Rupert's property: cut a hole in a polyhedron big enough for an identical copy (johncarlosbaez.wordpress.com)

As Google will allow only apps from verified developers to be installed on Android (previous discussion): https://news.ycombinator.com/item?id=45017028

A developer started a petition to stop Google from limiting app installation on Android devices unless developers provide personal identity documents.

Even though Google has not revoked similar controversial policies in the past, we do our best as much as we can. This change particularly threatens the freedom to build, share, and use software without giving away sensitive personal information. It affects independent developers, FOSS contributors, and even regular users who want to install apps outside of Google Play.

``Just imagine giving sensitive personal, government-issued ID to a corporation to install an app outside Google Play``

Let’s stand together to protect our freedom to create and use software without handing over personal information to a corporation. Every signature, share, and voice counts here

Support the petition here: https://chng.it/MsHzSXtJnw

Comments (79)

JumpCrisscross · 1h ago

These online petitions are worse than useless. They don’t do anything because they fail to communicate either conviction to a cause or any relevance of the signers. And they may take someone who would otherwise do something useful, like call their elected or participate in public comment, and make them complacent.

An open letter from the lead developers and decision makers of top-rated apps in the Play Store would be useful. But that takes work, unlike an online petition.

david_allison · 22m ago

Hi, developer of a top-rated app in the Play Store [AnkiDroid].

What do I need to do to make a difference, and how much time will this take?

[My elected officials listen, what's the path? Legislation?]

JumpCrisscross · 20m ago

> What do I need to do to make a difference, and how much time will this take?

EU or US?

> what's the path? Legislation?

Send them a letter explaining why this is bad for you. Keep it strictly factual and ideally concise. Copy Google’s legal [1] and any relevant digital or markets regulators. (If in the US, don’t forget your state regulators.)

Wait two weeks and then call the elected. Make sure they’re aware, and talk through your options. Send a letter thanking them for the call, incorporating any new information, and copy all of the previous parties again.

[1] https://support.google.com/faqs/answer/6151275?hl=en

dmix · 55m ago

They are placebos to make people feel better. https://en.wikipedia.org/wiki/Slacktivism

_joel · 24m ago

Wasn't this fairly successful at rasing the profile of the issue? https://www.stopkillinggames.com/

JumpCrisscross · 15m ago

Yes. Not a rando online petition: “we have succesfully escalated complaints on this problem to consumer agencies in France, Germany, and Australia, and have brought forth petitions for new law on this problem to various countries.”

Petitions from verified voters are powerful. Triply so if done in person, because the infrastructure that can collect signatures in person can also e.g. back a primary challenge or plebiscite.

ferociouskite56 · 4m ago

How to plebiscite in 25 states https://ballotpedia.org/Initiated_state_statute

immibis · 22m ago

Has legislation been created as a result of that awareness?

And the vast majority of their awareness actually came from a failed counter-campaign by the opposition.

janice1999 · 32m ago

Petitioning EU lawmakers would be better. American control of European data is already a bit issue at the moment in the face of US threats over Digital taxes and Microsoft being used to punish ICJ members.

jeroenhd · 19m ago

Honestly, I'll be surprised if this plan doesn't break the DMA/DSA already.

Someone will need to collect the necessary resources to bring the fight to the courts, though.

gjsman-1000 · 17m ago

What? Nonsense. The EU is almost ready to sign off on Apple's DMA compliance as sufficient, despite sideloading being similarly restricted, and despite 15-20% commissions remaining. The DMA was never written to allow completely anonymous sideloading, or even commission-free sideloading, another law is needed for that.

https://www.reuters.com/sustainability/boards-policy-regulat...

egorfine · 55m ago

Please bear in mind that Google was perfectly aware how much negative feedback they will receive from developers and they are completely and fully prepared for it. In other words, this decision was made with full awareness that developers and "screeching voices of minority" won't like it.

jerf · 3m ago

They can still miscalculate the intensity of the backlash or the willingness of people to do something about it. Many such stories. "The enemy has a plan so let's do nothing" is a great way to get consistently rolled in the world. As the saying goes, everyone has a plan until they are punched in the face; dishing out the occasional (and in this case fully metaphorical) punch in the face is not a hopeless endeavor.

(I agree with some other threads that merely signing a random petition is not a punch to the face. That's just whining.)

kotaKat · 35m ago

Yep. In the announcement, they already got full green light approval from various governments basically saying this was a great idea and the clear path ahead.

> …with Indonesia’s Ministry of Communications and Digital Affairs praising it for providing a “balanced approach” that protects users while keeping Android open.

> …Thailand’s Ministry of Digital Economy and Society sees it as a “positive and proactive measure” that aligns with their national digital safety policies.

> In Brazil, the Brazilian Federation of Banks (FEBRABAN) sees it as a “significant advancement in protecting users and encouraging accountability.”

nashashmi · 12m ago

Did the US government not give endorsement?

AnonymousPlanet · 7m ago

The nerds are the ones who pave the way for technology, enabling people around them to adapt more easily to it. They find new paths into the undiscovered land that then get either shut down or commercially exploited. Companies like Google have piggybacked on this volunteer work.

I have the feeling that these companies don't need nerds anymore. Who needs pioneers if everything is paved and regulated?

SiempreViernes · 45m ago

Do you have evidence that they have accurate estimates of the potential for backlash? It is not that uncommon that people in power take decisions without thinking them though properly

egorfine · 33m ago

I've got no evidence that they have an estimation of the volume or scale of the feedback.

But I reckon we can all make an educated guess that they did anticipate negative feedback.

tliltocatl · 28m ago

You might be right, but didn't same thing applied to Web Environment Integrity stuff, that they ended up stepping back on (for how short of a time stretch is another story)?

egorfine · 23m ago

First, web environment integrity was about the web as a whole, not about something that is completely owned and under their control. Second, they will not stop trying. It was not their first approach and it won't be the last.

So, I believe that if they decided this is the path they want to take - they will find one way or another. It's not that resistance is futile (it's not!) but I believe that petitions are not a good tool for the case.

goda90 · 1h ago

I think the biggest impact we can have, besides getting government regulation involved, is building the market share of an alternative.

rchaud · 11m ago

Yes. A decision like this creates the impetus to move to alternatives like Jolla OS that have an Android-compatible layer.

20 years in, the so-called "smartphone" duopoly have jointly converged towards a "dumb terminal" strategy, where almost nothing can be done without cloud-based authentication from a centralized third party. And this was the case prior to the AI horse manure they're baking into the OS.

I use the Fossify forks of Simple Mobile Tools apps (Gallery, File Manager, Calculator) because these can be installed via APK files and just be left alone. My Google Calculator app on the other hand seems to want to download new updates every single month.

elric · 15m ago

That, and staying away from anything that funnels money to Google.

hofrogs · 43m ago

By utilizing anti-user language like "sideloading" you are already submitting to their desire to own all hardware.

No comments yet

spacebacon · 1h ago

Build for the web. App stores are overrated. They will continue to make the same mistakes until they are irrelevant. Eventually.

nicce · 54m ago

It is a social problem which is hard to reverse.

People use app stores because they are used for artificially worsened web pages. They are used to find apps with similar properties from app store.

And Google search is artificially so bad that they won’t even try it to find some apps. And most won’t use other search engines.

sanex · 41m ago

How would this work with say my syncthing fork or DJI fly? Web doesn't really work here.

jeroenhd · 13m ago

Re DJI Fly: a combination of WebBluetooth, WebRTC, the normal location API, offline web pages (through managed caches), regular browser video features, and a bunch of other web technologies.

Re SyncThing: there's the File System Access API. You can ask the user for a folder and then operate on the files and directories inside it. Also from a locally cached offline copy, of course. Serviceworkers are there to run in the background, though I'm not 100% sure if the FS API and service workers can be combined to be honest.

It'll need as much effort or maybe even more to port it to the web as it has taken to develop the Android app, but it's almost definitely possible, at least on Chrome.

As part of Google's attempt to break free from the iOS app store, they accidentally invented an alternative to their own draconic measures.

arnaudsm · 40m ago

It's too late. As a developer, I'm pulling all my Android apps away from the Play Store.

If Google is hostile to me an my users, I prefer to dedicate my volunteer time to respectful plateforms instead.

pjmlp · 2m ago

Hardly anything left, Apple and Microsoft have their own issues, Web is basically ChromeOS aka Google, and I still cannot buy GNU/Linux or BSD laptops at the local computer store.

gooob · 21m ago

just making sure you understand the proposal correctly. you'd still be able to distribute the app through whatever means you want; the app just has to be signed with a key tied your identity that is verified by google, if trying to install on a "certified device" (which will be most devices).

i still disagree with the move. but it's not as bad as it could be. maybe there's a way to "unlock" a certified device (similar to unlocking the bootloader)?

olejorgenb · 22m ago

Which platform though?

ulrikrasmussen · 55m ago

I thought the Digital Markets Act in the EU would make it illegal for Apple and Google to prevent people from sideloading apps. Is there some kind of loophole that allows Google to do this anyway?

stockresearcher · 8m ago

The EU has lots of laws, including some that were made after the DMA. One of them is the CRA, which says that by the end of 2027 all app marketplaces are required to provide developer contact info to people who download software. If the contact info is fake or wrong, the app marketplace can face fines.

So the app marketplace should probably verify the contact info, right? Would you take on that kind of risk to protect the anonymity of some rando you’ve never met and will never give you any money? I wouldn’t.

c0wb0yc0d3r · 48m ago

From what I’ve read Google’s new process sounds much like Apple’s app notarization process. Apple is still in complete control the user just isn’t required to go through the App Store.

ulrikrasmussen · 19m ago

I am not an iOS user, so I wasn't aware of how it worked. In that case the DMA is completely worthless.

immibis · 19m ago

Isn't Apple already getting sued for having that process?

bagol · 29m ago

I just realized how powerless we are. The situation is almost unavoidable. Majority people will just accept this. They are unaware how restricted they are, thus they don't care.

gooob · 20m ago

are there enough devs to make "non-certified" phones? also i wonder if you'll be able to disable the verification check similar to bootloader unlocking.

rchaud · 8m ago

Non-certified phones won't be sold in Western markets. This whole scheme has one goal only, and that's to snuff out DRM-unfriendly third party apps like alternative Youtube clients, videogame emulators and P2P file sharing apps.

zokier · 28m ago

When I was back there in Seminary School

There was a person there

Who put forth the proposition

That you can petition the Lord with prayer

Petition the Lord with prayer

You cannot petition the Lord with prayer!

If you truly want to protect your rights then don't petition Google, but instead petition FTC and other antitrust agencies. Petitioning Google just establishes that they have a choice here.

dvh · 22m ago

Save your effort and invest it in making alternative OS better.

nfriedly · 37m ago

Clickable: https://chng.it/MsHzSXtJnw

ferguess_k · 1h ago

Does Google ever care about petitions? Maybe stop using Google products is a better start.

mdrzn · 1h ago

change.org is useless

aussieguy1234 · 52m ago

I'll switch my Pixel over to GrapheneOS if this happens

c0wb0yc0d3r · 42m ago

Why wait? I’ve never installed many apps on my phone, but I don’t have any problems using graphene. My bank nor credit card apps have any problem.

aussieguy1234 · 32m ago

It's mainly the lack of emergency services support in my country. Every time I called the operator can't see where I am through GPS, first question asked was what state im in.

sneak · 25m ago

Why would you kneecap yourself on hardware and get a Pixel over an iPhone if not to install Graphene as the very first action post-unboxing?

Graphene is the only reason I own any pixel devices.

ForHackernews · 1h ago

Only government intervention will matter, petition EU regulators instead, perhaps: https://www.europarl.europa.eu/petitions/en/home

derelicta · 55m ago

That's nice, but they won't care

speedgoose · 1h ago

Did a petition ever worked ?

christkv · 1h ago

Don't hold your breath for the EU this aligns with the Chat Control being pushed. Banning people from side loading keeps you from escaping their plan of always listening.

ath3nd · 1h ago

I agree with the spirit of the petition and I will sign it but I think it's better to be a petition to the EU to force google to stop their adversarial interoperabilty.

EU have done it with Apple and their trash lightning cable, forcing them to adopt the USB c standard. EU fined Meta and Google for mishandling our personal data (like all the time), and forced (kinda) both Google and Apple to allow alternative stores. This bs will not fly in the EU.

I will not tell you to stop using Google products and Android, since you are most likely a dev or FOSS on the Android ecosystem. But yeah, Google are pretty evil.

- sent from my Android - /s

briandear · 41m ago

> Just imagine giving sensitive personal, government-issued ID to a corporation to install an app outside Google Play

In Spain, I have to give my NIE (National ID number) and show my government ID just to send or receive a package from FedEx. Why should I have to give up sensitive information just to receive a package?

sneak · 26m ago

Bombs, mostly. Also drugs, which are cash-adjacent.

matt_LLVW · 16m ago

What a great example of whataboutism. This has nothing to do with the subject.

notepad0x90 · 40m ago

Can someone articulate for me why everyone seems to be opposed to this?

You can sideload apps on non-google-certified android builds/installs just fine right? If you're going to publish an app that literally be installed on billions of devices, is this not a sensible measure? Long overdue even? Why isn't Windows and Linux distros enforcing this as well is my question!

Do you guys understand that people's lives are being ruined by malware? and the most popular way of deploying malware on the most popular platform (android) is sideloading apps!

This is a similar situation as "Freedom of speech isn't freedom of reach". You can publish any android app you want, that doesn't give you the right to anonymously deploy those apps on everyone's personal tracking devices (phones).

I get a petition to allow alternative attestation and verification authorities. and honestly, I don't think Alphabet has much choice on that given EU and US anti-trust policies. I can't image the EU being ok with a US company collecting the IDs of all its developers.

For about a decade now, on Windows, you are required to have an ID-verified code signing certificate so sign drivers for example. And that has dramatically reduced rootkit abuse on the platform. Don't get me wrong, I also don't want to submit my ID to anyone. But this is a very sensible measure, one that will improve security in measurable and significant ways to millions of regular people.

janice1999 · 34m ago

> You can publish any android app you want, that doesn't give you the right to anonymously deploy those apps on everyone's personal tracking devices (phones).

This is about users freedom to install apps on the devices they own.

> non-google-certified android builds/installs

Those targets are rapidly disappearing. Alternative Android ROMs are dying one by one. Look at how few modern phones are officially supported by LineageOS. And many of those are Pixels which Google is no longer releasing binaries for (making ROM builders lives harder).

> Do you guys understand that people's lives are being ruined by malware?

Do you have figures to back that up? There are already multiple warnings when sideload apps.

> For about a decade now, on Windows, you are required to have an ID-verified code signing certificate so sign drivers for example.

Drivers and applications are not the same things.

ulrikrasmussen · 13m ago

It really, really sucks to be tricked into installing malware, and I have sympathy for the victims. But this measure will remove so much freedom from a much larger group of people, and therfore it isn't justified.

We just have to educate people better about how to protect themselves online, not resort to paternalistic control regimes which just happens to give one of the largest tech giants the power to also crush anything that it sees as a threat to their business model.

moi2388 · 38m ago

Company details, sure. But personal details?!

AI Has Broken Hiring (brodzinski.com)

A perfect symbiosis:planting vines other ways hot cities are creating cool space (theguardian.com)

A lower bound on the length of the shortest superpattern (warosu.org)

The sisters "paradox" – counter-intuitive probability (blog.engora.com)

Archaea produce peptidoglycan hydrolases that kill bacteria (journals.plos.org)

GM Raided Silicon Valley to Build Its New AI Team. Here's What It's Doing (wsj.com)

LLMs solving problems OCR+NLP couldn't (cloudsquid.substack.com)

Global airlines group proposes raising international pilot retirement age to 67 (reuters.com)

From layoff to $15k/mo agency and $9k/mo M&A marketplace (indiehackers.com)

Ask HN: Building tools to make WhatsApp integration less painful for developers

Show HN: GrowChief – open-source social media outreach tool (github.com)

Static analysis tool for prompt templates (github.com)

How AI Works – A Primer (publish.obsidian.md)

Data Science Weekly – Issue 614 (datascienceweekly.substack.com)

Why a classic CDP bot detection signal suddenly stopped working (blog.castle.io)

The longest possible gap between bank holidays (diamondgeezer.blogspot.com)

Ford and the Birth of the Model T (construction-physics.com)

The Surprising Truth About Finding Clients (samlandenwitsch.substack.com)

Data centers will cause higher electricity prices, study finds (axios.com)

US to publish economic data on blockchain, Commerce chief Lutnick says (cointelegraph.com)

It's time for you to contribute to the Climate Commons (climatedrift.substack.com)

Google Stax (stax.withgoogle.com)

The Cost of Transparency: Living with Schizoaffective Disorder in Tech (kennethreitz.org)

Tree Painters from the United Kingdom (worldsensorium.com)

When Ancient Sea Monsters Emerged (nautil.us)

Show HN: AgentCheck – Local AI-powered code review agents for Claude Code (github.com)

Self-Reliance Means... (samhenrycliff.medium.com)

Airbnb Data Portal (airroi.com)

Do the simplest thing that could possibly work (seangoedecke.com)

GPUPrefixSums – state of the art GPU prefix sum algorithms (github.com)

Hack to the Future – Front End (nooshu.com)

FDA Approves Covid Shots with New Restrictions (nytimes.com)

Discover samples made for your music (samples.landr.com)

ECG Interpretation Tools Compared – Why PMcardio Stands Out (powerfulmedical.com)

Prepare for the unexpected with emergency access for your Proton Account (proton.me)

First week lessons learned from marketing a product as a developer (inventronix.club)

What's your thoughts on Forbidden Planet (1956) (old.reddit.com)

Japan exploring whether AI could help inspect its nuclear power plants (theregister.com)

LMAR: Language Model Augmented Retriever for Domain-Specific Knowledge Indexing (arxiv.org)

Rupert's property: cut a hole in a polyhedron big enough for an identical copy (johncarlosbaez.wordpress.com)

What cash can and can't do (slowboring.com)

Why We Resent Middle Managers (oneuptime.com)

Intel's Clearwater Forest E-Core Server Chip at Hot Chips 2025 (chipsandcheese.com)

That boolean should probably be something else (ntietz.com)

Intel's "Clearwater Forest" Xeon 7 E-Core CPU Will Be a Beast (nextplatform.com)

Learn, build, judge, ship: What to look for in your first (AI) marketer (gkogan.co)

Group Borrowing: Zero-Cost Memory Safety with Fewer Restrictions (verdagon.dev)

Most popular MCP servers in cursor_AI last 4 weeks (twitter.com)

1M Tokens (ampcode.com)

Maximizing Processor Efficiency with the Lean Metric (spectrum.ieee.org)

Petition to stop Google from restricting sideloading and FOSS apps

Comments (79)