> Google will begin to verify the identities of developers distributing their apps on Android devices, not just those who distribute via the Play Store
This is absolutely unacceptable. That's like you having to submit your personal details to Microsoft in order to just run a program on Windows. Absolutely nuts and it will not go as they think it will.
Kim_Bruning · 19m ago
I never really got into "phone" progrmaming, always waiting for the shenanigans to die down. But somehow the shanigans have gotten worse and for a significant chunk of the world population, the phone is the only computation device they have at all.
donmcronald · 14m ago
I never got into it because I was convinced developers would refuse to give up control over distribution when Apple started doing it. I wish I was right, but here we are.
mid-kid · 45m ago
They have the ecosystem by the balls. Phone manufacturers in recent years have been making unlocking & modifying their devices more and more difficult, google and app developers have been cracking down harder on modded devices by implementing TPM equivalents in the hardware to sign and verify that your system is a google-appproved one, and alternatives still are decades behind in terms of app ecosystem.
I think they might just get away with it.
chasil · 1m ago
Unless they give F-Droid access, the antitrust prosecution will double.
donmcronald · 12m ago
Don’t worry though, the TPM requirements in everything are for your protection.
ocdtrekkie · 20m ago
I would say this is a bold choice for a company whose existing restrictions around third party apps and stores and in-app purchases has already been found illegal. While it doesn't look like they're pushing for it right now, forcing Google to sell Android was something the DOJ has considered as a penalty.
I'm not sure Google still has the ecosystem by the balls. It's very possible whatever Googlers who made this decision are the type of folks who don't comprehend they work for a monopoly that like actually can't do things like this anymore.
jojobas · 33m ago
I don't think Google can be blamed for this - their own phones are one of the last which can still be unlocked.
ChadNauseam · 26m ago
true, and recently they deserved a lot of credit for publicly releasing their device trees and drivers. unfortunately, with the 10 series pixels they no longer will be releasing device trees, which makes it much more difficult to maintain custom ROMs
asdff · 1m ago
Why would it not go as they think it will? The big guy always wins against the little guy. The fact they make this move suggest they know it is a sure bet.
altairprime · 2m ago
[delayed]
cellular · 13m ago
Someone create a website to emulate apk!
sltkr · 42m ago
This is what Apple already does, isn't it? Why wouldn't it work for Google too?
indrora · 29m ago
Apple requires you to get a developer account with them.
Nowhere does that require you to go and get a DUNS number, which is onerous for a single developer to do without the infrastructure of a company.
andyferris · 17m ago
Never heard of DUNS. It seems to be a US company *Dun & Bradstreet) that provides business intelligence.
It seems kind of odd to me to rely on some kind of external hidden "credit agency"-style company for this? And why would DUNS want to know about some kid in their basement in Bangledesh making (non-malicious) apps, and why would the kid want Dun & Bradstreet to know about them? It makes no sense at all.
cyanydeez · 11m ago
Yeah, basically this is the rise of computer-credit agencies.
Youc an see the zeitgeist forming around corporations wanting to lock out any small unlicensed company from working on phones.
The key is mostly fascism in the guise of "security". Witness stuff like the ICE tracker app. Google would love a way to freeze out both it's appearance on the app store and any developer who'd program similar.
llm_nerd · 19m ago
While the linked article notes that organizations require a DUNS number seemingly as an aside, personal accounts do not.
Which is exactly the same policy as Apple.
didibus · 9m ago
For me the difference is that Android is an open-source operating system. It sold itself and differentiated itself to users, developers and phone manufacturers as an open ecosystem built on open-source foundations.
Over the years, it seems Google has been trying to have their cake and eat it too, by basically subsuming others to use Android through this appeal of a more free and open operating system ecosystem, but have tried to slowly close and close it down now that it has won the other half of the market on that promise.
This feels more sly, because it's kind of a bait and switch. Apple never made such claim and was always upfront, so while I don't like it, I never bought into it in the first place for them to have the rug pulled under me after giving them my money as Google might be doing.
tgsovlerkhgsel · 43m ago
The problem here is that the EU, which would normally be the only hope to put a stop to bullshit like this, seems to like this.
dwarksidle · 7m ago
Governments are scurred the internet has made everyone realize their governments are crap, their history is gibberish, and it's all being used to screw the next generation. So 60+ year olds are falling back on old tropes
TikTok is "brain rot" even though the real economy runs on physical statistics, the semantics have to be recognizable to the elders, or it's not democratic so they will force the semantics to be regurgitated as-if they are religious catechism.
maxerickson · 28m ago
It's easy. For the average user, device integrity is more valuable (by a lot) than side loading.
People that think this is unacceptable are not remotely average users. Average users benefit greatly from their pocket appliance not being a full fledged computer.
anticrymactic · 15m ago
> Average users benefit greatly from their pocket appliance not being a full fledged computer.
In what way? Seriously, what benefit is there? (And don't say security...)
greazy · 12m ago
Id argue that the average user is not a good barometer. They are okay with slowly being boiled alive. See windows 11 as a good example.
What's being sacrificed in the name of security is not worth it imo.
Enabling side loading on android is not a standard setting you can flick on. Is there any data on the number of devices who have this enabled and are falling for hacked apps?
imiric · 6m ago
> Average users benefit greatly from their pocket appliance not being a full fledged computer.
Why, though?
There's certainly no technical reason that a pocket appliance can't be a full fledged computer. The primary reason it isn't is because device manufacturers benefit greatly from having a tight control over their products. This is not unique to mobile devices; we see the same trend of desktop operating systems becoming increasingly user hostile as well.
The claim that these features are in the best interest of users is an inane excuse. Operating systems can certainly give users the freedom to use their devices to their full capabilities, without sacrificing their security or privacy. There are many ways that Google could implement this that doesn't involve being the global authority over which apps users are allowed to install. But, of course, they are in the advertising business, where all data that can be collected, must be collected.
pessimizer · 15m ago
Don't pretend that average users are asked, or that their opinions would matter. Or even that you have some sort of insight into the average user that other people don't have.
People who think this is unacceptable are the people who 1) understand what it is, 2) don't stand to profit from it, and 3) don't dream about locking average users into an ecosystem that they control some day.
harikb · 7m ago
So long as they don't make it very hard to get an ID approval, I don't see why people shouldn't know who developed an app.
Currently the entire ecosystem is riddled with malware, spyware, or adware with shady source information and people have no way to verify the data practices
Ms-J · 1h ago
This is the worst thing to happen to technology in recent times since there is only two major phone OS's.
It isn't possible to ban encryption, so the governments have to chip away at security and privacy using these techniques.
"You may also need to upload official government ID."
This won't end well for Google or the governments involved when the people get so angry that they are forced to roll this back. Switch to an alternative phone OS.
tokioyoyo · 4m ago
> This won't end well for Google or the governments involved when the people get so angry
The amount of people this makes angry is so minuscule that it probably wouldn’t even pass one of those theatrical “sign this petition to get the government to discuss it” thingy. Mind you, the only reason the whole side-loading court cases were going forward is because a giganormous company (Epic) wanted to make more money instead of paying the Google/Apple tax. Not because some people were angry.
maxerickson · 27m ago
What's wrong with loading an alternate OS that isn't Play Protect certified?
sanex · 22m ago
Soon you won't be able to do this either because most manufacturers are locking down the bootloader.
kotaKat · 12m ago
And Google stopped providing device trees and driver binaries... and stopped releasing AOSP as often, and, and...
terminalbraid · 7m ago
Most vendors, including the big ones, don't play well with that. Google just revoked open sourcing the Pixel as the reference design which was the strongest option for that. Things like newer Samsungs are black boxes and everyone is actively making it harder to do anything with devices you bought and paid for.
buildfocus · 11m ago
Attestation & Play Integrity is having a good go at blocking this: lots of critical software (e.g. the app required to use your bank account) requires certified attested devices, and Google are pushing hard to get as many apps as possible to activate that for "security", making non-Google Android un fixably 2nd tier in functionality.
pessimizer · 13m ago
> the people get so angry that they are forced to roll this back.
This is political fantasy. There is no mechanism for "the people" to force anyone to roll this back. They can vote for the candidate owned by google, or the candidate owned by google. If they want to find another candidate, they'll have to use google to find one.
rockemsockem · 3m ago
If enough people internal at Google get pissed off and raise this up enough it can legitimately get rolled back.
cyanydeez · 10m ago
I mean, you're pretty optimistic that the current fascism is going away any time soon.
logicchains · 1h ago
Anyone even remotely privacy or security conscious needs to vote with their wallet in protest and stop buying Android phones, otherwise it's only a matter of time 'til Google bans side-loading and it becomes impossible to buy a phone that can run any kind of anonymous or end-to-end encrypted communication software.
tgsovlerkhgsel · 47m ago
Stop buying Android and what? Buy an iPhone that's even more locked down or live like an outcast that can't access essential services? Because those are the realistic options.
fluoridation · 13m ago
For years I've been buying middle-of-the-road Android phones because they provide pretty good bang for the buck, but if I can't use a computer I paid for however the fuck I want, I'm just going to start getting the cheapest crap I can get away with and use it as little as possible. "Vote with your wallet" doesn't have to mean total abstinence.
nunclieh · 10m ago
>live like an outcast that can't access essential services?
I don't own a smartphone and I am happy as ever. I used to own one a while back, but it wasn't worth the effort and the rage when it was slow.
If a service can be accessed only with a smartphone, I complain (which is of little use).
jazzyjackson · 15m ago
Flip phones can access essential services just fine, if some business or government office is only allowing something to be done via smartphone app, that’s a problem.
busymom0 · 44m ago
What if people stopped buying brand new Android phones and instead bought used ones and then installed alternative Android versions and app stores.
out_of_protocol · 38m ago
Can't access banks, ticket systems etc. unfortunately we are in the era of tightened screws, the freedom is running out :(
eraviloi · 26m ago
Lol all these things work via the web. You just log on via the browswer. Not everything needs an app.
goda90 · 2m ago
Aren't there attestation frameworks under development that they could start using too?
achrono · 10m ago
Other than banks & ticketing, there is a whole host of things that do in fact need an app.
* Mobile payments
* Navigation
* All manner of IoT devices
* Wearables!
* Digital versions of ID (Mobile Passport Control)
etc.
So no, you can't just use the web.
GuinansEyebrows · 23m ago
you can usually just use the web-interfaces for those services. less convenient, sure, but the options are there.
logicchains · 40m ago
Buy Apple; the point is to hurt Google. If enough people do it, Google might reconsider. Show them that the open ecosystem is the only value Android added, and if they refuse to bring back the open ecosystem then their platform will slowly die. Won't be long until Google's as locked-down as Apple at this rate, so all Android gives you is a power-hungry OS that protect your privacy even less than iOS does.
jraph · 11m ago
Buying closed stuff to show we want an open ecosystem?
At this point, I believe the most effective ways one can help with this is:
(1) advocacy - it's slow and difficult, but having people at least agree / be familiar with the idea that closed stuff is bad is a good first step.
Open ecosystems can't work for the general public if it's trapped in closed networks that won't work on anything else than the two big mobile operating systems, so making people start using open chat apps and such will help a lot. It'll take years, but so be it. It's worth it I think.
(2) helping improve the more open stuff.
I think Linux mobile for instance is a potentially viable alternative in the medium term for at least the basic use cases: Calls, SMS, GPS / Maps, Signal, photos. All this has no reason not to work with some polish. I daily drove Linux mobile 4 years ago for a year. The main thing I'm missing is good hardware for it, and a lot of polish but nothing impossible. Yeah, indeed, no payment with the phone (Google Pay / Apple Pay). But it's still possible to use the physical cards and not use the phone for this.
thyristan · 20m ago
You've got to be kidding. Doesn't work, Apple is even more locked down than what this article announces. No sideloading whatsoever, signature checks ala Play Protect are mandatory and cannot be switched off, no alternative app stores, etc.
vachina · 28m ago
Not sure why this is downvoted. The entire value proposition of Android is the semi-open OS. For things you can’t do with Apple devices, you use the myriad of Android devices out there.
A locked-down Android is pointless.
itsanaccount · 43m ago
> live like an outcast
in all things. I would encourage you and everyone who reads this post to stare down this option with realistic consideration. In a society this broken, it is the solution to more and more things. To checkout, to accept the hard mode because to pick the path of convenience is to be exploited.
Again, and again, and again.
01HNNWZ0MV43FF · 11m ago
I've been doing it. That's why I'm vegan.
rockemsockem · 1m ago
I'm sorry, this is such a funny follow up comment, I literally lol-ed when I got to it.
gigel82 · 1h ago
I'm curious what you think the alternative is, because Apple is definitely a lot worse, and we all know they're very much a duopoly.
BTW, all the GrapheneOS, etc. are still Android phones.
goda90 · 59m ago
I'm curious if GrapheneOS or other custom Android builds would be able to avoid these restrictions reasonably.
Obviously this is going to impact the supply of apps, since the market share of custom Android is smaller than even the market share of people willing to sideload or use an alternative store on a mainstream Android phone. Many developers might quit the game.
mysteria · 45m ago
The problem with custom ROMs is that many government, banking, and similar apps don't run on them without workarounds. Some of those apps also consider this as a TOS violation as well.
Zak · 38m ago
When Microsoft first proposed a remote attestation scheme for PCs under the name Palladium, it was widely seen as a nightmare scenario. Even the mainstream press was critical[0]. There was barely a whimper when Google introduced Safetynet a decade later.
It wasn't OK in 2003. It wasn't OK in 2014. It isn't OK now. I'm just not sure what anybody can do about it.
I don’t use any utility apps (identity, banking, services etc) on my phone and stick to the desktop web. And don’t use services that do require me to have a Google or apple account and phone. (Spoiler: I do)
I hope my tiny datapoint shows up in some aggregated stats somewhere.
It’s use-it-or-lose-it.
thrtythreeforty · 38m ago
Then I won't run those apps. Seriously. I know not everyone has this option, but it's been my experience that a lot of processes do in fact have workarounds when you show them the cryptic error their poorly behaved app throws.
eraviloi · 24m ago
GrapheneOS uses a sandboxed version of Google Play Services, not the GMS certified devices they mentioned in the article.
seviu · 1h ago
I had a Jolla phone on my hands the other day and I must admit this…
SailfishOS is pretty nice
I might get one next
storus · 19m ago
Buy Xperia 10 III while you still can. It's the best SailfishOS phone at the moment.
anonym29 · 1h ago
GrapheneOS is a beautiful stop-gap, but there are real bona-fide Linux smartphones out there. To be clear, there are not many, the hardware often isn't great, the software often isn't great. PinePhone and Librem come to mind.
The alternative is just Apple; if Google loses enough users they might reconsider. Essentially the only real advantage Android had over Apple was being a more free platform/ecosystem; if they're going to do away with that, then they should be shown that this means they'll lose a lot of users.
thyristan · 19m ago
Even with this change, Android is still more free than iOS by far.
rkagerer · 38m ago
I've grown increasingly hateful towards both my Android and iOS devices over the last decade. The platforms themselves are increasingly user-hostile, and their appstores are crammed full of shitty, privacy-invading, telemetry-hoovering, dopamine-triggering, ad-filled, lipstick-covered apps that are often garbage compared to the pioneering days of mobile. I miss the days of my old Palm Pilot.
Is anyone working on fixing this? We can do so much better.
foobar47859 · 23m ago
Vollo from German is one https://volla.online/. They sell a nice set of devices that run either a custom Android or Ubuntu Touch. Their custom Android has a nice bunch of UI and privacy features.
For once Fairphone never updating their phones will work in our favor! If Google roll sthis out in early 2026, anyone with a Fairphone can rest easy that they won't receive that version of the operating system until mid-2028 at least.
GrapheneOS + F-Droid is a joy to use, for me. I'm kinda shocked when I use anyone else's phone, now.
If they start selling their own devices, I will buy one and (assuming it turns out how I hope it will) recommend it strongly.
emidoots · 17m ago
Side note, I read that GrapheneOS project is having some challenges recently.. between [0]the Android kernel drivers no longer having their Git history of changes being released (only a code dump with no history) - and [1]one of Graphene's two core contributors being detained/conscripted into a war.
How do you access banking and other sensitive apps? If the answer is, you don't, well, you can see how that's a non starter for the vast majority of people.
A web browser in the worst case scenario. The same way you'd do it on a computer.
indrora · 28m ago
Windows 10 Mobile was good.
The entire developer experience was fantastic and the thing that killed it was a lack of desire from the upper leadership when it felt like they couldn't compete with the duopoly.
toast0 · 16m ago
The developer experience was trash.
Did you have a wince app? Too bad, throw away all that and rebuild for wp7.
Do you want do anything useful? Actually, you better wait for wp7.5.
Oh look, we have a totally new thing with WP8. Upgrade to the newest framework so you can use the WP8 features... Oh, but you still need to build for the old framework for WP7. Hey, how about WP8.1, kind of the same deal.
My personal favorite though was WM10; you now need to build a Universal app that only runs on the very small number of WM10 phones... If you want to run on WP7 and WP8 which still have more sales, a universal app doesn't run there. Also, even though we said WP8 phones would be able to upgrade, either we changed our mind, or the experience is so bad most people won't. And the cherry on top... Users who upgrade from 8 to 10 might need to delete and reinstall the app, otherwise it will just show the loading dots.
Did we mention, we decided we didn't need engineers in Test in the run up to WM10? Couldn't possibly be why the release was terrible.
abeyer · 8m ago
Even aside from the privacy implications (which aren't trivial themselves,)
Doesn't this make it prohibitively difficult to do local builds of open source projects? It's been a long time since I've done this, but my recollection was that the process to do this was essentially you would build someone else's (the project's) package/namespace up through signing, but sign it locally with your own dev keys. A glance at the docs they've shared makes it sound like the package name essentially gets bound to an identity and you then can't sign it with another key. Am a I misremembering and/or has something changed in this process? Am I missing something?
mysteria · 1h ago
The article didn't say much about the account approval process, but from the looks of it Google will be able to arbitrarily accept and revoke applications as they see fit. So much for an open platform, bring forth the gatekeeping!
Personally I would be fine with unsigned apps requiring the user to click through a notice before install, or having a setting to toggle to enable unsigned apps. Windows does something similar to this where unsigned binaries get a pop up warning but signed ones are executed immediately.
hn8726 · 1h ago
> developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer. We believe this is how an open system should work—by preserving choice while enhancing security for everyone
I guess words don't don't have meaning anymore, how can you claim to have an open system in an announcement about closing it down?
It's also telling that the big supporters of this are apparently corporations and governments. Admittedly I don't know what "Developer's Alliance" is but they don't seem to care about developers very much, and I wouldn't surprised if they were just a "pay us to say what you're doing is good for devs" kind of thing
ocdtrekkie · 34m ago
The Developer's Alliance address is a coworking space in Washington DC, if you want to rate the likelihood it's just an astroturf for public tech policy wonks.
EMIRELADERO · 1h ago
So that's it then.
If this actually goes through, there will be no option in the mobile OS market for an OS that both:
a) allows the installation of apps without any contractual relationship with any party, and
b) allows the use of mainstream and secure apps like banking
prism56 · 1h ago
I'll just have to disable it and choose a banking app that works on the browser. Tonnes of my apps are sideloaded. Quite a few are on the playstore or the dev might upload their details.
CalRobert · 1h ago
In time, you will only be able to access banking from your desktop using an approved OS and browser with attestation...
ffsm8 · 56m ago
For what conceivable reason would they make the users go on desktop, considering mobile is in the process of being fully locked down?
If anything, they'd eventually deny access from desktop, forcing everyone to login via the fully manages mobile devices without any user freedom.
Some banks are already getting there btw, as their preferred 2fa is a companion app... One small step away from making that the only option, effectively denying access to anyone without a locked down mobile device.
tgsovlerkhgsel · 42m ago
De facto, this is already the case - you can use your computer as a display but to actually authorize a login or transaction you need your phone with said attestation.
Night_Thastus · 16m ago
A dedicated app on a locked down OS is vastly more controllable than something like a browser that can do virtually whatever it wants.
PokedBear · 1h ago
It will be interesting to see how they handle packages from the various f-droid repos. F-droid builds and signs all their apps themselves, so will all of f-droid be covered by a single signing key and developer account? Or will the fact that they take apps from lots of folks bar them from an account?
black3r · 39m ago
F-Droid generates a unique key for each app and that key is then reused for all builds of that app. This will probably just require registering the F-Droid public key to the package name with Google.
logicchains · 58m ago
I'd bet money they'd just ban them; the whole point is to stop users running unapproved applications on their phones.
DangitBobby · 53m ago
Unless I misunderstood the question, this is covered in TFA
> The tech giant stresses that this does not mean developers can’t distribute outside of the Play Store through other app stores or via sideloading — Android will remain open in that regard.
MostlyStable · 36m ago
How does that jive with this statement:
>The Play Store implemented similar requirements in 2023, but Google is now mandating this for all install methods, including third-party app stores and sideloading where you download an APK file from a third-party source.
DangitBobby · 20m ago
Does that amount to "just ban[ning]" other app stores? If not then... it jives fine? Not here to say it's a good thing.
vetrom · 31m ago
You have misunderstood the question, or perhaps buried the lede. 'Open in that regard' is tantamount to not open at all. If you gatekeep being able to load an app to an Android phone behind these processes, you're essentially stuck with no recourse if you, say, have a banned google account, or have some reason you don't wish to send your government ID to these companies.
DangitBobby · 22m ago
I was responding to this:
> I'd bet money they'd just ban them; the whole point is to stop users running unapproved applications on their phones.
I wasn't trying to claim everything is hunky dory, just that they aren't "going to just ban" other app stores.
hyperhopper · 21m ago
Your own quote shows the source of the confusion. OC was asking how will google handle apps that have somebody else signing for them. Your quote talks about letting devs that go through a verification process still side load (though that has no real benefit at that point since google still holds control over you)
Personally...we all know the Play Store is chock full of malicious garbage, so the verification requirements there don't do jack to protect users. The way I see it, this is nothing but a power grab, a way for Google to kill apps like Revanced for good. They'll just find some bullshit reason to suspend your developer account if you do something they don't like.
Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.
> we will be confirming who the developer is, not reviewing the content of their app or where it came from
This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.
TFA had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.
On the flip side, that's one less platform I care about supporting with my projects. We're down to just Linux and Windows if you're not willing to sell your soul (no, I will not be making a Google account) just for the right to develop for a certain platform.
black3r · 12m ago
> This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.
Requiring company verification helps against some app pretending to be made by a legitimate institution, e.g. your bank.
Requiring public key registration for package name protects against package modification with malware. Typical issue - I want to download an app that's not on available "in my country" - because I'm on a holiday and want to try some local app, but my "play store country" is tied to my credit card and the developer only made it available in his own country thinking it would be useless for foreigners. I usually try to download it from APKMirror. APKMirror tries to do signature verification. But I may not find it on APKMirror but only on some sketchy site. The sketchy site may not do any signature verification so I can't be sure that I downloaded an original unmodified APK instead of the original APK injected with some malware.
Both of these can be done without actually scanning the package contents. They are essentially just equivalents of EV SSL certificates and DANE/TLSA from TLS world.
zozbot234 · 1h ago
> had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.
I don't think we can know for sure before the change is actually in place. Going through Play Protect would certainly be the easiest way of implementing this - it would be a simple change from "Play Protect rejects known malware" to "Play Protect rejects any app that isn't properly notarized". This would narrowly address the issue where the existing malware checks are made ineffective by pushing some new variant of the malicious app with a different package id.
It's a big change for the ecosystem nonetheless because it will require all existing developers to register for verification if they want to publish a "legit" app that won't be rejected by any common Android device - and the phrasing of the official announcements accurately reflects this. But this says nothing much as of yet about whether power users will be allowed to proactively disable these checks (just like they can turn off Play Protect today, even though very few people do so in practice).
kllrnohj · 1h ago
> But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.
The internet permission has nothing to do with ads? It's a hidden permission because:
1) Internet connection is so ubiquitous as to just be noise if displayed
2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar
tgsovlerkhgsel · 39m ago
It absolutely has to do with ads. While there are various ways to exfiltrate small amounts of data, the non-collaborative ones are rarely silent and most importantly, they won't let the app get responses (e.g. ads) back.
The main thing this permission would be used for would be blocking ads. Also distinguishing shitty apps that are full of ads from those that aren't. If there is a calculator that needs Internet and one that doesn't, which one are you going to use?
87636899376 · 44m ago
> 1) Internet connection is so ubiquitous as to just be noise if displayed
That doesn't make it any less useful.
> 2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar
I've heard claims that the Internet permission is flawed, yes, but I've never managed to find even a single PoC bypassing it. But even if it is flawed, don't you think Google would be a bit more incentivized to make the Internet permission work as expected if people could disable it?
baby_souffle · 1h ago
Can you elaborate a little bit about this hidden internet access control setting?
Google also used to show you which apps used Internet permission in Play Store. But they removed it, which makes it harder to notice which apps don't use it.
Google mostly doesn't let you deny permissions while running apps that require them; recently there's some permissions that you can pick at runtime. So it's not suprising that they don't let you deny this one, when they don't even show it in the store.
87636899376 · 1h ago
"Hidden" isn't exactly right. It's completely inaccessible, unless you use a custom ROM like LineageOS. But it is a real permission:
If this is enforced via Play Protect, then the whole mechanism can likely be disabled with:
adb shell settings put global package_verifier_user_consent -1
This does not require root access and prevents Android from invoking Play Protect in the first place. (This is what AOSP's own test suite does, along with other test suites in eg. Unreal Engine, etc.)
I personally won't be doing this verification for my open-source apps. I have no interest in any kind of business relationship with anyone just to publish an .apk. If that limits those who can install it to people who disable Play Protect globally, then oh well.
mzajc · 4m ago
How long until Google decides to lock it down because "scammers" can "abuse" it?
prism56 · 1h ago
What does this break?
chenxiaolong · 1h ago
There shouldn't be any side effects other than rendering Play Protect inert. No other AOSP component relies on this setting.
zozbot234 · 53m ago
There could of course be side effects in the future when this restriction is rolled out, as in your device's Play Integrity status could be affected and your banking app/phone wallet might not let you perform app-based payments from that device.
everdrive · 3m ago
I saw this coming a mile away. Everyone said you could install whatever you wanted on Android, but you were always jumping through some crazy hoops to do so. (compared to a general propose computer)
NelsonMinar · 47m ago
Android's ability to run binaries outside of the Google Play Store is a key differentiator of their product vs. Apple's. Or at least it used to be.
jajuuka · 22m ago
I think this is another thing that has changed in time. Custom ROM's used to be the defining feature of Android but over time less and less people used it. I think sideloading has gotten to that point as well. Where it's a power user feature that most people don't touch. So Google feels confident in nixing it since it only affects a small group of people.
gpm · 1h ago
Google is doing everything in their power to make me move to an iphone... between shit like this, effectively bricking some old models of pixels with un-rollbackable patches that destroy batteries, closing down the android development process, making absurd testing requirements to publish apps, etc.
Google doesn't make better phones, they were just less hostile to the consumer. That seems to be going away :(
thayne · 1h ago
As mentioned in OP, Apple is doing the same thing.
gpm · 1h ago
I'm aware, I'm saying Google is trending towards being as abusive with their software practices as Apple already is, not worse.
And saying that for me anyways the only reason I have an Android and not an IPhone is because they were less abusive. On unrelated metrics like hardware quality Apple generally seems to do better.
throw_m239339 · 12m ago
> As mentioned in OP, Apple is doing the same thing.
The thing is that if Google choses to make Android OS as closed as iOS, I'd rather use an iPhone than an Android phone...
croes · 1h ago
Is sideloading a thing on iOS?
jajuuka · 25m ago
Yep, available to anyone. It's much more restrictive though. Basically you need a valid developer certificate to sign apps. You can use your own with a free developer account but you only get so many tokens per week and apps need to have their tokens refreshed weekly.
You can also use an enterprise developer certificate that lasts forever but if Apple revokes it then the app stops working until you get another working cert.
It does require you to turn on iOS developer settings by connecting to a Mac with Xcode installed to enable but then you can manage app installation and refreshing via an App Store like Alt Store. EU has different system where there is no limit on amount of sideloadable apps but the apps still need to be approved by Apple. Alt Store also have a EU specific App Store for that purpose.
I side loaded on iOS for a long time. Get Youtube++ for ad free and I forget the Reddit client I used that was side loaded as well. You can run the server on any PC or Mac that will handle side loaded apps and being on the same WiFi network allows the server to automatically refresh the installed apps. Only big downside is updates are not automatic or simple. To update an app you have to download the new app .ipa and then sign it like you were installing it fresh. Usually it picks up the existing configs and data though. So it's not a full app wipe.
The sideloaded subreddit is where I got into it through.
Zak · 1h ago
In legal jurisdictions where Apple is forced to allow it, yes. They have a similar scheme for requiring developers to register and are demanding per-install fees for popular apps, though I'm not sure that will survive regulatory scrutiny in the EU.
Otherwise, I think it's possible to use developer tools to temporarily install apps on an iPhone. IIRC this requires a Mac and has to be repeated every few days.
nicce · 1h ago
> and has to be repeated every few days.
7 days for free account.
1 year for paid (until membership ends?).
90 days for TestFlight.
miladyincontrol · 3m ago
Worth adding on there are methods to update signatures, altstore being one example
Although using their app to help automate that then takes up one the app slots for free accounts
viktorcode · 49m ago
There's a technical possibility, but it's not a thing, as in there's not a lot of iPhone users interested in that
kachapopopow · 1h ago
Yes******
* Only in europe
** kinda
*** you have to enable it in your account settings
**** you have to reinstall it every 30 days
***** more I forgot
****** fuck you - apple
james2doyle · 1h ago
Wasn’t Apple the one actually caught throttling devices with an update to slow phones down under the guise of "saving battery"?
Leaving Google for Apple, and expecting a more open app store, is going to be disappointing. I’m not a Google fanboy by any means, just pointing out the landscape out there
tgsovlerkhgsel · 44m ago
Apple throttled devices that had a weak battery, because the alternative is the CPU trying to draw more power than the battery can deliver, the voltage sagging, and the phone rebooting.
By itself, this throttling is a good thing and keeps phones usable for longer, because a phone that is slow is better than a phone that randomly reboots.
The problematic part was that they a) didn't disclose it, and b) did this for phones within the warranty period, so instead of the phone visibly crashing and you returning the obviously broken phone, it just lost performance which you might not have noticed in time to get a free replacement.
james2doyle · 9s ago
Understood. Poor wording on my part!
nicce · 1h ago
> Wasn’t Apple the one actually caught throttling devices with an update to slow phones down under the guise of "saving battery
It wasn’t guise, it actually increased the battery life quite much. People complained about the battery of old phones. The problem was that users did not have choice to opt-out.
makeitdouble · 33m ago
There was the opt-out part, but also the complete silence around the issue that comforted people into thinking they needed new phones every 2 years instead of just replacing the battery.
Apple wouldn't have had to do all the song and dance if from the start a popup warned the users their battery lost capacity and should be serviced.
to11mtm · 16m ago
> Wasn’t Apple the one actually caught throttling devices with an update to slow phones down under the guise of "saving battery"?
It's not about 'saving battery' its about preventing undervoltage that janks everything up.
Having dealt with more than one windows phone that didn't have this feature or had it in a bad way (i.e. 520/521 would just 'reboot', 640 and 950XL would just kill an app) I wish Microsoft would have figured that crap out lol.
Manuel_D · 42m ago
No, the batteries had degraded to the point that they could not supply enough voltage and current to stably run the chip at full frequency. Replacing the battery would restore full performance.
GeekyBear · 1h ago
> Wasn’t Apple the one actually caught throttling devices with an update to slow phones down under the guise of "saving battery"?
Nope. There was an issue in iPhones and Nexus phones that had been used for a few years where a worn battery could no longer maintain a voltage high enough to meet instantaneous SOC power demand, resulting in unexpected device shut downs.
Apple got the device to quit shutting off without warning by throttling older devices and Google did nothing and just told users to buy a new device.
They both got sued, and both lost.
> If you currently or formerly owned a Google Nexus 6P smartphone, we have some good news: you might be eligible for a cash rebate for those bootloops and spontaneous shutdowns the device was known for.
It's not a bug or issue with those phones, it's how batteries behave -- over time, they lose both their capacity and the power they output. Apple decided to throttle their phones via software instead of letting them crash.
I've said this before, but it was the right idea executed the wrong way. iPhones give you a warning when they overheat, and this throttling should have gotten a similar warning with a link to an FAQ explaining the battery dynamics.
zaphirplane · 1h ago
> Wasn’t Apple the one actually caught throttling devices with an update to slow phones down under the guise of "saving battery"?
That’s not a true story.
antman · 9m ago
This was probably the reason Nokia died. Symbian development, already cumbersome and app deployment required some such procedure. I remember there was an joint effort in a china based forum and many of us got a cert and a key for our phones. I was reading Nokia obituaries from its executives and the sorry state of Symbian development and app deployment was not considered as a cause. So here it, is young executives repeating a simplistic and destructive strategy. ibm, xerox, nokia and intel will be very proud.
Yokolos · 2h ago
> Google notes “supportive initial feedback” from government authorities and other parties:
Ah, then I guess everything is fine. I'm sure they aren't in favour because it gives governments greater control over what apps we're allowed to have on our phones. That would be absurd.
jajuuka · 19m ago
I feel like that makes the most sense. That this isn't something Google thought up but something that the EU wanted to ensure its government ID app was "safe". Google does benefit but the timing seems to line up.
sirjaz · 3m ago
With more and more things like this, we need to back to making native apps on desktops and laptops where we as the users are in control.
ycombinatrix · 1h ago
This is crazy. I can't install my own apps on my own phone anymore.
I am gonna start carrying around a laptop with a 5G modem instead.
dingdingdang · 1h ago
I'm thinking it's time for a 2nd phone (in my case old one from cupboard) to become the regular daily GrapheneOS enabled driver and then keep a modern Google(tm) updated one at home for all the "official crap" whenever needed. That way I can also separate banking / paypal / etc. from my carry phone with all it's various apps that I trust to varying degrees.
UnreachableCode · 9m ago
I'm curious why you need a phone for banking at all, at home as you say. Wouldn't a laptop suffice? Granted, not all banks have a web app these days
Tadpole9181 · 32m ago
Don't worry, they'll stop letting you access your bank without an app soon enough. Gotta protect the children and what-not.
Retr0id · 1h ago
These days I don't really want a smartphone at all, but begrudgingly use one for things like mobile banking, receiving SMS tokens, etc.
If someone made a screenless powerbank-shaped Android device, I might be interested. The device would double as a 5g wifi modem, and to access the UI you'd remote in over VNC from a laptop, or unrestricted mobile device like a PinePhone.
WhyNotHugo · 1h ago
Sounds like you want a laptop with a built-in LTE modem running Android inside a VM.
Retr0id · 1h ago
A laptop is far too big, and banking apps and the likes would refuse to run in your VM.
metalman · 15m ago
The set up I run consists of an older 5g phone that hospots to my other phone, no apps of consiquence on either phone, I sign into my email through web mail, and sign into banking through a browser, all of my apps come from fdroid and similar, mostly used for media, manual updates for those through the fdroid web site.
As to the device you mention, it should be possible to take a phone apart and spoof* all of the mic's and cameras, likely the gps, and haptic motor and speakers as well, and have a 5g touch screen modem with plain internet, or keep the speakers and it's a media device, or put all the audio on a micro switch.
* use matched resistors, or black out the sensors
detach the antena for gps
lets just say I realy dont like bieng advertised to
kykat · 1h ago
What was the last time there were some actually good news in big tech? For those that don't hold stocks I mean.
hnpolicestate · 1h ago
We're in the era of less control, more surveillance, more "security", more being treated like a child and lied to.
Just yesterday I got a venmo prompt to add biometrics for "security". F off.
zappb · 1h ago
Mobile phone platforms are reverting back to the pre-iOS/Android reality where you have to jump through tons of hoops to even make an app let alone run a viable business with it.
IshKebab · 58m ago
I don't recall having to send government ID to any companies to publish MIDlets back in the day. I just uploaded them to getjar.
lykahb · 24m ago
I have good memories about a website with ELF's for the Siemens phones. Its name had "kebab" in it. By any chance, was it you running it?
hollow-moe · 2h ago
They saw Apple getting away with notarization under the DMA so they're doing the same.
I must admit the mass demotivation strategy is working really well. Seeing this kind of news every single day, affecting you directly and not even being able to do anything
sebastiennight · 8m ago
So what are our options (eg for EU citizens) for lobbying in terms of legislation or directly to Google to show disagreement with this?
It looks like many in this thread are against, but I don't see suggestions for action?
moogly · 1h ago
Well, I guess I didn't want to use half of the apps on my phone anyway.
Might as well throw the phone in the bin.
Zak · 2h ago
The core benefit of Android over iOS for me has always been that it's my device, not Google's.
They've been chipping away at this over the years. Safetynet was the first offense, but if they start restricting app installation from sources of my choice (I hate the term "sideloading"), there's not much advantage left.
subarctic · 21m ago
Hmm this is weird. I've recently been considering switch back to Android because of how locked down ios is and it sounds like Google's now gonna do the same thing? Will there be a way to deactivate this?
0x000xca0xfe · 1h ago
Time for a Steam Phone. Or FirefoxOS reloaded. The general purpose mobile computing market must be sizeable. I cannot believe everybody just puts up with these increasingly draconic restrictions.
asyx · 1h ago
I think a big problem is that the users have been trained to accept the status quo. I mean back in the Feature phone days we would share Java phone games at school via Bluetooth. I’d assume kids these days generally don’t anymore.
Also, due to the cost of physical media piracy was rampant even amongst boomers. People knew and had the option to buy a dvd player that could play video cd because that’s how movies were ripped.
Even during the early iPhones we were so stripped of even basic features that a jailbreak was 100% required if you wanted to even basic things like taking videos or changing the Home Screen background.
None of this is necessary anymore. The users gets the phone and it just works from their perspective at least.
So who is going to try to run a business off of nerds like us who want to have this sort of control over our devices (I’d call it freedom but the average user doesn’t feel unfree)?
0x000xca0xfe · 1h ago
There has to be a threshold where enshittification has been pushed so far that nerd software becomes the thing cool kids boast about running.
Where a less restricted device can do cool things nobody else can do.
sitkack · 18m ago
This is crazy, this means 10 years from now only terrorists will distribute software. Unacceptable! How many platforms now allow one to build and distribute a binary?
kykat · 1h ago
I cannot resist the urge to point out that we wouldn't have had this problem if people actually sticked to free software instead of "commercial use friendly" open source licensing
mrbluecoat · 33m ago
> The requirement will go into effect in September 2026 for users in Brazil, Indonesia, Singapore, and Thailand. Google notes how these countries have been “specifically impacted by these forms of fraudulent app scams.” Verification will then apply globally from 2027 onwards.
At least most of the world has until 2027 to install LineageOS or GrapheneOS.
Night_Thastus · 13m ago
>At least most of the world has until 2027 to install LineageOS or GrapheneOS.
Which only work on a tiny, almost insignificant sub-set of phones. If you don't have one of those, you're screwed.
Not to mention the bootloader is getting locked down so you can't even install one of these in the first place.
aucisson_masque · 28m ago
Apps are increasingly failing to run on grapheneos because Google is pushing for the play integrity verification. More and more apps, some critical like banking apps, some not at all, require your device to be running an official rom signed by Google.
3036e4 · 18m ago
So I will go back to carry two devices, I guess. Like when I had a Jolla Phone and an Android phone. Or before that with a Palm PDA and a dumbphone. It is convenient to have everything combined in a single device, but guess that turned out to be just a temporary luxury.
aucisson_masque · 6m ago
Great for you. What about the normies ? You know the people that protest and make things change, how they are going to organize themselves when their government gets authoritarian and apple/google obeys to governments request to forbid some app. You know like what happened during Hong Kong protest with Apple App Store.
I’m not saying I have a solution but looking at yourself and pretending it’s all fine because you’re 10 times more tech savvy than the average citizen isn’t a viable answer. That kind of issue must be solved by regulation, hopefully Europe gets to bring back on earth whoever at Google agreed on that idea.
occz · 1h ago
That's not a good move at all.
PenguinCoder · 1h ago
The new face of Embrace, Extend, Extinguish.
malkia · 2h ago
What would happen to projects like F-Droid, Termux, etc.?
gruez · 2h ago
Taking the article at face value, they'll have to register with google and have their apps be signed. Presumably this is subject to less review than the play store (eg. you don't have to justify your permissions list or whatever[1]), but there's no guarantees that developers will bother with the hassle. A lot of developers are willing to put some release up on github, but not dox themselves to google.
Guess whether the makers of alternative YouTube clients will want to tell Google, "Hey, this is a copy of our ID card our address"...
9cb14c1ec0 · 1h ago
As a developer of android apps that get distributed outside of the Play store, a Google identity verification system sounds like a nightmare. What if I'm deemed to be politically incorrect? Will Google brand safety exclude me?
Pfhortune · 54m ago
Disgusting, horrifying, but utterly predictable. A dark day indeed, once no major mobile platform allows running whatever code you wish. Sideloading isn't really sideloading if the app has to be signed by the gatekeeper.
Isn't this a death knell for F-Droid, at least for running on most hardware? Since they require their own builds/attestation?
The Overton Window for computing keeps inching towards gatekeepers having total control over devices. I can't help but imagine myself lurching along on the last somewhat open hardware I can cobble together in a couple of decades, because I refuse to drink the verification can to continue...
turblety · 1h ago
Phew! I was just about to get the new Pixel too, not going to now. I wonder if Samsung will be effected.
thayne · 1h ago
> The changes will affect all certified Android devices once live
I think that is a yes, it will affect Samsung
mh- · 57m ago
Yeah, I think anything that has Google Play would fit that qualifier. So that's basically all major devices (in the West, at least). Oof.
logicchains · 50m ago
It'd be really funny if Chinese Android devices actually end up being more free because they don't have any of the Google Play stuff on them.
edgarvaldes · 23m ago
Sideloading is the only reason I'm on Android. When it goes away, I will be better with an Apple device.
Dilettante_ · 1h ago
Hopefully this increases the communal pressure to find a real alternative to android.
rep_wex · 4h ago
Google to make sideloading Android apps _harder_ by _force_ verifying developer identity for 25$ and bunch of legal documents.
jajuuka · 3h ago
If you read the article you'd see that this is a separate account type that does not have a submission fee or require legal documents. It also doesn't prevent you from side loading. It's just part of the current scare screen system when it comes to side loading.
rep_wex · 2h ago
> separate account type that does not have a submission fee or require legal documents
We do not know yet who will be considered "hobbyist". I would say they might check the user base. When hitting app installation threshold for let say 1,000 users, they will force you to pass the full legal check. Otherwise they will start blocking any further installations.
ohdeargodno · 3h ago
The only promises on the announcement are:
> Verify your identity
> * You will need to provide and verify your personal details, like your legal name, address, email address, and phone number.
> * If you're registering as an organization, you'll also need to provide a D-U-N-S number and verify your organization's website.
> * You may also need to upload official government ID.
Only one of those three applies to organizations.
>A note for student and hobbyist developers: we know your needs are different from commercial developers, so we’re creating a separate type of Android Developer Console account for you.
Nothing about it says anything about having lighter requirements, just not going through a Play Console link. Even if the requirements end up being "lighter", the minimum will always be at least "link a Google account", which is already a massive privacy breach.
> It also doesn't prevent you from side loading.
It absolutely does. Quoting from Google:
>Starting next year, Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices.
certified Android devices being... 99.9% of all Android devices in existence.
Then you're familiar with the process of getting a DUNS number. Because that is a massive barrier for individual devs and small teams. That is actual legal paperwork. Not having to do that makes the process significantly easier.
It's not a massive privacy breach. If you are so anti-Google yet use their devices then most likely you're already only distributing to GrapheneOS or LineageOS anyway. For most people who already have a Google account this is a very small bar to clear.
ohdeargodno · 2h ago
It. Doesn't. Matter.
Getting a DUNS number is ass, getting the 20 testers is ass, etc etc.
I do not want to give Google my government ID to write a shitty little app that only my family will use, or only close friends use and it gets sideloaded through sending it on chat. I do not want people making apps to skip ads on YouTube giving out their government ID. I do not want people making apps that might get them in trouble with their government to give out their government ID to Google.
jajuuka · 1h ago
So then don't. Are you seriously scared for the revanced devs? Their code is posted on Github. Their accounts are all public accounts with names and locations. Maybe don't white knight people who don't need it.
aucisson_masque · 17m ago
You failing to see the issue and dismissing is so easily is mind blowing. Revanced is nothing, he is referring to a whole ecosystem of app made by randomn for other random that Google should have no business requiring government id and giving approval.
Hong Kong protestors bought Android phone en masse when Apple removed apps they used to fight back on Chinese censorship, if Google is allowed to do the same you can say goodbye to freedom of information in many countries. You’re focusing on revanced when it’s the least of the issue.
Animats · 1h ago
Does this break F-Droid?
drumhead · 1h ago
Would be a tragedy if it did. So many interesting and useful apps there without the obnoxious ads or nagging to upgrade.
Animats · 1h ago
I'm entirely on F-Droid, with no Google account and no Play Store. Losing F-Droid would force me off Android.
o11c · 15m ago
Same.
One thing that annoys me is that a lot of F-Droid apps are obviously naive ports with overbroad permissions like "can read the entirety of storage", but that's still better than the all-consuming Goo.
janice1999 · 42m ago
I'm the same. No Google account since 2012. F-Droid is an amazing community effort and has enabled me to find so many great open source applications.
kykat · 1h ago
Maybe F-Droid can sign all packages themselves? Would google let them do that?
can16358p · 1h ago
"Can?"
Sure.
"Would?"
Google has zero incentive to do that.
risho · 11m ago
These companies need to be destroyed by antitrust violations. I am so tired of these tech companies abusing their market position. I want the FTC to stop being toothless and useless and just absolutely crush these companies. The amount of disdain I have for these companies can't even be properly expressed.
Trasmatta · 7m ago
I rely on an open source app called xDrip to manage my diabetes. It's way way way better than any of the official apps. It's not distributed on the app stores for obvious reasons. Many others rely on this app as well. Are we SOL?
This is confusing, since signing something already proves that you own the key.
mh- · 55m ago
My assumption is they want to eliminate/prevent schemes where a ton of apps are signed as a service by a small number of centrally controlled keys.
Someone elsewhere in the thread said this is how F-Droid works, but I can't confirm firsthand.
layer8 · 50m ago
The signing certificate should indicate who is signing, and therefore who is liable. But maybe that’s not how they set it up previously.
nullc · 9m ago
they've been demanding signing keys for apps distributed on the play store for years.
The only credible explanation I can come up with is that they need the keys in order to produce indistinguishably backdoored versions of applications, handy for tools like signal.
Otherwise one would never think of requesting the private keys-- if google wants to rebuild apps themselves they could sign with their own keys and possessing anyone elses private key is just pure liability as if there is any discovered abuse they can't show that they weren't the vector.
2OEH8eoCRo0 · 39m ago
So that's how they kill newpipe.
pentagrama · 28m ago
This means that for example I will not be able to side load Popcorn Time for Android [1] anymore?
> Google is explicit today about how “developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer.”
« Développer will have freedom » yet they are entitled to Google’s verification.
It’s just another stone in the grave of Android and even though I shipped off this sinking ship 6 years ago to iOS, this is still concerning because ultimately apple’s IOS is in competition solely with Android.
If Android gets so bad it has all the disadvantage of iOS, some more, for instance with the embedded spyware that manufacturer are paid to include, and none of the good side of iOS, then everyone lose. Apple doesn’t have to compete anymore, they just have to not suck.
vizzier · 31m ago
Can you even compile an iOS app without registering with apple?
aucisson_masque · 22m ago
Is it really different from what Google is doing ? Not being to compile or user not being to install have the very same consequence : your app can’t be used.
effgoogle · 34m ago
Fuck google.
This combined with the 'age verification' coming to all Google properties means it is a very small step from that new world to full Google verification of everything you visit and everything on your device, at any time, for any reason with the penalty being incontestable ban from your device, apps and data.
Get ready for facebook style 'we are interrupting you for a video selfie because we have detected you are a threat' across all google properties (Android, Chrome, Gmail, Maps...).
Move to linux phones, now.
myaccountonhn · 1h ago
What does this mean for projects like Grapheneos, or fdroid?
anonym29 · 1h ago
"The changes will affect all certified Android devices once live". AKA GrapheneOS should remain unaffected (as it is not "certified", per Google parlance), and F-Droid should remain available - in theory.
If they keep up this "boil the frog slowly" crap though, I may be migrating off of Android and over to a strictly Linux-based phone, like a PinePhone, Librem, etc.
Fuck the scumbags at the top of big tech making decisions like these.
zb3 · 52m ago
Next step: require all "certified" devices to prevent unlocking the bootloader... then possibly kill AOSP...
I have no words.. or more precisely, those words are not the kind of words I'm allowed to write here.
janice1999 · 46m ago
AOSP is being killed piece by piece - zero community engagements, infrequent dumps with no commit logs, moving everything into Google Play services and recently no more binaries for Pixel phones just to make third party ROM developers lives a little more miserable.
_benj · 1h ago
It seems that it was only about time… it just feels like the pace of enshittification with big tech being able to get away with anything is crazy!
I’m hoping that projects like Precursor can take off because we’ve buried ourselves in such mountain of complexity that seems like only a billion/trillion dollar big tech company can make an OS.
But then again, some body called BS on browsers and we might have a good option soon in Ladybug!
Keep your phone. All you have to do is say no to digital for:
- money
- tickets
- identification
They cannot force everyone to own and buy a phone.
zb3 · 1h ago
Never, I'll stick to LineageOS till it ceases to exist.. then I'll just buy a dumbphone, f... Google!
akk0 · 1h ago
This isn't legal in the EU is it?
sunaookami · 8m ago
It is. Notarization like Apple does is also legal. In fact the EU commission would welcome this with open arms since they can now access the personal data of every developer and can order Google to ban every app they want. This goes hand-in-hand with their new "Digital wallet" app that will be launched next year.
heyheyhouhou · 1h ago
if we continue this direction, in a couple of years, a feature phone might be an excellent choice!
p3rls · 1m ago
has anyone had to help any elderly relative with the million scams they've downloaded from google's app store? google does not give a shit about helping regular people avoid scams, it's all just bullshit.
not even to mention the h1b indian kickback stuff that's about to hit them. couldn't happen to a nicer company.
shadowgovt · 2h ago
This has the potential to be disastrous for Google, but maybe not.
Personally: I don't use Apple because I like being able to whip together little apps to side-load without having to check in with a walled-garden mothership. If Google is going to move closer to Apple in that regard... Apple's UX ecosystem is better, so I have far fewer reason to keep using Android.
bigstrat2003 · 2h ago
I suspect this won't be disastrous for Google, because where will people care about this go? Apple, who is even more restrictive? This is just another in a long series of incidents showing why we desperately need a real alternative to the mobile duopoly. I would ditch Android over this, but there's no realistic alternative available to me.
Damn the future sucks ass.
asyx · 1h ago
I think the only thing hat can save us is a jailbreak. Either for iOS or Android to let you sideload apps.
Alternatively, and that’s almost bullshit, the dumb phone trend continues and we might get devices like PDAs. Get a dumb phone and a small camera and then your PDA for everything that is essentially an app. Not sure what OS they’d run but I don’t see another way.
3036e4 · 1h ago
Android also allows apps that can run arbitrary code, like emulators and various other runtimes. I think iOS still doesn't? I have not written an Android app in ages, other than at work, but I often write silly little things running in the Löve 2D Loader, or TIC-80, or DOSBox, or just command-line tools running in Termux (I hear there is an X-server as well to run GUI applications from Termux?).
As long as they still allow running stuff inside of apps like that I will probably not abandon ship yet.
zer0zzz · 1h ago
Juggling between Maemo and iOS back in the day I always thought it was so wild that I later years people thought of Android as the open alternative.
> Starting next year, Google will begin to verify the identities of developers distributing their apps on Android devices, not just those who distribute via the Play Store.
Odd little phrase, "distributing their apps on Android devices".
I think "distributing" in this context is in the sense of product distribution, not in the sense of distributed systems.
But "distributing...on" sounds a little odd, like Google is still providing a distribution service. (Contrary to how all the precedent of how we've thought of installing software, other than the proprietary, captive-user app stores.)
And so, maybe "distributing...on" makes it sound more like Google is (once again) entitled to gatekeep what you can run on your device/computer.
> However, developers who appreciated the anonymity of alternative distribution methods will no longer have that option. Google says this will help to cut down on bad actors who hide their identity to distribute malware, commit financial fraud, or steal users’ personal data.
Maybe it's not "developers who appreciated the anonymity" (which we immediately try to conflate with bad actors), but that the whole point lately has been to stop the greedy proprietary lock-in app store monopolies, and not have them gatekeeping what everyone else can do.
ktallett · 1h ago
Well this is me moving to E/OS full time.
antiloper · 2h ago
Why even run Android at that point anymore? iOS devices get security updates for longer and have much less data collection than stock Android.
GrapheneOS won't survive the next generation of devices because bootloader unlocking will also go away (https://news.ycombinator.com/item?id=44765939), and without kernel security updates that OS can't continue.
Now there's also no more sideloading, so what purpose does Android even serve anymore?
gruez · 2h ago
>GrapheneOS won't survive the next generation of devices because bootloader unlocking will also go away (https://news.ycombinator.com/item?id=44765939), and without kernel security updates that OS can't continue.
The comment in the thread you linked directly contradicts the claim that "bootloader unlocking will also go away".
subarctic · 8m ago
Exactly, the only reason to be a weirdo and have android in the first place was because there's so many good apps available outside the play store, if they lock it down just like Apple then what's the point?
kllrnohj · 2h ago
> iOS devices [..] have much less data collection than stock Android
iOS does a tremendous amount of data collection including for the usage of ads as per Apple's privacy policy. All the same types of data that stock Android collects, even.
You may believe Apple is a generally better steward of that data than Google, but using iOS does not reduce the amount of data being hoovered up in any meaningful capacity.
> Now there's also no more sideloading, so what purpose does Android even serve anymore?
I hate this change, but I still prefer Android. iOS is hardly perfect nor does it do everything better...
ranger_danger · 2h ago
> what purpose does an open source OS have against a proprietary one
lenerdenator · 1h ago
FOSS means a lot less than it used to in Android.
Can you download, build, and install a basic Android system these days without touching a single piece of closed code? Absolutely. Will it be able to do much without closed binaries? No.
Android isn't GNU/Linux where there's a general ethos of making everything in userland FOSS if at all possible. Rather, it's a free OS that both Google and manufacturers can do anything they want with, including shove a ton of spy and bloatware on it, then make it to where you can't get rid of those things, at least not easily.
The optimism from 15 years ago surrounding FOSS in the mobile space is on its deathbed.
ranger_danger · 1h ago
I would argue any amount we can get is still lightyears better than not being able to replace or inspect anything at all on the system.
Rebelgecko · 1h ago
A phone running just the FOSS parts of Android is not super viable for the average person.
hagbard_c · 1h ago
> Why even run Android at that point anymore? iOS devices get security updates for longer and have much less data collection than stock Android.
Because Google-free AOSP-derived Android distributions are far more versatile, offer far more freedom, impose far fewer restrictions and tend to end up being far less expensive than whatever the fruit factory decides their dedicants have to use today. If Google goes the way of the fruit folks and AOSP no longer offers these freedoms the next step is not to surrender to the Church of Apple but to find a way to evade those restrictions.
storus · 1h ago
Google is really turning into a dystopian company, destroying any goodwill their virtuous employees created in the past. It feels like they are primed to be the main turnkey tyranny facilitators.
can16358p · 1h ago
Google was always dystopian and evil. They just wore good mask for some time in the beginning.
It’s sad that smartphones now hold so much personal and private data but aren’t really under the control of their users.
janice1999 · 48m ago
> Imagine MS doing the same for Windows.
They already have a version of that - it's called Windows S Mode (Windows Store apps only, no EXEs or scripts, Edge only for browsing). If they get away with it, they would make it the default. Required Microsoft accounts was a step in that direction.
dvngnt_ · 26m ago
This is what caused gaben to create steamos which is now a somewhat viable ecosystem with the steamdeck and rumored machines
Pfhortune · 49m ago
> Imagine MS doing the same for Windows.
It will happen. We've been the frogs boiled in the pot for years, accepting forced attestation. Eventually they'll close off running unsigned code, and the PCs will probably have bootloaders locked to Windows as well, so you can't escape.
ohdeargodno · 3h ago
Additionally, this kills apps like Revanced, NewPipe, SmartTube that will now be required to give out ID to Google, surely that's something they really want to do. All Open source development is at threat, Google's absolute dogshit procedures already imposed for the play store now imposed to the entire ecosystem. All for a shitty system that breaks down to "registering package names". Cool then, guess it's time to typo squat on every variant of com.faceboook.app, because users definitely check the package name and not "oh the icon is right and so is the title".
More and more locked down devices, Android source releases only being published once a year, device drivers for reference devices disappearing, and now, verification of all your software for your "security". The war on general computing is well and truly on.
What the absolute fuck.
aspenmayer · 56m ago
Boooo. Fuck this noise! Might as well run iOS at this point, unless your use case needs Android only apps or workflows.
What a fucking joke.
stefan_ · 1h ago
I don't understand, when the EU announced that Apples "actually we need to sign all of these and pay us" requirement is illegal, Google was like "hold my beer"?
Break them up already, it's getting old.
Mindwipe · 1h ago
So, now there will be a single kill switch where a malicious government can legally compel Google to annihilate apps not of their liking.
I find it hard to state how contemptible this is. How stupid. Everyone who worked on this has blood on their hands.
devinprater · 3m ago
Well time to make sure mobile Linux is accessible so the blind users aren't the only ones left when all the world switches to Linux /s
subarctic · 3m ago
Maybe Elon Musk can save us /s
rahidz · 2h ago
Sorry, we're getting rid of Revanced, Newpipe, Xmanager, etc. for your own good. Just like how Manifest v3 was for security. /s
pmontra · 1h ago
That might be one of the reasons. Get rid of competition by legal means.
In my case I keep a copy of K9 Mail 5.6 with the original UI (the reason I choose K9) and I sideload it to every device of mine. I'm afraid that I'll have to register an account and what, claim that that K9 is mine?
JustExAWS · 1h ago
While I like to jump on the Google bash train as much as anyone, this is to comply with EU laws.
Apple implemented a similar change for the EU App Store earlier this year to comply with the Digital Services Act (DSA), a regulation that now requires app developers to provide their “trader status” to submit new apps or app updates for distribution.
HelloImSteven · 56m ago
But this is for apps outside the Play store, so the DSA isn’t at play here insofar as Google needs to be concerned. I don’t think there’s any solid decision on whether third-party app distribution is subject to the trader requirements, but if/when there is, it’d presumably be on the alternative distribution platform to enforce, not Google. Plus, Google already adjusted its policies to comply with the DSA.
For the record, Apple notes that the DSA requirements only impact developers distributing through the App Store, not through alternative distribution [1].
I.e. it doesn't require this at all, it merely requires Google require verification for apps that they themselves distribute. What they've been doing all along until now plus or minus minor bookkeeping details on what data they collect.
morsch · 1h ago
So they (or rather TC) claim. Does the DSA actually require it, though?
201984 · 59m ago
Just wonderful. Why does Europe insist on imposing regulations like this that companies then force on the rest of the world? It's one thing if they're benign but this very much isn't.
o11c · 18m ago
Only monetized apps (whether that be directly paid, microtransactions, ads, etc.) are legally required to go through that process - and it's a perfectly sensible requirement for the government to say "if you want to run a business, you need to do so as a business".
That is most apps - but not the kind of apps Google is attacking here (personal-scale, actually-free, third-party, etc.). And "apps that are not monetized" is actually a very nice thing to filter for from a user perspective.
Of course, the world's largest malware vendors love to use government action as an excuse to do something else malicious.
thayne · 1h ago
IANAL, but I don't see how that applies to apps that Googled doesn't distribute.
mvdtnz · 1h ago
There is no law in EU which requires Thailand-based developers to provide their trader status in order to serve Thai customers. Stop making shit up.
croes · 1h ago
They usually fight harder against such laws if they don’t suit them.
NoahZuniga · 3h ago
Seems reasonable
guywithahat · 1h ago
I don't like it, however I do feel sympathy for Google. There are probably a lot of idiots who download spyware.apk, it breaks other legitimate apps, steals their information, and then they go online and complain about how Android isn't secure or otherwise doesn't work.
Users should be allowed to brick their device if they're sufficiently stupid, but I feel bad for Google who has to deal with some of those people blaming them.
sunaookami · 4m ago
You don't need to feel bad for them, the Play Store is full of malware so what makes you think this change will help? This is a self-inflicted problem.
kbolino · 52m ago
I would be surprised if Android has a reputational issue among users. Maybe at the margins, but not enough to significantly affect market share. Most people have already sorted into iOS and Android camps already.
To whatever extent Google may be responding to an issue arising from the market, it is likely at the behest of large companies, especially payment processors, payment card networks, banks, etc. These institutions lately have begun to exert increasing influence over end-user activities, and it would not surprise me if they are playing a part here, too.
ktallett · 1h ago
Why is there no sensible behaviour and knowledge around APK installation like there is about any piece of software on a personal computer?
Zak · 1h ago
It is also common for people to install things on Windows without thinking critically. It is perhaps less common on Mac OS, but I've seen someone get malware that way.
My position is that this is not the OS vendor's responsibility to prevent. A warning is fine. A scan for known malware by default is fine. Beyond that, it's my device and it's my choice to get software from wherever I damn well please even if it might be a bad idea.
codemac · 1h ago
I have little to no evidence that there is sensible behavior and knowledge around software on personal computers.
The biggest difference these days is most folks don't even use a personal computer.
ktallett · 1h ago
But there is far more education and knowledge that it is a bad thing.
gjsman-1000 · 1h ago
Because only 5% of American adults are highly literate with technology, 30% of working adults self-identify as "never (ever!)" using folders and files for organization, and most people have better things to do with their time to be taught to perfectly analyze the safety of an App Store. Don't hope in the next generation either - only 38% of Gen Z could successfully complete tasks more difficult than moving an email between folders, while an IEA study found that only 2% of Gen Z had reached the anticipated "digital native" stereotype level of fluency.
cookiengineer · 1h ago
Can you please post the source of the study?
babypuncher · 46m ago
I would argue that Gen Z is worse at computers than Millennials specifically because we put too many guardrails in place to make computing easy for the illiterate. Now we are all paying the price, as user agency is continually eroded away to further protect the dumb from their own unwillingness to gain a basic understanding of the very tools critical to their daily life.
ktallett · 1h ago
Firstly what is the source and secondly, the US is not the majority user of mobile phones and especially not android.
Aaargh20318 · 1h ago
What makes you think that people are sensible about installing shit on their personal computers?
zb3 · 49m ago
This is just an excuse. Google doesn't care about these people, they already proved that by showing scammy advertisements, as long as they get their profits, they don't care. Don't fall for this "it's for your security" argument.
seviu · 58m ago
It’s an excuse they use. The don’t care if your average grandmother gets infected by a virus.
This trust me bro, our App Store is safer is just getting on my nerves. Every day we get malware popping on both app stores.
This is absolutely unacceptable. That's like you having to submit your personal details to Microsoft in order to just run a program on Windows. Absolutely nuts and it will not go as they think it will.
I think they might just get away with it.
I'm not sure Google still has the ecosystem by the balls. It's very possible whatever Googlers who made this decision are the type of folks who don't comprehend they work for a monopoly that like actually can't do things like this anymore.
Nowhere does that require you to go and get a DUNS number, which is onerous for a single developer to do without the infrastructure of a company.
It seems kind of odd to me to rely on some kind of external hidden "credit agency"-style company for this? And why would DUNS want to know about some kid in their basement in Bangledesh making (non-malicious) apps, and why would the kid want Dun & Bradstreet to know about them? It makes no sense at all.
Youc an see the zeitgeist forming around corporations wanting to lock out any small unlicensed company from working on phones.
The key is mostly fascism in the guise of "security". Witness stuff like the ICE tracker app. Google would love a way to freeze out both it's appearance on the app store and any developer who'd program similar.
Which is exactly the same policy as Apple.
Over the years, it seems Google has been trying to have their cake and eat it too, by basically subsuming others to use Android through this appeal of a more free and open operating system ecosystem, but have tried to slowly close and close it down now that it has won the other half of the market on that promise.
This feels more sly, because it's kind of a bait and switch. Apple never made such claim and was always upfront, so while I don't like it, I never bought into it in the first place for them to have the rug pulled under me after giving them my money as Google might be doing.
https://www.bbc.com/news/magazine-26328105
https://en.wikipedia.org/wiki/Parents_Music_Resource_Center
https://en.wikipedia.org/wiki/Seduction_of_the_Innocent
https://www.nytimes.com/1997/02/27/business/job-insecurity-o...
Yanking the leash of the proletariat
TikTok is "brain rot" even though the real economy runs on physical statistics, the semantics have to be recognizable to the elders, or it's not democratic so they will force the semantics to be regurgitated as-if they are religious catechism.
People that think this is unacceptable are not remotely average users. Average users benefit greatly from their pocket appliance not being a full fledged computer.
In what way? Seriously, what benefit is there? (And don't say security...)
What's being sacrificed in the name of security is not worth it imo.
Enabling side loading on android is not a standard setting you can flick on. Is there any data on the number of devices who have this enabled and are falling for hacked apps?
Why, though?
There's certainly no technical reason that a pocket appliance can't be a full fledged computer. The primary reason it isn't is because device manufacturers benefit greatly from having a tight control over their products. This is not unique to mobile devices; we see the same trend of desktop operating systems becoming increasingly user hostile as well.
The claim that these features are in the best interest of users is an inane excuse. Operating systems can certainly give users the freedom to use their devices to their full capabilities, without sacrificing their security or privacy. There are many ways that Google could implement this that doesn't involve being the global authority over which apps users are allowed to install. But, of course, they are in the advertising business, where all data that can be collected, must be collected.
People who think this is unacceptable are the people who 1) understand what it is, 2) don't stand to profit from it, and 3) don't dream about locking average users into an ecosystem that they control some day.
Currently the entire ecosystem is riddled with malware, spyware, or adware with shady source information and people have no way to verify the data practices
It isn't possible to ban encryption, so the governments have to chip away at security and privacy using these techniques.
From: https://developer.android.com/developer-verification
"You may also need to upload official government ID."
This won't end well for Google or the governments involved when the people get so angry that they are forced to roll this back. Switch to an alternative phone OS.
The amount of people this makes angry is so minuscule that it probably wouldn’t even pass one of those theatrical “sign this petition to get the government to discuss it” thingy. Mind you, the only reason the whole side-loading court cases were going forward is because a giganormous company (Epic) wanted to make more money instead of paying the Google/Apple tax. Not because some people were angry.
This is political fantasy. There is no mechanism for "the people" to force anyone to roll this back. They can vote for the candidate owned by google, or the candidate owned by google. If they want to find another candidate, they'll have to use google to find one.
I don't own a smartphone and I am happy as ever. I used to own one a while back, but it wasn't worth the effort and the rage when it was slow.
If a service can be accessed only with a smartphone, I complain (which is of little use).
* Mobile payments
* Navigation
* All manner of IoT devices
* Wearables!
* Digital versions of ID (Mobile Passport Control)
etc.
So no, you can't just use the web.
At this point, I believe the most effective ways one can help with this is:
(1) advocacy - it's slow and difficult, but having people at least agree / be familiar with the idea that closed stuff is bad is a good first step.
Open ecosystems can't work for the general public if it's trapped in closed networks that won't work on anything else than the two big mobile operating systems, so making people start using open chat apps and such will help a lot. It'll take years, but so be it. It's worth it I think.
(2) helping improve the more open stuff.
I think Linux mobile for instance is a potentially viable alternative in the medium term for at least the basic use cases: Calls, SMS, GPS / Maps, Signal, photos. All this has no reason not to work with some polish. I daily drove Linux mobile 4 years ago for a year. The main thing I'm missing is good hardware for it, and a lot of polish but nothing impossible. Yeah, indeed, no payment with the phone (Google Pay / Apple Pay). But it's still possible to use the physical cards and not use the phone for this.
A locked-down Android is pointless.
in all things. I would encourage you and everyone who reads this post to stare down this option with realistic consideration. In a society this broken, it is the solution to more and more things. To checkout, to accept the hard mode because to pick the path of convenience is to be exploited.
Again, and again, and again.
BTW, all the GrapheneOS, etc. are still Android phones.
Obviously this is going to impact the supply of apps, since the market share of custom Android is smaller than even the market share of people willing to sideload or use an alternative store on a mainstream Android phone. Many developers might quit the game.
It wasn't OK in 2003. It wasn't OK in 2014. It isn't OK now. I'm just not sure what anybody can do about it.
[0] https://www.nytimes.com/2003/06/30/business/technology-a-saf...
I hope my tiny datapoint shows up in some aggregated stats somewhere.
It’s use-it-or-lose-it.
SailfishOS is pretty nice
I might get one next
Is anyone working on fixing this? We can do so much better.
Fairphone from the Netherlands is another https://www.fairphone.com/
If they start selling their own devices, I will buy one and (assuming it turns out how I hope it will) recommend it strongly.
[0] https://grapheneos.social/@GrapheneOS/114665558894105287
[1] https://grapheneos.social/@GrapheneOS/114359660453627718
The entire developer experience was fantastic and the thing that killed it was a lack of desire from the upper leadership when it felt like they couldn't compete with the duopoly.
Did you have a wince app? Too bad, throw away all that and rebuild for wp7.
Do you want do anything useful? Actually, you better wait for wp7.5.
Oh look, we have a totally new thing with WP8. Upgrade to the newest framework so you can use the WP8 features... Oh, but you still need to build for the old framework for WP7. Hey, how about WP8.1, kind of the same deal.
My personal favorite though was WM10; you now need to build a Universal app that only runs on the very small number of WM10 phones... If you want to run on WP7 and WP8 which still have more sales, a universal app doesn't run there. Also, even though we said WP8 phones would be able to upgrade, either we changed our mind, or the experience is so bad most people won't. And the cherry on top... Users who upgrade from 8 to 10 might need to delete and reinstall the app, otherwise it will just show the loading dots.
Did we mention, we decided we didn't need engineers in Test in the run up to WM10? Couldn't possibly be why the release was terrible.
Doesn't this make it prohibitively difficult to do local builds of open source projects? It's been a long time since I've done this, but my recollection was that the process to do this was essentially you would build someone else's (the project's) package/namespace up through signing, but sign it locally with your own dev keys. A glance at the docs they've shared makes it sound like the package name essentially gets bound to an identity and you then can't sign it with another key. Am a I misremembering and/or has something changed in this process? Am I missing something?
Personally I would be fine with unsigned apps requiring the user to click through a notice before install, or having a setting to toggle to enable unsigned apps. Windows does something similar to this where unsigned binaries get a pop up warning but signed ones are executed immediately.
I guess words don't don't have meaning anymore, how can you claim to have an open system in an announcement about closing it down?
It's also telling that the big supporters of this are apparently corporations and governments. Admittedly I don't know what "Developer's Alliance" is but they don't seem to care about developers very much, and I wouldn't surprised if they were just a "pay us to say what you're doing is good for devs" kind of thing
If this actually goes through, there will be no option in the mobile OS market for an OS that both:
a) allows the installation of apps without any contractual relationship with any party, and
b) allows the use of mainstream and secure apps like banking
If anything, they'd eventually deny access from desktop, forcing everyone to login via the fully manages mobile devices without any user freedom.
Some banks are already getting there btw, as their preferred 2fa is a companion app... One small step away from making that the only option, effectively denying access to anyone without a locked down mobile device.
> The tech giant stresses that this does not mean developers can’t distribute outside of the Play Store through other app stores or via sideloading — Android will remain open in that regard.
>The Play Store implemented similar requirements in 2023, but Google is now mandating this for all install methods, including third-party app stores and sideloading where you download an APK file from a third-party source.
> I'd bet money they'd just ban them; the whole point is to stop users running unapproved applications on their phones.
I wasn't trying to claim everything is hunky dory, just that they aren't "going to just ban" other app stores.
More info:
https://developer.android.com/developer-verification
https://support.google.com/googleplay/android-developer/answ...
Personally...we all know the Play Store is chock full of malicious garbage, so the verification requirements there don't do jack to protect users. The way I see it, this is nothing but a power grab, a way for Google to kill apps like Revanced for good. They'll just find some bullshit reason to suspend your developer account if you do something they don't like.
Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.
> we will be confirming who the developer is, not reviewing the content of their app or where it came from
This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.
TFA had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.
On the flip side, that's one less platform I care about supporting with my projects. We're down to just Linux and Windows if you're not willing to sell your soul (no, I will not be making a Google account) just for the right to develop for a certain platform.
Requiring company verification helps against some app pretending to be made by a legitimate institution, e.g. your bank.
Requiring public key registration for package name protects against package modification with malware. Typical issue - I want to download an app that's not on available "in my country" - because I'm on a holiday and want to try some local app, but my "play store country" is tied to my credit card and the developer only made it available in his own country thinking it would be useless for foreigners. I usually try to download it from APKMirror. APKMirror tries to do signature verification. But I may not find it on APKMirror but only on some sketchy site. The sketchy site may not do any signature verification so I can't be sure that I downloaded an original unmodified APK instead of the original APK injected with some malware.
Both of these can be done without actually scanning the package contents. They are essentially just equivalents of EV SSL certificates and DANE/TLSA from TLS world.
I don't think we can know for sure before the change is actually in place. Going through Play Protect would certainly be the easiest way of implementing this - it would be a simple change from "Play Protect rejects known malware" to "Play Protect rejects any app that isn't properly notarized". This would narrowly address the issue where the existing malware checks are made ineffective by pushing some new variant of the malicious app with a different package id.
It's a big change for the ecosystem nonetheless because it will require all existing developers to register for verification if they want to publish a "legit" app that won't be rejected by any common Android device - and the phrasing of the official announcements accurately reflects this. But this says nothing much as of yet about whether power users will be allowed to proactively disable these checks (just like they can turn off Play Protect today, even though very few people do so in practice).
The internet permission has nothing to do with ads? It's a hidden permission because:
1) Internet connection is so ubiquitous as to just be noise if displayed
2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar
The main thing this permission would be used for would be blocking ads. Also distinguishing shitty apps that are full of ads from those that aren't. If there is a calculator that needs Internet and one that doesn't, which one are you going to use?
That doesn't make it any less useful.
> 2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar
I've heard claims that the Internet permission is flawed, yes, but I've never managed to find even a single PoC bypassing it. But even if it is flawed, don't you think Google would be a bit more incentivized to make the Internet permission work as expected if people could disable it?
It's been there since Android 1.0.
What's missing is a way for the user to deny it.
Google mostly doesn't let you deny permissions while running apps that require them; recently there's some permissions that you can pick at runtime. So it's not suprising that they don't let you deny this one, when they don't even show it in the store.
https://developer.android.com/develop/connectivity/network-o...
I personally won't be doing this verification for my open-source apps. I have no interest in any kind of business relationship with anyone just to publish an .apk. If that limits those who can install it to people who disable Play Protect globally, then oh well.
Google doesn't make better phones, they were just less hostile to the consumer. That seems to be going away :(
And saying that for me anyways the only reason I have an Android and not an IPhone is because they were less abusive. On unrelated metrics like hardware quality Apple generally seems to do better.
The thing is that if Google choses to make Android OS as closed as iOS, I'd rather use an iPhone than an Android phone...
You can also use an enterprise developer certificate that lasts forever but if Apple revokes it then the app stops working until you get another working cert.
It does require you to turn on iOS developer settings by connecting to a Mac with Xcode installed to enable but then you can manage app installation and refreshing via an App Store like Alt Store. EU has different system where there is no limit on amount of sideloadable apps but the apps still need to be approved by Apple. Alt Store also have a EU specific App Store for that purpose.
I side loaded on iOS for a long time. Get Youtube++ for ad free and I forget the Reddit client I used that was side loaded as well. You can run the server on any PC or Mac that will handle side loaded apps and being on the same WiFi network allows the server to automatically refresh the installed apps. Only big downside is updates are not automatic or simple. To update an app you have to download the new app .ipa and then sign it like you were installing it fresh. Usually it picks up the existing configs and data though. So it's not a full app wipe.
The sideloaded subreddit is where I got into it through.
Otherwise, I think it's possible to use developer tools to temporarily install apps on an iPhone. IIRC this requires a Mac and has to be repeated every few days.
7 days for free account.
1 year for paid (until membership ends?).
90 days for TestFlight.
* Only in europe
** kinda
*** you have to enable it in your account settings
**** you have to reinstall it every 30 days
***** more I forgot
****** fuck you - apple
Leaving Google for Apple, and expecting a more open app store, is going to be disappointing. I’m not a Google fanboy by any means, just pointing out the landscape out there
By itself, this throttling is a good thing and keeps phones usable for longer, because a phone that is slow is better than a phone that randomly reboots.
The problematic part was that they a) didn't disclose it, and b) did this for phones within the warranty period, so instead of the phone visibly crashing and you returning the obviously broken phone, it just lost performance which you might not have noticed in time to get a free replacement.
It wasn’t guise, it actually increased the battery life quite much. People complained about the battery of old phones. The problem was that users did not have choice to opt-out.
Apple wouldn't have had to do all the song and dance if from the start a popup warned the users their battery lost capacity and should be serviced.
It's not about 'saving battery' its about preventing undervoltage that janks everything up.
Having dealt with more than one windows phone that didn't have this feature or had it in a bad way (i.e. 520/521 would just 'reboot', 640 and 950XL would just kill an app) I wish Microsoft would have figured that crap out lol.
Nope. There was an issue in iPhones and Nexus phones that had been used for a few years where a worn battery could no longer maintain a voltage high enough to meet instantaneous SOC power demand, resulting in unexpected device shut downs.
Apple got the device to quit shutting off without warning by throttling older devices and Google did nothing and just told users to buy a new device.
They both got sued, and both lost.
> If you currently or formerly owned a Google Nexus 6P smartphone, we have some good news: you might be eligible for a cash rebate for those bootloops and spontaneous shutdowns the device was known for.
https://www.androidauthority.com/nexus-6p-lawsuit-2019-97547...
I've said this before, but it was the right idea executed the wrong way. iPhones give you a warning when they overheat, and this throttling should have gotten a similar warning with a link to an FAQ explaining the battery dynamics.
That’s not a true story.
Ah, then I guess everything is fine. I'm sure they aren't in favour because it gives governments greater control over what apps we're allowed to have on our phones. That would be absurd.
I am gonna start carrying around a laptop with a 5G modem instead.
If someone made a screenless powerbank-shaped Android device, I might be interested. The device would double as a 5g wifi modem, and to access the UI you'd remote in over VNC from a laptop, or unrestricted mobile device like a PinePhone.
As to the device you mention, it should be possible to take a phone apart and spoof* all of the mic's and cameras, likely the gps, and haptic motor and speakers as well, and have a 5g touch screen modem with plain internet, or keep the speakers and it's a media device, or put all the audio on a micro switch. * use matched resistors, or black out the sensors detach the antena for gps lets just say I realy dont like bieng advertised to
Just yesterday I got a venmo prompt to add biometrics for "security". F off.
It looks like many in this thread are against, but I don't see suggestions for action?
They've been chipping away at this over the years. Safetynet was the first offense, but if they start restricting app installation from sources of my choice (I hate the term "sideloading"), there's not much advantage left.
Also, due to the cost of physical media piracy was rampant even amongst boomers. People knew and had the option to buy a dvd player that could play video cd because that’s how movies were ripped.
Even during the early iPhones we were so stripped of even basic features that a jailbreak was 100% required if you wanted to even basic things like taking videos or changing the Home Screen background.
None of this is necessary anymore. The users gets the phone and it just works from their perspective at least.
So who is going to try to run a business off of nerds like us who want to have this sort of control over our devices (I’d call it freedom but the average user doesn’t feel unfree)?
Where a less restricted device can do cool things nobody else can do.
At least most of the world has until 2027 to install LineageOS or GrapheneOS.
Which only work on a tiny, almost insignificant sub-set of phones. If you don't have one of those, you're screwed.
Not to mention the bootloader is getting locked down so you can't even install one of these in the first place.
I’m not saying I have a solution but looking at yourself and pretending it’s all fine because you’re 10 times more tech savvy than the average citizen isn’t a viable answer. That kind of issue must be solved by regulation, hopefully Europe gets to bring back on earth whoever at Google agreed on that idea.
[1] https://news.ycombinator.com/item?id=41895718
Isn't this a death knell for F-Droid, at least for running on most hardware? Since they require their own builds/attestation?
The Overton Window for computing keeps inching towards gatekeepers having total control over devices. I can't help but imagine myself lurching along on the last somewhat open hardware I can cobble together in a couple of decades, because I refuse to drink the verification can to continue...
I think that is a yes, it will affect Samsung
We do not know yet who will be considered "hobbyist". I would say they might check the user base. When hitting app installation threshold for let say 1,000 users, they will force you to pass the full legal check. Otherwise they will start blocking any further installations.
> Verify your identity
> * You will need to provide and verify your personal details, like your legal name, address, email address, and phone number. > * If you're registering as an organization, you'll also need to provide a D-U-N-S number and verify your organization's website. > * You may also need to upload official government ID.
Only one of those three applies to organizations.
>A note for student and hobbyist developers: we know your needs are different from commercial developers, so we’re creating a separate type of Android Developer Console account for you.
Nothing about it says anything about having lighter requirements, just not going through a Play Console link. Even if the requirements end up being "lighter", the minimum will always be at least "link a Google account", which is already a massive privacy breach.
> It also doesn't prevent you from side loading.
It absolutely does. Quoting from Google:
>Starting next year, Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices.
certified Android devices being... 99.9% of all Android devices in existence.
https://android-developers.googleblog.com/2025/08/elevating-...
It's not a massive privacy breach. If you are so anti-Google yet use their devices then most likely you're already only distributing to GrapheneOS or LineageOS anyway. For most people who already have a Google account this is a very small bar to clear.
Getting a DUNS number is ass, getting the 20 testers is ass, etc etc.
I do not want to give Google my government ID to write a shitty little app that only my family will use, or only close friends use and it gets sideloaded through sending it on chat. I do not want people making apps to skip ads on YouTube giving out their government ID. I do not want people making apps that might get them in trouble with their government to give out their government ID to Google.
Hong Kong protestors bought Android phone en masse when Apple removed apps they used to fight back on Chinese censorship, if Google is allowed to do the same you can say goodbye to freedom of information in many countries. You’re focusing on revanced when it’s the least of the issue.
One thing that annoys me is that a lot of F-Droid apps are obviously naive ports with overbroad permissions like "can read the entirety of storage", but that's still better than the all-consuming Goo.
"Would?" Google has zero incentive to do that.
"You'll need to prove you own your apps by providing your app package name and app signing keys."
That is capital-I Insane.
[1] https://developer.android.com/developer-verification
Someone elsewhere in the thread said this is how F-Droid works, but I can't confirm firsthand.
The only credible explanation I can come up with is that they need the keys in order to produce indistinguishably backdoored versions of applications, handy for tools like signal.
Otherwise one would never think of requesting the private keys-- if google wants to rebuild apps themselves they could sign with their own keys and possessing anyone elses private key is just pure liability as if there is any discovered abuse they can't show that they weren't the vector.
[1] https://github.com/popcorn-official/popcorn-android
« Développer will have freedom » yet they are entitled to Google’s verification.
It’s just another stone in the grave of Android and even though I shipped off this sinking ship 6 years ago to iOS, this is still concerning because ultimately apple’s IOS is in competition solely with Android.
If Android gets so bad it has all the disadvantage of iOS, some more, for instance with the embedded spyware that manufacturer are paid to include, and none of the good side of iOS, then everyone lose. Apple doesn’t have to compete anymore, they just have to not suck.
This combined with the 'age verification' coming to all Google properties means it is a very small step from that new world to full Google verification of everything you visit and everything on your device, at any time, for any reason with the penalty being incontestable ban from your device, apps and data.
Get ready for facebook style 'we are interrupting you for a video selfie because we have detected you are a threat' across all google properties (Android, Chrome, Gmail, Maps...).
Move to linux phones, now.
If they keep up this "boil the frog slowly" crap though, I may be migrating off of Android and over to a strictly Linux-based phone, like a PinePhone, Librem, etc.
Fuck the scumbags at the top of big tech making decisions like these.
I have no words.. or more precisely, those words are not the kind of words I'm allowed to write here.
I’m hoping that projects like Precursor can take off because we’ve buried ourselves in such mountain of complexity that seems like only a billion/trillion dollar big tech company can make an OS.
But then again, some body called BS on browsers and we might have a good option soon in Ladybug!
https://www.crowdsupply.com/sutajio-kosagi/precursor
- money - tickets - identification
They cannot force everyone to own and buy a phone.
not even to mention the h1b indian kickback stuff that's about to hit them. couldn't happen to a nicer company.
Personally: I don't use Apple because I like being able to whip together little apps to side-load without having to check in with a walled-garden mothership. If Google is going to move closer to Apple in that regard... Apple's UX ecosystem is better, so I have far fewer reason to keep using Android.
Damn the future sucks ass.
Alternatively, and that’s almost bullshit, the dumb phone trend continues and we might get devices like PDAs. Get a dumb phone and a small camera and then your PDA for everything that is essentially an app. Not sure what OS they’d run but I don’t see another way.
As long as they still allow running stuff inside of apps like that I will probably not abandon ship yet.
> Starting next year, Google will begin to verify the identities of developers distributing their apps on Android devices, not just those who distribute via the Play Store.
Odd little phrase, "distributing their apps on Android devices".
I think "distributing" in this context is in the sense of product distribution, not in the sense of distributed systems.
But "distributing...on" sounds a little odd, like Google is still providing a distribution service. (Contrary to how all the precedent of how we've thought of installing software, other than the proprietary, captive-user app stores.)
And so, maybe "distributing...on" makes it sound more like Google is (once again) entitled to gatekeep what you can run on your device/computer.
> However, developers who appreciated the anonymity of alternative distribution methods will no longer have that option. Google says this will help to cut down on bad actors who hide their identity to distribute malware, commit financial fraud, or steal users’ personal data.
Maybe it's not "developers who appreciated the anonymity" (which we immediately try to conflate with bad actors), but that the whole point lately has been to stop the greedy proprietary lock-in app store monopolies, and not have them gatekeeping what everyone else can do.
GrapheneOS won't survive the next generation of devices because bootloader unlocking will also go away (https://news.ycombinator.com/item?id=44765939), and without kernel security updates that OS can't continue.
Now there's also no more sideloading, so what purpose does Android even serve anymore?
The comment in the thread you linked directly contradicts the claim that "bootloader unlocking will also go away".
iOS does a tremendous amount of data collection including for the usage of ads as per Apple's privacy policy. All the same types of data that stock Android collects, even.
You may believe Apple is a generally better steward of that data than Google, but using iOS does not reduce the amount of data being hoovered up in any meaningful capacity.
> Now there's also no more sideloading, so what purpose does Android even serve anymore?
I hate this change, but I still prefer Android. iOS is hardly perfect nor does it do everything better...
Can you download, build, and install a basic Android system these days without touching a single piece of closed code? Absolutely. Will it be able to do much without closed binaries? No.
Android isn't GNU/Linux where there's a general ethos of making everything in userland FOSS if at all possible. Rather, it's a free OS that both Google and manufacturers can do anything they want with, including shove a ton of spy and bloatware on it, then make it to where you can't get rid of those things, at least not easily.
The optimism from 15 years ago surrounding FOSS in the mobile space is on its deathbed.
Because Google-free AOSP-derived Android distributions are far more versatile, offer far more freedom, impose far fewer restrictions and tend to end up being far less expensive than whatever the fruit factory decides their dedicants have to use today. If Google goes the way of the fruit folks and AOSP no longer offers these freedoms the next step is not to surrender to the Church of Apple but to find a way to evade those restrictions.
It’s sad that smartphones now hold so much personal and private data but aren’t really under the control of their users.
They already have a version of that - it's called Windows S Mode (Windows Store apps only, no EXEs or scripts, Edge only for browsing). If they get away with it, they would make it the default. Required Microsoft accounts was a step in that direction.
It will happen. We've been the frogs boiled in the pot for years, accepting forced attestation. Eventually they'll close off running unsigned code, and the PCs will probably have bootloaders locked to Windows as well, so you can't escape.
More and more locked down devices, Android source releases only being published once a year, device drivers for reference devices disappearing, and now, verification of all your software for your "security". The war on general computing is well and truly on.
What the absolute fuck.
What a fucking joke.
Break them up already, it's getting old.
I find it hard to state how contemptible this is. How stupid. Everyone who worked on this has blood on their hands.
In my case I keep a copy of K9 Mail 5.6 with the original UI (the reason I choose K9) and I sideload it to every device of mine. I'm afraid that I'll have to register an account and what, claim that that K9 is mine?
Apple implemented a similar change for the EU App Store earlier this year to comply with the Digital Services Act (DSA), a regulation that now requires app developers to provide their “trader status” to submit new apps or app updates for distribution.
For the record, Apple notes that the DSA requirements only impact developers distributing through the App Store, not through alternative distribution [1].
[1]: https://developer.apple.com/help/app-store-connect/manage-co...
I.e. it doesn't require this at all, it merely requires Google require verification for apps that they themselves distribute. What they've been doing all along until now plus or minus minor bookkeeping details on what data they collect.
That is most apps - but not the kind of apps Google is attacking here (personal-scale, actually-free, third-party, etc.). And "apps that are not monetized" is actually a very nice thing to filter for from a user perspective.
Of course, the world's largest malware vendors love to use government action as an excuse to do something else malicious.
Users should be allowed to brick their device if they're sufficiently stupid, but I feel bad for Google who has to deal with some of those people blaming them.
To whatever extent Google may be responding to an issue arising from the market, it is likely at the behest of large companies, especially payment processors, payment card networks, banks, etc. These institutions lately have begun to exert increasing influence over end-user activities, and it would not surprise me if they are playing a part here, too.
My position is that this is not the OS vendor's responsibility to prevent. A warning is fine. A scan for known malware by default is fine. Beyond that, it's my device and it's my choice to get software from wherever I damn well please even if it might be a bad idea.
The biggest difference these days is most folks don't even use a personal computer.
This trust me bro, our App Store is safer is just getting on my nerves. Every day we get malware popping on both app stores.
Time to switch