478 comments

[ 0.14 ms ] story [ 142 ms ] thread
Google to make sideloading Android apps _harder_ by _force_ verifying developer identity for 25$ and bunch of legal documents.
Additionally, this kills apps like Revanced, NewPipe, SmartTube that will now be required to give out ID to Google, surely that's something they really want to do. All Open source development is at threat, Google's absolute dogshit procedures already imposed for the play store now imposed to the entire ecosystem. All for a shitty system that breaks down to "registering package names". Cool then, guess it's time to typo squat on every variant of com.faceboook.app, because users definitely check the package name and not "oh the icon is right and so is the title".

More and more locked down devices, Android source releases only being published once a year, device drivers for reference devices disappearing, and now, verification of all your software for your "security". The war on general computing is well and truly on.

What the absolute fuck.

The core benefit of Android over iOS for me has always been that it's my device, not Google's.

They've been chipping away at this over the years. Safetynet was the first offense, but if they start restricting app installation from sources of my choice (I hate the term "sideloading"), there's not much advantage left.

I agree 100% with you. I am in a similar situation, rooted and unlocked, slowly but surely getting access restricted.

Google is trying something which will be a net negative for everybody, instead of keeping this _massive_ USP that also keeps a core userbase. Might as well switch to iOS now, I don't have anything which keeps me on Android.

This has the potential to be disastrous for Google, but maybe not.

Personally: I don't use Apple because I like being able to whip together little apps to side-load without having to check in with a walled-garden mothership. If Google is going to move closer to Apple in that regard... Apple's UX ecosystem is better, so I have far fewer reason to keep using Android.

What would happen to projects like F-Droid, Termux, etc.?
Why even run Android at that point anymore? iOS devices get security updates for longer and have much less data collection than stock Android.

GrapheneOS won't survive the next generation of devices because bootloader unlocking will also go away (https://news.ycombinator.com/item?id=44765939), and without kernel security updates that OS can't continue.

Now there's also no more sideloading, so what purpose does Android even serve anymore?

Official announcement: https://android-developers.googleblog.com/2025/08/elevating-...

More info:

https://developer.android.com/developer-verification

https://support.google.com/googleplay/android-developer/answ...

Personally...we all know the Play Store is chock full of malicious garbage, so the verification requirements there don't do jack to protect users. The way I see it, this is nothing but a power grab, a way for Google to kill apps like Revanced for good. They'll just find some bullshit reason to suspend your developer account if you do something they don't like.

Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.

> we will be confirming who the developer is, not reviewing the content of their app or where it came from

This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.

TFA had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.

On the flip side, that's one less platform I care about supporting with my projects. We're down to just Linux and Windows if you're not willing to sell your soul (no, I will not be making a Google account) just for the right to develop for a certain platform.

Play Protect is just spyware to monitor app usage & exploitation. It doesn't prevent or protect anything.
It's never about security (at least not user's security). It's like you pointed out only about power and locking in customers. They don't care if your phone gets hacked or you bank account drained. They care about the bottom line. Android is fine. Google should have 2 layers if they're worried playstore 1 has only well vetted authors and apps. playstore 2 can be the free for all (mostly) of the current store. These could be two different apps or prominent tags. Choice is good, lock down is bad. Corporate does not like employees or customers to have freedom, that's why it's our duty to fire people like the current US regime who always side with corporations over customers.
So KYC but C is “competition”.
> Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps

Of that they still refuse to sandbox the play store.

It's easy to see that there's a pattern on what they are copying from GrapheneOS.

There's a reason Google is targeting a few specific countries with this first. Malware from APKs downloaded from the internet is more prominent in some countries than in others. The governments themselves are asking for this because educating the public has turned out to be an impossible task for them.

Still an awful solution that will get bypassed easily, of course. But there's more to this than "Google decided to be a bunch of dicks today".

What is the hidden internet permission called? Is there any way to enable or see it?
"we all know... Play Store... full of malicious garbage" - please point out how that statement is true, given we all know this apparently.

Yes, there are apps out there that try to trick the system and when you use them, instead of looking innocent, it's actually a casino app or something. But Google usually finds those. Are there any apps impersonating a bank? Because that is what regular people care about & think of when someone says "malicious".

They don't care if an app tracks what other apps are installed, what the user taps on, etc. Arguably they should care, but they don't lose money from it.

The future for security conscious will be something like grapheneOS for phones, but a step further where the device can only securely connect to your home computer and access regular software there. If you must, run segregated, whitelist only networking, virtual machine apps
> Google notes “supportive initial feedback” from government authorities and other parties:

Ah, then I guess everything is fine. I'm sure they aren't in favour because it gives governments greater control over what apps we're allowed to have on our phones. That would be absurd.

It makes perfect sense. Clients of Google are businesses and governments, not users of free products. They used to be less open about it until recently
Sorry, we're getting rid of Revanced, Newpipe, Xmanager, etc. for your own good. Just like how Manifest v3 was for security. /s
They saw Apple getting away with notarization under the DMA so they're doing the same. I must admit the mass demotivation strategy is working really well. Seeing this kind of news every single day, affecting you directly and not even being able to do anything
Yep. I feel powerless, and I don't know what to do. I don't think there is anything I can do, except for watch all of technology get locked down to the point that you need a monopolist's or a government's permission before you do anything with it.

It's so fundamentally depressing, and completely at odds with how I grew up viewing tech.

@hollow-moe do you have a reference to "Apple getting away with notarization under the DMA"?
So that's it then.

If this actually goes through, there will be no option in the mobile OS market for an OS that both:

a) allows the installation of apps without any contractual relationship with any party, and

b) allows the use of mainstream and secure apps like banking

Banking apps were at the forefront of freedom-eroding "safety" for a long time now.
This is crazy. I can't install my own apps on my own phone anymore.

I am gonna start carrying around a laptop with a 5G modem instead.

What was the last time there were some actually good news in big tech? For those that don't hold stocks I mean.
Does this break F-Droid?
Only for all the developers on F-Droid who refuse to register with Google...
I cannot resist the urge to point out that we wouldn't have had this problem if people actually sticked to free software instead of "commercial use friendly" open source licensing
That's not a good move at all.
Time for a Steam Phone. Or FirefoxOS reloaded. The general purpose mobile computing market must be sizeable. I cannot believe everybody just puts up with these increasingly draconic restrictions.
So, now there will be a single kill switch where a malicious government can legally compel Google to annihilate apps not of their liking.

I find it hard to state how contemptible this is. How stupid. Everyone who worked on this has blood on their hands.

If this is enforced via Play Protect, then the whole mechanism can likely be disabled with:

    adb shell settings put global package_verifier_user_consent -1
This does not require root access and prevents Android from invoking Play Protect in the first place. (This is what AOSP's own test suite does, along with other test suites in eg. Unreal Engine, etc.)

I personally won't be doing this verification for my open-source apps. I have no interest in any kind of business relationship with anyone just to publish an .apk. If that limits those who can install it to people who disable Play Protect globally, then oh well.

I really hope this ends up being possible! Play Protect seems to jump up every so often and try to scare me into turning it on. Very annoying. I've wanted to disable Play Protect permanently, but never did the query to learn how, so thank you.
Would be a real shame if this also nuked your safetynet trust score if they realize too many people are using this escape hatch...
I really hope this is done via Play Protect. You can also disable it temporarily in Google Play and install whatever you want.
I kinda feel like they'll make sure any workaround for this will ensure you can't use banking apps, Google Pay, etc.
There's also the related "Verify apps over USB" setting which is even exposed in the developer mode settings GUI.
It seems that it was only about time… it just feels like the pace of enshittification with big tech being able to get away with anything is crazy!

I’m hoping that projects like Precursor can take off because we’ve buried ourselves in such mountain of complexity that seems like only a billion/trillion dollar big tech company can make an OS.

But then again, some body called BS on browsers and we might have a good option soon in Ladybug!

https://www.crowdsupply.com/sutajio-kosagi/precursor

The new face of Embrace, Extend, Extinguish.
As a developer of android apps that get distributed outside of the Play store, a Google identity verification system sounds like a nightmare. What if I'm deemed to be politically incorrect? Will Google brand safety exclude me?
(comment deleted)
> developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer. We believe this is how an open system should work—by preserving choice while enhancing security for everyone

I guess words don't don't have meaning anymore, how can you claim to have an open system in an announcement about closing it down?

It's also telling that the big supporters of this are apparently corporations and governments. Admittedly I don't know what "Developer's Alliance" is but they don't seem to care about developers very much, and I wouldn't surprised if they were just a "pay us to say what you're doing is good for devs" kind of thing

> developers will have the same freedom to distribute their apps directly to users

You have here Google making a statement it can't actually fulfill and one that it knows it can't fulfill. So Google is willfully lying here.

The minute Google has a technical capability to control what applications run on Android it's out of their hands. It is in the hands of courts, governments, dictators and authoritarians. That's just the nature of the world - Google has to obey the law and Google doesn't make the laws.

I guess it sounds hysterical, but in that sense, this is an absolutely massive loss of freedom for the entire planet as communication power that rested with individual choice is now transferred wholesale back to governments by this decision.