to a nicer company.
I don't understand, when the EU announced that Apples "actually we need to sign all of these and pay us" requirement is illegal, Google was like "hold my beer"?
Anyone even remotely privacy or security conscious needs to vote with their wallet in protest and stop buying Android phones, otherwise it's only a matter of time 'til Google bans side-loading and it becomes impossible to buy a phone that can run any kind of anonymous or end-to-end encrypted communication software.
Guys, it's been over for a while now. And I mean decades... This is just one of the next steps in the path that's been laid out in front of us since the general population reached critical mass on the Internet and the ruling class (politicians, the media, corporations...) went all in on exploiting them for money and power. If we don't radically change the underpinnings of how the entire system works, we're in for much worse than this.
This deplorable company has just condemned humanity's right to open computing. They sold themselves as open, smothered out all other open competitors, and then once they had complete dominance over the open phone market did this.
Even if Google backtracks now. Governments will latch on to this idea just like they have with client side content scanning. This will never go away. Thank you google you despicable pieces of shit.
If it's something simple like $100, that's not a big deal. That's on the order of what I'm looking at for my code signing certificates. It would be a an eminently reasonable business expense.
I hate to break the news to Google, but this will likely be ruled illegal. The relevant German news of the court ruling that makes requiring a Google Account to use Google Services illegal:
Could someone explain why the personal privacy of software developers is more important than the cybersecurity of consumers and nations please and thank you
Another instalment of HN thread where people try their best to pretend that "security" does not come with "enforced, ideally at hardware level, inability to run random code" for 99% of phone users.
Here a tip: you won't solve the problem of security by just whining about corporate interests (which is a real concern) and NOT proposing a better solution that works for an average tech illiterate, very socially engineerable person trained to ignore every warning screen. And no root switch is not that solution because it will be flipped on day 1.
To everyone working at Big Tech: you should be ashamed of helping those oligarchs make their plans reality by working for them. Thanks to you, privacy, free computing and democracy will disappear.
This is another "beginning of the end." All eyes are on this situation and how much push back it gets. If there is little resistance, others will certainly follow suit.
Feels like Google is either following Apple's playbook from iPhone OS 1, or they're working together so they can argue this is standard practice in the industry... or something. Either way, no more Android gloating that they can install any app from anywhere any time without centralized approval. Not great. I'm an Apple fan, BUT I like having a fully open backup plan.
"Google to prevent users from installing programs on Android phones."
This might do more good than harm, since I'm willing to believe that scams involving APKs are prevalent, but come on. I need your permission to install software on my phone? Are you sure it isn't just that you want more control over everyone's phones?
This will be just another boost for de-googled phones, alternative platforms and potentially Mobile Linux.
The only reason why google phones became so popular was the fact that they were much less restrictive than iPhones. Thus the platform became the biggest phone platform in the world.
Now they are asking for a new start to arise and take their place.
It occurs to me this may have occurred in some way at the behest of the Trump administration, as a way in which to move towards controlling the apps installed on phones.
Extremely retarded. "Think of the children" all over again in the guise of "Think of the misinformation" when this is all just some kind of easy way to get rid of apps like newpipe.
Google is really turning into a dystopian company, destroying any goodwill their virtuous employees created in the past. It feels like they are primed to be the main turnkey tyranny facilitators.
> Google is explicit today about how “developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer.”
« Développer will have freedom » yet they are entitled to Google’s verification.
It’s just another stone in the grave of Android and even though I shipped off this sinking ship 6 years ago to iOS, this is still concerning because ultimately apple’s IOS is in competition solely with Android.
If Android gets so bad it has all the disadvantage of iOS, some more, for instance with the embedded spyware that manufacturer are paid to include, and none of the good side of iOS, then everyone lose. Apple doesn’t have to compete anymore, they just have to not suck.
This phase from the last couple of years just had to come - and while it's painful to be exposed to it - it seems highly illogical for us to complain and cry about it.
- "Free" search - yay, let's all use it for everything and even make a verb out of it
- Email - such nice guys, Google - free email forever, what could go wrong if I have my 95% of all my info there
- Maps - yeah, let's all depend on these free Google maps with our lives
- Chrome - ofc, heck yes, let's all use their browser, it's the best and free - no need for anything else
- Google account login for EVERYTHING - so convenient! Google Authenticator app, Google Wallet - yes, more!
- Free mobile operating system - nice, take that, Apple!
Google has taken over a large portion of our lives, step by step - good enough services, on global scale, for free, until they became essential.
They are not evil, like they were never good - they are a company, and in the current socio-economic structure, that means having a duty to use their position to enrich their shareholders - and absolutely have no interest in people's wellbeing or morality or opinions or reputation - unless it temporarily serves to do so more / better.
I'm in no way trying to defend them. Just, with all the futility of it, pointing out how hyper-capitalism we've built/allowed to grow, has reached the stage where it's practically impossible for the "free market" to react / provide solutions that people want. Now the big players decide what people get.
In this case, you can no longer have a high quality phone of a good manufacturer and install on it what you want. Small manufacturer catering to that demographic won't get government certification, you can't have your e.g. Samsung and install a ROM anymore, and you can't install your app freely on Android unless Google lets you. That's all just in a tiny sliver of space.
Our Tetris board barely has any room left for choice and actions.
Additionally, this kills apps like Revanced, NewPipe, SmartTube that will now be required to give out ID to Google, surely that's something they really want to do. All Open source development is at threat, Google's absolute dogshit procedures already imposed for the play store now imposed to the entire ecosystem. All for a shitty system that breaks down to "registering package names". Cool then, guess it's time to typo squat on every variant of com.faceboook.app, because users definitely check the package name and not "oh the icon is right and so is the title".
More and more locked down devices, Android source releases only being published once a year, device drivers for reference devices disappearing, and now, verification of all your software for your "security". The war on general computing is well and truly on.
TL;DR
If you're not using Linux by now, do yourself a favor and start. You could do worse than starting with Linux Mint or PopOS, but whatever you do, get ahead of the curve and transition to these user-friendly open sourced OSes. The alternative is far, far worse at the moment.
Everybody complaining of this is admitting they are doing nefarious actions. Those of us playing by the rules see no issue with this - In fact I welcome it!
Before quickly running to dismiss this move, please at least do your research with regards to the situation in the countries mentioned in the article, especially Singapore and Thailand.
Side-loaded malware has been an epidemic in SE Asia, and there are MILLIONS of dollars stolen (mostly from pensioners!) via side-loaded malware disguised as gambling apps - the local population is particularly suspectible to gambling, especially the older generations that are not so tech-savvy.
Meaning to use your device you need to have a contractual relationship with a foreign (unless you are in the US) third party that decides what you can or cannot do with it. Plus using GrapheneOS is less of an option every day, since banks and other "regulated" sectors use Google Play Protect and similar DRMs to prevent you from connecting from whatever device you want. Client-side "trust" means the provider owning the device, not the user.
Android shouldn't be considered Open Source anymore, since source code is published in batches and only part of the system is open, with more and more apps going behind the Google ecosystem itself.
Maybe it's time for a third large phone OS, whether it comes from China getting fed up with the US and Google's shenanigans (Huawei has HarmonyOS but it's not open) or some "GNU/Linux" touch version that has a serious ecosystem. Especially when more and more apps and services are "mobile-first" or "mobile-only" like banking.
I think Play Integrity is the fundamental issue here, and needs to go. That's the crux of the issue.
Allowing apps to say "we only run on Google's officially certified unmodified Android devices" and tightly restricting which devices are certified is the part that makes changes like this deeply problematic. Without that, non-Google Android versions are on a fair playing field; if you don't like their rules, you can install Graphene or other alternatives with no downside. With Play Integrity & attestation though you're always living with the risk of being cut off from some essential app (like your bank) that suddenly becomes "Google-Android-Only".
If Play Integrity went away, I'd be much more OK with Google adding restrictions like this - opt in if you like, use alternatives if you don't, and let's see what the market actually wants.
> Maybe it's time for a third large phone OS
It's been that time for years. But it's easier said than done. The closest we've currently got are the various phone-targeted Linux distros out there. But they're not quite ready for serious usage for me; at least not on the Pinephone. Still, that's where to put your time & money if you're serious about wanting a change.
realistically, the end point for moderately tech savvy folks is going to a be two-device setup. one cheap phone for basic communication , all the corpo stuff like banking and shirt-and-tie social media + a wifi hotspot. then a second "practical use" device that uses the hotspot, that you fully control and do your tinkering with.
edit: coming to think of it, teaching people to have a device for the "clean stuff" and separate one for the "stupid stuff" could even turn out to be a benefit.
> Maybe it's time for a third large phone OS [...].
Apple and Google conspired to never allow that to happen. They've pushed Microsoft out of that sector. Microsoft! Name a bigger challenger.
> Android shouldn't be considered Open Source anymore
That idea died for me long ago, I had used Android since 2009 till 2020. I gave up on the dream of a Linux phone. Ubuntu had a nice sleek Phone UI they were working on. The issue is if nobody builds the phones and no carrier cares, nobody will pick it up. You need to push yourself into the market.
Microsoft could fill this weird gap if they wanted to the key things would be they would have to truly open source the OS. I could see Amazon trying again, but they'd need to invest a lot as well. It's an uphill battle needing a serious flagship phone. Your other problem is most apps need to be migrated.
> "GNU/Linux" touch version that has a serious ecosystem
That is a very hard problem, unless someone with serious name recognition like Linus Torvalds starts to lead that kind of effort, or a big company like Microsoft suddenly decides that putting 1 billion towards GNU/Linux would be in their interest. With small efforts, it will remain scattered.
Crowdfunding has a lot of power if there is name recognition behind the effort. Star Citizen has already gathered $800 million with mostly enthusiasm and a good start. Who is there to lead the effort for GNU/Linux phone development?
Everything coming from China is going to be closed source as well, and it's going to be pretty hard for banks to onboard themselves on open source solutions. I think the ultimate solution is: two phones, one shitty one just for banking/trading/whatever, which only stays at home most of the time, and one Linux phone that we more or less own, for calls/texts/web browsing, which stays with us.
This is the problem - many apps refusing to run on non-blesses platform.
Years ago I loved tinkering with the devices but then I wasn't able to use my bank and it was getting more and more annoying so at one point I just stopped...
The biggest problem are: 1) lack of drivers (so creating custom roms/OS for the devices is problematic), 2) locked bootloaders and 3) many apps requiring PlayServices and other stuff (mostly banks).
There is postmarketOS, it looks awesome but - device support is very lacking and there is no way to have bank and PopularApps (whatsapp/instagram/etc) running on it so it's popularity is microscopic…
Maybe another European Citizen Initiative to force makers to provide those things (bootloader and drivers)?
OpenHarmony is open source. There are also: Ubuntu Touch and Sailfish OS being developed. Actually I am writing this from Sailfish OS. I can login to my bank using a web browser here in the EU. I have Telegram, Signal clients, maps, sideloaded packages, full terminal - I fully control the phone, in contrast to Android. I don't own and don't need Android phone at all. So definitely more people should usealternatives to closed Android/iOS.
I somewhat agree with the protected systems part though. For example, handling payments. Now iOS and Android could both have 0-days that allow fraudulent payments to be made for all I know but there's a certain degree of trust there with 2 large companies.
But then again we still use visa/mastercard duopoly that allows you to make payments so long as your have their card number.
And then again x2; nothing will ever change, we live in a corporate hellscape where men in suits & ties make all the decisions, get themselves wealthier and the general public are too apathetic to band together on anything because they'd rather foot shoot than have someone not from their tribe receive a single cookie crumb.
> a contractual relationship with a foreign (unless you are in the US) third party that decides what you can or cannot do with it.
I see where you're coming from, but companies like Google have local legal representation (e.g. in Ireland for the EU), and have to operate under EU rules if they want to do business here (just like how a EU business has to operate under US rules). If the EU says that you should be allowed to do your own thing - and they have - then Google can either comply or leave.
Don't attribute more power to companies than they have - they want you to believe they can get away with this, but don't echo their rhetoric.
The EU is planning to make Play Store de facto mandatory, so no more Graphene in the EU
https://www.androidheadlines.com/2025/07/eu-age-verification...
We used to have a very nice option called Blackberry. Oh how I miss those phones.
> Maybe it's time for a third large phone OS
I don't think that the problem is the OS. The problem is access to the hardware. Hardware manufacturers can decide to prevent you from installing an alternative OS on your hardware.
If the law made it mandatory to allow this, it would be a lot easier to go with alternative OSes like GrapheneOS.
> Huawei has HarmonyOS but it's not open
I was thinking at some point that they would go with AOSP and their own Huawei Services on top. Could have been fun. Also I wonder why they don't just support GrapheneOS as an alternative OS.
Alas, no distinction is made between (a) a computer owner that wants to write software to run on their computer versus (b) an "app developer" who wants to write "mobile apps" and distribute them to others for financial gain
The computer owner in (a) is not creating "malware". Any arguments that "verification" is for the protection of users (not commercial benefit of Google) are inapplicable in (a). Unlike the software in (b) the software in (a) only runs on the computer owner's computer, not anyone else's computer. There is no need in the case of (a) for Google to know about what software is running on the computer owner's computer.^1 Surely Google would agree there is no need, i.e., no right, for a computer owner seeking "verification" to know what software is running on Google's computers or the identities of Google employees.
1. None that outweighs the owner's right to privacy. Microsoft, Apple and Google all use _default_ telemetry
https://gist.github.com/alirobe/7f3b34ad89a159e6daa1
https://github.com/cedws/apple-telemetry
https://apple.stackexchange.com/questions/437068/eliminating...
https://therecord.media/google-collects-20-times-more-teleme...
> Maybe it's time for a third large phone OS, whether it comes from China getting fed up with the US and Google's shenanigans (Huawei has HarmonyOS but it's not open) or some "GNU/Linux" touch version that has a serious ecosystem. Especially when more and more apps and services are "mobile-first" or "mobile-only" like banking.
This makes me laugh. Not at you, but at the cycle. This was the convo years ago when this was possible, but getting consumers to trust a 3rd party like PalmOS (which was actually pretty darn good compared to android) is practically not possible.
I wouldn't use a bank that made it difficult for me to access my account. I don't know why most people do. I know why a few need to, but not most. There's a lot of unnecessary bedmaking going on in tech.
We're long, long overdue for a 3rd phone OS option. The bank thing has me wondering. Maybe getting a nice, local branch is one of the next sane privacy steps if it lets me escape this phone.
Less and less of AOSP is being updated also, as Google rolls most of its new features and updates behind the Play Services system. Install Graphene and you will see what I am talking about - the SMS app for example hasn't been updated in probably a decade and looks and functions like it did back in Android 4 (KitKat). Same with the other built-in apps. While I used Graphene myself for a solid 6 months, the features you have to give up on using or find some obtuse workaround for aren't appealing to the "normies" who just want their phone to do what they want, no matter the unseen ethical cost (in this case, sacrificing the ability to freely install 3rd party apps). Someone on another forum said it very well - people like "us" were Google's foot in the door, now along with Apple they have such a stranglehold on the mobile OS space that a 3rd viable and comparable contestant becomes less and less likely by the day. Throw in how Google starting with Android 16 is not releasing updated drivers with AOSP and Graphene probably doesn't have much life left in it, either.
> or some "GNU/Linux" touch version that has a serious ecosystem
How could this realistically happen? Developers of popular apps adore the control and illegitimate de-facto ownership that client side "trust" gives them, so they'll refuse to make apps for that platform. They'll also use said client side "trust" to block them. Thus, it can't reach critical mass to force adoption by these developers.
I think that the answer are vendor-independent standards.
The main issue being solved here is that security relies heavily on those actors like Google and Apple. Banks, companies etc. have high security requirements (rightly so) and basically need to tick boxes. So if the only way to obtain, say, MFA, is through something only Goole/Apple provides, they will require Google or Apple devices.
If we had reasonable standards alternatives can become a reality.
> banks and other "regulated" sectors use Google Play Protect and similar DRMs to prevent you from connecting from whatever device you want.
This totally sucks but is there anything preventing you from using your bank's website in-browser in your phone, other than the terrible UI, tiny text, and inability to select the correct checkbox?
Tizen already exists...where phone OS' fall down is that ALL of the cellular modems are extremely patent encumbered (althogh Hauwei has a large portion of the 5G ones) and there doesn't exist an open specification let alone open implementation of their interfaces.
It seems most banking apps do work: https://privsec.dev/posts/android/banking-applications-compa...
Wouldn't a third large phone os have the same problems as GrapheneOS?
Other than depositing checks, I've always thought that phone bank apps are overrated. Banking is too serious for a phone- I'd rather do it on a real computer. I could fairly easily give up banking apps entirely.
Problem is 99.99% of the population probably doesn't care (or even know about the issue). Companies respond to the market. If there is no demand or pressure for something more open, they won't make it.
It doesn't even matter if it's foreign or not, it's a matter of who owns the thing: you buy a smartphone or you buy a service that allows you some use of said smartphone? Fuck services.
There will never be a third large OS unless Google Play Integrity is legislated out of existence. And it looks like governments like Google Play Integrity so that won't happen
I wish Firefox OS had succeeded, my first ever app was for it, it was all so much simpler and so much more free than the locked down systems of both major mobile OSes.
> the provider owning the device, not the user
That's been the case since they got rid of removable batteries. You don't own a device you can't reliably turn off.
What's even the point of all the bullshit with Google play protect if in the end I can access my bank from a web browser. That stupidity is protecting no one
LineageOS still exists.
Not merely a foreign third party: one operating fairly cozily within a country with a hostile and erratic government.
If Trump ordered Google, tomorrow, to put some egregious measure in place in Android (or Chrome, or Google Search), I, personally, would not want to bet that they would refuse him. And frankly, I don't know that I can even imagine the kinds of things he might try to get them to do.
We absolutely need better competition in smartphone OSes—we need it across the board in tech, really, from a wide array of countries.
These control freaks will not control me. Banking on GrapheneOS? The web app works fine.
More and more people are starting to see how you really own nothing anymore.
Every day we stray farther from the premise that we should be allowed to install / modify software on the computers we own.
Will once again re-up the concept of a “right to root access”, to prevent big corps from pulling this bs over and over again: https://medhir.com/blog/right-to-root-access
In the meantime, corporate is thinking about locking browsers down. Remember this? https://chromestatus.com/feature/5796524191121408
They’ll try again, with big business and governments cheering on them.
The question really isn't whether we should be able to modify computers we own, its whether we own them at all.
Also add "the right to maintain". Too many Android devices have drivers hidden behind kernel forks that will never be updated.
I'd love to install OpenWRT on my portable 5g modem currently running Android - . but I can't and likely never will. Same for my IoT automated blinds
Reminds of RMS's The Right To Read - http://mat.puc-rio.br/~nicolau/stallmann/tycho10h.html
Computing devices hardware and operating systems should be treated as essential digital infrastructure, with laws in place to ensure that the owner of the device retains full control over it and to prevent manufacturers or developers from over-imposing their control.
Root access on your phone isn't enough: there's layers below root.
There is no chance that we own our computers unless we figure out how to setup chip manufacturing factories at the 10 million dollar price point.
Without commoditized hardware, big capital will surely be in control of software.
Conditioning such rights on the device being "owned outright" will just push the same bad actors to rent you the phones instead of buying them, the same as they did with software licenses. The only way to really fix it is to break up the wealth and power of individuals and corporations based on their total effective power, regardless of the source from which that power is derived.
Tell that to all those assholes that are making malware and scamming society on billions.
Most of users are not able to keep themselves safe in the internet - they want to install all kind of crap without thinking too much.
All of this is companies making it possible that average Joe could just click links, install any kind of crap and still be somewhat secure.
It's amazing how often we hamper the majority of society by protecting the bottom quintile from the consequences of their own mistakes.
I see no other way than regulation to force the two to provide drivers and manuals for alternative OS makers.
We should've nipped it with Apple, but there was so much _whatabout_ing that the conversation always go sidetracked with assertions about the free market and what not. It turns out, there is no free market, and we're just living in someone's managed device walled garden.
This should be a part of right to repair. The grouping would get more people with common cause together.
To be fair to Google, they got so much cricticism for allowing so many spam apps.
Very true and this was predictable. That said, I haven't installed any apps for months now since I don't consider Android to be a usable OS anymore. It could be technically, but I have no will to fight Google and manufacturers on their lock down ambitions.
Ironically that degraded phones to be just that. Phones with build-in high quality cameras. For everything else there are better alternatives.
You can't steal something if you can't own it.
so we are doomed? since people don't even really get why right to repair is important this kind of concepts fly way above the head of most peoples..
This is why I believe GPL v3 is important.
[dead]
Sure. You will have the right to root, unless on a device with a locked bootloader. /s
Lets just call it what it is and what we all want. "The right to modify". It doesn't give you the right to copy, so it will never break any law protecting intellectual property.
You'll own nothing (not even your digital assets) and be happy!
> Every day we stray farther from the premise that we should be allowed to install / modify software on the computers we own.
I’ve never agreed with this premise.
I buy things that mostly meet my needs and desires in every other walk of life. I’m personally OK with extending this to computers as well.
Official announcement: https://android-developers.googleblog.com/2025/08/elevating-...
More info:
https://developer.android.com/developer-verification
https://support.google.com/googleplay/android-developer/answ...
Personally...we all know the Play Store is chock full of malicious garbage, so the verification requirements there don't do jack to protect users. The way I see it, this is nothing but a power grab, a way for Google to kill apps like Revanced for good. They'll just find some bullshit reason to suspend your developer account if you do something they don't like.
Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.
> we will be confirming who the developer is, not reviewing the content of their app or where it came from
This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.
TFA had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.
On the flip side, that's one less platform I care about supporting with my projects. We're down to just Linux and Windows if you're not willing to sell your soul (no, I will not be making a Google account) just for the right to develop for a certain platform.
It's never about security (at least not user's security). It's like you pointed out only about power and locking in customers. They don't care if your phone gets hacked or you bank account drained. They care about the bottom line. Android is fine. Google should have 2 layers if they're worried playstore 1 has only well vetted authors and apps. playstore 2 can be the free for all (mostly) of the current store. These could be two different apps or prominent tags. Choice is good, lock down is bad. Corporate does not like employees or customers to have freedom, that's why it's our duty to fire people like the current US regime who always side with corporations over customers.
> Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.
You've never needed the internet permission to exfiltrate data. Just send an intent to the browser app to load a page owned by the attacker with the data to be exfilled in the query parameters.
> had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.
I don't think we can know for sure before the change is actually in place. Going through Play Protect would certainly be the easiest way of implementing this - it would be a simple change from "Play Protect rejects known malware" to "Play Protect rejects any app that isn't properly notarized". This would narrowly address the issue where the existing malware checks are made ineffective by pushing some new variant of the malicious app with a different package id.
It's a big change for the ecosystem nonetheless because it will require all existing developers to register for verification if they want to publish a "legit" app that won't be rejected by any common Android device - and the phrasing of the official announcements accurately reflects this. But this says nothing much as of yet about whether power users will be allowed to proactively disable these checks (just like they can turn off Play Protect today, even though very few people do so in practice).
> This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.
Requiring company verification helps against some app pretending to be made by a legitimate institution, e.g. your bank.
Requiring public key registration for package name protects against package modification with malware. Typical issue - I want to download an app that's not on available "in my country" - because I'm on a holiday and want to try some local app, but my "play store country" is tied to my credit card and the developer only made it available in his own country thinking it would be useless for foreigners. I usually try to download it from APKMirror. APKMirror tries to do signature verification. But I may not find it on APKMirror but only on some sketchy site. The sketchy site may not do any signature verification so I can't be sure that I downloaded an original unmodified APK instead of the original APK injected with some malware.
Both of these can be done without actually scanning the package contents. They are essentially just equivalents of EV SSL certificates and DANE/TLSA from TLS world.
<< we will be confirming who the developer is, not reviewing the content of their app or where it came from
To be honest, it almost makes me wonder if the issue here is not related to security at all. I am not being sarcastic. What I mean is, maybe the issue revolves around some of the issue MS had with github ( sanctions and KYC checks ).
Play Protect is just spyware to monitor app usage & exploitation. It doesn't prevent or protect anything.
> Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps
Of that they still refuse to sandbox the play store.
It's easy to see that there's a pattern on what they are copying from GrapheneOS.
Can you elaborate a little bit about this hidden internet access control setting?
So KYC but C is “competition”.
The future for security conscious will be something like grapheneOS for phones, but a step further where the device can only securely connect to your home computer and access regular software there. If you must, run segregated, whitelist only networking, virtual machine apps
Doesn't Windows have the same thing aka Code Signing?
https://www.electronforge.io/guides/code-signing/code-signin...
> But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.
The internet permission has nothing to do with ads? It's a hidden permission because:
1) Internet connection is so ubiquitous as to just be noise if displayed
2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar
What is the hidden internet permission called? Is there any way to enable or see it?
"we all know... Play Store... full of malicious garbage" - please point out how that statement is true, given we all know this apparently.
Yes, there are apps out there that try to trick the system and when you use them, instead of looking innocent, it's actually a casino app or something. But Google usually finds those. Are there any apps impersonating a bank? Because that is what regular people care about & think of when someone says "malicious".
They don't care if an app tracks what other apps are installed, what the user taps on, etc. Arguably they should care, but they don't lose money from it.
There's a reason Google is targeting a few specific countries with this first. Malware from APKs downloaded from the internet is more prominent in some countries than in others. The governments themselves are asking for this because educating the public has turned out to be an impossible task for them.
Still an awful solution that will get bypassed easily, of course. But there's more to this than "Google decided to be a bunch of dicks today".
The funny thing is Stallman started his fight like half a century ago and on regular days Hacker News shits on him eating something off of his foot and not being polished and diplomatic, and loves practical aspects of Corporate Open Source and gratis goodies and doesn't particularly care about Free Software.
On this day suddenly folks come out of the woodwork advocating for half baked measures to achieve what Stallman portrayed but they still hardly recognize this was EXACTLY his concern when he started the Free Software movement.
Stallman actively hurts the cause with his behaviour. I'm not only talking about his eccentricities, but also the adversarial and combative language. Yes, Amazon is trying to swindle us, but few people will be convinced of that when you start your argument by calling the kindle an "Amazon swindle" every time, directly implying that anyone who has one is an idiot or even malicious.
Yes, it's unfair that someone can be 100% correct but people won't listen to them because of their appearance or mannerisms. But whining about that unfairness is unproductive. People will never listen to someone who can't stop themselves from eating stuff from their foot in public.
It's possible to believe both that Stallman is over the top and that stuff like this Google action is bad, and even to be right on both. It's even easier to believe that Stallman has had some good ideas but is still a deeply flawed human being, and has also incidentally not been the most effective advocate for his own ideals.
There are people who have been pretty steady in their convictions over decades. Not that we have much illusions about the end game. Stallman has issues, but they're minor compared to the issues that the likes of Google, Apple, Facebook, Amazon and Microsoft have. But they get to hide their nasty little habits behind the corporate veil of respectability.
It's a sad state of affairs when a guy born in 1953 and a 70+ years old is our reference for freedom.
What happened to GenX, Millenials and GenZ ? Why aren't there any more vocal activists doing something? The internet fuked us up. We're full of armchair experts "fighting" the cause laying in our coach.
It is right to highlight the fight for libre software that Stallman championed.
The world would be a much, much worse place without Free Software. We own the obligation to keep the fight up. So many of us profit from it, and so many people depend on it.
This friend of mine dealt with S. - and found a completely irrational part. We tried to steer history for the best, S. let it flow (in that occasion, of course. He just would not listen).
> not being polished and diplomatic
That is severe understatement. Plenty of people and political activists are not polished and not diplomatic ... while still not reaching Stallmans levels. Majority of them, actually.
> eating something off of his foot
Yeah, that episode is unforgettable.
He can be mostly right but also terrible for his own cause at the same time. Anyone that doesn't see that must not know even the tiniest fraction of the stories, or like him also has a cognitive disability.
fact: it is possible to be a good and clean person at the same time
one can both see far into the future and fit one's foot into one's own mouth. it is possible to do two things.
No, I hate this change from Google, and everyone involved with it should be ashamed of themselves, but Stallman is an extremest and I don't believe his world would be better than this one.
There's genuine need for application developers to gain access to extremely secure end-to-end attestation of the environment their apps are running in. Its a rare need, but it does exist. There's also genuine need for some consumers to opt-in to a strict security regime.
Google's change forces this draconian, dishonorable regime on all application developers and on all users. Its a change that serves no one except their shareholders.
[flagged]
[flagged]
I read your comment and assumed he ate some food that fell on his foot. And I thought that was gross. But omg it’s so much worse
We really shouldn’t have the frontman of free software be someone who is a creep towards women and who can’t take care of himself.
If this is a thing then the solution they offer is incorrect. A big giant red screen: “warning the identity of this application developer has not been verified and this could be an application stealing your data, etc” would have worked.
What they want is to get rid of apps like YouTube Vanced that are making them lose money (and other Play Store apps)
It felt weird that the official press release was quoting entities from these countries, as if it should give confidence to the rest of the world. I can't imagine what these countries would want with apps that can be traced back to a government id...
Vanced and such is more of a First World/Western issue. I don't think you're wrong but I got a strong gut feeling there's other pressures in the works. Just something doesn't smell right...
In addition to the other perspectives already offered here, warning screens such as the one you propose were already shown for sideloaded apps, and these screens worked against Google in their lawsuit with Epic Games. So that's another contributing factor for the policy we're discussing.
It won't work because of too many false positives. People are already trained to ignore warnings, like how they blindly accept T&C without reading.
"Displaying an angry warning message" is one of the tools we've used for decades, and never with much success.
Yep, bye Newpipe, you have been wonderful.
I've often lamented at work that we lose freedom at the guise of "security".
Security and Intellectual Property (IP) protection could both be true. Google has a big enough reason to make it happen now.
In a perverse way it's not that protecting Google's IP is making us safer. Yet it, strangely is.
There will always be tangential business aims that are designed to be satisfied at the same time as the consumer benefit.
To be fair though, this strategic duplicity is a technique Apple has used since Jobs; so it's not as if Google used the approach first.
It's such a simple and effective solution that could be implemented overnight and 'help to cut down on bad actors who hide their identity to distribute malware, commit financial fraud, or steal users personal data' tomorrow. Mission accomplished, internet saved, and everyone's happy just like a fairy tale out of the early 2000s.
That was never the real reason. Security and "think of the children" to take away rights are the two oldest plays in the playbook.
Do you like losing money?
You can just use the browser an ublock to browse youtube
The worst part is the Orwellian opening sentence they start with in their blog post [0]:
> You shouldn’t have to choose between open and secure
2+2=5
Truly the end of an era. I've spent nearly two decades buying Android phones because of a single checkbox in settings that let me have the freedom I consider essential to any computing device that I own.
In a way, it's liberating, I've missed out on a lot from the Apple ecosystem because of that checkbox. Maybe finally I can let go of it now the choice is out of my hands.
[0] https://android-developers.googleblog.com/2025/08/elevating-...
The only reason to be surprised by this sentence to associate this corporation for the cool "Don't be evil" Google of 25 years ago.
But in 2025 Google is some kind of IBM, Oracle blob with here a middle age MBA woman trying to gas-light you into an orweilian world she is paving for an awesome remuneration.
Also notice they do not say "open source" once in the post... now it is just "open". It is "open" but not your phone anymore.
Very much my exact feelings. I had the first Android phone ever and even wrote my own APKs and enjoyed the freedom of the mobile platform that let me install my own software. But it's been close to 20 years and maybe it's time to check out the other side, as much as I despise Apple's locked down ecosystem.
GrapheneOS will put it back into your hands.
This is really bad. I think that most people on HN will agree with that.
The problem is that most normal people (HN is not normal - mostly for the better) don't even understand what sideloading is - let alone actually care.
How can we fix this?
(aside from making people care - apathy enables so many political problems in the current age, but it's such a huge problem that this definitely isn't going to be the impetus to fix it)
This certainly won't solve the problem, but I would at least like to banish the term "side load", which is a kind of Orwellian word that takes something everyone used to do all the time and makes it sound obscure and a bit nefarious. Maybe we, the tech literate, can start calling sideloading a "free install" or something. When asked, we can clarify that the 'free' stands for both freedom, and not paying middlemen 30%.
People install games from Steam or the Epic Store on their computers without Microsoft preventing that or taking a cut all the time (not for lack of trying. I know). But somehow, in the mobile world, we went with total lockdowns and platform extortion as the rule?
The irony of that iconic Apple 1984 add .
I agree that this is a horrible step in the wrong direction but in terms of the solution I have a different take.
I don't think that making "normal" people "care" about sideloading is the answer, because a) it's impossible and b) political change doesn't happen through "normal" people anyway, all political and regulatory change is driven via smaller and motivated groups of people.
The problem is fundamentally that there's a duopoly on mobile OSes that has tons of market power and if they want to dictate a change like "you can no longer install unapproved software," they can just do it.
The solution is to walk away from that duopoly, to suck it up and just stop using their products. We fortunately are able to do this (for now) on desktop and running Linux in 2025 is better than it's ever been, and more people are doing it.
To get Linux or some alternative on phones is a big task, and if you make the switch you're going to lose a lot. But most of what has no desktop equivalent is addictive social media garbage that you should get rid of anyway. The biggest thing I'm concerned about is the state of banking and OTP/2FA.
I think we need to fight for universal electronic access to the financial system as a right without a need for gatekeepers like Apple or Google. In some countries it's already the case that at many businesses you must use your phone to make payments, cash is gone, cards are dying, and you must therefore agree to Apple or Google's rules to use your phone. This is truly how freedom and democracy will die if we allow it. This is way bigger for "normal" people than technical concepts like sideloading. People on the left should inherently understand the importance to liberty of having the right as an individual to buy and sell without some megacorp's permission. For people on the right, well, remember the Bible's "Mark of the beast..."
Secondarily we need to fight for the enforcement of anti-trust laws, which half of HN doesn't seem to even know exist, or feels are in some way unfair, even though they are the cause of these problems. Government needs to reach in and rearrange markets that are dominated by one or two players, it needs to forcefully restructure those companies so that they lose their market power and can no longer force citizens to obey their will. We've done it before, such as ending company towns where you were forced to use the company's scrip at the company's shop to buy living essentials. It's worked, we need to do it again.
We need another os in the market. A duopoly just isn't competitive enough. Too bad the cost of entry is so high.
Define "normal people". Due to Chinese phones and sanctions and other geopolitical bullshit a significant part of the world is forced to use alternative app stores already. Yes, these people are very aware of "sideloading". (Due to Google's own previous moronic foot-shooting policy.)
In my case, I've been working on fixing it by doing side work porting apps to offline-first Linux handhelds. With AI it is not hard nor time consuming. You can make personal versions of anything that adds personal value.
The idea that you can hold the beggar bowl out and company mommy will have pity is not realistic. Creating your own ecosystem and cross-fertilising with other liked minded people that is tailored to your approach is far more feasible now than we realise.
> most normal people... don't even understand what sideloading is
Actually, they understand it just fine. The concept is very simple too.
Before this change you could install Android apps without registering your passport/driving license with Google.
After this change you will have to tell Google your real name and home address to install anything on your Android device. This is all. It can take a convoluted form of registering Google account or a more direct form of sending Google your identity documents to confirm "developer privileges". But you will no longer be able to use non-hacked Android devices to install anything without doing those steps.
P.S. I recall that some people still believe that they can create Google account without giving Google your personal details, phone etc. This is simply a self-delusion. If Google does not immediately demand you to cough up a phone numbers under pretense of "suspicious activity", that's because they already know who you are (you probably told them yourself by registering another account elsewhere).
No, "burner SIM cards" aren't real. This is just another form of self-delusion, — this time architected by US security agencies. You don't become anonymous by using those, you become watched.
They don't understand sideloading, but you know what they understand?
Weird apps that block your phone and show ads constantly (yes this exists)
Typosquatting apps
Apps that hold your phone for ransom if you don't pay a certain debt (yes this exists) https://www.welivesecurity.com/en/eset-research/beware-preda...
> how can we fix this?
Easy: tell them they won't be able to use cracked spotify anymore
> This is really bad. I think that most people on HN will agree with that.
I may prove to be wrong but I'm looking forward to seeing how this plays out & genuinely think it could be good, holistically.
There's a number of possibilities:
1. This drives most people to Apple & Android dies. iOS is mostly a better product than Android, with the exception that Android is semi-open. This removes Android's only competitive advantage.
2. This drives most people to Apple which motivates Google to do a U-turn.
3. This drives people to Graphene in such large numbers that it gets financial support, & some banks are pressurised into dropping Play Protect requirements.
I honestly don't know which of these 3 is most or least likely but all move us away from the current stagnant position of Google being the best reasonable option of a set of very bad options. A complete Apple monopoly would obviously be bad in the short term but would at least leave an opening for fresh competitors.
> How can we fix this?
turn people onto sideloaded apps. show them Revanced and NewPipe, show them system-wide ad blockers and bloatware removal and every other thing Google doesn't want plebs to use.
people don't care about "apk side-loading," they care about apps. hook them on forbidden apps, and they'll raise hell when they can't side-load them anymore.
In the EU, you would start a petition to the European Parliament in order to vote on that... Which is a tedious process but has seen some success in some fronts (like the Stop Killing/Destroying Games initiative).
For other countries... Well you get what you vote I guess.
As someone who never comments on HN, I would like to voice my absolute disapproval of this new policy. As these decisions are not made in a vacuum, I have no doubt the recent developments in the political landscape have contributed to this decision (e.g. UK Online "Safety" Act, EU Chat Control, EU Age Verification solution, probably others). Coupled with the recent "mandatory" (read: forced) upgrade of my Pixel 4a, I get the impression Google's attitude towards phones has become equivalent to Apple's: namely, the illusion of choice.
Since there are no viable alternatives, I guess it's time to go back to owning a cheap corporate/government approved phone for official business (i.e. banking), and another one that I actually use.
As an aside, the presentation[0] doesn't really go into the details how they will enforce this (on-device? Remotely? If the latter, can I just remove Play Services from my device to sideload whatever?), but you can apparently submit feedback about the verification process here[1].
[0]: https://goo.gle/play-console-android-developer-verification [1]: https://docs.google.com/forms/d/e/1FAIpQLSdpZbsJCS-f7CtMbZPn...
> Since there are no viable alternatives
Depending on your definition of "viable", you might consider GNU/Linux phones.
Feedback submitted. It takes five minutes; everyone please go through it and tell Google directly how idiotic of a decision this is.
So that's it then.
If this actually goes through, there will be no option in the mobile OS market for an OS that both:
a) allows the installation of apps without any contractual relationship with any party, and
b) allows the use of mainstream and secure apps like banking
In time, you will only be able to access banking from your desktop using an approved OS and browser with attestation...
I'll just have to disable it and choose a banking app that works on the browser. Tonnes of my apps are sideloaded. Quite a few are on the playstore or the dev might upload their details.
Banking apps were at the forefront of freedom-eroding "safety" for a long time now.
Even aside from the privacy implications (which aren't trivial themselves,)
Doesn't this make it prohibitively difficult to do local builds of open source projects? It's been a long time since I've done this, but my recollection was that the process to do this was essentially you would build someone else's (the project's) package/namespace up through signing, but sign it locally with your own dev keys. A glance at the docs they've shared makes it sound like the package name essentially gets bound to an identity and you then can't sign it with another key. Am a I misremembering and/or has something changed in this process? Am I missing something?
Not just difficult - it becomes impossible. You can no longer develop any android app without Google's approval, just like iOS. The official emulators might not even work.
A repo is just files in a directory, so the namespace can be changed, but the whole thing stinks. Having to setup Android signing keys and needing to provide ID is not fun. It means you won't easily be able to run builds on Google certified Android devices that aren't from "approved" people.
If so, then this change will likely make it illegal to distribute APKs of GPLv3 software, since the recipient couldn't run their modified version.
The article didn't say much about the account approval process, but from the looks of it Google will be able to arbitrarily accept and revoke applications as they see fit. So much for an open platform, bring forth the gatekeeping!
Personally I would be fine with unsigned apps requiring the user to click through a notice before install, or having a setting to toggle to enable unsigned apps. Windows does something similar to this where unsigned binaries get a pop up warning but signed ones are executed immediately.
What they say they want to accomplish could be almost 100% accomplished with self signed certificates. Or public certificates like letsencrypt etc. if you absolutely have to have third party attestation of the key.
The fact they incidentally position themselves as the only gatekeepers rather than accomplishing the same without doing that tells you all you need to know about their intent.
That notice already exists. In fact there are 2 or 3 extra confirmations required to sideload apps today.
That's the first step toward banning NSFW apps like on Steam, I'm afraid.
Makes sense why they had to get rid of the "don't be evil" motto. They've been on a roll.
I've seen a lot of similar sentiment on this thread, but the reason I use Android is because it gives me more control than iOS by allowing full-on painless sideloading, and custom distributions like GrapheneOS. They're doing everything they can to turn themselves into a worse Apple. All of the downsides of Apple, but none of the upsides. Apple beats them in every aspect that isn't "openness".
When will the straw break the camel's back? I'm shocked we've let it get to this point with no realistic alternatives. There's no reason a competitive Linux-based smartphone can't exist (no, I'm not counting Android in that).
> There's no reason a competitive Linux-based smartphone can't exist (no, I'm not counting Android in that).
Yes there is. You all don't understand that they will use remote attestation to force everyone to use approved devices with signed apps on signed OSes only
You won't be able to bank, call a cab, write a chat message, watch a youtube video or do anything relevant on a device anymore that isn't signed, approved and controlled by google. They've made us cattle and now they are going to milk us dry.
> There's no reason a competitive Linux-based smartphone can't exist
There is; it's the "phone" part of "smartphone". Being a phone makes the device subject to a lot more requirements (for an obvious example, emergency dialing must always be available and work, and at the same time the phone must never accidentally dial the emergency number).
In my country, only cell phones certified by the government telecommunications agency (Anatel) can be imported, so I can't for instance go to the Jolla or PinePhone store and buy a Linux-based smartphone; if I tried, it would be sent back the moment the package entered the country. (See https://www.gov.br/anatel/pt-br/regulado/certificacao-de-pro... for details.)
> There's no reason a competitive Linux-based smartphone can't exist
And it does exist: https://en.wikipedia.org/wiki/Librem_5
> Makes sense why they had to get rid of the "don't be evil" motto.
I hate how this always gets brought up because:
1. Evil has no definition, so it means nothing. They get to define what evil is for themselves. They stated their reasons they think this change is good. You can't prove it breaks their code of conduct.
2. It's straight up false, it's still in their code of conduct:
> And remember... don’t be evil, and if you see something that you think isn’t right – speak up!
https://abc.xyz/investor/google-code-of-conduct/
If this is enforced via Play Protect, then the whole mechanism can likely be disabled with:
This does not require root access and prevents Android from invoking Play Protect in the first place. (This is what AOSP's own test suite does, along with other test suites in eg. Unreal Engine, etc.)I personally won't be doing this verification for my open-source apps. I have no interest in any kind of business relationship with anyone just to publish an .apk. If that limits those who can install it to people who disable Play Protect globally, then oh well.
How long until Google decides to lock it down because "scammers" can "abuse" it?
Would be a real shame if this also nuked your safetynet trust score if they realize too many people are using this escape hatch...
I really hope this ends up being possible! Play Protect seems to jump up every so often and try to scare me into turning it on. Very annoying. I've wanted to disable Play Protect permanently, but never did the query to learn how, so thank you.
What does this break?
I kinda feel like they'll make sure any workaround for this will ensure you can't use banking apps, Google Pay, etc.
I really hope this is done via Play Protect. You can also disable it temporarily in Google Play and install whatever you want.
There's also the related "Verify apps over USB" setting which is even exposed in the developer mode settings GUI.
The reason I chose the Android ecosystem over the Apple ecosystem, once I found out that the Maemo/Meego ecosystem was a dead end and the Openmoko ecosystem was a non-starter, is that the Android ecosystem allowed me to develop and install my own apps on my own devices whenever I wanted to, without arbitrary limitations like having to periodically plug the phone into my computer to renew some authorization. Additionally, there was even for some devices the possibility of rebuilding the whole operating system with any changes I desired.
If I'm not allowed to develop and install my own apps on my own phone, what advantage does Android have over Apple?
> what advantage does Android have over Apple?
They are cheaper and come full of spyware preinstalled by manufacturer and carrier.
Customer see the price advantage, everyone else see the data harvesting (including Google). Everyone benefits in selling cheap Android phone.
Now you would be pretty stupid to buy 1k€ Android phone like Samsung ones because they still come with preinstalled and privileged Samsung, third party and Google spyware.
For instance, my s23 had 3 preinstalled meta app. 2 systemized app, 1 was Facebook client.
> without arbitrary limitations like having to periodically plug the phone into my computer to renew some authorization
I find it easier to do a git commit once every 89 days and see my app auto refreshed through Testflight for me and anyone else I care to let use it.
If you look at the build system SaaS pricing or even IDE pricing on Show HNs here, the Xcode cloud build and distribution ecosystem is an absolute steal at $9 a month. Private Testflight (with no review) can be more convenient than that desktop cable.
I never really got into "phone" progrmaming, always waiting for the shenanigans to die down. But somehow the shanigans have gotten worse and for a significant chunk of the world population, the phone is the only computation device they have at all.
I never got into it because I was convinced developers would refuse to give up control over distribution when Apple started doing it. I wish I was right, but here we are.
You now need to have an online account to setup and login on a Windows desktop. It's obvious what the trend is and it's not allowing consumers control over their stuff.
Software distribution control didn't start with phones, it started with game consoles.
i made and released some apps in the early days. Got tired of it and got tired of the reminders from google to add banners, screenshots, submitting icons to support multiple resolutions.. notifications that apps i haven't touched in decade are no longer compatible etc.
so much extra work involved that isn't building the app.
I worry how this will affect fdroid etc.
I got into it then got out. Everything about the Apple ecosystem was infuriating. I don't even care about the ideology here, just the annoyance.
[dead]
> Google will begin to verify the identities of developers distributing their apps on Android devices, not just those who distribute via the Play Store
This is absolutely unacceptable. That's like you having to submit your personal details to Microsoft in order to just run a program on Windows. Absolutely nuts and it will not go as they think it will.
Microsoft will do this. They just have to go a little more slowly than Google or Apple because there's such a long history and expectation of being able to run any apps. But they're gradually working their way there just like Google and Apple.
Starts with scary warnings for unsigned apps (with a workaround), then they start imposing extra restrictions for unsigned apps, and then they make the SmartScreen workaround more difficult to enable (maybe it needs a registry edit), then they'll remove that workaround in certain markets/editions (maybe the Home version first). Finally they'll remove it everywhere.
> will not go as they think it will.
How will it go? Where are people going to go? People who draw a hard line on this can’t go to iOS for more freedom. Linux phones aren’t ready for prime time. So what’s left? Going back to a flip phone that doesn’t even have the capability of running apps in the same class?
Isn't it basically the same requirement as Apple enforces for iOS? If you want to build an iOS app which other users can install, you must register (and pay).
It's a step of questionable utility, and I suspect it comes from requirements of (not exactly freedom-loving) governments of Brazil, Malaysia, and Singapore, where the demand for registration will be enforced first. Maybe it will even remain geographically limited.
The article is very light on details. Crucially, it lacks any links to actual Google documents.
Ultimately it’s them that has market power.
To meaningfully challenge it, developers need to agree to withheld supply like a cartel (illegal?) or union.
I think it’s probably close to the union scenario in an industry with a single employer, as there is that one too many relationship (all developers vs Google). Whereas a cartel is a few suppliers conspiring against all consumers.
I’m not sure developers would go to those lengths, and I’m not sure it would work either as the benefit is too high from defecting from such a coalition.
They did it the right way for a very long time and yet people keep buying iPhones, I think I would do the same if I were them, users clearly don't seem to care about openness and freedom to use their devices however they want. I mean, people care about the color of archaic text messages. There is nothing to save.
The nice thing about Windows is that you don't have to. You will need to pay a couple hundred dollars for a certificate and have the first couple hundred people who open your signed executable click through your warnings though.
Yes, you can turn off smartscreen (for now) but opening random executables is getting harder and harder.
>Absolutely nuts and it will not go as they think it will.
Apple will disagree and the first company doing worst than this, and is the world's first trillion dollars company.
Money talks.
Ah, then it would be acceptable if an independent third party who does not share data with Google other than Boolean yes/no was used to do this. I expect that’s their long-term plan anyways, to defuse the predictable backlash and externalize the problem and liabilities altogether, once the initial ID harvesting is done.
Uh, you kind of already do if you don't want to get the scary "unknown publisher" thing, which hides the "yes, I really want to install it" inside the "more info" box. Not even the decency of an "advanced" button.
Installer software signing certificates that will satisfy MS are prohibitively expensive for hobbyists (hundreds per year).
Android is much more secure than windows (its architecture was developed decades later from learned lessons)
So yeah, its different and more aecure
Their comparison to airport security is apt. The US considers airports “constitution free zones”, and apparently they think the same of phones now too.
Cutting through the excuses, this is just another step in converting the US from a democracy to a fascist dictatorship.
Want to write software?
Papers please.
Someone create a website to emulate apk!
With the latest W11 updates, how far are we away from that?
Why would it not go as they think it will? The big guy always wins against the little guy. The fact they make this move suggest they know it is a sure bet.
Doesn't macOs also requires this when you use stuff like keychain in apps? I remember signing my flutter macOS app with my info using xcode.
wont it just open the door for alternatives? linux on pc and ??? on mobile?
[flagged]
You do realize windows already does this right?
So long as they don't make it very hard to get an ID approval, I don't see why people shouldn't know who developed an app.
Currently the entire ecosystem is riddled with malware, spyware, or adware with shady source information and people have no way to verify the data practices
Thank you, all HNers at Google, for continuing to work there.
And yes, before you ask, I have personally quit a job that paid 3x what I was able to get elsewhere over ethics. And no, I'm not rich, probably bottom 5% in terms of assets among my colleagues, coming from a lower-class background.
Yep, at this point aiding google is simply inexcusable. Taking into account the scale of the harm to humanity, what is being done by these google developers is truly evil. These developers cannot feign ignorance. Not with this level of harm.
I wonder if the individuals implementing this will ever be held accountable for their crimes. I would certainly be in support for it.
What the hell do the antitrust people in the US do? Google should have been chopped to bits a decade ago and Microsoft buying Github is just nonsense. Way too much potential for abuse all around.
We have 2 ecosystems for mobile and the worst case scenario is starting to be clear for Android.
I love GrapheneOS but they can only thrive if Google tolerate them. So in its current form, this is not a medium or long term solution (anymore).
We really cannot afford to think in terms of "Android OS" or open source OS anymore the problem is getting much bigger.
My guess is soon in many "free" countries, ISP will mandate connecting with a "Certified" device (someone was saying that in Brazil only cell phones certified by the teleco government agency can be imported already). And on mobile it is easy to implement since you need a (e)SIM. The Internet is still hard to control at the protocol level, but the gates are easy to mostly control (your ISP).
In terms of mobile computing I mostly care about being able to access my home network from the places I am 80% of the time (and I can always bridge to the Internet from there). So the real battle is really at the mesh and multi-hop mobile ad hoc networks. This is the aspect we neglected for 25 years.
Regarding mobile, the battle for Android is lost, time to look into things like B.A.T.M.A.N [0] so we be able to keep another open source mobile platform useful.
For anything "money" related, your bank (which is inevitably regulated) will have to mandate a certified device too. It will work on (some) Linux too.
Ever wondered why for example the Fedora project [1] is proudly part of things like The Digital Public Goods Alliance [2] who works with many govs and if you really look into it they are all about digital ids and "restoring trust"?
- [0] https://www.open-mesh.org/projects/open-mesh/wiki
- [1] https://fedoraproject.org/
- [2] https://www.digitalpublicgoods.net/
They have the ecosystem by the balls. Phone manufacturers in recent years have been making unlocking & modifying their devices more and more difficult, google and app developers have been cracking down harder on modded devices by implementing TPM equivalents in the hardware to sign and verify that your system is a google-appproved one, and alternatives still are decades behind in terms of app ecosystem.
I think they might just get away with it.
How did we let this happen?
Oh, yes... Actually I remember: it was a long slow series of accepting small artificial restrictions. I remember people laughing at me at the time. They said it won't matter, they didn't care, that I was paranoid...
Now... Here we are.
We shouldn't accept "sideloading" as a term. It's meant to make "installing an app without monopolist approval" seem like a dirty/weird/niche trick.
> Google notes “supportive initial feedback” from government authorities and other parties:
Ah, then I guess everything is fine. I'm sure they aren't in favour because it gives governments greater control over what apps we're allowed to have on our phones. That would be absurd.
It will be interesting to see how they handle packages from the various f-droid repos. F-droid builds and signs all their apps themselves, so will all of f-droid be covered by a single signing key and developer account? Or will the fact that they take apps from lots of folks bar them from an account?
DO NOT UPLOAD YOUR ID/INFO TO GOOGLE. I put my game on their app store some years ago, and they doxxed me right on the app store. Google posted my name and home address right on the game page. Not great when I was already receiving death threats! Later on, had a rando show up at 3AM one night and had to call the cops out. I moved after that. Google is absolutely not to be trusted to keep this data confidential. If Google demands I do anything with them, I'll just tell my fans to install lineageos or whatever instead -- no way in hell I'm having ANYTHING to do with google ever again. GFY google!
This is the worst thing to happen to technology in recent times since there is only two major phone OS's.
It isn't possible to ban encryption, so the governments have to chip away at security and privacy using these techniques.
From: https://developer.android.com/developer-verification
"You may also need to upload official government ID."
This won't end well for Google or the governments involved when the people get so angry that they are forced to roll this back. Switch to an alternative phone OS.
> Google wants to combat “convincing fake apps”
Google can't even stop the scam ai companion apps on the play store that all use the same same backend full of characters...
Google also can't stop the huge wave of scam Bitcoin ads impersonating Canadian media outlets, with ai generated pictures and videos of politicians.
Get real Google.
I always wonder, who are the developers doing this? don't they feel bad about going through with these changes or do they fool themselves thinking it's the right thing? is it greed?
many other fields have an explicit or implicit ethics code which we seem to lack. I'm thinking about other fields like medicine, engineering, etc. Probably since the entry level to development is low and anyone can do it, it means there's no way to enforce/teach it?
The usual answer that their livelyhoods depend on it is simplistic, these are the best paid developers in the US, pretty sure they have some sway power. There are doctors in way poorer countries with higher ethics standards.
The core benefit of Android over iOS for me has always been that it's my device, not Google's.
They've been chipping away at this over the years. Safetynet was the first offense, but if they start restricting app installation from sources of my choice (I hate the term "sideloading"), there's not much advantage left.
They saw Apple getting away with notarization under the DMA so they're doing the same. I must admit the mass demotivation strategy is working really well. Seeing this kind of news every single day, affecting you directly and not even being able to do anything
I cannot resist the urge to point out that we wouldn't have had this problem if people actually sticked to free software instead of "commercial use friendly" open source licensing
When people say just use Linux I can only think of what was known as far back as 2014.
> NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance [0]
Looks like this is a part of the move toward Chat Control and ending E2E encryption.
[0] https://www.linuxjournal.com/content/nsa-linux-journal-extre...
Android's ability to run binaries outside of the Google Play Store is a key differentiator of their product vs. Apple's. Or at least it used to be.
This is the same direction that Microsoft is taking Windows. Smart App Control is already rolling out to some regions - no .exe will run without a code signing certificate.
https://learn.microsoft.com/en-us/windows/apps/develop/smart...
I've grown increasingly hateful towards both my Android and iOS devices over the last decade. The platforms themselves are increasingly user-hostile, and their appstores are crammed full of shitty, privacy-invading, telemetry-hoovering, dopamine-triggering, ad-filled, lipstick-covered apps that are often garbage compared to the pioneering days of mobile. I miss the days of my old Palm Pilot.
Is anyone working on fixing this? We can do so much better.
I think this might backfire in that it might be enough to prompt technical people to seriously start looking for alternatives.
I personally will be extremely unhappy if I no longer can run dns66, newspipe or Firefox with ad blocking on my phone.
I think I might also start spending less time on my phone, which would be a good thing for me and a terrible thing for Google (in aggregate of course).
Google is doing everything in their power to make me move to an iphone... between shit like this, effectively bricking some old models of pixels with un-rollbackable patches that destroy batteries, closing down the android development process, making absurd testing requirements to publish apps, etc.
Google doesn't make better phones, they were just less hostile to the consumer. That seems to be going away :(
What was the last time there were some actually good news in big tech? For those that don't hold stocks I mean.
Few my ideas about how things will be going
- platforms are going to be forced to collect more data about you
- The amount of places without you showing IDs will decrease
- There will be more "moderation". You will not be able to provide nsfw contents, then you will not be able to host controversial topics. I suspect games will be more "kid friendly". No more real doom, gta, or Mortal Kombat for you. I remember how they provided more clothes on women for mortal Kombat
- The rules will always be vague, and used sporadically. Just like YouTube rules, where companies often abuse DMCA just to shut you off, or ban you, if you are not playing nice. Like Schlep.
- Corporations will create pressures on validated users, or ban you for life, but often they will just use "fear" to police people by themselves. Just like people will use "unalive" words, because they know they can get into trouble for saying a different word
- Google will be able to police extensions by banning people
- It is all a boiling frog scenario, where it creeps one law after another until everything is moderated, controlled by corporations
- The safety increases, but freedom decreases
- Free software people will often be mixed in article texts with terrorists, bad actors, predators, pedophiles
- It can happen because people do not understand these mechanisms, and they want "safer" world, in which nobody can get hurt, but it is also a place without you being free
This is crazy. I can't install my own apps on my own phone anymore.
I am gonna start carrying around a laptop with a 5G modem instead.
If your businesses idea doesn't work without you being evil, you deserve to go bankrupt. I perceive a tendency to assume it is necessary for a company like Google to maintain full control over our ecosystem to further our progress and maintain order. However, we should know by now that this isn't the case. You don't have to be evil to be useful. See GNOME, GrapheneOS, Steam, KDE, Wikipedia, Linux or Mozilla (previously). Tricking us of their inevitability is their greatest success.
So people from countries US has sanctioned can't even develop and use mobile apps anymore. This will change millions of innocent lives. So unfair and racist. The reason my people are in this mess in the first place is a US coup.
Time for a Steam Phone. Or FirefoxOS reloaded. The general purpose mobile computing market must be sizeable. I cannot believe everybody just puts up with these increasingly draconic restrictions.
> developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer. We believe this is how an open system should work—by preserving choice while enhancing security for everyone
I guess words don't don't have meaning anymore, how can you claim to have an open system in an announcement about closing it down?
It's also telling that the big supporters of this are apparently corporations and governments. Admittedly I don't know what "Developer's Alliance" is but they don't seem to care about developers very much, and I wouldn't surprised if they were just a "pay us to say what you're doing is good for devs" kind of thing
I don't blame Goggle. Apple escaped anti-trust by simply not allowing anyone except themselves to put software on iPhones. Seriously, Apple doesn't allow competitors so it can't be anti-competitive according to the case.
Totally brain damaged ruling, the judge must have been molested by an Android phone at some point, but here we are, and google is now moving closer to an Apple model.
Oh, no! This is the least thing I expected to see as the #1 in Hacker News' front page!
This is a plot twist I never thought it would happen. While the EU [1], Japan [2] , UK [3] and Australia [4] are in the process of forcing Apple to allow sideloading and alternative App Stores, Google, which was far from these obligations, had taken a totally unexpected road to limit/control how sideloading should work.
____________________
1.https://developer.apple.com/support/dma-and-apps-in-the-eu/
2.https://www.phonearena.com/news/the-world-is-changing-japan-...
3.https://www.videogameschronicle.com/news/uk-passes-bill-whic...
4.https://www.theguardian.com/technology/2025/jun/06/australia...
As a developer of android apps that get distributed outside of the Play store, a Google identity verification system sounds like a nightmare. What if I'm deemed to be politically incorrect? Will Google brand safety exclude me?
These days I don't really want a smartphone at all, but begrudgingly use one for things like mobile banking, receiving SMS tokens, etc.
If someone made a screenless powerbank-shaped Android device, I might be interested. The device would double as a 5g wifi modem, and to access the UI you'd remote in over VNC from a laptop, or unrestricted mobile device like a PinePhone.
I predict Windows will end up going this route before Google backtracks on it.
This is the future; partially fuelled by malware, partially fuelled by the desire for platform control, and partially fuelled by government regulation.
This is completely, absolutely and totally unacceptable.
My phone is my phone, not Google’s. They have absolutely no right to prevent me from running whatever software I wish on that phone.
This must not be allowed to stand.
A few years from now: After reviewing the usage of the approved sideloading feature, we discovered no more than 0.01% of users ever sideload an application. For security, sideloading is now disabled on all devices forever.
The solution is easy, stop developing for (selling on) closed platforms:
You now have options for cheap (less than $200) portable low energy devices:
1. PineTab-V, a linux on Risc-V tablet. (Got debian a few months back, still waiting for proper GPU support, usable but slow now)
2. uConsole, a linux cyberdeck with optional 4G. (Also has debian for 2711, 2712 and 3588 Compute Modules)
I'm not porting my games to Android, iOS, Switch or PlayStation. Only Windows/X86 and Linux/ARM+Risc-V.
No Linux/X86 to not encourage power waste after Windows gets too expensive to run on the client side.
I'm selling on itch instead of steam.
You only need Android for banking, and Nokia G22 (repairable) is/was also sub $200.
I am now creating a new Google account for each phone, that way you are not the product any more.
But can still operate in society.
Ha ha very funny from no-evil-google. The worst most misbehaving apps I've ever had the misfortune of using came from their app store. The best apps I use regularly are from F-Droid, github and ones I baked myself. You take that away and your Android is Nodroid.
Well I guess my next is an apple, but I'm hoping open-source android distros will get more dev resources now. Will happily use a sub-optimal distro over google's.
This of course has nothing to do with security, it's mainly the managements reaction to Youtube alternative apps actually growing in userbase (happy user of one here). And also to ban alternative app stores naturally.
Let us all not forget that YT videos are internet users created not google created, and the only reason why Google thinks this will work for them is their belief there is no competition to YT.
Obviously Google considered and prepared for a huge negative feedback when they have made this decision, so I don't think we can change that.
Having said that I can only see living with two devices going further: one locked down for banking & stuff and another one for freedom.
Unfortunately, I can also envision a locked down internet available only on certified devices in ten years. Absurd? A mere idea of a locked-down Android device looked absurd... yesterday. Just yesterday.
So what are our options (eg for EU citizens) for lobbying in terms of legislation or directly to Google to show disagreement with this?
It looks like many in this thread are against, but I don't see suggestions for action?
I knew this was coming thanks to the nincompoops bankers and IMDA together with horny uncles who fall for love/job scams here in Singapore. The reason I use android over iOS is that I can load apps for personal automation. I think the current scenario where bank apps refuse to run on phones with sideloaded apps is far more acceptable. Im not sure scammers will not find a way around this. I can still be able pin web apps.
FWIW I'd rather not use my phone for critical transactions its making authorities lazy. The number of times Ive had to fight thanks to "buggy" payment code that deducts money is not funny and banks are getting worse at customer support day by day.
Also what the fuck are the governments doing with tax payer money, instead of going after criminals, we go after citizens.
Looks like Google will also be limiting each developer's number of apps and installations unless you pay them $25. https://developer.android.com/developer-verification/guides/...
I don’t have data to support this, but I believe the smartphone is the most widely used device globally on a daily basis. Wouldn’t it make sense to have an Open Hardware Phone and Mobile OS built on an open specification to rival Google’s Android?
What’s stopping us from making this a reality? We have passionate FOSS developers and visionary leaders capable of championing this cause and building a strong community around it.
I had high hopes for Marc Shuttleworth’s Ubuntu Phone. Unfortunately, after the Kickstarter campaign fell through, development stalled. I still believe consumers missed out on a remarkable piece of technology.
That said, I see Ubuntu Touch[1] is still active, though I’m unclear on its current impact or progress. Meanwhile, Smart TVs and smartphones continue to be dominated by Google’s Android OS.
1. https://www.ubuntu-touch.io/
Mobile phone platforms are reverting back to the pre-iOS/Android reality where you have to jump through tons of hoops to even make an app let alone run a viable business with it.
I used to be an android developer and they disable my account because I took too long to reply to their mail. Since then I have been unable to recover it, they never reply to email and process your request to oblivion. Their bureaucracy is even worse than our french administration and that is saying something! At this point google is basically digital sovietism.
Sideloading is the only reason I'm on Android. When it goes away, I will be better with an Apple device.
This must be because of Epic's win in antitrust court.
What someone needs to do is create a "Store" browser that loads apps from random websites like https://site.tld/app.apk
You could manually parse AndroidManifest.xml and allow only apps that expose <uses-permission android:name="android.permission.INTERNET" />
I'm somewhat interested in doing this myself actually. What do people think?
(Responding to https://techcrunch.com/2025/08/25/google-will-require-develo... )
> Starting next year, Google will begin to verify the identities of developers distributing their apps on Android devices, not just those who distribute via the Play Store.
Odd little phrase, "distributing their apps on Android devices".
I think "distributing" in this context is in the sense of product distribution, not in the sense of distributed systems.
But "distributing...on" sounds a little odd, like Google is still providing a distribution service. (Contrary to all the precedent of how we've thought of installing software, other than the proprietary, captive-user app stores.)
And so, maybe "distributing...on" makes it sound more like Google is (once again) entitled to gatekeep what you can run on your device/computer.
> However, developers who appreciated the anonymity of alternative distribution methods will no longer have that option. Google says this will help to cut down on bad actors who hide their identity to distribute malware, commit financial fraud, or steal users’ personal data.
Maybe it's not "developers who appreciated the anonymity" (which we immediately try to conflate with bad actors), but that the whole point lately has been to stop the greedy proprietary lock-in app store monopolies, and not have them gatekeeping what everyone else can do.
This is how macOS works, without a signature they will tell you they can't guarantee it doesn't have malware and you need to go to settings and choose to run anyway (and most people don't even know about it).
Microsoft would love to do that too, but it just has too much of legacy software to introduce such a major hurdle.
I rely on an open source app called xDrip to manage my diabetes. It's way way way better than any of the official apps. It's not distributed on the app stores for obvious reasons. Many others rely on this app as well. Are we cooked?
It's starting to look like I may end up with two phones. One with Lineage and most of my apps, hopefully, and another one with Play Protect which hopefully will be just my bank app. Google has become way too powerful and is encroaching step by step on our freedom, it's terrible. Tt's been going on for a long time. It's the IT equivalant of authoritarianism!!
What would happen to projects like F-Droid, Termux, etc.?
A little reminder about the GNU definition of free software and the four freedoms:
https://www.gnu.org/philosophy/free-sw.html#four-freedoms
Quote below:
The four essential freedoms
A program is free software if the program's users have the four essential freedoms: [1]
So where do we complain? (Aside from shaming Google on social media or writing to politicians.)
If I look through Google's contact links, it's all oriented around getting help with a problem rather than letting them know I'm going to move to something else if they go through with this. (And yes, even if Apple has the same types of restrictions on app store, if a more open alternative OS didn't work out for me, I'd move to them to punish the one dropping freedom of use.)
> The requirement will go into effect in September 2026 for users in Brazil, Indonesia, Singapore, and Thailand. Google notes how these countries have been “specifically impacted by these forms of fraudulent app scams.” Verification will then apply globally from 2027 onwards.
At least most of the world has until 2027 to install LineageOS or GrapheneOS.
Yeah... They just want to ban NewPipe. It's sad to see Android getting locked down, also with the source closing of the development branches, etc. I can as well buy Apple then, it doesn't matter anymore.
Time to donate to GrapheneOS[1] and alternatives[2]. Or contribute [3].
[1] https://grapheneos.org/donate
[2] https://members.calyxinstitute.org/donate
[3] https://grapheneos.org/hiring
Well, I guess I didn't want to use half of the apps on my phone anyway. Might as well throw the phone in the bin.
Stallman warned us.
https://www.gnu.org/philosophy/right-to-read.en.html
The only silver lining I see is if it allows you to bypass this by enabling dev mode on your phone. If you can't sideload unverified apps even in dev mode, that would be insanely bad.
IF that is the case, I'm actually willing to be slightly inclined to see this as a positive? We should normalize installing apps outside of Google Play, but that means malware becomes a serious issue with people downloading and installing random APKs.
e.g., this may normalize people hosting downloadable APKs whilst also reducing malware risk for "normies", which idealistically could weaken the "monopoly" of Google Play on android.
The problem is that Google is the gatekeeper.
This has the potential to be disastrous for Google, but maybe not.
Personally: I don't use Apple because I like being able to whip together little apps to side-load without having to check in with a walled-garden mothership. If Google is going to move closer to Apple in that regard... Apple's UX ecosystem is better, so I have far fewer reason to keep using Android.
So what's the solution? What's the reaction of semiofficial Android forks? Should we switch to Huawei now? Should we then have two phones? One with Android fork and one with some other "official" OS?
This was probably the reason Nokia died. Symbian development, already cumbersome and app deployment required some such procedure. I remember there was an joint effort in a china based forum and many of us got a cert and a key for our phones. I was reading Nokia obituaries from its executives and the sorry state of Symbian development and app deployment was not considered as a cause. So here it, is young executives repeating a simplistic and destructive strategy. ibm, xerox, nokia and intel will be very proud.
There is a guy with beard that people love to hate that warned about this kind of thing.
Of course people called him a paranoid and lunatic extremist, but in the end he was right and we are f*cked
Hopefully this increases the communal pressure to find a real alternative to android.
Everybody DEMANDS Google "do something" about malware, scam and fake apps. So it does.
For an average Joe and Jane, who gets their money stolen, that's a good move. They don't care about technology, they just want their bank, instagram, cat pictures and video calls to work and not get scammed. They are often lured into installing scamware through exactly sideloading APK, completely unaware of the risks.
In the article there's this comment:
> I'm struggling to see the benefit of this new policy. While it's presented as a security measure, the requirement to fill out these forms seems like a trivial barrier for actual malware creators, who will easily abuse the system.
Every scammer will have a different code signing certificate which you can then block if they spread malware. Right now it's a huge mass of scammers and malware authors indistinguishable from each other. And Google could possibly block them all which would also block legitimate applications (now that would spark outrage). Thanks to the new policy it'll be easy to add a single cert to the blocklist.
If you want absolute freedom on your device, just install a different Android - for example Graphene, Lineage, /e/OS, or Calix. They are all Android too.
It's so fashionable these days to go after Google.
Thanks Google.
Google to make sideloading Android apps _harder_ by _force_ verifying developer identity for 25$ and bunch of legal documents.
This is crazy, this means 10 years from now only terrorists will distribute software. Unacceptable! How many platforms now allow one to build and distribute a binary?
The new face of Embrace, Extend, Extinguish.
Will it be possible to bypass this limitation for users with rooted devices? If that were the case then I guess that would add more weight to companies who provide firmware and OEM unlocking for android devices: https://github.com/melontini/bootloader-unlock-wall-of-shame
This is dangerous, they are trying to prevent people from creating apps that don't support their narrative.
The attempts to roll out digital ID are similar to the perennial efforts to backdoor encryption. When one push fails, the proponents regroup and formulate a new approach. The recent successes with "age verification" have encouraged digital ID proponents. Expect further encroachments, scaremongering and trial balloons.
Natural incentives exist for tech majors to capture this space.
There's an Android app called GPSLogger.[1] It does exactly what it says on the tin. Runners use it to track their own progress. Photographers use it to geotag their own photos.
The thing is, GPS access as a permission is a bit scary. You could imagine some dubious uses for it. Moreover, you could imagine some such dubious uses creating a public relations nightmare for Google. So, Google just forces them out of the Play Store. (Technically, it's a routine renewal, but the GPS permission causes them extra scrutiny, to the point where the author burned out and gave up.[2])
Do we expect that this author should, or for that matter will, give their identity to Google after this? Or is GPSLogger just dead after this change lands?
[1]: https://gpslogger.app/ [2]: https://github.com/mendhak/gpslogger/issues/849
Please consider using GrapheneOS. If it gets more momentum and users it's the only option pushing back at these tactics.
Welp, I was euphemistically already not a fan of the developer experience for Android, now it's straight dead to me.
No reason to ever touch another day of Kotlin.
Come to think of it, why am I even on Android now as a user?
Sep.2026: "The requirement goes into effect in Brazil, Indonesia, Singapore, and Thailand. At this point, any app installed on a certified device in these regions must be registered by a verified developer."
Any hint why those countries first?
Is it a local law there driving this whole move? Is a critical mass of malware originating from there?
I think time quickly approaches when everyone will have one mobile phone for "banking/crypto" and the other for everything else.
Samsung used to have a very cool feature on their phones (perhaps they still do, I switched away from the galaxy line). It was called Knox and was basically containers for your apps.
Unfortunately it was limited to only one secure container. What I did was I had all my secure apps outside the container. And insecure inside. I had a fake address book that had only one phone number in "My Knox" and any app I installed there I could give all the file and address book permissions it wanted. As I knew it could only see what is inside.
That is what we need, but better. I never tried Graphene, but I wouldn't be surprised if there was such a feature thre already. It's kind of obvious.
Time to move to a dumb phone, I guess. Android is slowly becoming worst of both worlds, none of the privacy features of iOS yet walls of the garden keeps getting higher.
Does this break F-Droid?
That's not a good move at all.
The details are paramount, and they are missing here.
Some of us code our .APK, then do an `adb install`.
This already requires enabling a system flag ("developer mode -> allow etc.").
It only makes sense that a similar flag would allow to install whatever we want (especially and in particular, our own software).
Well that sucks. So basically all the money weve had taken from us for our play store apps is now "just" going to be spent on administering the registration details of 800 million chinese developers and 6 billion bot accounts.
Whose smart idea was that.
The device maker controlling an app store made no sense always. Its like saying the browser maker controls what websites you can visit. We have so many efforts at keeping the web open, shouldn't we apply that to all platforms?
I think they got emboldened by EU's impotent response to Apple's Digital Markets Act (DMA) violations.
Regardless, this is extremely bad news.
> Since we implemented verification requirements on Google Play in 2023, we have seen firsthand how helpful developer identification is in stopping bad actors from exploiting anonymity to distribute malware, commit financial fraud, and steal sensitive data.
This is truly some orwellian newspeak bull-shit.
For those who don't know, Google Play verification ensures critical apps like banking apps DO NOT WORK in privacy-focused ungoogled ROMs like LineageOS, unless you install the usual google spyware at the OS level. Basically soft-requiring you to buy into the duopoly.
Hmm this is weird. I've recently been considering switch back to Android because of how locked down ios is and it sounds like Google's now gonna do the same thing? Will there be a way to deactivate this?
Everytime i read a news like this i loose more hope for our world to not end up a Cyberpunk Dystopia. Like what am i supposed to do. I am just one man. One vote, one guy who isnt even to good at coding.
One step closer to The Right to Read: https://www.gnu.org/philosophy/right-to-read.html
This is just an extension of the increasing censorship and government / BigTech control that we have been witnessing in the past few years, with Google seeking the ability to prevent installation of any apps that is on a blocklist controlled by the government. And, like with the iDevices, this will also kill many free independent and open source apps once developers are forced to pay for "developer verification". "Free" apps are an anathema to the App Store business model.
My device, i want to install whatever i want.
If for safety, make it an opt-out feature, so the ones who know what they're doing can disable it.
Mandatory locking down is not for safety but for corporate control.
Why even run Android at that point anymore? iOS devices get security updates for longer and have much less data collection than stock Android.
GrapheneOS won't survive the next generation of devices because bootloader unlocking will also go away (https://news.ycombinator.com/item?id=44765939), and without kernel security updates that OS can't continue.
Now there's also no more sideloading, so what purpose does Android even serve anymore?
If you think about it, the only thing that keeps this OS vendor in this duopolistic position is the fact that people rely on a certain proprietary apps. We need ways to do things like messaging and banking in a universal way, just like we can do with email, calls, texts and web. Banking and messaging should be fully universal so we don't rely on specific apps only available on specific app stores. That would take all power away from this satanic US companies!!!
Here's my prediction: Sideloading will become slightly more popular. Google will not disable sideloading or make it significantly more difficult. Alternative APK stores will flourish. Banks and streaming sites will try to block people from connecting from devices with sideloading enabled, but they are slow and people will find workarounds faster. ISPs will not block devices with sideloading enabled. Governments will not ban sideloading.
Would be the best time for China to come out with a fully open source OS as competition.
So "certified" Android devices are phasing out side loading, making Google Play the only way to install an app. This is the norm on iOS, right? And in many jurisdictions, from Russia to Denmark, there is an actively hostile, and rapid, legislative push to prevent or criminalize using E2E messaging apps like Signal.
How long is it until we see countries pushing to just delist Telegram, Signal, etc from the app stores?
Android is dead. With fascism now in power in the US I was going to save myself by degoogling my life anyway. This is the nail in Android's coffin for me.
Time for Linux phones with Android emulation
A fellow developer started a petition to stop Google from limiting app installation on Android devices unless developers provide personal identity documents.
Even though Google has not revoked similar controversial policies in the past, we do our best as much as we can. This change particularly threatens the freedom to build, share, and use software without giving away sensitive personal information. It affects independent developers, FOSS contributors, and even regular users who want to install apps outside of Google Play.
"Just imagine giving sensitive personal, government-issued ID to a corporation to install an app outside Google Play"
Let’s stand together to protect our freedom to create and use software without handing over personal information to a corporation. Every signature, share, and voice counts here
Support the petition here: https://chng.it/tyHZjstxWQ
Gotta love when the megacorp steps in to "help".
The are apk's floating around from the Ice Cream Sundae days where the developer went out of business and is no longer on Play Store and this is literally the only way to run the app.
I have a Concept2 rower with the old PM3 monitor which is no longer supported by their ErgData app and the only way to connect my phone to my rower is by sideloading the ancient version of the app that supports it. So that's going to break now?
Software developer used to be one of the most 'free' professions. But now you need a stamp of approval from some corporation to get through the day, even if you are nominally independent. And woe to you if they should ever revoke your license to feed yourself. Because 'verified developer' is just another way to say 'not a threat to Google or Google's corporate image'.
Well, there are two options now: Linux phones and forking/deGoogling Android. I still believe the second is far more viable. There never was much reason to do all the work twice when there's sufficiently well licensed source around, and much of the app/phone compatibility is built-in. Maybe it's time I give a chance to /e/ OS or something of the like...
One can only hope a company like Framework, Nothing, or Fairphone actually can produce and maintain some flagship devices running GrapheneOS or similar. The only reason I have been using Android is because of the freedom I have in my apps, customization, alternative app stores,... I hope the EU fights this with all their might. It also seems like a major geopolitical risk too.
These people. I don't have words.
I'm getting ready to give up on smartphones altogether. I used to think that surely a sufficiently open phone would come along, and that you could then just run a sandboxed Android emulator on that for whenever you needed some proprietary apps where society has stupidly decided you need them. But that also seems to be getting progressively harder.
So maybe I just give up on actually using a phone for much. Has anyone tried living with cheap Android or iPhone as a source of connectivity and making phone calls, perhaps with the odd app you just can't get through daily life without (see above), and then move everything where privacy and control actually matter the most to a small "pocket computer" that connects to the internet through a connection shared by the cheap phone? Are there any sufficiently compact and nice such devices? Surely they're easier to produce when you don't require a phone baseband and all the things that are needed for Google to certify it as an Android phone?
Thoughts?
Juggling between Maemo and iOS back in the day I always thought it was so wild that I later years people thought of Android as the open alternative.
Considering that Android 5 devices are still alive and well, it will take another 10 years for google to catch up. Hoping in that time Linux based true open source mobile operating systems will make some headway. Another alternative might be PWAs (progressive web apps), that one can "install" on your homescreen, but they could be axed next.
I really need the more open Linux tablet and phone makers to hurry up.
From the article:
Brazilian government right now is pushing hard to destroy any kind of freedom in social networks, so take this with (really big) grain of salt.Why is this story not on the front page any more? It has the most points and the most important issue at the moment.
Dick move. Go back to "do no evil" big G. Remember how you used to be the kool kid on the block? Now you've just become the grown up you showed contempt for in your prime time.
I doubt I'll move away from Android too soon, but that definitely makes me reconsider whether any Google services have a right to CPU time on my device.
Sorry, folks, the good times are over. The future of computing is a signed, attested chain of trust from boot firmware through application code, on all platforms people are likely to use -- and remote attestation with user identification if you wish to connect to the network. End users love it because it prevents or reduces all sorts of malicious activity, from bank fraud down to online game cheating, with little to no effort on their part; platform vendors love it because it provides a moat; service providers (banks and such) love it for the assurance that their clients are uncompromised; and governments love it because it lets them surveil users and developers.
The only ones who hate it are devs. And who really cares about a bunch of nerds?
Remember, general purpose computing really boils down in security terms to "arbitrary code execution" -- a bad thing in the infosec field.
This is a result of the current tech being filled with dark design patterns. Tech is designed to be addictive, indispensable, indisputable, mandatory. And at the same time complex, hard, difficult, risky.
We are so used to tech as it is that it is simple to force these bad decisions for the greater good. Because everyone is sure there is no alternative. There’s no other way to design tech, it will always be so complex and powerful that gov and corps can onesidedly decide what is best for the rest of the world.
This might be an area where local AI excels, when ready. No apps. No sharing of personal data. One AI capable of doing what most software does, on the fly, without relying on others to decide what is ok. Remains to be solved who can create and distribute this local AI and whether hardware will be allowed to run “untrusted” AI…
This is disheartening.
I feel as an Android user, you've always had to put up with a more incoherent overall experience compared to iOS but received some additional freedom in return.
In recent years, Google has been steadily eroding their end of the bargain.
I wonder where that will leave them in the long term. Short term, I think restricting side loading will reduce piracy and drive sales of their subscriptions. Long term though, I wonder what will set Android devices apart from iOS for the average user, apart from being offered at different price points.
It feels they're playing themselves into a position where they're more directly competing with Apple, ultimately restricting themselves to lower price devices and lower margin sales. As far as walled gardens go, I personally prefer Apple's and I assume most people do.
This is why OS is so important for LLMs and the AI ecosystem in general.
Its also why we should not trust large AI corporations that appoint themselves as stewards of "AI safety". If a company that once had the slogan "don't be evil" can do this, so can all the frontier labs
Never, I'll stick to LineageOS till it ceases to exist.. then I'll just buy a dumbphone, f... Google!
This will also open the door for targeting you specifically with spyware if software can only be installed from the Play store.
If you are logged in with a Google account that the government doesn't approve of or not signed into an account at all, you may receive a modified app that spies on you.
One of the reasons I switched to Android was the freedom to make apks for my phone and not dealing with certificates, expiry dates, Google's approval, etc.
This is a depressing change if they follow through with this.
And "in the name of security" doesn't pass the smell test if there is no way to opt out.
It is telling that they have not yet released the process for hobbyists and students. While it is clearly just an evil move, in praxis for tech people this could mean just the extra hurdle of signing an APK with your own developer account: I could see a workflow on top of Fdroid (which also just could become a developer and use their keys for all FOSS apps). But I am guessing those evil geniuses will find a way to make it harder and harder. In the end it is not Google that can make the change but rather banks and streaming services that could accept alternative attestations from e.g. graphene, e/OS or eventually also lineage. Problem is the distribution of power, that won't change with out legislators pushing (see in app payment)
> To combat malware and financial scams, Google
Not 75%, not 80% and not 90% but literal 100% of adds YouTube served me for a week were financial scams. It sounds to me the quickest way to fight it, is to make ad publishers finally take responsibility for taking part in crime.
Disgusting, horrifying, but utterly predictable. A dark day indeed, once no major mobile platform allows running whatever code you wish. Sideloading isn't really sideloading if the app has to be signed by the gatekeeper.
Isn't this a death knell for F-Droid, at least for running on most hardware? Since they require their own builds/attestation?
The Overton Window for computing keeps inching towards gatekeepers having total control over devices. I can't help but imagine myself lurching along on the last somewhat open hardware I can cobble together in a couple of decades, because I refuse to drink the verification can to continue...
"A recent analysis by the company found that there are “over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.”
Ok, but what's the real damage? In other words, how many installs and how much money siphoned from users and legit apps?
So that's how they kill newpipe.
If this goes through, would it be possible to see a consumer class-action lawsuit? I imagine there is a class of people for whom the sideloading of apps is necessary and removing it renders their phone almost useless. I'd also guess that this market is much larger than Google imagines.
Personally, if I'm not allowed to run the software that I want on my phone, it almost makes more sense for me to get some old flip phone or one of those chinese blackberry knockoffs c.a. 2012. Not out of any principled stance, mind you, it's just that's the level of functionality you'd be reducing me to. Why should I pay $500 when I can find something that gives me the same features on a literal junk pile?
Well, when that happens it is finally goodbye to Android from me. I am switching to iOS that day.
Remind me why we keep using smart phones? They feel like a noose around our collective necks.
Can Google do something like this for entities wishing to advertise on their platform?
It feels as if that would provide far more of a public service than this... whatever this is.
Are there stats on whether more malware and financial scams come from installed apps or from advertising?
The further into this corporatized "vision" of technology we go, the more I relate the elves in LoTR who basically said "our time is over" and then just leave Middle Earth.
There is no turning back. Generations of developers will grow up thinking every form of communication and technology by virtue of existing needs a corporate groundskeeper. Government identification will be required for most things.
I don't really blame the companies, though. Unfortunately, it actually is the best means to keep a society of the masses functioning more safely online. What makes it all the more sour is that the very idea that things could be different is eroding away, too.
This is what Apple already does, isn't it? Why wouldn't it work for Google too?
Apple and Google are now competing on being more closed, rather than on being more open. Perhaps because we gave Apple a free pass on curbing our freedoms, and even defended its actions as needed for 'security'
It was only a matter of time. The run lasted a good while.
I'm not going to submit to this crap. I'm sick of it. Nor I am going to IOS. It'll be a Linux phone for me or a dumbphone with tethering and a laptop.
Google (and Apple) want to turn the idea of a phone and computer into that of a gaming console. You use the device according to how they design it, apps are rented, the whole ecosystem is around controlling the experience and maximizing revenue from sites and services. Microsoft seems to be moving in this direction as well (but cannot quite execute for a variety of reasons.. legacy support being one)
Linux really is the only way to have an experience where the computer is your device to do what you want to do with it.
I saw this coming a mile away. Everyone said you could install whatever you wanted on Android, but you were always jumping through some crazy hoops to do so. (compared to a general propose computer)
Things done 'for the sake of security' often conflict with a vast majority of good actors that benefit from the so called 'threat'.
In general this is a backwards step for the ecosystem.
These companies need to be destroyed by antitrust violations. I am so tired of these tech companies abusing their market position. I want the FTC to stop being toothless and useless and just absolutely crush these companies. The amount of disdain I have for these companies can't even be properly expressed.
We have to find a way to punish Google if they move forward with this. We need the Gemini folks to be worried that this distraction will jeopardize their competitiveness in AI.
Android is getting more closed and iOS more open, I expect more people dissatisfied from both camps. We’ll have less choice overall as they gravitate towards a common middle ground.
Most Android apps are crapware anyways. The only respectful apps that I know are open-source, and are being kicked out the of play store progressively.
I'm cancelling my Pixel 10 preorder.
I have a horror thought: "We cannot validate your identity as you are of the wrong nationality; therefore, you are not allowed to publish any Android apps."
>Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices.
It's annoying combined with them making that much harder to be a verified developer. I had an android dev account for years and published an app when it was $20 for life but now there's a bunch of hassle involved. If they had the old $20 and upload your passport to prove id it wouldn't be so bad.
The D-U-N-S requirement is the real killer here. It's a business identifier that costs money and requires a registered business entity. Even with the promised 'student/hobbyist' path, this fundamentally changes Android from a platform where anyone can distribute software to one where Google decides who's allowed to code. They're further normalizing the idea that installing software requires permission.
Holy shit, going to the official page[1], there's something that is somehow even worse than the loss of freedom:
"You'll need to prove you own your apps by providing your app package name and app signing keys."
That is capital-I Insane.
[1] https://developer.android.com/developer-verification
I don't think EU will be OK with that. Not because they care so much about user privacy, because they don't, but because they won't let citizens get tied into US-controlled devices for most critical stuff, like banking, healthcare, eGovernment, etc.
And I do get that Apple does that already, but once Google goes same way, they EU will be forced to acknowledge the status quo.
Somehow I can run a webserver and anyone can browse it but if I make an app I need a DUNS number? What year is it?
Couldn't the CA system, for all its problems, suffice?
Now and then I remember this Hyperion book by Dan Simmons where everyone had a cross-like gadget glued to their chests, controlled by a TechnoCore - a civilization of AIs, which enabled people to cast themselves through space portals. As the story unfolds, this cross-like (very nice choice) gadget is revealed to essentially enslaving them.
The story unfolds in 28th century, but it all seems have started in the 21st one.
That's it! I'm out! Had every pixel from the beginning but I think I'm going Iphone so at least people will quit making fun of me.
The desire for people to keep using their currently working devices just got much bigger, and yet another good reason to root.
The infamous Franklin quote always comes to mind when I see things like this happening. Choose freedom over security while you still can, or you'll soon not even have the freedom to choose.
It's also worth reading Stallman's "Right to Read" again, to see how scarily prescient he was.
You will soon be viewed as a criminal if you run a custom ROM / flavour of Android.
What the fuck is happening to computing and our personal devices.
This means even more influence to Chinese phone makers which don't bother themselves with compliance to Google's platform ideas
They cannot solve all problems but thank God we have Progressive Web Apps; long-term, I guess there needs to Android-like alternative
Of course they will. It started with Play Integrity and hardware remote attestation. Soon Android will be nothing but a shittier version of iOS.
I use linux on nearly all my PCs / servers. I do think about moving my phone to more open platform (fairphone, or rooting phone), but I don't like phones in principle, so I do not install stuff there. I do not do things on phone.
I have my apps as web pages, so I access them from phone web browser. I do not care about phone apps that much.
I use fdroid for calendar, gallery, and music though.
How does this impact security researchers? Or just student developers or tinkerers? This all seem like bad idea.
I would imagine security researcher could be registered developer but I could also see autobans if that is a thing to their accounts making life complicated.
Also some folks just being locked out of the due to government censorship etc..
Source: https://android-developers.googleblog.com/2025/08/elevating-... (https://news.ycombinator.com/item?id=45016602)
The problem here is that the EU, which would normally be the only hope to put a stop to bullshit like this, seems to like this.
While I like to jump on the Google bash train as much as anyone, this is to comply with EU laws.
Apple implemented a similar change for the EU App Store earlier this year to comply with the Digital Services Act (DSA), a regulation that now requires app developers to provide their “trader status” to submit new apps or app updates for distribution.
This truly sucks, since in this day and age we need unmodified phones for banking apps (and I think for oncall my company requires Android/iOS as well). I guess this will be the final push for me to change to iOS, since I already have a bunch of Apple stuff otherwise, and I was holding out on the phone side for this exact feature.
Will this affect GrapheneOS users who have Play Protect / Services disabled? Wondering how they intend to do the verification.
This reminds me of Microsoft's Project Palladium, 20 years ago. This was the ancestor of TPMs and trusted computing in general embedded in the CPU.
It used to be a huge scandal because people (rightly) feared that it would enable Microsoft to have a say on what can be executed or not, or only allow DRM protected content to play.
Next is your ID card to contribute to FLOSS projects, not like they thought about it to "secure the supply chain".
> This requirement applies to “certified Android devices” that have Play Protect and are preloaded with Google apps.
I would be fine, if it was mandatory for Android manufacturers to allow installing alternative OSes. Normies could benefit from the added security on their certified Android device, and advanced users could install GrapheneOS.
terrible news. i dont like it a bit. wth are they doing? i know all they care about is money but this is bad for everyone.
Well this is me moving to E/OS full time.
We are in an age that being screwed by the Giant Techs is inevitable and there is pretty nothing much we can do.
My favourite part of this thread is that the Google pr team know it's bad and aren't even attempting the usual spin in the comments. I guess they're waiting for it to blow over and just work on the "it's here and it's happening" stage
It would be really nice if all you people with deep insight into this issue would inform politicians of the unacceptable nature of things like this. - Submitted FTC and FCC complaints. Likely does no good but going silently into the night isn't going to to fix anything either.
I've been saying in threads on iOS vs Android for years how we're lucky the only other phone OS out there allows sideloading, and the nightmare we'd be living in if it didn't.
Guess we've arrived, I wish people voted with their wallets more, iOS could have added this a decade ago.
Will this be what finally leads to the success of a fully open-source Android fork such as CalyxOS or GrapheneOS?
They want to stop adblocking YouTube apps
Are there any competing phone OS'es still around? Maybe there is something in China I dont have a view on?
If I have to be in handcuffs, I would rather them be high-quality hardware like Apple. So far, the only two things that have held me away from the Apple ecosystem are Linux and Android and the flexibility they offer. Seems like we are just left with Linux now. A very sad day.
For example Telegram they have two app versions one in playstore where google can dictate what channels are allowed and one on their website where google can't force them to take down channels, so now Google will need to approve Telegram second app to be installed on Android?
This seems equivalent to Notarization on macOS. https://developer.apple.com/documentation/security/notarizin...
Potentially stupid question, how will android developers load their apps onto their devices to debug? Will they just have to be verified beforehand? Or is there still a path to installing APKs through ADB and/or Android Studio?
Play Integrity and device attestation need their own torrent-tracker moment, just like DRM did.
GrapheneOS says they won't touch it because it's a cat-and-mouse game. I think that's the wrong call. DRM was the same, yet torrent trackers are still here.
This would affect a lot apps that are not on the Play Store for multiple reasons... and if I'm going to be stuck with what Google thinks I should be allowed to use, then why not use iOS instead? At least software updates would be better and the overall experience more polished.
I have been preparing myself psychologically for this for a long time. I will have to carry a shitty Google phone for anything that requires access to apps, and a proper Linux phone for my own use like browsing and reading/watching videos/listening to music.
This is why I started investing in alternative Linux based solution providers in the smartphone market years ago. It was not if but when Google would take this path.
The only way I want to engage with Google is when it cost them money. I will not give them a penny directly.
Anyone else remembers “don’t be evil”?
The page about developer verification (announcement link 2 in the root post) says that there will be a separate type of account for "student and hobbyist developers". Why? What prevents students and hobbyists from using the regular type of account?
I'm waiting for this with chromium too. Microsoft Edge most removed uBlock Origin on me today.
What does it mean to app developers like me? if I want to create an app, in however shape and form and want to run the apk from the adb files... I can't do that? What? Then how do I tinker and learn? My app, I would like it to run regardless!
Any developer working on this ought to be ostracised, divorced and shunned by their family.
Wouldn't developers be the most powerful protesters?
Stop making or maintaining Android apps. Make apps warn users about upcoming changes and why they'll lose access to the apps they love. Decrease Google's ecosystem appeal. Money is king.
It seems that it was only about time… it just feels like the pace of enshittification with big tech being able to get away with anything is crazy!
I’m hoping that projects like Precursor can take off because we’ve buried ourselves in such mountain of complexity that seems like only a billion/trillion dollar big tech company can make an OS.
But then again, some body called BS on browsers and we might have a good option soon in Ladybug!
https://www.crowdsupply.com/sutajio-kosagi/precursor
first they avoided publishing drivers (makers), then gutted unlocking bootloader, and now this...
can we like... regulate the ** out of makers to force them to make bootloader unlocked & provide drivers (for linux) for their devices?
When I switched from Android to iOS, this was one of the things I missed a lot: the ability to write my own app and side load it on my phone. Even more so with the advent of LLM. Oh well, now I don't have to worry about that.
as a general philosophy, anything that I can do on the Web I do it using a browser. The less apps I have the better.
And to those, many here, who "but web apps are ugly, native feels better": you are contributing to all of this.
The day this happens is the day I stop using "certified Android devices."
Fuck google.
This combined with the 'age verification' coming to all Google properties means it is a very small step from that new world to full Google verification of everything you visit and everything on your device, at any time, for any reason with the penalty being incontestable ban from your device, apps and data.
Get ready for facebook style 'we are interrupting you for a video selfie because we have detected you are a threat' across all google properties (Android, Chrome, Gmail, Maps...).
Move to linux phones, now.
> Google wants to combat “convincing fake apps” and make it harder for repeat “malicious actors to quickly distribute another harmful app after we take the first one down
When will they go against malicious ads in apps?
I wonder if this was hastened by groups like DJI, who are too popular to be bound by a silly app store and chose instead to give their users sketchy side-loading instructions for their apps.
Fuck google for this. Awful decision. Guaranteed to be abused when Google or government despots decide that certain apps (or developers) aren't aligned with their interests.
Feeling very frustrated with the way the internet is going lately. This plus OSA + chat control. And compounded by the imperative for AI companies to keep hoovering up any and all data they can get their hands on, wiring it into "agentic" workflows and such.
How does this affect installing an APK to an offline device?
Will there be a local override?
Nobody will do anything about it and things will continue to get worse.
Some cross platform iOS/Android apps I use have been retired or discontinued because of this ruling. Devs don't want to open themselves up to legal, bullying, harassment, etc.
"Monopolies" gonna monopolize, all for our safety, of course
Glad I still have time to cancel my Pixel 10 preorder. Fuck google
So, now there will be a single kill switch where a malicious government can legally compel Google to annihilate apps not of their liking.
I find it hard to state how contemptible this is. How stupid. Everyone who worked on this has blood on their hands.
I think the push for verified developers is a double-edged sword. I got into this space, precisely because of how easy it was for me with my pentium computer a decade ago.
So for our non public company apps I will now have to verify? What.
Great. I suspect this will push more developers to publish web apps.
It's only a question of time till DMCA takedowns will be abused to being down every app which remotely competes with any business model.
This invalidates so many reasons to still use android.
Tech like f-droid will be important for the future of free Android
This isn't a big deal to me because I hate smartphones and do everything on PC anyways. The real problem for me is Microsoft, I guess we're stuck with Linux now
Oh how I wish I could buy a Nokia N900 16 Pro Max and use Maemo 13
Is that after the top execs join the US Army? [0]
0: https://news.ycombinator.com/item?id=44330155
https://www.gnu.org/philosophy/right-to-read.en.html
Maybe we need phone sized open source computers.
The only saving grace is you can always import a Chinese phone without the play store at all, and then you can install what you want.
I see opportunity for a Google "certified/verified" Android phone with mediocre CPU, average screen (4.5-5") and 15000mAh battery.
This is the singular reason why I moved to Android in the first place. I want to install whatever APK I want without anyone having a say on my device.
I'd wager there will be a buried setting to manually enable specific apps along with a warning. Like how macOS does it now by blocking unsigned apps.
I think it would be ok if it was not for the fact that Google will most likely abuse it for other purposes like locking out indie developers even more.
While my confidence is usually pretty low with random repos, I am fairly sure there are more malware on the playstore than there are as .apk on github.
There's a huge modding scene out there, people who modify APK's to strip them of bad features, make them leaner, etc.
Looks like Google wants to kill it too.
I know Android apps are already in a pretty tight security environment. Perhaps they could put unsigned side-loaded apps in an actual container.
With Chat Control and similar measures on the way, we are one step closer to your hardware actively working against your interests with no way out.
As much as people are making this out to be a Google thing, I think this is more about the security requirements many countries are imposing.
I see how this is developing. First going more or less close source and then reeling in the freedom - they are not going so much Microsoft but Apple.
So Google won't even offer a system toggle to let users install an app they've made or copied?
Google don't even expose a per-app toggle for app Internet access, why am I surprised?
This is disgusting.
Freedom died a little bit more today.
Why is end-user choice and consent not considered?
It's really disturbing that the EU and Google would do this.
I can't recommend Android or iPhone because of this nonsense.
Relevant as always: https://youtu.be/ntICHMV-WMA?t=38
I pin a webapp to my homescreen, open it and pay without any issues. Aren't webapps the way around this, and pretty common already?
My son uses an android phone as a medical device with apps that are either downloaded or compiled. Hopefully this won't touch lineageOs
I'm surprised so many people would be impacted by this. Why bet your livelihood on a corporate sponsored, second class ecosystem?
Okay so that removes the last reason to use Android.
This is just another 'it's only about money' move from Google. Only Google approved apps means monetised apps. Monetised means Google gets it's cut. Google gets richer. More in-app purchases, more ads, more money for Google
Customers? Eh. What? Huh? Who cares
There goes the dream of ai allowing normal people to develop cool stuff. Talk about 'big company' stifles the little man.
With more and more things like this, we need to back to making native apps on desktops and laptops where we as the users are in control.
The ability to sideload on Android is the main reason I've never bought an iPhone. This is a terrible move from Google.
>However, developers who appreciated the anonymity of alternative distribution methods will no longer have that option.
Don't be evil Google!
Pieces of shit.
I have several own-built apps which I use for different purposes only on my own devices.
Why the fuck should I become a verified developer just to use/install/update them?
I'm already pissed off enough by the fact that I must agree to let them upload and scan my app just to install/update it.
On the side, I'm even more sad because I feel like the open web can't be the alternative answer to locked down systems. It was the promise and the dream of the many of us years ago, but I'm disillusioned by now. And not only because Chrome and Webkit(on mobile) are a monopoly, but the web keeps failing its users with bad ux and less capapabilities than native. Even the most well crafted web app feels slow and clunky. Unpopular opinion: who makes web standards failed us and browsers independently implementing non-standard anti-user feature(e.g. manifest v3). I really dream of a stripped down browser that just expose some os native apis for making accessible human interfaces, we had flash and we hated it imo we need flash again
I'm not a fan of restricting sideloading. But i do hope they get better at not offering malware in the official PlayStore
I’m sick of half-measures around getting off iOS and Android. If you’re an open-source app developer building for Android, please reconsider and put some of that energy into Sailfish.
You have the power to help turn a passionate subset of people away from Android, and now is the best time to do it. Instead of scattering effort into a dozen fragmented experiments, let’s rally around the best bet we have right now: SailfishOS. I'm not at all affiliated with Sailfish, just someone pissed off and am trying to point folks at the most mature alternative out there. I know it has its problems. I know there's even better alternatives that even less people use but seriously, rather than fragment the frustration around android right now, please, just try to rally around a serious legit alternative. We might actually make meaningful change here but it needs focus.
Intro for developers: https://docs.sailfishos.org/Develop/
Getting started guide: https://sailfishos.org/wiki/SailfishOS
Let’s push for something truly independent
Blame Apple for this garbage. They have paved the way by trying to circumvent the DMA.
Hopefully the EU slaps everyone with massive fines for these obvious anticompetitive plays. Best case scenario would be an outride ban giving local companies space but I doubt this will happen given how spineless the current commission is.
Clearly for American companies to be tightening the noose like that quoting the approval of authoritarian countries, it means they’re starting to feel the fire. It’s hard to not see the obvious link with them losing against Epic here behind the usual security smoke screen.
Both Apple and Google should have been broken to pieces for their egregious anti competitive behaviour a long time ago anyway.
This means that for example I will not be able to side load Popcorn Time for Android [1] anymore?
[1] https://github.com/popcorn-official/popcorn-android
The Play Store is full of certified verified malware. How is this going to help? This is all about control...
Guess I'm getting an iPhone. If both are locked down, I may as well have the one that has a decent watch.
GOOGLE SHMOOGLE IM WITH PEWDS We have to rebuild and replace this entire stack NOW! It’s out of control!
Meanwhile, I suppose a big "rollback" will needed in EU for the DMA (Digital Markets Act)
That was one of the last reasons I had an android phone for.
Switch to Iphone now? Maybe the in crowd will like me now.
Phew! I was just about to get the new Pixel too, not going to now. I wonder if Samsung will be effected.
I'm curious what is going to happen to all those Chinese ROMs and third-party Chinese app stores.
Remind me again why we can't use HTTPS certificates to sign code that is linked with a domain?
Malware is just an excuse to kill of competition. This is textbook anti-competitive behaviour.
aside from the obvious power grab, the official announcement mentions that there were discussions about this move somewhere and they claim to receive positive feedback, can anyone point me to these discussions? I can't seem to find them anywhere
has anyone had to help any elderly relative with the million scams they've downloaded from google's app store? google does not give a shit about helping regular people avoid scams, it's all just bullshit.
not even to mention the h1b indian kickback stuff that's about to hit them. couldn't happen to a nicer company.
The day is coming when I just turn off my phone and leave it in a drawer 90% of the time.
I don't understand, when the EU announced that Apples "actually we need to sign all of these and pay us" requirement is illegal, Google was like "hold my beer"?
Break them up already, it's getting old.
You know how folks in the UK are cutting the surveillance cameras, what is the equivalent here?
OK, fine, but how will I build and launch an APK through android studio / flutter?
So I guess I'll need to make sure I get a device that isn't certified Android?
Anyone even remotely privacy or security conscious needs to vote with their wallet in protest and stop buying Android phones, otherwise it's only a matter of time 'til Google bans side-loading and it becomes impossible to buy a phone that can run any kind of anonymous or end-to-end encrypted communication software.
goodbye newpipe :(
This is a nightmare, i mean we cant put malware on our device now?
How will this affect GrapheneOS?
Guys, it's been over for a while now. And I mean decades... This is just one of the next steps in the path that's been laid out in front of us since the general population reached critical mass on the Internet and the ruling class (politicians, the media, corporations...) went all in on exploiting them for money and power. If we don't radically change the underpinnings of how the entire system works, we're in for much worse than this.
GrapheneOS.
This deplorable company has just condemned humanity's right to open computing. They sold themselves as open, smothered out all other open competitors, and then once they had complete dominance over the open phone market did this.
Even if Google backtracks now. Governments will latch on to this idea just like they have with client side content scanning. This will never go away. Thank you google you despicable pieces of shit.
What now? Where do we go from here?
I think there are some errors when trying, but it should be fixed soon.
I'm curious how this is gonna fly considering the DMA in the EU.
Great news which hopefully will shape the buyer away from monopolies.
If I wanted only apps signed by developers I'd use Playstore.
This is actually good if it hopefully paves way for breaking them up
Our only choice are 2 american companies, Google or Apple
Why did we let that happen?
I assume that this is Google's way of circumventing the DSA?
You can just disable Play Protect though, can't you?
How much is the verification going to cost?
If it's something simple like $100, that's not a big deal. That's on the order of what I'm looking at for my code signing certificates. It would be a an eminently reasonable business expense.
Google doesnt like competition when it comes to selling you out
Maybe it is time for a new entry into the Smartphone OS market?
I wonder, how hard is it to build an app on the phone from source?
Well I guess that's good bye Pixel and Android for me then.
Yeah if this goes ahead I'm going back to my feature phone
I don't get it. Does this stop me from sideloading apps?
wow that rather fast [https://ibb.co.com/8LF8qdxm]
I already got popup in dashboard this morning
What does this mean for projects like Grapheneos, or fdroid?
We really need a third alternative when it comes to mobile
This is the final nail in the coffin for personal computing
I hate to break the news to Google, but this will likely be ruled illegal. The relevant German news of the court ruling that makes requiring a Google Account to use Google Services illegal:
https://www.zdfheute.de/wirtschaft/unternehmen/gmx-google-pl...
Rechtsprechung (court decision of LG Mainz, 22.08.2025, 12 HK O 32/24), text isn't published yet as of today:
https://dejure.org/dienste/vernetzung/rechtsprechung?Gericht...
If you search for the Aktenzeichen ("12 HK O 32/34") you'll find other news sources that confirm this.
shameful
was a reason I bought Android. will they be sending me a refund?
Boooo. Fuck this noise! Might as well run iOS at this point, unless your use case needs Android only apps or workflows.
What a fucking joke.
What about webapps?
I see... I guess it's just... web apps then?
Just like force pushing Manifest v3 on Chrome/Chromium, this is a step towards 'more security', from mouthpieces of Google.
Note that 'security' here is only for Google itself, for users it's an utterly different thing, e.g., inconvenience, censorship, etc..
They are following apple
Its good and bad at the same time imho.
This eliminates the appeal of andoid over ios.
This doesn't seem to be going over well.
This aligns with their AOSP recent changes.
Could someone explain why the personal privacy of software developers is more important than the cybersecurity of consumers and nations please and thank you
does this kill F-droid? can you build apks outside of google play and sign them with Google Play CA?
Okay, so Android is dead to me then.
This isn't legal in the EU is it?
Google welcome to Apple 10 years ago
if we continue this direction, in a couple of years, a feature phone might be an excellent choice!
Another instalment of HN thread where people try their best to pretend that "security" does not come with "enforced, ideally at hardware level, inability to run random code" for 99% of phone users.
Here a tip: you won't solve the problem of security by just whining about corporate interests (which is a real concern) and NOT proposing a better solution that works for an average tech illiterate, very socially engineerable person trained to ignore every warning screen. And no root switch is not that solution because it will be flipped on day 1.
[flagged]
To everyone working at Big Tech: you should be ashamed of helping those oligarchs make their plans reality by working for them. Thanks to you, privacy, free computing and democracy will disappear.
So, FairPhone with a new OS then?
"To combat malware and financial scams"
What a horrible, terrible, depressing bag of lies that the anti-humanists keep getting away with saying with a straight face.
So Android is just iOS now.
Keep your phone. All you have to do is say no to digital for:
- money - tickets - identification
They cannot force everyone to own and buy a phone.
SteamOS. It's up to you.
Time for normalizing obtanium
This is another "beginning of the end." All eyes are on this situation and how much push back it gets. If there is little resistance, others will certainly follow suit.
Squeeze, Raban. Squeeze hard.
Smartphones are over for me.
From the announcement
> our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.
I will believe this when we stop seeing brazen malware in marquee app store apps, e.g. https://www.tracesecurity.com/blog/articles/meta-pixel-and-t...
Feels like Google is either following Apple's playbook from iPhone OS 1, or they're working together so they can argue this is standard practice in the industry... or something. Either way, no more Android gloating that they can install any app from anywhere any time without centralized approval. Not great. I'm an Apple fan, BUT I like having a fully open backup plan.
Imagine MS doing the same for Windows.
It’s sad that smartphones now hold so much personal and private data but aren’t really under the control of their users.
"Google to prevent users from installing programs on Android phones."
This might do more good than harm, since I'm willing to believe that scams involving APKs are prevalent, but come on. I need your permission to install software on my phone? Are you sure it isn't just that you want more control over everyone's phones?
This will be just another boost for de-googled phones, alternative platforms and potentially Mobile Linux.
The only reason why google phones became so popular was the fact that they were much less restrictive than iPhones. Thus the platform became the biggest phone platform in the world.
Now they are asking for a new start to arise and take their place.
Just going to leave this here for the canadians: https://competition-bureau.canada.ca/en/contact-competition-...
what a betrayal. I'm done with android.
It occurs to me this may have occurred in some way at the behest of the Trump administration, as a way in which to move towards controlling the apps installed on phones.
Extremely retarded. "Think of the children" all over again in the guise of "Think of the misinformation" when this is all just some kind of easy way to get rid of apps like newpipe.
This is a dangerous thing to do! This severely limits the freedom of the internet. At this point, we'd need a new "OS" like dhh did with Omarchy!
Google is really turning into a dystopian company, destroying any goodwill their virtuous employees created in the past. It feels like they are primed to be the main turnkey tyranny facilitators.
> Google is explicit today about how “developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer.”
« Développer will have freedom » yet they are entitled to Google’s verification.
It’s just another stone in the grave of Android and even though I shipped off this sinking ship 6 years ago to iOS, this is still concerning because ultimately apple’s IOS is in competition solely with Android.
If Android gets so bad it has all the disadvantage of iOS, some more, for instance with the embedded spyware that manufacturer are paid to include, and none of the good side of iOS, then everyone lose. Apple doesn’t have to compete anymore, they just have to not suck.
Absolutely disgusting. No reason to keep using Android then.
This phase from the last couple of years just had to come - and while it's painful to be exposed to it - it seems highly illogical for us to complain and cry about it.
- "Free" search - yay, let's all use it for everything and even make a verb out of it
- Email - such nice guys, Google - free email forever, what could go wrong if I have my 95% of all my info there
- Maps - yeah, let's all depend on these free Google maps with our lives
- Chrome - ofc, heck yes, let's all use their browser, it's the best and free - no need for anything else
- Google account login for EVERYTHING - so convenient! Google Authenticator app, Google Wallet - yes, more!
- Free mobile operating system - nice, take that, Apple!
Google has taken over a large portion of our lives, step by step - good enough services, on global scale, for free, until they became essential.
They are not evil, like they were never good - they are a company, and in the current socio-economic structure, that means having a duty to use their position to enrich their shareholders - and absolutely have no interest in people's wellbeing or morality or opinions or reputation - unless it temporarily serves to do so more / better.
I'm in no way trying to defend them. Just, with all the futility of it, pointing out how hyper-capitalism we've built/allowed to grow, has reached the stage where it's practically impossible for the "free market" to react / provide solutions that people want. Now the big players decide what people get.
In this case, you can no longer have a high quality phone of a good manufacturer and install on it what you want. Small manufacturer catering to that demographic won't get government certification, you can't have your e.g. Samsung and install a ROM anymore, and you can't install your app freely on Android unless Google lets you. That's all just in a tiny sliver of space.
Our Tetris board barely has any room left for choice and actions.
Imagine you develop a VPN app that specifically helps people evade government censorship.
Everyone can figure out what's going to happen next.
So much for people preaching Android as an alternative to Apple's walled garden. Enshittification advances apace.
Gives me another reason to use Custom ROM
Totally deserved with how pathetically complacent and uncurious our society has become. We had it coming.
Hopefully we get another EU action here soon, to put them back in their place.
And once again our only hope is Elon Musk bringing out a competing smartphone ecosystem that is actually open.
sidenote: xAI just opensource Grok 2.5 and will opensource Grok 3 in 6 months.
I can’t say I’m surprised; but I am disappointed.
What the hell is a verified developer lol
Additionally, this kills apps like Revanced, NewPipe, SmartTube that will now be required to give out ID to Google, surely that's something they really want to do. All Open source development is at threat, Google's absolute dogshit procedures already imposed for the play store now imposed to the entire ecosystem. All for a shitty system that breaks down to "registering package names". Cool then, guess it's time to typo squat on every variant of com.faceboook.app, because users definitely check the package name and not "oh the icon is right and so is the title".
More and more locked down devices, Android source releases only being published once a year, device drivers for reference devices disappearing, and now, verification of all your software for your "security". The war on general computing is well and truly on.
What the absolute fuck.
[dead]
[dead]
Sorry, we're getting rid of Revanced, Newpipe, Xmanager, etc. for your own good. Just like how Manifest v3 was for security. /s
[dead]
[dead]
[dead]
[dead]
Maybe its time to stop using an OS developed by an advertising company.
TL;DR If you're not using Linux by now, do yourself a favor and start. You could do worse than starting with Linux Mint or PopOS, but whatever you do, get ahead of the curve and transition to these user-friendly open sourced OSes. The alternative is far, far worse at the moment.
[dead]
[dead]
[dead]
Well time to make sure mobile Linux is accessible so the blind users aren't the only ones left when all the world switches to Linux /s
[dead]
Year of mobile Linux OS? /s
[dead]
[dead]
Maybe Elon Musk can save us /s
[flagged]
[flagged]
[flagged]
Everybody complaining of this is admitting they are doing nefarious actions. Those of us playing by the rules see no issue with this - In fact I welcome it!
Before quickly running to dismiss this move, please at least do your research with regards to the situation in the countries mentioned in the article, especially Singapore and Thailand.
Side-loaded malware has been an epidemic in SE Asia, and there are MILLIONS of dollars stolen (mostly from pensioners!) via side-loaded malware disguised as gambling apps - the local population is particularly suspectible to gambling, especially the older generations that are not so tech-savvy.
It's good they decided to do something about it.