32 comments

[ 3.7 ms ] story [ 69.9 ms ] thread
> One of the most important themes we hear from the developer community is the need for more lead time to adapt to changes

No, it's not.

That's the biggest lie haha, if they asked a single real developer, we want less useless paperwork.
This mostly confirms that it's exactly as bad as we thought. The only clarification is that building from source and installing via adb will continue to be allowed. For now.
My understanding was that those packages still had to be signed with a key known to Google.
(comment deleted)
(comment deleted)
(comment deleted)
No need to listen. We all know how evil the intentions are. This will kill the platform, for better or worse.
> If your team’s current test process relies on distributing APKs to testers for installation using methods other than adb, you will need to verify your identity and register the package.

Absolute bullshit Google. You have no right telling me what I can and cannot run on my own devices. Regardless of how I choose to install it.

What do the OEMs have to say about this? A lot of them, including Samsung, have their own app stores. Surely they'd not be willing to cede control?
Yep, it's as bad as everyone expected it to be. "We aren't taking away sideloading, we're just going to fully control it now! No Google-unapproved code on user devices! For security reasons!"

Chrome isn't enough. We need Android to get clawed away from Google too.

they should lose YouTube as well. They’ve used it as an anti-competitive weapon in the past.

In a healthy market, Chrome, Android, and YouTube would and should be their on entities.

Googles decisision to add developer verification killed my interest in handset development entirely. But hey, at least I know what to focus my time on rather than third party app development ie. F-Droid. I look at my android phone differently now that its on the table which sucks but hey they made me switch my development time to linux drivers now instead.
The only reason I still have a Google account is because I have a android phone.

Seems like that will change soon.

Look, Google. You and me both, we don't want EU bureaucracy to get involved again... (It's going to be a different group than the chat control people. If the chat control people win bigly, this would actually support what they want. Is there, like, any connection between that and the timing of these new rules?)
Can an non-profit LLC verify itself and submit apps on behalf or anonymous developers after vetting their code? If so, that would probably a nice middle-ground.

The reaction to this change has truly changed my opinion that developer's opinions on a lot of subjects affecting the public's safety and security shouldn't be valued much (and yes, I realize I am on HN). If this is a bridge too far, then why should anyone listen to devs about "we can't backdoor cryptography" and things like chat control and more? You can't make every hill the hill you die on. I wouldn't even be against requiring a professional certification organization for developers before they're allowed to publish software to the masses. I would very much find it unpleasant, but we live in a society. You need a license to drive, to be a doctor, engineer and just about any profession where people's safety and well being is in jeopardy. Even real estate agents are licensed! and people all up in arms about a simple id verification.

This is just to address malicious code. How does the public know your code isn't full of vulnerabilities, that you're not selling their data to the highest bidder? How do they know that you have a good understanding of secure coding practices and knowledge of privacy laws? Let's talk about that instead, if you publish software for a private group of people, there should be no restrictions. If you're publishing it on a platform that would expose your software to billions of people, get a license after id verification and passing a globally standardized exam (multiple choice and a practical coding exam!).

See, the big disconnect is that most developers see software as something similar to writing a book or selling a home-made item on etsy or ebay. But in reality, it's more like manufacturing a car or a gun, or opening a bank (if your app takes payments), or even opening a restaurant or a food truck. all these things require licensing. The malware and privacy loss people suffer is akin too food poisoning, car accidents,etc.. but since it all happens virtually and there is typically no physical harm, developers are dismissive of it. This isn't the 90's anymore, people's lives and livelihoods are all online, all the security measures you can take, using signal for chat, passkeys and password managers for creds,vpns,etc.. and you're still one legit looking app install away, one convincing phish away from your phone being compromised along with all your accounts, finances , job and your entire life as you recognize it from being harmed or destroyed.

I urge you all to temper passions with reason and practicality.

More confirmation that Google is a company with too much power and should be forced to sell Android and Chrome
The year of the Linux Phone is coming!
So this is saying you have to have an Android developer account and sign the app with your identity… so a one-time $25 cost and that’s it? You can still distribute and sideload apps as long as you sign them.

Microsoft does this for Windows apps if you don’t want scary warnings popping up everywhere. Apple doesn’t even let you sideload at all for iOS and for macOS they do the forced trash malware thing unless you run commands to allow the app in the terminal.

Am I missing how this is different from what we already have on most platforms? Is it because you can’t force it to install the apps? Is there not a developer mode that lets you install unsigned apps, or a way to root the device to install apps?

No. That other people are doing bad things doesn't make it okay. It's like going to have to ask the government who I can buy stuff from. I am free to give my money to whoever and whenever I want in exchange for what I want to put in my house. None of your damn business. And none of google or the house makers business either
I'm not an android developer, so I'm missing some context and key information. But I have a question: When Google is asking developers to "register" their apps as part of this new program, are they just trying to keep a mapping from some code signing key to a government ID? Or are they trying to do a code review process that is similar to submitting to an app store?

I know both are objectionable in their own way, but these two scenarios are quite different and I want to understand this better.

> We want to make sure that if you download an app, it’s truly from the developer it claims to be published from, regardless of where you get the app. Verified developers will have the same freedom to distribute their apps directly to users through sideloading or through any app store they prefer.

This makes no sense at all.

This isn't so bad. Unlike other mobile OSes (namely iOS and HarmonyOS), you will still be able to install whatever you like on Android over a USB debugging connection (adb) without any developer verification.

It doesn't take much effort to enable Developer Options, plug into a laptop and run "adb install whatever.apk". It's kind of like the floppy disk era again, having to physically insert things into one's computer to install software. Not a big deal.

Boy do I regret signing up to a yearly plan of Google Workspace, I sure as fuck won't be renewing that next year.
One interesting aspect of this is that when using a personal Android with a work profile, developer options and ADB is (or at least can be) disabled. BYOD will then imply you can't sideload at all.
“Don’t be evil”

   However, if you prefer not to, we are also introducing a free developer account type that will allow teachers, students, and hobbyists to distribute apps to a limited number of devices without needing to provide a government ID.
So much bullshit, I'm really revolted. They want to pretend that they are nice, it is not locked down. But for real, now you will need to be registered to even only be allowed to have your app installed on maximum "a few" of your relative or friends. On hardware devices owned by consenting adults, without anything related to Google, or touching their servers, still they allow themselves a right to review. Worse than that, you test an app, want some contacts to test? Even if not giving your id, everything will have to be traced to Google HQ. Who are you? Who are your friends? ...

I lobbied everyone for years against Apple devices, switching people to Android to have a little bit more freedom. Now Google Android will be the same shit.

If people working on Google are hanging out around here, please know that your company really sucks now...