77 comments

[ 2.3 ms ] story [ 67.2 ms ] thread
from https://9to5google.com/2026/03/30/android-developer-verifier... -

> Starting in April, Android Developer Verifier will be installed on devices.

so they're rolling out a system app that will call home to check whether any sideloaded apps have been "verified" with the developer's government ID? and this process will happen regardless of whether the user has enabled the "advanced flow" in Developer settings?

That essay about being licensed to use a debugger was supposed to be an absurdist over-extrapolation for the sake of making a deeper point about software freedoms ... right? Seems more like they're using it as an instruction manual.
Sorry, but absolutely not.

I stuck with Android for years as a dev as I once did Android apps and occasionally do tinker.

This is my last Android phone and Jolla is my next phone.

I don't see a way out of this except government regulation. The EU has the most motivation to do it, as a huge economic bloc with a lot of motivation right now to become as independent from the US as possible.

I guess I can sort of manage to keep my head above water and keep buying secondhand phones which I unlock and install a supported version of LineageOS. But it's cumbersome, it gets more difficult and more restrictive every time. And I literally have a doctorate in computers for crying out loud! Is there any hope for Granny? For a kid? For >99% of people? Of course not.

This is so clearly a matter for government oversight: prevent abuse, monopolies, protect the citizen's safety, rights, welfare, etc. It's not reasonable to expect consumers to figure out if the meat they buy is tainted, just as it's not to figure out if their phone spies on them, manipulates information, or sells their data (especially when there's a duopoly). That's why we have laws and food inspectors, paid for by the public, working for the public. Same thing with digital rights.

The thing is, the EU needs to be able to not only sell that the regulation they propose is good to the public, but also not piss off the US administration.

Most people are too non-technical to understand why this is a bad thing even when it's explained to them. Plus, whatever administration is in power in the US has a lot of influence.

Trump has already said that he wouldn't tolerate regulation that affects American companies [1], painting regulation that happens in another country as something that will affect US citizens. (I mean if you use the GDPR as an example, it's not wrong. Think of cookie pop ups while browsing the web in the US)

I would like the the EU would go harder with their regulations, because it usually results in other countries or states following their lead, but I dont see that happening. Regulation has been painted as "bad", and we have at least 3 more years until that changes.

[1] https://www.cnn.com/2026/01/12/tech/us-eu-tech-regulation-fi...

"This is so clearly a matter for government oversight: prevent abuse, protect the citizen's safety, rights, welfare, etc. It's not reasonable to expect consumers to figure out if the meat they buy is tainted, just as it's not to figure out if the APPS THEY INSTALL spies on them, manipulates information, or sells their data"

Do you see how quickly that argument can be flipped to support what google is doing here? Honestly I wouldn't be surprised if half the reason to to lock down phones is because governments keep pressuring them to do so.

I'm wondering if the EU is complicit in this somehow, despite claiming that they want to fight back against tech companies.

The EU Commission is currently pushing the shitty EU Identity Wallet for mandatory age verification, and it requires GooglePlay Services to be installed for "anti-tampering". That also means a ban on non official versions of Android like LineageOS and GrapheneOS.

But what motivation has the EU to promulgate these regulations?

* Chat control is toothless if users can simply side-load an app without snooping.

* The EU companies who successfully lobbied for regulations against Apple now see that the 15% tax is worth it when they can A/B test the counterfactual. So those companies no longer care if Google will do the same thing.

* The EU is now in an awkward position that it is ok for a newspaper to sell your personal info via pay-or-consent, but not for a social network to do it. Some will keep yammering on about "gatekeepers", but it's sort of an emperor has no clothes moment.

* Declaring that iPadOs is a gatekeeper (after it failed to meet the quantitative criteria for such) was another such emperor has not clothes moment. The whole "gatekeeper" narrative has turned into a farce.

* The people commenting on this forum are not even a rounding error in the EU electorate.

> It's not reasonable to expect consumers to figure out if the meat they buy is tainted, just as it's not to figure out if their phone spies on them, manipulates information, or sells their data (especially when there's a duopoly).

Indeed! Neither would it be reasonable for the sellers of meat to demand anonymity! If one sells tainted meat, he should be held accountable! We should identify him!

Yet, the creators and sellers of software for a General Purpose Computer (remember, that is the argument why phones should be regulated) demand that they should be above the law, anonymous and unaccountable!

Schrodinger's computing device: The one which is so vital to everyday life that we must not prohibit the user to run whatever software he likes, yet so unimportant that we have not a care in the world to identify any fraudster who might wish to distribute software.

Yeah, no, going back to web native. Keep your verification and your 20%.
Yeah, no. No one needs your spyware.
What % of Android users actually want this? Do they know or care?

I've been using Android since 2010 because it was open in ways that the Apple ecosystem wasn't. I do not want this and imagine hardly any other power users (for lack of a better term) do. I'm already using a mostly deGoogled device but this really seals the deal. I have been longing for a true Linux phone for years and now seems like a good time to get serious about the search and migration plan.

But but but it is for your security! You need to be protected!

Android isn't open source for a while. They started by pushing device certification which crippled any abilities of OEMs to make a better framework. Then they took many of the opensource packages out of android and redistributed as applications that they controlled via play services.

Then they made it harder to publish packages and created tons of rules that they can arbitrarily decide to cut ties with you or remove your remuneration.

What they are effectively doing now is to remove any ability of individual developers to push applications. Some will say the costs ain't that high, but (1) maybe not in USD dollars for Americans and (2) both Google and Apple will push those numbers way up high soon.

Even if that is not the case, if you don't agree with anything and you decide to have your own version of your family wiki, messenger or anything, they will be able to tell the authorities about it.

This is insane....

Being able to side load apps was why I switched to android 10 years ago
Rounded to the nearest percent, I'd guess power users make up 0% of android user base.
> What % of Android users actually want this? Do they know or care?

Bold of you assuming they're doing for users. It's fear-mongering at its finest - using the threat of security to install more control that has little to no protection against the said threats.

Now you might say it's going to raise the bar for the scammers, but nobody is going to be spending time on writing scam or malware for a few bucks. When the reward is high, they can just pay out already verified developers to distribute their builds under their accounts, or just find a workaround (fake ids?) which could be still way cheaper than the potential revenue potential of a successful attack. It's just an inconvenience that didn't existed before.

This is just a policy directly targeting the legit developers distributing apps to work around some of the platform's limitations (ie. uncrappifying youtube). They were previously free to share the workarounds they've developed for themselves since it was just as easy as sharing your APK. Now with added threat of losing your developer account and probably being perma-banned from google, those devs are less likely to continue distributing their workarounds.

People don't want it until they've been scammed. Then they'll complain why you didn't save them.
You were wrong at percentage. The question is what count would want this.
It would be good if there was less malware and outright scams in the play store but that's really orthogonal to the developer verification issue.
It's not about users, it's about a single judges idiotic ruling that Google play store is a monopoly, and the Apple app store is not.

Different judge you say? You're right. But when Google in their appeal asked the judge why the app store isn't a monopoly, the judge told Google with a straight face

"You can't be anti-competitive if you have no competitors."

Google took note.

(comment deleted)
Pretty much everyone would hate it if a relative lost their life savings to a scammer, though they may not know it yet.

The idea isn't to protect the power users or average users. It's to protect the most vulnerable. Android is for everyone. Us power users will have a minor speed bump, but we can deal.

Android is becoming more Apple-ized everyday; it's horrible and more and more APIs get neutered or disappear, further limiting functionality available to developers.
Even if Android is as closed as iOS, it will never be the same. Cos business models are different. Google's business is behavioural ads. Apple's is hardware. And even their software services depend on that hardware.
> What % of Android users actually want this? Do they know or care?

If Apple announced that they were going to allow installing apps like how you can install APKs you will have a whole group of people on here arguing against it because they want Apple to have control over everything. You could have seen those people in action on the Epic v. Apple and Digital Markets Act discussions.

Google/Android don't want AI bots spamming marketplaces with dodgy apps.

Tie in the app to a verified identity/individual and it makes the audit process easier as well as engagement with authorities from the user's country if required (e.g. app facilitating child abuse).

Significantly larger than the number of users wanting to sideload.

There are millions of people affected by targeted scams every year, significantly outnumbering the non-developer sideload community. Especially when you take into account that the sideload community doesn't all use Google Android and isn't affected by this.

This change on its own doesn't make Google Android builds less open. It does the opposite. Now people can download apps directly from the websites of the publishers without getting a scary warning on Google Android builds. That's all this does.

Separately, they're going to increase friction the first time you allow installing apps outside of the Play Store or via this mechanism and also decrease friction on subsequent times, also on Google Android builds.

I suspect that this is less driven by users and more driven by institutions. Banking trojans distributed via sideloading are a big problem. Banks are unhappy that their users are getting their shit stolen because some other app is squatting on 2fa codes or whatever. They'd rather that their apps are not installed alongside apps that are more likely to be malware given that there isn't a private channel for auth codes for the vast majority of users.
That's seriously horrible. There are 5+ open source android apps that I use and want to continue using that are not available on Play Store, but rather through alternative stores (like Zapstore, Obtainium).

If I get a phone with preinstalled Graphene OS (like the upcoming Motorola phone), then does it avoid this stupidity? Or even with Graphene it prevents me from installing apks?

The sad thing is only a tiny minority of android users side load apps. The rest will feel their phone is one step more secure.
Hey boss: “40M users are running a cracked version of YouTube premium on mobile, what can we do ?”
> our recent analysis found over 90 times more malware from sideloaded sources than on Google Play

So what's the solution then? At the same time, I'm curious how this ends up happening to end users. Enabling unknown sources is trivial in a way (it's just one check box and if you try to install an APK from, say, Firefox, it'll take you right there), but how are people even getting to that point??

"However, our recent analysis found over 90 times more malware from sideloaded sources than on Google Play."

Has anyone seen the report for that analysis. I bet most people here would love to read it too.

It really seems like they are doing a lot to appease the tiny minority of us power users, adb load unaffected, one time toggle in settings to opt out, no change to alternative app stores as long as the apk was built by a verified developer. Crazy how harsh the sentiment is here, there are real people being harmed by scam apps intercepting sms one time codes and this will reduce the rate of that happening. It's not like we can't sideload anymore, though a lot of comments here seem to be implying otherwise.
The Android verification is such a broken experience. Recently I decided to purchase a dev account for my company, so far:

1) Provided my company DUNS number etc. once to create the payment profile. I did this some times ago, don’t remember the details but it was an involved verification process and it is marked as verified business payment profile.

2) Later on the payment step verified myself with a passport and bank statement to be able to actually pay with a proper HSBC bank card. Not shady pre-paid card or something, those are not accepted anyway.

3) After I paid I was told that now I need to verify my identity once more but this time with the passport and the incorporation certificate or some other company document.

fingers crossed that in few days it will be verified. While waiting, it tells me that there are still website and email verification to do once the previous step is done. I already verified my e-mail a few times before paying.

It’s painful, slow and annoying because if you fail at a step(i.e. needs verification that takes days and you are told about it at the payment step) you have to start again with the forms.

I just remembered why I never use Android. It seems like no one owns the process and as a result you get unpolished shitty experience that fulfills the requirements of god knows how many people who work in the same company but don’t talk to each other.

(comment deleted)
What Android versions is this applicable to?
A 'safe' app store would promote and prioritize open source apps compiled on public auditable runners.
tl;dr how to install an app from unverified developer ("advanced flow")

  1. enable developer mode
  2. confirm you aren't being coached
  3. restart your phone and reauthenticate
  4. come back after 24 hours and unlock device
  5. install app from unverified developer, option of enabling for 7 days or indefinitely
This is apparently a one-time process. Advanced flow for users launches globally August 2026. Verification requirement kicks in September 2026.

Personally I am hopeful that people work toward a completely new, non-Android OS. 15 GB of space on my phone, and 1.5 GB of RAM, is dedicated to Android OS alone. This design, and the control this company (and the mobile providers, and device manufacturers) have over the mobile world, is ridiculous. Let's start over.

Let everyone who wants it be safe using the Google App Store. But please let me do stupid/experimental things with my phone.
So, anyway, how do we make sure that our phones don't turn into a pumpkin on a set date? I suppose it's all shit long term, but at the very least I don't want to be forced to look for a solution before I need a new phone. So, what do you do? Can you just disable android updates somehow and it will solve the issue? Or it is already a ticking bomb that will be activated on the set date no matter what?
oh so I'm not the only one, always believed Apple was the hard ass but I've been having a better experience with them.
Don't love it but (1) it's addressing a serious problem and I'm not sure what the alternative is and (2) if you all remember the starting place, it was staggeringly, dramatically worse, practically a death sentence for F-Droid and seemingly testing the waters for if they could simply power through and do it despite objection.

This is a major course correction that doesn't kill F-Droid. A one time 24 hour hoop to jump through and then never again is monumentally better than losing F-Droid forever.

Older Androids which are fully rootable and unbrickable are cheap (maybe even monetarily free) and will let you continue to have freedom despite what Google wants.

"Those who give up freedom for security deserve neither."

Is there any information about how the "advanced flow" will be implemented? According to keepandroidopen.org, this is going to be handled by Google Play Services. Does it mean it will be automatically installed via the silent, always-on GMS update mechanism and I should root my devices and remove GMS altogether if I don't want this?
> Android is for everyone. It’s built on a commitment to an open and safe platform. Users should feel confident installing apps, no matter where they get them from.

This intro immediately tells me that whatever comes after will be horrible for users and developers. Surprise surprise, I was right. Software to "verify" side loaded apps is a bad, anti user idea.