70 comments

[ 6.2 ms ] story [ 43.9 ms ] thread
TBH this doesn't seem a particularly high friction change. It seems very like what we have to do already, or like what we do on OSX.
I absolutely HATED the first time I had to deal with it... at least now it works a little better.. but the first version didn't actually tell you that you needed to go into security settings right after to enable the install.

Still not a big fan of it... though admittedly mostly just install stuff via brew/cask more than direct downloads as a result.

They did not specify what exactly is the new workflow is/what is high friction about it in the post no?
> like what we do on OSX.

You are on macOS. Not others. You are following Apple. We don't.

How does this relate to the announcement from a while back about introducing signatures that tie back to Google? (IE trusted developer program or whatever they're calling that horse shit.)
Google's long term strategy with Android is baffling to me. Apple has had better mobile hardware for years. Apple has higher consumer trust. Apple has better app selection (for most people). Apple has been increasingly implementing the core features that differentiate Android devices, like USB-C and RCS. Every Android user lost to the increasing iOS market share is another customer Google has to pay exorbitant fees to a competitor to access.

And Google's strategy is to continue removing differentiating features from Android that also help them mitigate the threat of antitrust? Surely the marginal revenue from the inconsequential number of sideloading users isn't attractive enough to justify that kind of strategic blunder.

I think they are worrying about antitrust, and believe (probably correctly, unfortunately) that whether they get hit by antitrust or not is entirely political. There's more than enough evidence, for any justice department which wants to. They're not going to change that by keeping Android moderately open.

What they can do, is make themselves politically useful to whoever will be in charge. Right now the war on general purpose computing is in high gear, due to panic over AI models, social media manipulation and (as always) kids. That's the only ticket to avoid an antitrust crackdown.

> Matthew Forsyth, Director of Product Management, Google Play Developer Experience & Chief Product Explainer, said the system isn’t a sideloading restriction, but an “Accountability Layer.”

And... What about accountability for hosting distributing spyware, malware loaded apps from Google Playstore and hundreds of copy cat, misleading apps?

Why can't they pose a question when the phone is setup?

- Yes, I want to sideload

- No I dont want

If the user says NO then to later enable it to allow sideload Yes, the user needs to factory reset phone. Done.

When this whole thing got announced, I purchased a new Pixel 9 and flashed it with GrapheneOS.

I am hoping that in about 6-8 years (when I realistically need to update) the landscape might be a bit better. Or who knows, maybe I'll just continue using GrapheneOS.

So far I have not had a single issues with it. Apps the rely on attestation do not work, but honestly it's only two applications out of hundreds so I can live with it.

I also financially support GrapheneOS on a monthly basis (15$). This is just too important of an project not to.

I am not very well educated when it comes to alternative stores landscape. But I do know that in Russia there's now Rustore: https://www.rustore.ru/en which functions by automatically downloading and updating APKs for you.

During the APK install, however, you do see the ugly Android prompt about how this app may be dangerous.

Rustore has its own app payment system, which obviously circumvents Google Play fees.

This works on regular Android phones.

Are there other examples of such stores? Perhaps it's Google's answer to that.

I would like to see a high friction flow for installing all the crap from the Play Store to "protect and educate users". "Are you sure you want to install this app? It's only got a score of 2.8 and only 7 reviews, and will ask for all of these permissions?"
I heard that the frog boiling is a myth. You can't boil frog alive, it will jump out. As opposed to humans
Part of me thinks they wouldn't be doing this if their own ad team wasn't knowingly accepting money from fraudsters.
Add high friction to scammy ads on your platform, Google
I agree with high friction sideloading. it is the best of both worlds. no friction sideloading is too easily exploited by scammers. having a member of my family exposed to this kind of thing in the past taught me some things.
If the make sideloading high-friction, either via account-bound or apk upload or permissions from MNO/ISP, I will leave android. I have a bunch of my own apps that only I use, not released to the public, if I cannot use them, I have zero reason to stay on android.

I think one of the reasons they want to lockdown the system is to prevent guys like me from locking THEM out of my home/ecosystems, as and example, I build my own launchers, specifically for TCL TV's, which runs Android TV and has Developer Mode + adb. Which means I remove all the bloat & ad garbage, which they want to prevent.

We will get to the point where google will remove your ability to set custom dns servers and only use theirs.. just wait & see friends.

Anywhoo, when this side loading fence materializes, I will jump ship to apple.

The image at the top of the article is actually what already happens in Android and has done for years. At first, I thought that this meant that the article was very outdated, but no, this is from January 2026.

I imagine the text of the article is fine, but I'm a little bit disappointed that Android Authority chose to lead with that image and caption and make it seem that this is what the future flow would look like. You'd think they'd know better.

I think i have an idea that would better protect normal users while not getting in the way for power users and developers:

1. All applications must be signed with a valid store key.

2. Anyone can import a store key after rebooting into the bootloader (similar flow as custom roms)

3. Google can maintain a list of malicious keys and reject them

Why is this better? Because it makes it much harder to trick grandma into installing an APK some site just dropped.

As TFA does not mention it, and I don't see any top-level comments discussing it, this is a continued rollout of a "feature" first piloted in Brazil, Indonesia, Singapore, and Thailand. See:

https://android-developers.googleblog.com/2025/08/elevating-...

https://android-developers.googleblog.com/2025/11/android-de...

https://www.channelnewsasia.com/singapore/google-android-dev...

Of course, HN reaction has always been skeptical about this including in earlier news. But the reporting on it, and the countries in which it is piloted in, seems to me to involve government/banking industry cooperation with or pressure on Google to combat cyber fraud. These polities are prime targets for Android cyber fraud of this sort due to Android penetration, and seemingly (to me) also cultural proximity to scam operators, and tech-illiteracy among the vulnerable demographic. (And anticipating a reply I got from a previous article on my comment on this feature---no, it's just not feasible to comprehensively educate retirees against evolving tactics by scam operators and expect that to be a sufficient sole countermeasure.)

The real question is if you can still sideload:

1) a .apk that was not developer-verified

2) without informing Google of this

The highest risk is the play store itself. Gambling and addiction. So, when does Google add "high friction" there, instead of encouraging it? Ah, well, it's the money! Than stop bending the truth.
The current system is already high friction. Enabling "advanced protection" in your google account additionally requires installing apps through adb.
Steam phone incoming in 3... 2... 1...
The year of linux desktop unironically may be close. What is the situation with mobile?
I take the opportunity to let people know that there are alternatives to Google/Apple duopoly on mobile. Link: https://www.ubuntu-touch.io/

Sure, GrapheneOS is often suggested but Ubuntu Touch is a really interesting alternative, their own store and ecosystem.

The community is amazing and welcoming. If there are Android apps which you can't do without, they can be emulated and used anyway. Imagine switching to Linux and then using Wine for the apps you really still need.

Yes, it's not perfect but Linux isn't either. If you think you're sufficiently tech savvy and want to make a change, give Ubuntu Touch a try. Find a cheap second hand supported device and play around, make some fun apps. (devices currently supported: https://devices.ubuntu-touch.io/ )

To me it's like being back when there was only Windows and Macs as viable home computer OS, and people were getting their feet wet with Linux and all its flavours. Now, it's the same but for mobile.

In the technofeudal new world order, your smartphone is not just a device, it is your gov issued digital ID/wallet

The Apple/Google OS duopoly exists by design, they view bootloader unlocking and sideloading as threats because they break that control

They want to be able to define and/or revoke your existence in the system

No escape, because no alternative

Can we please stop calling it "sideloading"? It's simply "installing" software on hardware that I own, and that I should have full control over.