From the very first announcement of this, Google has hinted that they were doing this under pressure from the governments in a few countries. (I don't remember the URL of the first announcement, but https://android-developers.googleblog.com/2025/08/elevating-... is from 2025-August-25 and mentions “These requirements go into effect in Brazil, Indonesia, Singapore, and Thailand”.) The “Why verification is important” section of this blog post goes into a bit more detail (see also the We are designing this flow specifically to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer), but ultimately the point is:
there cannot exist an easy way for a typical non-technical user to install “unverified apps” (whatever that means), because the governments of countries where such scams are widespread will hold Google responsible.
Meanwhile this very fact seems fundamentally unacceptable to many, so there will be no end to this discourse IMO.
Excuse me, what exactly is "sideloading"? If I wanted to run third-party code on a system through the means that's supported by the system, then it should be called "running", it's a part of normal operation.
The word "sideload" made it sound like you're smuggle something you shouldn't onto the system. Subtle word tricks like this could sneak poisons into your mind, be watchful.
Edit: be sure to read geoffschmidt's reply below /edit
The buried lede:
> a dedicated account type for students and hobbyists. This will allow you to distribute your creations to a limited number of devices without going through the full verification
So a natural limit on how big a hobby project can get. The example they give, where verification would require scammers to burn an identity to build another app instead of just being able to do a new build whenever an app gets detected as malware, shows that apps with few installs are where the danger is. This measure just doesn't add up
> we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified. We are designing this flow specifically to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands.
As long as this is a one-time flow: Good, great, yes, I'll gladly scroll through as many prompts as you want to enable sideloading. I understand the risks!
But I fear this will be no better than Apple's flow for installing unsigned binaries in macOS.
Please do better.
In light of Google's recent push to eliminate this, I went and installed F-Droid to see what we'd be losing. I had thought about it for years, but always held off on doing it on my daily driver phone because I simply didn't want to open the floodgates on allowing apps to start randomly installing on my phone.
But having done it, I'm actually pretty impressed with the existing security. At least on my S24, you have to both enable sideloading at the system level, and enable each specific app to be allowed to "Install other apps" (e.g. when I first tried to launch the APK that I had downloaded from Firefox, I received a notification that I would need to whitelist Firefox to be allowed to install apps. I decided no, and instead whitelisted my File Manager app and then opened the APK through that).
I then installed F-Droid, allowed it to install other apps, installed NewPipe, and then toggled back off the system-level sideloading setting. NewPipe still works, and I don't think anything else can install. This satisfies my security paranoia that once the door to sideloading is opened that apps can install other apps willy-nilly. Not so.
So I really don't see what this new initiative by Google solves, other than, as others have said, control. The idea that somehow all user security woes come from sideloading apps and they would somehow be safe if they simply stuck strictly to the Play Store is patently untrue, given the number of malware-laden apps currently lurking in the Play Store.
This is the worst of both worlds, you can spread your malware as a sideloaded apk just fine, but when it's so big that you're probably burned anyways, then you need to verify your account.
I think a better compromise would have been for google to require developer verification, but also allow third party appstores like f-droid that don't require verification but still are required to "sign" the apks, instead of users enabling wide-open apk sideloading. that way, hobbyists can still publish apps in third party stores, and it is a couple of more steps harder for users to fall for social engineering,because they now have to install/enable f-droid, and then find the right malicious app and download it. The apk downloaded straight from the malicious site won't be loaded no matter what.
Google can then require highlighting things like number of downloads and developer reputation by 3rd party appstores, and maybe even require an inconsistent set of steps to search and find apps to make it harder to social engineer people (like names of buttons, ux arrangements, number of clicks,etc.. randomize it all).
What frustrated me on this topic from the beginning is that solutions like what I'm proposing (and better ones) are possible. But the HN prevailing sentiment (and elsewhere) is pitchforks and torches. Ok, disagree with google, but let's discuss about how to solve the android malware problem that is hurting real people, it is irresponsible to do otherwise.
> Keeping users safe on Android is our top priority.
I highly doubt this is your "top" priority. Or if it is then you're gotten there by completely ignoring Google account security.
> intercepts the victim's notifications
And who controls these notifications and forces application developers to use a specific service?
> bad actors can spin up new harmful apps instantly.
Like banking applications that use push or SMS for two factor authentication. You seem to approve those without hesitation. I guess their "top" priority is dependent on the situation.
"Allow". This is the entirety of the problem. They are allowing things on my machine that I purchased with monies that I leased my soul for.
Anyway, I am already planning for a future in which Google does not feature as prominently as did until now. Small steps so far ( grapheneOS ), but to me the writing the wall is unmistakable. Google got cold feet over feedback and now they can allow things.
When negative publicity ends, they will start working towards further locking it in again. I am personally done with passively accepting it. It might be annoying, but it degoogling is a simple necessity.
Sounds like they're rolling back the mandatory verification flow:
Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified. We are designing this flow specifically to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands. We are gathering early feedback on the design of this feature now and will share more details in the coming months.
The key question for me is whether this "advanced flow" will allow the practical use of entirely separate app stores (like F-Droid) or if they're going to throw up tons of barriers for every individual app install.
8 days ago Google and Epic announced a proposed settlement and modification of a permanent injunction that Epic won, I believe this proposed settlement would likely have prohibited Google's plan to forbid installation of third party apps (excluding app stores from the definition of apps) unless those app developers had paid google a registration fee. The proposed settlement is here [1], the relevant portion is
> 13. For a period beginning on the Effective Date through June 30, 2032, Google will [...] and will continue to permit the direct downloading of apps from developer websites and third-party stores without any fees being imposed for those downloads unless the downloads originate from linkouts from apps installed/updated by Google Play (excluding web browsers).
6 days ago the court expressed skepticism as to the proposal and announced that they'd have a hearing, with testimony from expert witnesses, as to whether it would prevent the market harms that the original injunction was trying to cure [2].
Today Google announces this, effectively confirming that they're backing down from their requirement that third party app developers pay google prior to distributing their apps.
Nothing (yet) is explicitly tying these together, but I can't help but suspect that this move is in large part being made to convince the court that they're actually intending to honour this portion of the proposed injunction even though Epic would have little reason to enforce it.
[1] https://storage.courtlistener.com/recap/gov.uscourts.cand.36...
[2] https://storage.courtlistener.com/recap/gov.uscourts.cand.36...
I don’t like to see the word “allow” in the same sentence with a device I own.
In the end when supporting the non tech people in the family, what I would really like is to setup their device so they can install anything on Fdroid but nothing from the play store (unless approved by me) nor direct from an apk.
They will just add a flag in the SafetyNet service to let other apps know if non "verified" apps have been installed.
You will not be able to use any of your banking apps without first removing all of those...
We need alternatives, this will not work and is a risk to freedom/democracy for all of us.
Switzerland is implementing a digital ID[1]. It will be made available to the most common devices and is open source. However Google and Apple can just remove it, what then?
I'm already annoyed by the fact that when I upgrade my own apps, self-developed and only used by me, which are installed either from Android Studio or by letting the app itself download the update from my server (with the app installation permission) and me then installing it, that I must send the app to Google for them to make a security check.
It's not an option, even if they pretend it to be one: if I click the text "install without scanning", nothing happens. I must accept the big button that uploads the app for a scan. It's none of their business.
ADB is no alternative for me, because it's easier for me to send a websocket command to my 9 devices (mostly dashboards) so that they download the file and start the upgrade process, so that I then only need to press the "upgrade" button manually on each device. Remove the dashboards from the walls, just to plug an USB cable in them, to upgrade the apps?
* "Android Developer Verification Discourse" by agnostic-apollo (https://github.com/agnostic-apollo), Termux app (https://github.com/termux/termux-app) developer: https://gist.github.com/agnostic-apollo/b8d8daa24cbdd216687a... (gist.github.com/agnostic-apollo/b8d8daa24cbdd216687a6bef53d417a6) and https://old.reddit.com/r/termux/comments/1ourtxj/android_dev... (old.reddit.com/r/termux/comments/1ourtxj/android_developer_verification_discourse/)
* "Android Developer Verification Proposed Changes" by agnostic-apollo (https://github.com/agnostic-apollo), Termux app (https://github.com/termux/termux-app) developer: https://issuetracker.google.com/issues/459832198 via https://old.reddit.com/r/termux/comments/1ourtxj/android_dev... (old.reddit.com/r/termux/comments/1ourtxj/android_developer_verification_discourse/)
So there was the very concrete problem that F-Droid could not continue to function with the verification requirements, because they rebuild every app and so would have to know every key.
Do the changes here do anything for F-Droid?
Ancedotal: I used to believe in this "freedom to install". Than my Father got scammed (~$1000) in the name of Electricity recharge. The APK was sent over WhatsApp. Now I am not so sure how to implement this freedom. At the bare minimum there has to be big red warnings.
One thing which can immediately improve security is forbidding SMS read access forever. Just like Apple does. No App should be able to read SMS.
It's not "sideloading". It is "installing". Just installing the software you want, on the device you own. I am not "sideloading" applications on Windows, either. I download and install them. And before the internet, you got your software on CDs or floppies and ... installed them. This is nothing new. The term "sideloading" somehow implies you are circumventing or side stepping some mechanisms or protections in a non-sanctioned / nefarious manner. I am not. I just install software on my phone.
Damn. I was excited by the prospect of Google shooting themselves in the foot, inspiring people to make Android replacements that aren't privacy and process nightmares. With this (partial) capitulation, the path of least resistance will remain a proprietary, corporate-controlled, bloated walled garden.
> Keeping users safe on Android is our top priority.
Then let me decide which apps can access the internet, and which app can access which domain names / IP addresses.
Because it feels like there are a lot of DATA THIEVES out there, selling my data to companies you work with.
We call them Firewalls on the PC.
I don't understand the title, it's exactly the reverse, they will force verification for sideloading, even if they say they would have lighter requirements for hobby apps with low install number
There are many real-world sideloading abuse cases in China. Attackers often trick victims with plausible stories—e.g., claiming a flight is delayed—and ask them to sideload an app (a remote‑meeting or remote‑control tool) to share their screen. Once installed, the attacker can view the victim’s screen and intercept SMS 2FA codes for online banking or other sensitive accounts.
Other schemes include impersonating sex workers to lure victims into nude video chats, then persuading them to install an app that harvests private content and contacts for blackmail.
If I install Android on a Raspberry PI do I still have this restriction?
Can I use FDroid?
This brings back memories of "sure you can root your phone, but if you do secure apps like payment won't run anymore"
Are there any entities on earth with resources to compete with a complicit global duopoly?
If Android is open source, why can't/won't a community fork it? Graphene OS exists but many folks claim Netflix and banking apps do not work with it (despite allowing logins from any common desktop browser)?
If all widely-accepted phone operating systems are de-facto proprietary, what does this say about the current phase of society?
What choice do non-billionaire/millionaire humans have for living in a single-planet society where technology is so highly integrated (and the inherent non-consensual compromises)?
What If the little people are going to get squeezed even more?
Troubling questions.
So an interesting intellectual exercise is to try to figure out how you would create a power user toggle that is coercion resistant. The best I've been able to come up with is a timed lockout that is random in how long it takes to allow you to finally move into power user mode. So like a random value between 1 hour and 24 hours and you say I want to be a power user and then it says you have to wait 3 hours and 27 minutes before you can become a power user. Randomness because a scammer could optimize around a particular time period that was predictable.
Other thoughts on how you could make a coercion resistant power user toggle? I'm very excited that Google's thinking about offering this because it gives me faith that just because I chose to be in a minority, I won't be relegated.
On the flip side, I was so shaken by the original announcement that would kill off F-Droid that I've been very actively looking into building my own mobile device that runs Linux. I purchased the components for a Hackberry Pi that I'm hoping to build in the next couple of months, but knowing that Android won't kill off F-Droid entirely is heartening.
What prohibits Google from offering a way to register your long-term app signing key without identity verification, publishing apps that are still verified by their automated tooling and then opting in to the usual denylisting/app store banning methods if those apps are malicious? This identity verification requirement is basically just an easy way for illiberal governments to find ways to crack down on apps they do not like (such as say, ICEBlock or whatever)
Glad to see Google come to their senses on this. Disabling it entirely would have basically guaranteed an exodus of power users over to iOS. If your only choices are walled gardens, you might as well pick the easiest, prettiest one.
> Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified. We are designing this flow specifically to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands. We are gathering early feedback on the design of this feature now and will share more details in the coming months.
I don't agree that this is something that should be restricted to "advanced" users, even. One of the basic freedoms that protects users from the unilateral control of the developers, is other developers (like me) being able to patch apps and distribute them to friends and family, without making a public fork or meeting play store requirements. Take for example, youtube revanced. If I want to help my friends by making a private f-droid or obtainium repository, to save them the trouble of going through the (legal!) process of patching and updating the app themselves, right now I can do this. If this requires going through a lengthy process instead, that may or may not be detectable by apps that will then choose to cease to function (this has happened with rooting), my ability to help friends and family as someone with the know-how and experience gets reduced significantly. There's many things that don't fly on the play store, such as the completely legal NewPipe, AdAway, and Termux applications, and while I can sign up for the developer verification, it's not clear to me under what circumstances the verification can be terminated.
Google still hasn't changed anything but took the opportunity to again insult their customers within the first headline, titled "Why verification is important".
Google goes on to say how taking away one of your last remaining rights is good for you, if you like it or not.
It is clear to everyone why Google is partnering with governments around the world to remove our rights to installing apps. Laws are not on your side and must be reevaluated on an individual level to move forward. You decide your own terms, you have the power.
Only we can stop this together.
This is the last moment we can use to move out of this platform. We've already given basically all the control on our lives to two companies. They will decide one day that government will know our each move, our WiFi password, number of appliances, our body temperature and chemical compounds of our bodily fluids - every sensor that is connected to the system. 1984 all over again but this time IRL
This is old rule: you don't need to take over control of all the people, you just need to take over those two-three suppliers that are covering all the people. If for example new politician Tronald Dump will take seat in 2035 in USA and they will try to push their agenda to other countries, they will take over the LLM, phone and OS providers, namely OpenAI, MS, Apple, Google. That's all to control to have the souls ruled all over the world. If something must vanish, will vanish. Like in the Ministry of Truth
If adb is unrestricted and can work with the Linux command shell (something I seem to remember I had read about before; you will need to enable the developer mode to use it), which is aparently a separate system but runs on the same device, although if it has the ability to communicate with the main Android system using adb (which it might be reasonable to require that to be explicitly enabled with another setting, for additional security in case you do not use adb), then this would help since you do not require another computer that would be compatible with adb in order to do it.
However, I think there are other things they should do as well (in addition to the other things) if they want to improve the safety, such as looking at the apps in Google Play to check that they are not malware (since apparently some are; however, it says they do have some safeguards, so hopefully that would help), and to make the permission system to work better (e.g. to make it clear that it can intercept notificatinos; there are legitimate reasons to do this but it should require an explicit permission setting to make this clear).
Super obvious move. It will probably make you type "I understand I am Gonna get haxxored" while clicking a moving dot 5 times and promising you are super power user. This would have been the end of android as a phone OS.
Interesting. Did Google submit due to pressure? I have no idea. But if so then it shows the power people have. Perhaps we can make Google less evil if we complain a lot about things they do.
Actual title is "Android developer verification: Early access starts now as we continue to build with your feedback"
Two key announcements:
> we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified.
> We are using your input to shape a dedicated account type for students and hobbyists. This will allow you to distribute your creations to a limited number of devices without going through the full verification requirements.
> When the user logs into their real banking app, the malware captures their two-factor authentication codes
That seems like a severe security bug in Android APIs or sandboxing or something else.
> bad actors can spin up new harmful apps instantly
Why are harmful apps possible at all?
so still distributing with f-droid is messed up? i now have to pay a fee to develop an open-source app via f-droid to everyone?
this is a misleading title. they only allow side-loading unverified apps only on fewer devices.
> Google will allow users to sideload Android apps without verification
Mercedes will allow drivers to carry passengers without verification.
Sounds silly, doesn't it?
"We have realised that boiling the frog this fast will result in it jumping out of the water. Therefore we have slowed down, but remain steadfastly devoted to seeing this frog boiled"
"Keeping users safe on Android is our top priority." This is propaganda. It is a statement made to dissuade people from the real issue. The top priority is to make money.
It is hard to to trust anyone who starts communication with an obvious falsehood. Users beware.
> Google will allow users to sideload Android apps without verification
Ford will allow drivers to carry passengers without verification.
Sounds silly, doesn't it?
Security by obscurity. That's my device, that's my decision to install whatever I want.
I see here and there some comments about someone was scammed, etc… Lack of knowledge of users is not a good reason. They still will get scammed, in a different way, but outcome will be the same.
On PC one can install whatever want - and nobody is blaming OS for it.
Google is about to find out the next step of this chain - give access to everyone, don't gatekeep / do checks, and yet take responsibility for anything that goes wrong.
"You should open up the tool, put no restrictions, and yet ensure that it is safe and secure" is an impossible task for anyone.
I will never use the term 'sideloading' for 'installing'.
If it doesn't require a Google account and just means jumping through a bunch of hoops the first time, maybe requiring a USB cable, OK. If it does require a Google account, or won't let you give permission to F-Droid to install stuff, I call foul.
We really need to banish the term "sideloading". Installing apps on a terminal is just that, and for as long as I remember on windows, Linux it has always been just that.
Google mentions about being on a call, and being tricked into handing over codes. So why not use signals and huristics to decide?
If user is on a call, block any ability to install a shady app. Implement a cool down before that functionality is restored (say 24 hours). It can also detect where the user is based to add additional protection (such as mandating the use of play protect to scan the app before it's activated and add another cool down regardless).
There's lots of ways to help protect the user but it's wrong to ultimately control them. The real world is full of scary dangers that technology is trying to solve but is actively making things worse (such as computerized safety systems in cars).
Ultimately, the user is responsible and whilst it's palpable Google would want to reduce harm in this specific way, we know authoritarian governments would also love to be able to dictate what software people can run. The harm to democracy is simply too great in favor of saving a few people's money.
Mobile is such a second class operating system platform. I look forward to doing everything with Meta eyewear that also corrects vision impairments.
> We are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified
I believe they will push responsability onto OEM.
Google's move is very good for the web. By pushing app makers away from walled platforms, you turn them to standardized, open ones such as the web.
"Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified. We are designing this flow specifically to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands. We are gathering early feedback on the design of this feature now and will share more details in the coming months."
So they haven't actually changed anything yet, but they say that they will "in the coming months."
You don't own that device you paid >$1000 for because google deems it so
This is great news to me. I'm going to celebrate it. As evil as everyone thinks they are, they did the right thing here. Thanks google.
While we are at it, please also reject the framing of "sideloaded" apps. This framing pushes the use of legitimately installed, often high-quality, software to the periphery. This framing is an essential step in extinguishing our computing freedoms, as "sideloaded" apps are easily cast aside.
Recently I wanted to find a good app to manage my shopping lists as well as keep an ordering of this list so that I could run through the supermarket more efficiently. I really hate backtracking the supermarket to get some item on my list that I forgot was in a spot I'd already been. Of course, it had to work offline-first and I didn't mind a bit of configuration.
Everything on Google Play Store was some cloud-integrated garbage app. The only app that came even close was an app on F-droid called Aisleron, which lets you manage both your home stock and supermarkets in terms of "aisles" of products, flipping easily between what is in stock and what is needed and then managing an aisle-based sorting of these products per supermarket that I frequent.
Great App! However, I worry that this app would never have been released had Google considered actively blocking the author from creating legitimate and highly useful pieces of software like Aisleron.
how to make people forget about your bad practices
1) announce decision that will make everything even worse
2) wait for negative opinion
3) announce walking back on the decision
4) observe general sense of relief
The only way this can be stopped is to make it costly to even announce "decisions making everything worse"
Ahh yes,the slow boiling continues.
So if I want to release a free android game my options are.
A: Hope Google doesn't change course again.
B: Give Google a copy of my apartment lease,
Would be too hard for them to ya know actually implement sandboxing which would prevent this.
Anything aside from full bootloader access means I'm renting my device.
Too late now though.
Tying app distribution to a verified identity definitely raises the cost for scammers. But the devil's in the implementation. If "verification" ends up being too bureaucratic or expensive, it risks pushing legit indie devs and hobbyists away from the ecosystem entirely
Oh thank goodness, hopefully its implemented in a way thats not annoying for pro users
Southeast Asian scammers - they could've directly said from India/Pakistan.
They didn't say no changes. They are just saying we'll address the concerns of hobbyists and students.
Lets not celebrate prematurely and let us wait for more details on whats actually changing both technically and process wise. We should demand more clarity and should not wait to discover it after the implementation at which point it is hard and nearly impossible to push back against.
We don't want to be in a situation where they technically make it possible but make it practically impossible to install apps outside playstore.
> his will allow you to distribute your creations to a limited number of devices without going through the full verification requirements.
Sorry, *allow*? ALLOW?
I'm sorry. My device. My software. My customer or friend. You don't have the right to insert yourself into the process. Very kind of you to ALLOW me to do something you have no involvement in whatsoever.
Like everything google do the real reason for the plan is to let google insert themselves unwanted into someone elses business so they can extract money from other people's work.
I would bin my android phone now if the alternatives weren't even worse,
I have been an Android fan-boy since 2010 (hello HTC Evo!). Blackberry until that. Never owned an iPhone until a month ago. There really is not a benefit to owning an Android smartphone anymore if they are going to knee-cap F-Droid.
The Tyranny of the Marginal User strikes again.
Over the long run this might help Android a lot
The current title of this submission is
> Google will allow users to sideload Android apps without verification
Which seems to be false. As far as I understand, Google still requires verification.
We need Linux phones stat.
If everything’s completely open, it could lead to a higher rate of malware installs.
Glad to see them being less evil.
That blog post really downplays the issue that people have with the verification requirement and is tone-deaf. The resistance to get Google's blessing for app distribution is definitely not limited to students and hobbyists - and I don't think that's even the biggest affected group.
> Keeping users safe on Android is our top priority.
I'm really over third parties telling me that my safety is their priority. Unless you're transporting my body (ie, airline, ride share, etc), then I really don't need you to be looking out for my safety. See the problem is: when you do look out for my safety, you do it by giving yourself control over my life that is not healthy for either of us.
Let my safety be my concern, and the functionality of your product can be your top priority.
Imagine you could do with your hardware what you wanted. Brave. Innovative. Revolutionary.
/Old man laughing at "cloud" that is my baremetal.
Now allow individuals to release apps again.
Sorry, really confused user here, so can someone ELI5 for me? I was looking to go to GrapheneOS, will this effect that at all? The title now says they will allow side-loading and it sounds like good news but everyone in here is still complaining. I do not mind this extra step and I think it is way better than what my POS iPhone 16e with Liquid@ss is offing me.
"Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified. We are designing this flow specifically to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands. We are gathering early feedback on the design of this feature now and will share more details in the coming months. "
That's by far not good enough. Google's reasoning is principally flawed.
First of all, there is principally no good reason why adult people should be patronized by Google or other companies and kept from installing the software they want to install. Limitation of numbers just means that I cannot publish my .apk and let users install it freely. However, anyone who is allowed to smoke, drink alcohol, or get a motorcycle, should also be allowed to install whatever application they want. It's a matter of basic individual freedom.
Second, the majority of reasonable users cannot be restricted from using their device as they wish just because a small minority falls for scams. A minority of people also drink themselves to death, die in motorcycle accidents, or smoke. There is nothing wrong with taking risks and taking responsibility for one's own life. We don't need for-profit corporations to hold our hands.
Third, if they believed their own arguments, then they'd make certain functions such as intercepting SMS messages and installing a custom keyboard subject to stricter requirements with potential developer verification and keep the OS open and free otherwise. This would be a piece of cake since the technical infrastructure is already there on Android. The fact that they don't clearly indicates they're hypocrites and want to control users and developers, make 3rd party app stores harder or impossible, control which apps they "allow" as part of anti-competitive behavior, and possibly extract some extra cash from developers in the future.
It's a pity how private computing is destroyed and that's the reason we all have to use inferior web apps until browsers are closed down in the same way in the name of security theater.
>This is why we announced this change early: to gather input and ensure our solutions are balanced.
Sounds like just trying to save face, they didn't have a language of "we're only _MAYBE_ stopping everyone from installing non-verified apps" back then. They were quite adamant.
But happy that they're dropping the craziest part of this in any case. Won't stop me from investigating Graphene OS and other options when getting my next handset though, the previous move surely caused a jolt in my interest.
>we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified.
This is exactly the right thing to do and the best possible outcome. Google is correct that arbitrary Software installation can be harmful to users, especially those with limited technical knowledge. At the same time there are many users who want to install software freely and should be able to do so.
The compromise of a clear and unambiguous warning of the potential dangers, which the user is then allowed to accept, seems very good and the right thing to do.
Sideloading? Really? So I'm not installing stuff on my phone, but sideloading... must be something illegal, isn't?
Good job everybody, just don’t start complaining when your family members installed malware, their banking and health information is leaked, and you have to fix this for them.
..does Valve wanna make a phone any time soon?
I can access any website or webapp without verification. I can install any app on my PC without verification.
I assume the results of my actions and I accept that if something bad is going to happen, it's my fault. I am fine with that.
I want the same kind of freedom on my phone, a device I own and I payed for with my own money. I am not smarter when using the PC and dumber when using the phone. I want to be able to opt out of verification and install whatever I want.
This monopolist dictates its demands. It's pretty outrageous behaviour from a company that has grown by parasitizing Internet infrastructure built with taxpayer money. That's how far you get by bribing every US politician. It's a banana republic, a fucking shit show.
[dead]
I have to admit I couldn't even understand this problem, because for me the "stock OS" is already unbearable and I'd simply never be able to use it - I've never used it for more than a hour..
Great! Based on this, I would like to sign up to get early access to Android Developer Console (to distribute apps ONLY outside the Play store). The article explains that they will start sending out invitations to people on the waiting list.
But it does not say (or I can't find it) how to JOIN the waiting list. Does anyone know how?
I want to be able to install apps from alternative app stores like F-Droid and receive automatic updates, without requiring Google's authorization for app publication.
Manually installing an app via adb must, of course, be permitted. But that is not sufficient.
> Keeping users safe on Android is our top priority.
Google's mandatory verification is not about security, but about control (they want to forbid apps like ReVanced that could reduce their advertising revenue).
When SimpleMobileTools was sold to a shady company (https://news.ycombinator.com/item?id=38505229), the new owner was able to push any user-hostile changes they wanted to all users who had installed the original app through Google Play (that's the very reason why the initial app could be sold in the first place, to exploit a large, preexisting user base that had the initial version installed).
That was not the case on F-Droid, which blocked the new user-hostile version and recommended the open source fork (Fossify Apps). (see also this comment: https://news.ycombinator.com/item?id=45410805)