Petition to stop Google from restricting sideloading and FOSS apps

295 points by nativeforks ↗ HN
As Google will allow only apps from verified developers to be installed on Android (previous discussion): https://news.ycombinator.com/item?id=45017028

A developer started a petition to stop Google from limiting app installation on Android devices unless developers provide personal identity documents.

Even though Google has not revoked similar controversial policies in the past, we do our best as much as we can. This change particularly threatens the freedom to build, share, and use software without giving away sensitive personal information. It affects independent developers, FOSS contributors, and even regular users who want to install apps outside of Google Play.

``Just imagine giving sensitive personal, government-issued ID to a corporation to install an app outside Google Play``

Let’s stand together to protect our freedom to create and use software without handing over personal information to a corporation. Every signature, share, and voice counts here

Support the petition here: https://chng.it/MsHzSXtJnw

51 comments

[ 3.1 ms ] story [ 77.0 ms ] thread
Does Google ever care about petitions? Maybe stop using Google products is a better start.
change.org is useless
I agree with the spirit of the petition and I will sign it but I think it's better to be a petition to the EU to force google to stop their adversarial interoperabilty.

EU have done it with Apple and their trash lightning cable, forcing them to adopt the USB c standard. EU fined Meta and Google for mishandling our personal data (like all the time), and forced (kinda) both Google and Apple to allow alternative stores. This bs will not fly in the EU.

I will not tell you to stop using Google products and Android, since you are most likely a dev or FOSS on the Android ecosystem. But yeah, Google are pretty evil.

- sent from my Android - /s

Build for the web. App stores are overrated. They will continue to make the same mistakes until they are irrelevant. Eventually.
Don't hold your breath for the EU this aligns with the Chat Control being pushed. Banning people from side loading keeps you from escaping their plan of always listening.
EU has proved that they are exactly just like the big corps pushing for control and less privacy.
These online petitions are worse than useless. They don’t do anything because they fail to communicate either conviction to a cause or the relevance of the signers. And they may take someone who would otherwise do something useful, like call their elected or participate in public comment, and make them complacent.

An open letter from the lead developers and decision makers of top-rated apps in the Play Store would be useful. But that takes work, unlike an online petition.

I think the biggest impact we can have, besides getting government regulation involved, is building the market share of an alternative.
Please bear in mind that Google was perfectly aware how much negative feedback they will receive from developers and they are completely and fully prepared for it. In other words, this decision was made with full awareness that developers and "screeching voices of minority" won't like it.
I thought the Digital Markets Act in the EU would make it illegal for Apple and Google to prevent people from sideloading apps. Is there some kind of loophole that allows Google to do this anyway?
That's nice, but they won't care
(comment deleted)
I'll switch my Pixel over to GrapheneOS if this happens
(comment deleted)
By utilizing anti-user language like "sideloading" you are already submitting to their desire to own all hardware.
> Just imagine giving sensitive personal, government-issued ID to a corporation to install an app outside Google Play

In Spain, I have to give my NIE (National ID number) and show my government ID just to send or receive a package from FedEx. Why should I have to give up sensitive information just to receive a package?

It's too late. As a developer, I'm pulling all my Android apps away from the Play Store.

If Google is hostile to me an my users, I prefer to dedicate my volunteer time to respectful plateforms instead.

Can someone articulate for me why everyone seems to be opposed to this?

You can sideload apps on non-google-certified android builds/installs just fine right? If you're going to publish an app that literally be installed on billions of devices, is this not a sensible measure? Long overdue even? Why isn't Windows and Linux distros enforcing this as well is my question!

Do you guys understand that people's lives are being ruined by malware? and the most popular way of deploying malware on the most popular platform (android) is sideloading apps!

This is a similar situation as "Freedom of speech isn't freedom of reach". You can publish any android app you want, that doesn't give you the right to anonymously deploy those apps on everyone's personal tracking devices (phones).

I get a petition to allow alternative attestation and verification authorities. and honestly, I don't think Alphabet has much choice on that given EU and US anti-trust policies. I can't image the EU being ok with a US company collecting the IDs of all its developers.

For about a decade now, on Windows, you are required to have an ID-verified code signing certificate so sign drivers for example. And that has dramatically reduced rootkit abuse on the platform. Don't get me wrong, I also don't want to submit my ID to anyone. But this is a very sensible measure, one that will improve security in measurable and significant ways to millions of regular people.

Requiring ID won't stop scams.

Often bank scams rely on sending money to another account (obviously registered with an ID), and then being drained at ATM. The account is going to be registered on a drop or another victim. Sure, it's burned after that, but as long as it's an insignificant cost, scamming is still profitable.

The same situation with malware, bad actors are incentivized to put effort into bypassing this, so dev accounts will be registered on random homeless people, stolen IDs, or just fake IDs. While normal developers will choose to give away IDs.

And as always, it starts with 'protect the children/elderly/vulnerable', then that authoritarian country requires Google to give away info on every developer to operate legally, then it's UK and other 'democracies', then you can't run your code on your device without the government approval.

I just realized how powerless we are. The situation is almost unavoidable. Majority people will just accept this. They are unaware how restricted they are, thus they don't care.
When I was back there in Seminary School

There was a person there

Who put forth the proposition

That you can petition the Lord with prayer

Petition the Lord with prayer

Petition the Lord with prayer

You cannot petition the Lord with prayer!

If you truly want to protect your rights then don't petition Google, but instead petition FTC and other antitrust agencies. Petitioning Google just establishes that they have a choice here.

Save your effort and invest it in making alternative OS better.
(comment deleted)