Meaning to use your device you need to have a contractual relationship with a foreign (unless you are in the US) third party that decides what you can or cannot do with it. Plus using GrapheneOS is less of an option every day, since banks and other "regulated" sectors use Google Play Protect and similar DRMs to prevent you from connecting from whatever device you want. Client-side "trust" means the provider owning the device, not the user.

Android shouldn't be considered Open Source anymore, since source code is published in batches and only part of the system is open, with more and more apps going behind the Google ecosystem itself.

Maybe it's time for a third large phone OS, whether it comes from China getting fed up with the US and Google's shenanigans (Huawei has HarmonyOS but it's not open) or some "GNU/Linux" touch version that has a serious ecosystem. Especially when more and more apps and services are "mobile-first" or "mobile-only" like banking.

Every day we stray farther from the premise that we should be allowed to install / modify software on the computers we own.

Will once again re-up the concept of a “right to root access”, to prevent big corps from pulling this bs over and over again: https://medhir.com/blog/right-to-root-access

Official announcement: https://android-developers.googleblog.com/2025/08/elevating-...

More info:

https://developer.android.com/developer-verification

https://support.google.com/googleplay/android-developer/answ...

Personally...we all know the Play Store is chock full of malicious garbage, so the verification requirements there don't do jack to protect users. The way I see it, this is nothing but a power grab, a way for Google to kill apps like Revanced for good. They'll just find some bullshit reason to suspend your developer account if you do something they don't like.

Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.

> we will be confirming who the developer is, not reviewing the content of their app or where it came from

This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.

TFA had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.

On the flip side, that's one less platform I care about supporting with my projects. We're down to just Linux and Windows if you're not willing to sell your soul (no, I will not be making a Google account) just for the right to develop for a certain platform.

The funny thing is Stallman started his fight like half a century ago and on regular days Hacker News shits on him eating something off of his foot and not being polished and diplomatic, and loves practical aspects of Corporate Open Source and gratis goodies and doesn't particularly care about Free Software.

On this day suddenly folks come out of the woodwork advocating for half baked measures to achieve what Stallman portrayed but they still hardly recognize this was EXACTLY his concern when he started the Free Software movement.

If this is a thing then the solution they offer is incorrect. A big giant red screen: “warning the identity of this application developer has not been verified and this could be an application stealing your data, etc” would have worked.

What they want is to get rid of apps like YouTube Vanced that are making them lose money (and other Play Store apps)

The worst part is the Orwellian opening sentence they start with in their blog post [0]:

> You shouldn’t have to choose between open and secure

2+2=5

Truly the end of an era. I've spent nearly two decades buying Android phones because of a single checkbox in settings that let me have the freedom I consider essential to any computing device that I own.

In a way, it's liberating, I've missed out on a lot from the Apple ecosystem because of that checkbox. Maybe finally I can let go of it now the choice is out of my hands.

[0] https://android-developers.googleblog.com/2025/08/elevating-...

This is really bad. I think that most people on HN will agree with that.

The problem is that most normal people (HN is not normal - mostly for the better) don't even understand what sideloading is - let alone actually care.

How can we fix this?

(aside from making people care - apathy enables so many political problems in the current age, but it's such a huge problem that this definitely isn't going to be the impetus to fix it)

As someone who never comments on HN, I would like to voice my absolute disapproval of this new policy. As these decisions are not made in a vacuum, I have no doubt the recent developments in the political landscape have contributed to this decision (e.g. UK Online "Safety" Act, EU Chat Control, EU Age Verification solution, probably others). Coupled with the recent "mandatory" (read: forced) upgrade of my Pixel 4a, I get the impression Google's attitude towards phones has become equivalent to Apple's: namely, the illusion of choice.

Since there are no viable alternatives, I guess it's time to go back to owning a cheap corporate/government approved phone for official business (i.e. banking), and another one that I actually use.

As an aside, the presentation[0] doesn't really go into the details how they will enforce this (on-device? Remotely? If the latter, can I just remove Play Services from my device to sideload whatever?), but you can apparently submit feedback about the verification process here[1].

[0]: https://goo.gle/play-console-android-developer-verification [1]: https://docs.google.com/forms/d/e/1FAIpQLSdpZbsJCS-f7CtMbZPn...

So that's it then.

If this actually goes through, there will be no option in the mobile OS market for an OS that both:

a) allows the installation of apps without any contractual relationship with any party, and

b) allows the use of mainstream and secure apps like banking

Even aside from the privacy implications (which aren't trivial themselves,)

Doesn't this make it prohibitively difficult to do local builds of open source projects? It's been a long time since I've done this, but my recollection was that the process to do this was essentially you would build someone else's (the project's) package/namespace up through signing, but sign it locally with your own dev keys. A glance at the docs they've shared makes it sound like the package name essentially gets bound to an identity and you then can't sign it with another key. Am a I misremembering and/or has something changed in this process? Am I missing something?

The article didn't say much about the account approval process, but from the looks of it Google will be able to arbitrarily accept and revoke applications as they see fit. So much for an open platform, bring forth the gatekeeping!

Personally I would be fine with unsigned apps requiring the user to click through a notice before install, or having a setting to toggle to enable unsigned apps. Windows does something similar to this where unsigned binaries get a pop up warning but signed ones are executed immediately.

Makes sense why they had to get rid of the "don't be evil" motto. They've been on a roll.

I've seen a lot of similar sentiment on this thread, but the reason I use Android is because it gives me more control than iOS by allowing full-on painless sideloading, and custom distributions like GrapheneOS. They're doing everything they can to turn themselves into a worse Apple. All of the downsides of Apple, but none of the upsides. Apple beats them in every aspect that isn't "openness".

When will the straw break the camel's back? I'm shocked we've let it get to this point with no realistic alternatives. There's no reason a competitive Linux-based smartphone can't exist (no, I'm not counting Android in that).

If this is enforced via Play Protect, then the whole mechanism can likely be disabled with:

    adb shell settings put global package_verifier_user_consent -1

I personally won't be doing this verification for my open-source apps. I have no interest in any kind of business relationship with anyone just to publish an .apk. If that limits those who can install it to people who disable Play Protect globally, then oh well.

The reason I chose the Android ecosystem over the Apple ecosystem, once I found out that the Maemo/Meego ecosystem was a dead end and the Openmoko ecosystem was a non-starter, is that the Android ecosystem allowed me to develop and install my own apps on my own devices whenever I wanted to, without arbitrary limitations like having to periodically plug the phone into my computer to renew some authorization. Additionally, there was even for some devices the possibility of rebuilding the whole operating system with any changes I desired.

If I'm not allowed to develop and install my own apps on my own phone, what advantage does Android have over Apple?

I never really got into "phone" progrmaming, always waiting for the shenanigans to die down. But somehow the shanigans have gotten worse and for a significant chunk of the world population, the phone is the only computation device they have at all.

> Google will begin to verify the identities of developers distributing their apps on Android devices, not just those who distribute via the Play Store

This is absolutely unacceptable. That's like you having to submit your personal details to Microsoft in order to just run a program on Windows. Absolutely nuts and it will not go as they think it will.

Thank you, all HNers at Google, for continuing to work there.

And yes, before you ask, I have personally quit a job that paid 3x what I was able to get elsewhere over ethics. And no, I'm not rich, probably bottom 5% in terms of assets among my colleagues, coming from a lower-class background.

We have 2 ecosystems for mobile and the worst case scenario is starting to be clear for Android.

I love GrapheneOS but they can only thrive if Google tolerate them. So in its current form, this is not a medium or long term solution (anymore).

We really cannot afford to think in terms of "Android OS" or open source OS anymore the problem is getting much bigger.

My guess is soon in many "free" countries, ISP will mandate connecting with a "Certified" device (someone was saying that in Brazil only cell phones certified by the teleco government agency can be imported already). And on mobile it is easy to implement since you need a (e)SIM. The Internet is still hard to control at the protocol level, but the gates are easy to mostly control (your ISP).

In terms of mobile computing I mostly care about being able to access my home network from the places I am 80% of the time (and I can always bridge to the Internet from there). So the real battle is really at the mesh and multi-hop mobile ad hoc networks. This is the aspect we neglected for 25 years.

Regarding mobile, the battle for Android is lost, time to look into things like B.A.T.M.A.N [0] so we be able to keep another open source mobile platform useful.

For anything "money" related, your bank (which is inevitably regulated) will have to mandate a certified device too. It will work on (some) Linux too.

Ever wondered why for example the Fedora project [1] is proudly part of things like The Digital Public Goods Alliance [2] who works with many govs and if you really look into it they are all about digital ids and "restoring trust"?

- [0] https://www.open-mesh.org/projects/open-mesh/wiki

- [1] https://fedoraproject.org/

- [2] https://www.digitalpublicgoods.net/

They have the ecosystem by the balls. Phone manufacturers in recent years have been making unlocking & modifying their devices more and more difficult, google and app developers have been cracking down harder on modded devices by implementing TPM equivalents in the hardware to sign and verify that your system is a google-appproved one, and alternatives still are decades behind in terms of app ecosystem.

I think they might just get away with it.

How did we let this happen?

Oh, yes... Actually I remember: it was a long slow series of accepting small artificial restrictions. I remember people laughing at me at the time. They said it won't matter, they didn't care, that I was paranoid...

Now... Here we are.

We shouldn't accept "sideloading" as a term. It's meant to make "installing an app without monopolist approval" seem like a dirty/weird/niche trick.

> Google notes “supportive initial feedback” from government authorities and other parties:

Ah, then I guess everything is fine. I'm sure they aren't in favour because it gives governments greater control over what apps we're allowed to have on our phones. That would be absurd.

It will be interesting to see how they handle packages from the various f-droid repos. F-droid builds and signs all their apps themselves, so will all of f-droid be covered by a single signing key and developer account? Or will the fact that they take apps from lots of folks bar them from an account?

DO NOT UPLOAD YOUR ID/INFO TO GOOGLE. I put my game on their app store some years ago, and they doxxed me right on the app store. Google posted my name and home address right on the game page. Not great when I was already receiving death threats! Later on, had a rando show up at 3AM one night and had to call the cops out. I moved after that. Google is absolutely not to be trusted to keep this data confidential. If Google demands I do anything with them, I'll just tell my fans to install lineageos or whatever instead -- no way in hell I'm having ANYTHING to do with google ever again. GFY google!

This is the worst thing to happen to technology in recent times since there is only two major phone OS's.

It isn't possible to ban encryption, so the governments have to chip away at security and privacy using these techniques.

From: https://developer.android.com/developer-verification

"You may also need to upload official government ID."

This won't end well for Google or the governments involved when the people get so angry that they are forced to roll this back. Switch to an alternative phone OS.

> Google wants to combat “convincing fake apps”

Google can't even stop the scam ai companion apps on the play store that all use the same same backend full of characters...

Google also can't stop the huge wave of scam Bitcoin ads impersonating Canadian media outlets, with ai generated pictures and videos of politicians.

Get real Google.

I always wonder, who are the developers doing this? don't they feel bad about going through with these changes or do they fool themselves thinking it's the right thing? is it greed?

many other fields have an explicit or implicit ethics code which we seem to lack. I'm thinking about other fields like medicine, engineering, etc. Probably since the entry level to development is low and anyone can do it, it means there's no way to enforce/teach it?

The usual answer that their livelyhoods depend on it is simplistic, these are the best paid developers in the US, pretty sure they have some sway power. There are doctors in way poorer countries with higher ethics standards.

The core benefit of Android over iOS for me has always been that it's my device, not Google's.

They've been chipping away at this over the years. Safetynet was the first offense, but if they start restricting app installation from sources of my choice (I hate the term "sideloading"), there's not much advantage left.

They saw Apple getting away with notarization under the DMA so they're doing the same. I must admit the mass demotivation strategy is working really well. Seeing this kind of news every single day, affecting you directly and not even being able to do anything

I cannot resist the urge to point out that we wouldn't have had this problem if people actually sticked to free software instead of "commercial use friendly" open source licensing

When people say just use Linux I can only think of what was known as far back as 2014.

> NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance [0]

Looks like this is a part of the move toward Chat Control and ending E2E encryption.

[0] https://www.linuxjournal.com/content/nsa-linux-journal-extre...

Android's ability to run binaries outside of the Google Play Store is a key differentiator of their product vs. Apple's. Or at least it used to be.

This is the same direction that Microsoft is taking Windows. Smart App Control is already rolling out to some regions - no .exe will run without a code signing certificate.

https://learn.microsoft.com/en-us/windows/apps/develop/smart...

I've grown increasingly hateful towards both my Android and iOS devices over the last decade. The platforms themselves are increasingly user-hostile, and their appstores are crammed full of shitty, privacy-invading, telemetry-hoovering, dopamine-triggering, ad-filled, lipstick-covered apps that are often garbage compared to the pioneering days of mobile. I miss the days of my old Palm Pilot.

Is anyone working on fixing this? We can do so much better.

I think this might backfire in that it might be enough to prompt technical people to seriously start looking for alternatives.

I personally will be extremely unhappy if I no longer can run dns66, newspipe or Firefox with ad blocking on my phone.

I think I might also start spending less time on my phone, which would be a good thing for me and a terrible thing for Google (in aggregate of course).

Google is doing everything in their power to make me move to an iphone... between shit like this, effectively bricking some old models of pixels with un-rollbackable patches that destroy batteries, closing down the android development process, making absurd testing requirements to publish apps, etc.

Google doesn't make better phones, they were just less hostile to the consumer. That seems to be going away :(

What was the last time there were some actually good news in big tech? For those that don't hold stocks I mean.

Few my ideas about how things will be going

- platforms are going to be forced to collect more data about you

- The amount of places without you showing IDs will decrease

- There will be more "moderation". You will not be able to provide nsfw contents, then you will not be able to host controversial topics. I suspect games will be more "kid friendly". No more real doom, gta, or Mortal Kombat for you. I remember how they provided more clothes on women for mortal Kombat

- The rules will always be vague, and used sporadically. Just like YouTube rules, where companies often abuse DMCA just to shut you off, or ban you, if you are not playing nice. Like Schlep.

- Corporations will create pressures on validated users, or ban you for life, but often they will just use "fear" to police people by themselves. Just like people will use "unalive" words, because they know they can get into trouble for saying a different word

- Google will be able to police extensions by banning people

- It is all a boiling frog scenario, where it creeps one law after another until everything is moderated, controlled by corporations

- The safety increases, but freedom decreases

- Free software people will often be mixed in article texts with terrorists, bad actors, predators, pedophiles

- It can happen because people do not understand these mechanisms, and they want "safer" world, in which nobody can get hurt, but it is also a place without you being free

This is crazy. I can't install my own apps on my own phone anymore.

I am gonna start carrying around a laptop with a 5G modem instead.

If your businesses idea doesn't work without you being evil, you deserve to go bankrupt. I perceive a tendency to assume it is necessary for a company like Google to maintain full control over our ecosystem to further our progress and maintain order. However, we should know by now that this isn't the case. You don't have to be evil to be useful. See GNOME, GrapheneOS, Steam, KDE, Wikipedia, Linux or Mozilla (previously). Tricking us of their inevitability is their greatest success.

So people from countries US has sanctioned can't even develop and use mobile apps anymore. This will change millions of innocent lives. So unfair and racist. The reason my people are in this mess in the first place is a US coup.

Time for a Steam Phone. Or FirefoxOS reloaded. The general purpose mobile computing market must be sizeable. I cannot believe everybody just puts up with these increasingly draconic restrictions.

> developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer. We believe this is how an open system should work—by preserving choice while enhancing security for everyone

I guess words don't don't have meaning anymore, how can you claim to have an open system in an announcement about closing it down?

It's also telling that the big supporters of this are apparently corporations and governments. Admittedly I don't know what "Developer's Alliance" is but they don't seem to care about developers very much, and I wouldn't surprised if they were just a "pay us to say what you're doing is good for devs" kind of thing

I don't blame Goggle. Apple escaped anti-trust by simply not allowing anyone except themselves to put software on iPhones. Seriously, Apple doesn't allow competitors so it can't be anti-competitive according to the case.

Totally brain damaged ruling, the judge must have been molested by an Android phone at some point, but here we are, and google is now moving closer to an Apple model.

Oh, no! This is the least thing I expected to see as the #1 in Hacker News' front page!

This is a plot twist I never thought it would happen. While the EU [1], Japan [2] , UK [3] and Australia [4] are in the process of forcing Apple to allow sideloading and alternative App Stores, Google, which was far from these obligations, had taken a totally unexpected road to limit/control how sideloading should work.

____________________

1.https://developer.apple.com/support/dma-and-apps-in-the-eu/

2.https://www.phonearena.com/news/the-world-is-changing-japan-...

3.https://www.videogameschronicle.com/news/uk-passes-bill-whic...

4.https://www.theguardian.com/technology/2025/jun/06/australia...

As a developer of android apps that get distributed outside of the Play store, a Google identity verification system sounds like a nightmare. What if I'm deemed to be politically incorrect? Will Google brand safety exclude me?

These days I don't really want a smartphone at all, but begrudgingly use one for things like mobile banking, receiving SMS tokens, etc.

If someone made a screenless powerbank-shaped Android device, I might be interested. The device would double as a 5g wifi modem, and to access the UI you'd remote in over VNC from a laptop, or unrestricted mobile device like a PinePhone.

I predict Windows will end up going this route before Google backtracks on it.

This is the future; partially fuelled by malware, partially fuelled by the desire for platform control, and partially fuelled by government regulation.

This is completely, absolutely and totally unacceptable.

My phone is my phone, not Google’s. They have absolutely no right to prevent me from running whatever software I wish on that phone.

This must not be allowed to stand.

A few years from now: After reviewing the usage of the approved sideloading feature, we discovered no more than 0.01% of users ever sideload an application. For security, sideloading is now disabled on all devices forever.

The solution is easy, stop developing for (selling on) closed platforms:

You now have options for cheap (less than $200) portable low energy devices:

1. PineTab-V, a linux on Risc-V tablet. (Got debian a few months back, still waiting for proper GPU support, usable but slow now)

2. uConsole, a linux cyberdeck with optional 4G. (Also has debian for 2711, 2712 and 3588 Compute Modules)

I'm not porting my games to Android, iOS, Switch or PlayStation. Only Windows/X86 and Linux/ARM+Risc-V.

No Linux/X86 to not encourage power waste after Windows gets too expensive to run on the client side.

I'm selling on itch instead of steam.

You only need Android for banking, and Nokia G22 (repairable) is/was also sub $200.

I am now creating a new Google account for each phone, that way you are not the product any more.

But can still operate in society.

Ha ha very funny from no-evil-google. The worst most misbehaving apps I've ever had the misfortune of using came from their app store. The best apps I use regularly are from F-Droid, github and ones I baked myself. You take that away and your Android is Nodroid.

Well I guess my next is an apple, but I'm hoping open-source android distros will get more dev resources now. Will happily use a sub-optimal distro over google's.

This of course has nothing to do with security, it's mainly the managements reaction to Youtube alternative apps actually growing in userbase (happy user of one here). And also to ban alternative app stores naturally.

Let us all not forget that YT videos are internet users created not google created, and the only reason why Google thinks this will work for them is their belief there is no competition to YT.

Obviously Google considered and prepared for a huge negative feedback when they have made this decision, so I don't think we can change that.

Having said that I can only see living with two devices going further: one locked down for banking & stuff and another one for freedom.

Unfortunately, I can also envision a locked down internet available only on certified devices in ten years. Absurd? A mere idea of a locked-down Android device looked absurd... yesterday. Just yesterday.

So what are our options (eg for EU citizens) for lobbying in terms of legislation or directly to Google to show disagreement with this?

It looks like many in this thread are against, but I don't see suggestions for action?

I knew this was coming thanks to the nincompoops bankers and IMDA together with horny uncles who fall for love/job scams here in Singapore. The reason I use android over iOS is that I can load apps for personal automation. I think the current scenario where bank apps refuse to run on phones with sideloaded apps is far more acceptable. Im not sure scammers will not find a way around this. I can still be able pin web apps.

FWIW I'd rather not use my phone for critical transactions its making authorities lazy. The number of times Ive had to fight thanks to "buggy" payment code that deducts money is not funny and banks are getting worse at customer support day by day.

Also what the fuck are the governments doing with tax payer money, instead of going after criminals, we go after citizens.

Looks like Google will also be limiting each developer's number of apps and installations unless you pay them $25. https://developer.android.com/developer-verification/guides/...

I don’t have data to support this, but I believe the smartphone is the most widely used device globally on a daily basis. Wouldn’t it make sense to have an Open Hardware Phone and Mobile OS built on an open specification to rival Google’s Android?

What’s stopping us from making this a reality? We have passionate FOSS developers and visionary leaders capable of championing this cause and building a strong community around it.

I had high hopes for Marc Shuttleworth’s Ubuntu Phone. Unfortunately, after the Kickstarter campaign fell through, development stalled. I still believe consumers missed out on a remarkable piece of technology.

That said, I see Ubuntu Touch[1] is still active, though I’m unclear on its current impact or progress. Meanwhile, Smart TVs and smartphones continue to be dominated by Google’s Android OS.

1. https://www.ubuntu-touch.io/

Mobile phone platforms are reverting back to the pre-iOS/Android reality where you have to jump through tons of hoops to even make an app let alone run a viable business with it.

I used to be an android developer and they disable my account because I took too long to reply to their mail. Since then I have been unable to recover it, they never reply to email and process your request to oblivion. Their bureaucracy is even worse than our french administration and that is saying something! At this point google is basically digital sovietism.

Sideloading is the only reason I'm on Android. When it goes away, I will be better with an Apple device.

This must be because of Epic's win in antitrust court.

What someone needs to do is create a "Store" browser that loads apps from random websites like https://site.tld/app.apk

You could manually parse AndroidManifest.xml and allow only apps that expose <uses-permission android:name="android.permission.INTERNET" />

I'm somewhat interested in doing this myself actually. What do people think?

(Responding to https://techcrunch.com/2025/08/25/google-will-require-develo... )

> Starting next year, Google will begin to verify the identities of developers distributing their apps on Android devices, not just those who distribute via the Play Store.

Odd little phrase, "distributing their apps on Android devices".

I think "distributing" in this context is in the sense of product distribution, not in the sense of distributed systems.

But "distributing...on" sounds a little odd, like Google is still providing a distribution service. (Contrary to all the precedent of how we've thought of installing software, other than the proprietary, captive-user app stores.)

And so, maybe "distributing...on" makes it sound more like Google is (once again) entitled to gatekeep what you can run on your device/computer.

> However, developers who appreciated the anonymity of alternative distribution methods will no longer have that option. Google says this will help to cut down on bad actors who hide their identity to distribute malware, commit financial fraud, or steal users’ personal data.

Maybe it's not "developers who appreciated the anonymity" (which we immediately try to conflate with bad actors), but that the whole point lately has been to stop the greedy proprietary lock-in app store monopolies, and not have them gatekeeping what everyone else can do.

This is how macOS works, without a signature they will tell you they can't guarantee it doesn't have malware and you need to go to settings and choose to run anyway (and most people don't even know about it).

Microsoft would love to do that too, but it just has too much of legacy software to introduce such a major hurdle.

I rely on an open source app called xDrip to manage my diabetes. It's way way way better than any of the official apps. It's not distributed on the app stores for obvious reasons. Many others rely on this app as well. Are we cooked?

It's starting to look like I may end up with two phones. One with Lineage and most of my apps, hopefully, and another one with Play Protect which hopefully will be just my bank app. Google has become way too powerful and is encroaching step by step on our freedom, it's terrible. Tt's been going on for a long time. It's the IT equivalant of authoritarianism!!

What would happen to projects like F-Droid, Termux, etc.?

A little reminder about the GNU definition of free software and the four freedoms:

https://www.gnu.org/philosophy/free-sw.html#four-freedoms

Quote below:

The four essential freedoms

A program is free software if the program's users have the four essential freedoms: [1]

    The freedom to run the program as you wish, for any purpose (freedom 0).
    The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
    The freedom to redistribute copies so you can help others (freedom 2).
    The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

So where do we complain? (Aside from shaming Google on social media or writing to politicians.)

If I look through Google's contact links, it's all oriented around getting help with a problem rather than letting them know I'm going to move to something else if they go through with this. (And yes, even if Apple has the same types of restrictions on app store, if a more open alternative OS didn't work out for me, I'd move to them to punish the one dropping freedom of use.)

> The requirement will go into effect in September 2026 for users in Brazil, Indonesia, Singapore, and Thailand. Google notes how these countries have been “specifically impacted by these forms of fraudulent app scams.” Verification will then apply globally from 2027 onwards.

At least most of the world has until 2027 to install LineageOS or GrapheneOS.

Yeah... They just want to ban NewPipe. It's sad to see Android getting locked down, also with the source closing of the development branches, etc. I can as well buy Apple then, it doesn't matter anymore.

Time to donate to GrapheneOS[1] and alternatives[2]. Or contribute [3].

[1] https://grapheneos.org/donate

[2] https://members.calyxinstitute.org/donate

[3] https://grapheneos.org/hiring

Well, I guess I didn't want to use half of the apps on my phone anyway. Might as well throw the phone in the bin.

Stallman warned us.

https://www.gnu.org/philosophy/right-to-read.en.html

The only silver lining I see is if it allows you to bypass this by enabling dev mode on your phone. If you can't sideload unverified apps even in dev mode, that would be insanely bad.

IF that is the case, I'm actually willing to be slightly inclined to see this as a positive? We should normalize installing apps outside of Google Play, but that means malware becomes a serious issue with people downloading and installing random APKs.

e.g., this may normalize people hosting downloadable APKs whilst also reducing malware risk for "normies", which idealistically could weaken the "monopoly" of Google Play on android.

The problem is that Google is the gatekeeper.

This has the potential to be disastrous for Google, but maybe not.

Personally: I don't use Apple because I like being able to whip together little apps to side-load without having to check in with a walled-garden mothership. If Google is going to move closer to Apple in that regard... Apple's UX ecosystem is better, so I have far fewer reason to keep using Android.

So what's the solution? What's the reaction of semiofficial Android forks? Should we switch to Huawei now? Should we then have two phones? One with Android fork and one with some other "official" OS?

This was probably the reason Nokia died. Symbian development, already cumbersome and app deployment required some such procedure. I remember there was an joint effort in a china based forum and many of us got a cert and a key for our phones. I was reading Nokia obituaries from its executives and the sorry state of Symbian development and app deployment was not considered as a cause. So here it, is young executives repeating a simplistic and destructive strategy. ibm, xerox, nokia and intel will be very proud.

There is a guy with beard that people love to hate that warned about this kind of thing.

Of course people called him a paranoid and lunatic extremist, but in the end he was right and we are f*cked

Hopefully this increases the communal pressure to find a real alternative to android.

Everybody DEMANDS Google "do something" about malware, scam and fake apps. So it does.

For an average Joe and Jane, who gets their money stolen, that's a good move. They don't care about technology, they just want their bank, instagram, cat pictures and video calls to work and not get scammed. They are often lured into installing scamware through exactly sideloading APK, completely unaware of the risks.

In the article there's this comment:

> I'm struggling to see the benefit of this new policy. While it's presented as a security measure, the requirement to fill out these forms seems like a trivial barrier for actual malware creators, who will easily abuse the system.

Every scammer will have a different code signing certificate which you can then block if they spread malware. Right now it's a huge mass of scammers and malware authors indistinguishable from each other. And Google could possibly block them all which would also block legitimate applications (now that would spark outrage). Thanks to the new policy it'll be easy to add a single cert to the blocklist.

If you want absolute freedom on your device, just install a different Android - for example Graphene, Lineage, /e/OS, or Calix. They are all Android too.

It's so fashionable these days to go after Google.

Thanks Google.

Google to make sideloading Android apps _harder_ by _force_ verifying developer identity for 25$ and bunch of legal documents.

This is crazy, this means 10 years from now only terrorists will distribute software. Unacceptable! How many platforms now allow one to build and distribute a binary?

The new face of Embrace, Extend, Extinguish.

Will it be possible to bypass this limitation for users with rooted devices? If that were the case then I guess that would add more weight to companies who provide firmware and OEM unlocking for android devices: https://github.com/melontini/bootloader-unlock-wall-of-shame

This is dangerous, they are trying to prevent people from creating apps that don't support their narrative.

The attempts to roll out digital ID are similar to the perennial efforts to backdoor encryption. When one push fails, the proponents regroup and formulate a new approach. The recent successes with "age verification" have encouraged digital ID proponents. Expect further encroachments, scaremongering and trial balloons.

Natural incentives exist for tech majors to capture this space.

There's an Android app called GPSLogger.[1] It does exactly what it says on the tin. Runners use it to track their own progress. Photographers use it to geotag their own photos.

The thing is, GPS access as a permission is a bit scary. You could imagine some dubious uses for it. Moreover, you could imagine some such dubious uses creating a public relations nightmare for Google. So, Google just forces them out of the Play Store. (Technically, it's a routine renewal, but the GPS permission causes them extra scrutiny, to the point where the author burned out and gave up.[2])

Do we expect that this author should, or for that matter will, give their identity to Google after this? Or is GPSLogger just dead after this change lands?

[1]: https://gpslogger.app/ [2]: https://github.com/mendhak/gpslogger/issues/849

Please consider using GrapheneOS. If it gets more momentum and users it's the only option pushing back at these tactics.

Welp, I was euphemistically already not a fan of the developer experience for Android, now it's straight dead to me.

No reason to ever touch another day of Kotlin.

Come to think of it, why am I even on Android now as a user?

Sep.2026: "The requirement goes into effect in Brazil, Indonesia, Singapore, and Thailand. At this point, any app installed on a certified device in these regions must be registered by a verified developer."

Any hint why those countries first?

Is it a local law there driving this whole move? Is a critical mass of malware originating from there?

I think time quickly approaches when everyone will have one mobile phone for "banking/crypto" and the other for everything else.

Samsung used to have a very cool feature on their phones (perhaps they still do, I switched away from the galaxy line). It was called Knox and was basically containers for your apps.

Unfortunately it was limited to only one secure container. What I did was I had all my secure apps outside the container. And insecure inside. I had a fake address book that had only one phone number in "My Knox" and any app I installed there I could give all the file and address book permissions it wanted. As I knew it could only see what is inside.

That is what we need, but better. I never tried Graphene, but I wouldn't be surprised if there was such a feature thre already. It's kind of obvious.

Time to move to a dumb phone, I guess. Android is slowly becoming worst of both worlds, none of the privacy features of iOS yet walls of the garden keeps getting higher.

Does this break F-Droid?

That's not a good move at all.

The details are paramount, and they are missing here.

Some of us code our .APK, then do an `adb install`.

This already requires enabling a system flag ("developer mode -> allow etc.").

It only makes sense that a similar flag would allow to install whatever we want (especially and in particular, our own software).

Well that sucks. So basically all the money weve had taken from us for our play store apps is now "just" going to be spent on administering the registration details of 800 million chinese developers and 6 billion bot accounts.

Whose smart idea was that.

The device maker controlling an app store made no sense always. Its like saying the browser maker controls what websites you can visit. We have so many efforts at keeping the web open, shouldn't we apply that to all platforms?

I think they got emboldened by EU's impotent response to Apple's Digital Markets Act (DMA) violations.

Regardless, this is extremely bad news.

> Since we implemented verification requirements on Google Play in 2023, we have seen firsthand how helpful developer identification is in stopping bad actors from exploiting anonymity to distribute malware, commit financial fraud, and steal sensitive data.

This is truly some orwellian newspeak bull-shit.

For those who don't know, Google Play verification ensures critical apps like banking apps DO NOT WORK in privacy-focused ungoogled ROMs like LineageOS, unless you install the usual google spyware at the OS level. Basically soft-requiring you to buy into the duopoly.

Hmm this is weird. I've recently been considering switch back to Android because of how locked down ios is and it sounds like Google's now gonna do the same thing? Will there be a way to deactivate this?

Everytime i read a news like this i loose more hope for our world to not end up a Cyberpunk Dystopia. Like what am i supposed to do. I am just one man. One vote, one guy who isnt even to good at coding.

One step closer to The Right to Read: https://www.gnu.org/philosophy/right-to-read.html

This is just an extension of the increasing censorship and government / BigTech control that we have been witnessing in the past few years, with Google seeking the ability to prevent installation of any apps that is on a blocklist controlled by the government. And, like with the iDevices, this will also kill many free independent and open source apps once developers are forced to pay for "developer verification". "Free" apps are an anathema to the App Store business model.

My device, i want to install whatever i want.

If for safety, make it an opt-out feature, so the ones who know what they're doing can disable it.

Mandatory locking down is not for safety but for corporate control.

Why even run Android at that point anymore? iOS devices get security updates for longer and have much less data collection than stock Android.

GrapheneOS won't survive the next generation of devices because bootloader unlocking will also go away (https://news.ycombinator.com/item?id=44765939), and without kernel security updates that OS can't continue.

Now there's also no more sideloading, so what purpose does Android even serve anymore?

If you think about it, the only thing that keeps this OS vendor in this duopolistic position is the fact that people rely on a certain proprietary apps. We need ways to do things like messaging and banking in a universal way, just like we can do with email, calls, texts and web. Banking and messaging should be fully universal so we don't rely on specific apps only available on specific app stores. That would take all power away from this satanic US companies!!!

Here's my prediction: Sideloading will become slightly more popular. Google will not disable sideloading or make it significantly more difficult. Alternative APK stores will flourish. Banks and streaming sites will try to block people from connecting from devices with sideloading enabled, but they are slow and people will find workarounds faster. ISPs will not block devices with sideloading enabled. Governments will not ban sideloading.

Would be the best time for China to come out with a fully open source OS as competition.

So "certified" Android devices are phasing out side loading, making Google Play the only way to install an app. This is the norm on iOS, right? And in many jurisdictions, from Russia to Denmark, there is an actively hostile, and rapid, legislative push to prevent or criminalize using E2E messaging apps like Signal.

How long is it until we see countries pushing to just delist Telegram, Signal, etc from the app stores?

Android is dead. With fascism now in power in the US I was going to save myself by degoogling my life anyway. This is the nail in Android's coffin for me.

Time for Linux phones with Android emulation

A fellow developer started a petition to stop Google from limiting app installation on Android devices unless developers provide personal identity documents.

Even though Google has not revoked similar controversial policies in the past, we do our best as much as we can. This change particularly threatens the freedom to build, share, and use software without giving away sensitive personal information. It affects independent developers, FOSS contributors, and even regular users who want to install apps outside of Google Play.

"Just imagine giving sensitive personal, government-issued ID to a corporation to install an app outside Google Play"

Let’s stand together to protect our freedom to create and use software without handing over personal information to a corporation. Every signature, share, and voice counts here

Support the petition here: https://chng.it/tyHZjstxWQ

Gotta love when the megacorp steps in to "help".

The are apk's floating around from the Ice Cream Sundae days where the developer went out of business and is no longer on Play Store and this is literally the only way to run the app.

I have a Concept2 rower with the old PM3 monitor which is no longer supported by their ErgData app and the only way to connect my phone to my rower is by sideloading the ancient version of the app that supports it. So that's going to break now?

Software developer used to be one of the most 'free' professions. But now you need a stamp of approval from some corporation to get through the day, even if you are nominally independent. And woe to you if they should ever revoke your license to feed yourself. Because 'verified developer' is just another way to say 'not a threat to Google or Google's corporate image'.

Well, there are two options now: Linux phones and forking/deGoogling Android. I still believe the second is far more viable. There never was much reason to do all the work twice when there's sufficiently well licensed source around, and much of the app/phone compatibility is built-in. Maybe it's time I give a chance to /e/ OS or something of the like...

One can only hope a company like Framework, Nothing, or Fairphone actually can produce and maintain some flagship devices running GrapheneOS or similar. The only reason I have been using Android is because of the freedom I have in my apps, customization, alternative app stores,... I hope the EU fights this with all their might. It also seems like a major geopolitical risk too.

These people. I don't have words.

I'm getting ready to give up on smartphones altogether. I used to think that surely a sufficiently open phone would come along, and that you could then just run a sandboxed Android emulator on that for whenever you needed some proprietary apps where society has stupidly decided you need them. But that also seems to be getting progressively harder.

So maybe I just give up on actually using a phone for much. Has anyone tried living with cheap Android or iPhone as a source of connectivity and making phone calls, perhaps with the odd app you just can't get through daily life without (see above), and then move everything where privacy and control actually matter the most to a small "pocket computer" that connects to the internet through a connection shared by the cheap phone? Are there any sufficiently compact and nice such devices? Surely they're easier to produce when you don't require a phone baseband and all the things that are needed for Google to certify it as an Android phone?

Thoughts?

Juggling between Maemo and iOS back in the day I always thought it was so wild that I later years people thought of Android as the open alternative.

Considering that Android 5 devices are still alive and well, it will take another 10 years for google to catch up. Hoping in that time Linux based true open source mobile operating systems will make some headway. Another alternative might be PWAs (progressive web apps), that one can "install" on your homescreen, but they could be axed next.

I really need the more open Linux tablet and phone makers to hurry up.

From the article:

  In Brazil, the Brazilian Federation of Banks (FEBRABAN) sees it as a “significant advancement in protecting users and encouraging accountability.”

Why is this story not on the front page any more? It has the most points and the most important issue at the moment.

Dick move. Go back to "do no evil" big G. Remember how you used to be the kool kid on the block? Now you've just become the grown up you showed contempt for in your prime time.

I doubt I'll move away from Android too soon, but that definitely makes me reconsider whether any Google services have a right to CPU time on my device.

Sorry, folks, the good times are over. The future of computing is a signed, attested chain of trust from boot firmware through application code, on all platforms people are likely to use -- and remote attestation with user identification if you wish to connect to the network. End users love it because it prevents or reduces all sorts of malicious activity, from bank fraud down to online game cheating, with little to no effort on their part; platform vendors love it because it provides a moat; service providers (banks and such) love it for the assurance that their clients are uncompromised; and governments love it because it lets them surveil users and developers.

The only ones who hate it are devs. And who really cares about a bunch of nerds?

Remember, general purpose computing really boils down in security terms to "arbitrary code execution" -- a bad thing in the infosec field.

This is a result of the current tech being filled with dark design patterns. Tech is designed to be addictive, indispensable, indisputable, mandatory. And at the same time complex, hard, difficult, risky.

We are so used to tech as it is that it is simple to force these bad decisions for the greater good. Because everyone is sure there is no alternative. There’s no other way to design tech, it will always be so complex and powerful that gov and corps can onesidedly decide what is best for the rest of the world.

This might be an area where local AI excels, when ready. No apps. No sharing of personal data. One AI capable of doing what most software does, on the fly, without relying on others to decide what is ok. Remains to be solved who can create and distribute this local AI and whether hardware will be allowed to run “untrusted” AI…

This is disheartening.

I feel as an Android user, you've always had to put up with a more incoherent overall experience compared to iOS but received some additional freedom in return.

In recent years, Google has been steadily eroding their end of the bargain.

I wonder where that will leave them in the long term. Short term, I think restricting side loading will reduce piracy and drive sales of their subscriptions. Long term though, I wonder what will set Android devices apart from iOS for the average user, apart from being offered at different price points.

It feels they're playing themselves into a position where they're more directly competing with Apple, ultimately restricting themselves to lower price devices and lower margin sales. As far as walled gardens go, I personally prefer Apple's and I assume most people do.

This is why OS is so important for LLMs and the AI ecosystem in general.

Its also why we should not trust large AI corporations that appoint themselves as stewards of "AI safety". If a company that once had the slogan "don't be evil" can do this, so can all the frontier labs

Never, I'll stick to LineageOS till it ceases to exist.. then I'll just buy a dumbphone, f... Google!

This will also open the door for targeting you specifically with spyware if software can only be installed from the Play store.

If you are logged in with a Google account that the government doesn't approve of or not signed into an account at all, you may receive a modified app that spies on you.

One of the reasons I switched to Android was the freedom to make apks for my phone and not dealing with certificates, expiry dates, Google's approval, etc.

This is a depressing change if they follow through with this.

And "in the name of security" doesn't pass the smell test if there is no way to opt out.

It is telling that they have not yet released the process for hobbyists and students. While it is clearly just an evil move, in praxis for tech people this could mean just the extra hurdle of signing an APK with your own developer account: I could see a workflow on top of Fdroid (which also just could become a developer and use their keys for all FOSS apps). But I am guessing those evil geniuses will find a way to make it harder and harder. In the end it is not Google that can make the change but rather banks and streaming services that could accept alternative attestations from e.g. graphene, e/OS or eventually also lineage. Problem is the distribution of power, that won't change with out legislators pushing (see in app payment)

> To combat malware and financial scams, Google

Not 75%, not 80% and not 90% but literal 100% of adds YouTube served me for a week were financial scams. It sounds to me the quickest way to fight it, is to make ad publishers finally take responsibility for taking part in crime.

Disgusting, horrifying, but utterly predictable. A dark day indeed, once no major mobile platform allows running whatever code you wish. Sideloading isn't really sideloading if the app has to be signed by the gatekeeper.

Isn't this a death knell for F-Droid, at least for running on most hardware? Since they require their own builds/attestation?

The Overton Window for computing keeps inching towards gatekeepers having total control over devices. I can't help but imagine myself lurching along on the last somewhat open hardware I can cobble together in a couple of decades, because I refuse to drink the verification can to continue...

"A recent analysis by the company found that there are “over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.”

Ok, but what's the real damage? In other words, how many installs and how much money siphoned from users and legit apps?

So that's how they kill newpipe.

If this goes through, would it be possible to see a consumer class-action lawsuit? I imagine there is a class of people for whom the sideloading of apps is necessary and removing it renders their phone almost useless. I'd also guess that this market is much larger than Google imagines.

Personally, if I'm not allowed to run the software that I want on my phone, it almost makes more sense for me to get some old flip phone or one of those chinese blackberry knockoffs c.a. 2012. Not out of any principled stance, mind you, it's just that's the level of functionality you'd be reducing me to. Why should I pay $500 when I can find something that gives me the same features on a literal junk pile?

Well, when that happens it is finally goodbye to Android from me. I am switching to iOS that day.

Remind me why we keep using smart phones? They feel like a noose around our collective necks.

Can Google do something like this for entities wishing to advertise on their platform?

It feels as if that would provide far more of a public service than this... whatever this is.

Are there stats on whether more malware and financial scams come from installed apps or from advertising?

The further into this corporatized "vision" of technology we go, the more I relate the elves in LoTR who basically said "our time is over" and then just leave Middle Earth.

There is no turning back. Generations of developers will grow up thinking every form of communication and technology by virtue of existing needs a corporate groundskeeper. Government identification will be required for most things.

I don't really blame the companies, though. Unfortunately, it actually is the best means to keep a society of the masses functioning more safely online. What makes it all the more sour is that the very idea that things could be different is eroding away, too.

This is what Apple already does, isn't it? Why wouldn't it work for Google too?

Apple and Google are now competing on being more closed, rather than on being more open. Perhaps because we gave Apple a free pass on curbing our freedoms, and even defended its actions as needed for 'security'

It was only a matter of time. The run lasted a good while.

I'm not going to submit to this crap. I'm sick of it. Nor I am going to IOS. It'll be a Linux phone for me or a dumbphone with tethering and a laptop.

Google (and Apple) want to turn the idea of a phone and computer into that of a gaming console. You use the device according to how they design it, apps are rented, the whole ecosystem is around controlling the experience and maximizing revenue from sites and services. Microsoft seems to be moving in this direction as well (but cannot quite execute for a variety of reasons.. legacy support being one)

Linux really is the only way to have an experience where the computer is your device to do what you want to do with it.

I saw this coming a mile away. Everyone said you could install whatever you wanted on Android, but you were always jumping through some crazy hoops to do so. (compared to a general propose computer)

Things done 'for the sake of security' often conflict with a vast majority of good actors that benefit from the so called 'threat'.

In general this is a backwards step for the ecosystem.

These companies need to be destroyed by antitrust violations. I am so tired of these tech companies abusing their market position. I want the FTC to stop being toothless and useless and just absolutely crush these companies. The amount of disdain I have for these companies can't even be properly expressed.

We have to find a way to punish Google if they move forward with this. We need the Gemini folks to be worried that this distraction will jeopardize their competitiveness in AI.

Android is getting more closed and iOS more open, I expect more people dissatisfied from both camps. We’ll have less choice overall as they gravitate towards a common middle ground.

Most Android apps are crapware anyways. The only respectful apps that I know are open-source, and are being kicked out the of play store progressively.

I'm cancelling my Pixel 10 preorder.

I have a horror thought: "We cannot validate your identity as you are of the wrong nationality; therefore, you are not allowed to publish any Android apps."

>Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices.

It's annoying combined with them making that much harder to be a verified developer. I had an android dev account for years and published an app when it was $20 for life but now there's a bunch of hassle involved. If they had the old $20 and upload your passport to prove id it wouldn't be so bad.

The D-U-N-S requirement is the real killer here. It's a business identifier that costs money and requires a registered business entity. Even with the promised 'student/hobbyist' path, this fundamentally changes Android from a platform where anyone can distribute software to one where Google decides who's allowed to code. They're further normalizing the idea that installing software requires permission.

Holy shit, going to the official page[1], there's something that is somehow even worse than the loss of freedom:

"You'll need to prove you own your apps by providing your app package name and app signing keys."

That is capital-I Insane.

[1] https://developer.android.com/developer-verification

I don't think EU will be OK with that. Not because they care so much about user privacy, because they don't, but because they won't let citizens get tied into US-controlled devices for most critical stuff, like banking, healthcare, eGovernment, etc.

And I do get that Apple does that already, but once Google goes same way, they EU will be forced to acknowledge the status quo.

Somehow I can run a webserver and anyone can browse it but if I make an app I need a DUNS number? What year is it?

Couldn't the CA system, for all its problems, suffice?

Now and then I remember this Hyperion book by Dan Simmons where everyone had a cross-like gadget glued to their chests, controlled by a TechnoCore - a civilization of AIs, which enabled people to cast themselves through space portals. As the story unfolds, this cross-like (very nice choice) gadget is revealed to essentially enslaving them.

The story unfolds in 28th century, but it all seems have started in the 21st one.

That's it! I'm out! Had every pixel from the beginning but I think I'm going Iphone so at least people will quit making fun of me.

The desire for people to keep using their currently working devices just got much bigger, and yet another good reason to root.

The infamous Franklin quote always comes to mind when I see things like this happening. Choose freedom over security while you still can, or you'll soon not even have the freedom to choose.

It's also worth reading Stallman's "Right to Read" again, to see how scarily prescient he was.

You will soon be viewed as a criminal if you run a custom ROM / flavour of Android.

What the fuck is happening to computing and our personal devices.

This means even more influence to Chinese phone makers which don't bother themselves with compliance to Google's platform ideas

They cannot solve all problems but thank God we have Progressive Web Apps; long-term, I guess there needs to Android-like alternative

Of course they will. It started with Play Integrity and hardware remote attestation. Soon Android will be nothing but a shittier version of iOS.

I use linux on nearly all my PCs / servers. I do think about moving my phone to more open platform (fairphone, or rooting phone), but I don't like phones in principle, so I do not install stuff there. I do not do things on phone.

I have my apps as web pages, so I access them from phone web browser. I do not care about phone apps that much.

I use fdroid for calendar, gallery, and music though.

How does this impact security researchers? Or just student developers or tinkerers? This all seem like bad idea.

I would imagine security researcher could be registered developer but I could also see autobans if that is a thing to their accounts making life complicated.

Also some folks just being locked out of the due to government censorship etc..

Source: https://android-developers.googleblog.com/2025/08/elevating-... (https://news.ycombinator.com/item?id=45016602)

The problem here is that the EU, which would normally be the only hope to put a stop to bullshit like this, seems to like this.

While I like to jump on the Google bash train as much as anyone, this is to comply with EU laws.

Apple implemented a similar change for the EU App Store earlier this year to comply with the Digital Services Act (DSA), a regulation that now requires app developers to provide their “trader status” to submit new apps or app updates for distribution.

This truly sucks, since in this day and age we need unmodified phones for banking apps (and I think for oncall my company requires Android/iOS as well). I guess this will be the final push for me to change to iOS, since I already have a bunch of Apple stuff otherwise, and I was holding out on the phone side for this exact feature.

Will this affect GrapheneOS users who have Play Protect / Services disabled? Wondering how they intend to do the verification.

This reminds me of Microsoft's Project Palladium, 20 years ago. This was the ancestor of TPMs and trusted computing in general embedded in the CPU.

It used to be a huge scandal because people (rightly) feared that it would enable Microsoft to have a say on what can be executed or not, or only allow DRM protected content to play.

Next is your ID card to contribute to FLOSS projects, not like they thought about it to "secure the supply chain".

> This requirement applies to “certified Android devices” that have Play Protect and are preloaded with Google apps.

I would be fine, if it was mandatory for Android manufacturers to allow installing alternative OSes. Normies could benefit from the added security on their certified Android device, and advanced users could install GrapheneOS.

terrible news. i dont like it a bit. wth are they doing? i know all they care about is money but this is bad for everyone.

Well this is me moving to E/OS full time.

We are in an age that being screwed by the Giant Techs is inevitable and there is pretty nothing much we can do.

My favourite part of this thread is that the Google pr team know it's bad and aren't even attempting the usual spin in the comments. I guess they're waiting for it to blow over and just work on the "it's here and it's happening" stage

It would be really nice if all you people with deep insight into this issue would inform politicians of the unacceptable nature of things like this. - Submitted FTC and FCC complaints. Likely does no good but going silently into the night isn't going to to fix anything either.

I've been saying in threads on iOS vs Android for years how we're lucky the only other phone OS out there allows sideloading, and the nightmare we'd be living in if it didn't.

Guess we've arrived, I wish people voted with their wallets more, iOS could have added this a decade ago.

Will this be what finally leads to the success of a fully open-source Android fork such as CalyxOS or GrapheneOS?

undefined

They want to stop adblocking YouTube apps

Are there any competing phone OS'es still around? Maybe there is something in China I dont have a view on?

If I have to be in handcuffs, I would rather them be high-quality hardware like Apple. So far, the only two things that have held me away from the Apple ecosystem are Linux and Android and the flexibility they offer. Seems like we are just left with Linux now. A very sad day.

For example Telegram they have two app versions one in playstore where google can dictate what channels are allowed and one on their website where google can't force them to take down channels, so now Google will need to approve Telegram second app to be installed on Android?

This seems equivalent to Notarization on macOS. https://developer.apple.com/documentation/security/notarizin...

Potentially stupid question, how will android developers load their apps onto their devices to debug? Will they just have to be verified beforehand? Or is there still a path to installing APKs through ADB and/or Android Studio?

Play Integrity and device attestation need their own torrent-tracker moment, just like DRM did.

GrapheneOS says they won't touch it because it's a cat-and-mouse game. I think that's the wrong call. DRM was the same, yet torrent trackers are still here.

undefined

This would affect a lot apps that are not on the Play Store for multiple reasons... and if I'm going to be stuck with what Google thinks I should be allowed to use, then why not use iOS instead? At least software updates would be better and the overall experience more polished.

I have been preparing myself psychologically for this for a long time. I will have to carry a shitty Google phone for anything that requires access to apps, and a proper Linux phone for my own use like browsing and reading/watching videos/listening to music.

This is why I started investing in alternative Linux based solution providers in the smartphone market years ago. It was not if but when Google would take this path.

The only way I want to engage with Google is when it cost them money. I will not give them a penny directly.

Anyone else remembers “don’t be evil”?

The page about developer verification (announcement link 2 in the root post) says that there will be a separate type of account for "student and hobbyist developers". Why? What prevents students and hobbyists from using the regular type of account?

I'm waiting for this with chromium too. Microsoft Edge most removed uBlock Origin on me today.

undefined

What does it mean to app developers like me? if I want to create an app, in however shape and form and want to run the apk from the adb files... I can't do that? What? Then how do I tinker and learn? My app, I would like it to run regardless!

Any developer working on this ought to be ostracised, divorced and shunned by their family.

Wouldn't developers be the most powerful protesters?

Stop making or maintaining Android apps. Make apps warn users about upcoming changes and why they'll lose access to the apps they love. Decrease Google's ecosystem appeal. Money is king.

It seems that it was only about time… it just feels like the pace of enshittification with big tech being able to get away with anything is crazy!

I’m hoping that projects like Precursor can take off because we’ve buried ourselves in such mountain of complexity that seems like only a billion/trillion dollar big tech company can make an OS.

But then again, some body called BS on browsers and we might have a good option soon in Ladybug!

https://www.crowdsupply.com/sutajio-kosagi/precursor

first they avoided publishing drivers (makers), then gutted unlocking bootloader, and now this...

can we like... regulate the ** out of makers to force them to make bootloader unlocked & provide drivers (for linux) for their devices?

When I switched from Android to iOS, this was one of the things I missed a lot: the ability to write my own app and side load it on my phone. Even more so with the advent of LLM. Oh well, now I don't have to worry about that.

as a general philosophy, anything that I can do on the Web I do it using a browser. The less apps I have the better.

And to those, many here, who "but web apps are ugly, native feels better": you are contributing to all of this.

The day this happens is the day I stop using "certified Android devices."

Fuck google.

This combined with the 'age verification' coming to all Google properties means it is a very small step from that new world to full Google verification of everything you visit and everything on your device, at any time, for any reason with the penalty being incontestable ban from your device, apps and data.

Get ready for facebook style 'we are interrupting you for a video selfie because we have detected you are a threat' across all google properties (Android, Chrome, Gmail, Maps...).

Move to linux phones, now.

> Google wants to combat “convincing fake apps” and make it harder for repeat “malicious actors to quickly distribute another harmful app after we take the first one down

When will they go against malicious ads in apps?

I wonder if this was hastened by groups like DJI, who are too popular to be bound by a silly app store and chose instead to give their users sketchy side-loading instructions for their apps.

Fuck google for this. Awful decision. Guaranteed to be abused when Google or government despots decide that certain apps (or developers) aren't aligned with their interests.

Feeling very frustrated with the way the internet is going lately. This plus OSA + chat control. And compounded by the imperative for AI companies to keep hoovering up any and all data they can get their hands on, wiring it into "agentic" workflows and such.

How does this affect installing an APK to an offline device?

Will there be a local override?

Nobody will do anything about it and things will continue to get worse.

Some cross platform iOS/Android apps I use have been retired or discontinued because of this ruling. Devs don't want to open themselves up to legal, bullying, harassment, etc.

undefined

"Monopolies" gonna monopolize, all for our safety, of course

Glad I still have time to cancel my Pixel 10 preorder. Fuck google

So, now there will be a single kill switch where a malicious government can legally compel Google to annihilate apps not of their liking.

I find it hard to state how contemptible this is. How stupid. Everyone who worked on this has blood on their hands.

I think the push for verified developers is a double-edged sword. I got into this space, precisely because of how easy it was for me with my pentium computer a decade ago.

So for our non public company apps I will now have to verify? What.

Great. I suspect this will push more developers to publish web apps.

It's only a question of time till DMCA takedowns will be abused to being down every app which remotely competes with any business model.

This invalidates so many reasons to still use android.

Tech like f-droid will be important for the future of free Android

This isn't a big deal to me because I hate smartphones and do everything on PC anyways. The real problem for me is Microsoft, I guess we're stuck with Linux now

Oh how I wish I could buy a Nokia N900 16 Pro Max and use Maemo 13

Is that after the top execs join the US Army? [0]

0: https://news.ycombinator.com/item?id=44330155

https://www.gnu.org/philosophy/right-to-read.en.html

Maybe we need phone sized open source computers.

The only saving grace is you can always import a Chinese phone without the play store at all, and then you can install what you want.

I see opportunity for a Google "certified/verified" Android phone with mediocre CPU, average screen (4.5-5") and 15000mAh battery.

This is the singular reason why I moved to Android in the first place. I want to install whatever APK I want without anyone having a say on my device.

I'd wager there will be a buried setting to manually enable specific apps along with a warning. Like how macOS does it now by blocking unsigned apps.

I think it would be ok if it was not for the fact that Google will most likely abuse it for other purposes like locking out indie developers even more.

While my confidence is usually pretty low with random repos, I am fairly sure there are more malware on the playstore than there are as .apk on github.

There's a huge modding scene out there, people who modify APK's to strip them of bad features, make them leaner, etc.

Looks like Google wants to kill it too.

I know Android apps are already in a pretty tight security environment. Perhaps they could put unsigned side-loaded apps in an actual container.

With Chat Control and similar measures on the way, we are one step closer to your hardware actively working against your interests with no way out.

As much as people are making this out to be a Google thing, I think this is more about the security requirements many countries are imposing.

I see how this is developing. First going more or less close source and then reeling in the freedom - they are not going so much Microsoft but Apple.

So Google won't even offer a system toggle to let users install an app they've made or copied?

Google don't even expose a per-app toggle for app Internet access, why am I surprised?

This is disgusting.

Freedom died a little bit more today.

Why is end-user choice and consent not considered?

It's really disturbing that the EU and Google would do this.

I can't recommend Android or iPhone because of this nonsense.

Relevant as always: https://youtu.be/ntICHMV-WMA?t=38

I pin a webapp to my homescreen, open it and pay without any issues. Aren't webapps the way around this, and pretty common already?

My son uses an android phone as a medical device with apps that are either downloaded or compiled. Hopefully this won't touch lineageOs

I'm surprised so many people would be impacted by this. Why bet your livelihood on a corporate sponsored, second class ecosystem?

Okay so that removes the last reason to use Android.

This is just another 'it's only about money' move from Google. Only Google approved apps means monetised apps. Monetised means Google gets it's cut. Google gets richer. More in-app purchases, more ads, more money for Google

Customers? Eh. What? Huh? Who cares

There goes the dream of ai allowing normal people to develop cool stuff. Talk about 'big company' stifles the little man.

With more and more things like this, we need to back to making native apps on desktops and laptops where we as the users are in control.

The ability to sideload on Android is the main reason I've never bought an iPhone. This is a terrible move from Google.

>However, developers who appreciated the anonymity of alternative distribution methods will no longer have that option.

Don't be evil Google!

Pieces of shit.

I have several own-built apps which I use for different purposes only on my own devices.

Why the fuck should I become a verified developer just to use/install/update them?

I'm already pissed off enough by the fact that I must agree to let them upload and scan my app just to install/update it.

On the side, I'm even more sad because I feel like the open web can't be the alternative answer to locked down systems. It was the promise and the dream of the many of us years ago, but I'm disillusioned by now. And not only because Chrome and Webkit(on mobile) are a monopoly, but the web keeps failing its users with bad ux and less capapabilities than native. Even the most well crafted web app feels slow and clunky. Unpopular opinion: who makes web standards failed us and browsers independently implementing non-standard anti-user feature(e.g. manifest v3). I really dream of a stripped down browser that just expose some os native apis for making accessible human interfaces, we had flash and we hated it imo we need flash again

I'm not a fan of restricting sideloading. But i do hope they get better at not offering malware in the official PlayStore

I’m sick of half-measures around getting off iOS and Android. If you’re an open-source app developer building for Android, please reconsider and put some of that energy into Sailfish.

You have the power to help turn a passionate subset of people away from Android, and now is the best time to do it. Instead of scattering effort into a dozen fragmented experiments, let’s rally around the best bet we have right now: SailfishOS. I'm not at all affiliated with Sailfish, just someone pissed off and am trying to point folks at the most mature alternative out there. I know it has its problems. I know there's even better alternatives that even less people use but seriously, rather than fragment the frustration around android right now, please, just try to rally around a serious legit alternative. We might actually make meaningful change here but it needs focus.

Intro for developers: https://docs.sailfishos.org/Develop/

Getting started guide: https://sailfishos.org/wiki/SailfishOS

Let’s push for something truly independent

Blame Apple for this garbage. They have paved the way by trying to circumvent the DMA.

Hopefully the EU slaps everyone with massive fines for these obvious anticompetitive plays. Best case scenario would be an outride ban giving local companies space but I doubt this will happen given how spineless the current commission is.

Clearly for American companies to be tightening the noose like that quoting the approval of authoritarian countries, it means they’re starting to feel the fire. It’s hard to not see the obvious link with them losing against Epic here behind the usual security smoke screen.

Both Apple and Google should have been broken to pieces for their egregious anti competitive behaviour a long time ago anyway.

This means that for example I will not be able to side load Popcorn Time for Android [1] anymore?

[1] https://github.com/popcorn-official/popcorn-android

The Play Store is full of certified verified malware. How is this going to help? This is all about control...

Guess I'm getting an iPhone. If both are locked down, I may as well have the one that has a decent watch.

GOOGLE SHMOOGLE IM WITH PEWDS We have to rebuild and replace this entire stack NOW! It’s out of control!

Meanwhile, I suppose a big "rollback" will needed in EU for the DMA (Digital Markets Act)

That was one of the last reasons I had an android phone for.

Switch to Iphone now? Maybe the in crowd will like me now.

Phew! I was just about to get the new Pixel too, not going to now. I wonder if Samsung will be effected.

I'm curious what is going to happen to all those Chinese ROMs and third-party Chinese app stores.

Remind me again why we can't use HTTPS certificates to sign code that is linked with a domain?

Malware is just an excuse to kill of competition. This is textbook anti-competitive behaviour.

aside from the obvious power grab, the official announcement mentions that there were discussions about this move somewhere and they claim to receive positive feedback, can anyone point me to these discussions? I can't seem to find them anywhere

has anyone had to help any elderly relative with the million scams they've downloaded from google's app store? google does not give a shit about helping regular people avoid scams, it's all just bullshit.

not even to mention the h1b indian kickback stuff that's about to hit them. couldn't happen to a nicer company.

The day is coming when I just turn off my phone and leave it in a drawer 90% of the time.

I don't understand, when the EU announced that Apples "actually we need to sign all of these and pay us" requirement is illegal, Google was like "hold my beer"?

Break them up already, it's getting old.

You know how folks in the UK are cutting the surveillance cameras, what is the equivalent here?

OK, fine, but how will I build and launch an APK through android studio / flutter?

So I guess I'll need to make sure I get a device that isn't certified Android?

Anyone even remotely privacy or security conscious needs to vote with their wallet in protest and stop buying Android phones, otherwise it's only a matter of time 'til Google bans side-loading and it becomes impossible to buy a phone that can run any kind of anonymous or end-to-end encrypted communication software.

goodbye newpipe :(

This is a nightmare, i mean we cant put malware on our device now?

How will this affect GrapheneOS?

Guys, it's been over for a while now. And I mean decades... This is just one of the next steps in the path that's been laid out in front of us since the general population reached critical mass on the Internet and the ruling class (politicians, the media, corporations...) went all in on exploiting them for money and power. If we don't radically change the underpinnings of how the entire system works, we're in for much worse than this.

GrapheneOS.

undefined

undefined

This deplorable company has just condemned humanity's right to open computing. They sold themselves as open, smothered out all other open competitors, and then once they had complete dominance over the open phone market did this.

Even if Google backtracks now. Governments will latch on to this idea just like they have with client side content scanning. This will never go away. Thank you google you despicable pieces of shit.

What now? Where do we go from here?

I think there are some errors when trying, but it should be fixed soon.

I'm curious how this is gonna fly considering the DMA in the EU.

Great news which hopefully will shape the buyer away from monopolies.

If I wanted only apps signed by developers I'd use Playstore.

This is actually good if it hopefully paves way for breaking them up

Our only choice are 2 american companies, Google or Apple

Why did we let that happen?

I assume that this is Google's way of circumventing the DSA?

You can just disable Play Protect though, can't you?

How much is the verification going to cost?

If it's something simple like $100, that's not a big deal. That's on the order of what I'm looking at for my code signing certificates. It would be a an eminently reasonable business expense.

Google doesnt like competition when it comes to selling you out

Maybe it is time for a new entry into the Smartphone OS market?

I wonder, how hard is it to build an app on the phone from source?

Well I guess that's good bye Pixel and Android for me then.

Yeah if this goes ahead I'm going back to my feature phone

I don't get it. Does this stop me from sideloading apps?

wow that rather fast [https://ibb.co.com/8LF8qdxm]

I already got popup in dashboard this morning

What does this mean for projects like Grapheneos, or fdroid?

We really need a third alternative when it comes to mobile

This is the final nail in the coffin for personal computing

I hate to break the news to Google, but this will likely be ruled illegal. The relevant German news of the court ruling that makes requiring a Google Account to use Google Services illegal:

https://www.zdfheute.de/wirtschaft/unternehmen/gmx-google-pl...

Rechtsprechung (court decision of LG Mainz, 22.08.2025, 12 HK O 32/24), text isn't published yet as of today:

https://dejure.org/dienste/vernetzung/rechtsprechung?Gericht...

If you search for the Aktenzeichen ("12 HK O 32/34") you'll find other news sources that confirm this.

shameful

was a reason I bought Android. will they be sending me a refund?

Boooo. Fuck this noise! Might as well run iOS at this point, unless your use case needs Android only apps or workflows.

What a fucking joke.

What about webapps?

I see... I guess it's just... web apps then?

Just like force pushing Manifest v3 on Chrome/Chromium, this is a step towards 'more security', from mouthpieces of Google.

Note that 'security' here is only for Google itself, for users it's an utterly different thing, e.g., inconvenience, censorship, etc..

They are following apple

Its good and bad at the same time imho.

This eliminates the appeal of andoid over ios.

This doesn't seem to be going over well.

This aligns with their AOSP recent changes.

Could someone explain why the personal privacy of software developers is more important than the cybersecurity of consumers and nations please and thank you

does this kill F-droid? can you build apks outside of google play and sign them with Google Play CA?

Okay, so Android is dead to me then.

This isn't legal in the EU is it?

Google welcome to Apple 10 years ago

if we continue this direction, in a couple of years, a feature phone might be an excellent choice!

Another instalment of HN thread where people try their best to pretend that "security" does not come with "enforced, ideally at hardware level, inability to run random code" for 99% of phone users.

Here a tip: you won't solve the problem of security by just whining about corporate interests (which is a real concern) and NOT proposing a better solution that works for an average tech illiterate, very socially engineerable person trained to ignore every warning screen. And no root switch is not that solution because it will be flipped on day 1.

[flagged]

To everyone working at Big Tech: you should be ashamed of helping those oligarchs make their plans reality by working for them. Thanks to you, privacy, free computing and democracy will disappear.

So, FairPhone with a new OS then?

"To combat malware and financial scams"

What a horrible, terrible, depressing bag of lies that the anti-humanists keep getting away with saying with a straight face.

So Android is just iOS now.

Keep your phone. All you have to do is say no to digital for:

- money - tickets - identification

They cannot force everyone to own and buy a phone.

SteamOS. It's up to you.

Time for normalizing obtanium

This is another "beginning of the end." All eyes are on this situation and how much push back it gets. If there is little resistance, others will certainly follow suit.

Squeeze, Raban. Squeeze hard.

Smartphones are over for me.

From the announcement

> our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.

I will believe this when we stop seeing brazen malware in marquee app store apps, e.g. https://www.tracesecurity.com/blog/articles/meta-pixel-and-t...

Feels like Google is either following Apple's playbook from iPhone OS 1, or they're working together so they can argue this is standard practice in the industry... or something. Either way, no more Android gloating that they can install any app from anywhere any time without centralized approval. Not great. I'm an Apple fan, BUT I like having a fully open backup plan.

Imagine MS doing the same for Windows.

It’s sad that smartphones now hold so much personal and private data but aren’t really under the control of their users.

"Google to prevent users from installing programs on Android phones."

This might do more good than harm, since I'm willing to believe that scams involving APKs are prevalent, but come on. I need your permission to install software on my phone? Are you sure it isn't just that you want more control over everyone's phones?

This will be just another boost for de-googled phones, alternative platforms and potentially Mobile Linux.

The only reason why google phones became so popular was the fact that they were much less restrictive than iPhones. Thus the platform became the biggest phone platform in the world.

Now they are asking for a new start to arise and take their place.

Just going to leave this here for the canadians: https://competition-bureau.canada.ca/en/contact-competition-...

what a betrayal. I'm done with android.

It occurs to me this may have occurred in some way at the behest of the Trump administration, as a way in which to move towards controlling the apps installed on phones.

Extremely retarded. "Think of the children" all over again in the guise of "Think of the misinformation" when this is all just some kind of easy way to get rid of apps like newpipe.

This is a dangerous thing to do! This severely limits the freedom of the internet. At this point, we'd need a new "OS" like dhh did with Omarchy!

Google is really turning into a dystopian company, destroying any goodwill their virtuous employees created in the past. It feels like they are primed to be the main turnkey tyranny facilitators.

> Google is explicit today about how “developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer.”

« Développer will have freedom » yet they are entitled to Google’s verification.

It’s just another stone in the grave of Android and even though I shipped off this sinking ship 6 years ago to iOS, this is still concerning because ultimately apple’s IOS is in competition solely with Android.

If Android gets so bad it has all the disadvantage of iOS, some more, for instance with the embedded spyware that manufacturer are paid to include, and none of the good side of iOS, then everyone lose. Apple doesn’t have to compete anymore, they just have to not suck.

Absolutely disgusting. No reason to keep using Android then.

undefined

This phase from the last couple of years just had to come - and while it's painful to be exposed to it - it seems highly illogical for us to complain and cry about it.

- "Free" search - yay, let's all use it for everything and even make a verb out of it

- Email - such nice guys, Google - free email forever, what could go wrong if I have my 95% of all my info there

- Maps - yeah, let's all depend on these free Google maps with our lives

- Chrome - ofc, heck yes, let's all use their browser, it's the best and free - no need for anything else

- Google account login for EVERYTHING - so convenient! Google Authenticator app, Google Wallet - yes, more!

- Free mobile operating system - nice, take that, Apple!

Google has taken over a large portion of our lives, step by step - good enough services, on global scale, for free, until they became essential.

They are not evil, like they were never good - they are a company, and in the current socio-economic structure, that means having a duty to use their position to enrich their shareholders - and absolutely have no interest in people's wellbeing or morality or opinions or reputation - unless it temporarily serves to do so more / better.

I'm in no way trying to defend them. Just, with all the futility of it, pointing out how hyper-capitalism we've built/allowed to grow, has reached the stage where it's practically impossible for the "free market" to react / provide solutions that people want. Now the big players decide what people get.

In this case, you can no longer have a high quality phone of a good manufacturer and install on it what you want. Small manufacturer catering to that demographic won't get government certification, you can't have your e.g. Samsung and install a ROM anymore, and you can't install your app freely on Android unless Google lets you. That's all just in a tiny sliver of space.

Our Tetris board barely has any room left for choice and actions.

Imagine you develop a VPN app that specifically helps people evade government censorship.

Everyone can figure out what's going to happen next.

So much for people preaching Android as an alternative to Apple's walled garden. Enshittification advances apace.

Gives me another reason to use Custom ROM

Totally deserved with how pathetically complacent and uncurious our society has become. We had it coming.

Hopefully we get another EU action here soon, to put them back in their place.

And once again our only hope is Elon Musk bringing out a competing smartphone ecosystem that is actually open.

sidenote: xAI just opensource Grok 2.5 and will opensource Grok 3 in 6 months.

I can’t say I’m surprised; but I am disappointed.

What the hell is a verified developer lol

Additionally, this kills apps like Revanced, NewPipe, SmartTube that will now be required to give out ID to Google, surely that's something they really want to do. All Open source development is at threat, Google's absolute dogshit procedures already imposed for the play store now imposed to the entire ecosystem. All for a shitty system that breaks down to "registering package names". Cool then, guess it's time to typo squat on every variant of com.faceboook.app, because users definitely check the package name and not "oh the icon is right and so is the title".

More and more locked down devices, Android source releases only being published once a year, device drivers for reference devices disappearing, and now, verification of all your software for your "security". The war on general computing is well and truly on.

What the absolute fuck.

[dead]

[dead]

Sorry, we're getting rid of Revanced, Newpipe, Xmanager, etc. for your own good. Just like how Manifest v3 was for security. /s

[dead]

[dead]

[dead]

[dead]

Maybe its time to stop using an OS developed by an advertising company.

TL;DR If you're not using Linux by now, do yourself a favor and start. You could do worse than starting with Linux Mint or PopOS, but whatever you do, get ahead of the curve and transition to these user-friendly open sourced OSes. The alternative is far, far worse at the moment.

[dead]

[dead]

[dead]

Well time to make sure mobile Linux is accessible so the blind users aren't the only ones left when all the world switches to Linux /s

[dead]

Year of mobile Linux OS? /s

[dead]

[dead]

Maybe Elon Musk can save us /s

[flagged]

[flagged]

[flagged]

Everybody complaining of this is admitting they are doing nefarious actions. Those of us playing by the rules see no issue with this - In fact I welcome it!

Before quickly running to dismiss this move, please at least do your research with regards to the situation in the countries mentioned in the article, especially Singapore and Thailand.

Side-loaded malware has been an epidemic in SE Asia, and there are MILLIONS of dollars stolen (mostly from pensioners!) via side-loaded malware disguised as gambling apps - the local population is particularly suspectible to gambling, especially the older generations that are not so tech-savvy.

It's good they decided to do something about it.