Android won't kill sideloading after all, but new verification rules will make it harder

S

Skye Jacobs

Posts: 1,918   +58
Staff
The big picture: While Google maintains that identity verification will enhance security and trust across the platform, open-source communities remain concerned that even a softened version of the policy could stifle independent software distribution. For many developers, the scope of the new verification system will determine not only how Android oversight evolves but also how much control users ultimately retain over the software running on their own devices.

Google is revising its forthcoming Android developer verification program following criticism that the original plan would effectively shut down sideloading. The company has confirmed that it is developing an "advanced flow" to let experienced users install apps from unverified developers – a concession to open-source advocates and developers who warned that the requirement could undermine one of Android's core freedoms.

The verification policy, first announced in August, is part of a broader effort to link all Android app publishers to verifiable real-world identities. Developers distributing apps through the Play Store or any other channel will be required to provide a legal name, physical address, email address, and phone number – and, in some cases, submit proof of government-issued identification. That framework officially entered early access this week as part of Google's phased rollout.

The updated installation process is designed to maintain flexibility for technically proficient users while introducing safeguards to deter fraud and coercion. Google says the new workflow will include multiple warnings about the risks of unverified software, as well as mechanisms to protect users who might be tricked or pressured into sideloading malicious apps. By default, most Android users will still be guided toward verified sources and developers.

Sameer Samat, president of Android, said on X that verifying developer identities remains central to protecting the platform. He noted that feedback from students and "power users" helped shape Google's decision to introduce more flexible pathways within the plan.

To accommodate educational and noncommercial development, Google will introduce a new limited developer account type aimed at students and hobbyists. These accounts will not undergo full identity verification but will instead allow app installations on a restricted number of registered devices.

The company plans to gradually expand developer verification, beginning in 2026 across Brazil, Indonesia, Singapore, and Thailand, before rolling it out globally in 2027. Implementation details for the advanced user flow have not yet been finalized, and Google has invited feedback as development continues.

Permalink to story:

Android won't kill sideloading after all, but new verification rules will make it harder

 
Keep pushing! We are having an effect!

https://keepandroidopen.org

However; don't be fooled by these tactics. When facing serious enough resistance, Big Tech always announces a new "less evil" version of their ens***ification. That is how they test our resolve.

Keep up the pressure. It is working! Do not just passively complain and act like this is a foregone conclusion. Stand up for yourself! Now is the time!
 
  • Like
Reactions: Ephebus, TheBigT42, p51d007 and 2 others
Well then, seems like Android will hold onto those power users... for now...

Regulation can't come soon enough.
 
BbN48 said:
I'm guessing one of the verification rules is that the youtube alternative apps don't block their ads?
Click to expand...
I wouldn’t be pushed to those options if their ads didn’t just completely ruin the content to begin with. I WAS dealing with it, and then it became unwatchable.

I get they want me to subscribe, but I’m not going to. I’m plenty happy to watch an ad or two so long as it’s implementation is balanced and doesn’t disrupt the reason I’m there in the first place.

Interrupting video programming mid-stream is just anger-inducing—especially when it’s multiple times on a 5-minute video. Makes me pine for the days of cable TV and syndicated programming with planned commercial breaks.

Hrm…it’s really too bad none of this is utterly obvious. I mean, who knew UX is actually important. Mind blown. /S
 
  • Like
Reactions: Ephebus, TheBigT42, BbN48 and 1 other person
JMGuy said:
I wouldn’t be pushed to those options if their ads didn’t just completely ruin the content to begin with. I WAS dealing with it, and then it became unwatchable.

I get they want me to subscribe, but I’m not going to. I’m plenty happy to watch an ad or two so long as it’s implementation is balanced and doesn’t disrupt the reason I’m there in the first place.

Interrupting video programming mid-stream is just anger-inducing—especially when it’s multiple times on a 5-minute video. Makes me pine for the days of cable TV and syndicated programming with planned commercial breaks.

Hrm…it’s really too bad none of this is utterly obvious. I mean, who knew UX is actually important. Mind blown. /S
Click to expand...
I used to have a plugin for Youtube where I could whitelist channels and could choose how many ads (and how long) I would watch them. It was a decent compromise between no ads and annoying ads. I would let 5 seconds of ads at the start, and no more for the rest of the video. Could also blacklist ads/providers if they were annoying.

But Google, in their futile quest against adblockers, managed to break the plugin (and I don't think it's being updated). I've been ad free ever since. Especially when they kept showing the same annoying ad over and over and over again.
 
"To accommodate educational and noncommercial development, Google will introduce a new limited developer account type aimed at students and hobbyists. These accounts will not undergo full identity verification but will instead allow app installations on a restricted number of registered devices."

If this is the extent of the plan, and if I am understanding it correctly, this still sounds DOA. In order to side load AdGuard for Android, or whatever, I now need to register myself and my devices as a "limited developer"? That's a non-starter. Android already has a process similar to Windows Admin approvals, where pop-ups alert users to unsigned apps, scan unsigned apps, and confirm with the user that they want to actually install it. It already has a good system for preventing unwanted software from being installed, without trying to keep users from installing whatever they want from wherever they want.

The more guardrails you put up, the less technically competent people become, the more likely they are to royally screw themselves because they don't know any better.
 
  • Like
Reactions: Ephebus and p51d007
This is very similar tot he AMD cop out over driver optimizations, where they're still going to lock things down, but will throw a bone to thos eiwlling to go through the effort of signing up as a developer.

Everything else they claim, that they want warnings before you sideload, ece, are already present in Android. This is still a major power grab disguised as a security measure.
 
JMGuy said:
I wouldn’t be pushed to those options if their ads didn’t just completely ruin the content to begin with. I WAS dealing with it, and then it became unwatchable.

I get they want me to subscribe, but I’m not going to. I’m plenty happy to watch an ad or two so long as it’s implementation is balanced and doesn’t disrupt the reason I’m there in the first place.

Interrupting video programming mid-stream is just anger-inducing—especially when it’s multiple times on a 5-minute video. Makes me pine for the days of cable TV and syndicated programming with planned commercial breaks.

Hrm…it’s really too bad none of this is utterly obvious. I mean, who knew UX is actually important. Mind blown. /S
Click to expand...
If I have to watch one more Liberty commercial I am going SCREAM!
 
Developers distributing apps through the Play Store or any other channel will be required to provide a legal name, physical address, email address, and phone number – and, in some cases, submit proof of government-issued identification.
Click to expand...
On what basis does any of this follow from the imperative to "harden" the Play Store against security threats? Google must assume the majority of the threat surface in their app store is developer "bad actors", ingesting viruses into the app at submission. That's probably like maybe 1-5% of compromised systems AT MOST. What about the compiler or some linked-library everybody just assumes is on the up-and-up. There was that one time, where the main node.js developer added some code about incendiary references, like "Free Palestine"? Putting politics aside for a moment, that was benign. It could have just as easily been malicious and nobody would have noticed. Because why would the threat actor of a widely used JIT framework, that other apps use, be the lead developer?

The point is, there's a myriad of levels at which security can be compromised, that "identification verification" cannot account for. Android, by it's very nature, is an open platform; that comes with a set of risks that users have to accept, when they sideload apps. There's also just the pragmatic reality of the situation: Android is not iOS and Google needs to stop trying to pretend that it is. This desire to make Android use a walled garden is damaging the nature of their ecosystem and it's reputation, and also it just makes them look like petty "sour grapes" tyrants. It's like watching someone who didn't invest in Tesla, before it went "to the moon", scramble to find another "rocket ship".

Like, it's pretty transparent that they don't want to close down Android, for the benefit of the end user. They want to do it, because Apple does it.
 
Last edited:
You must log in or register to reply here.

Similar threads

A
Android isn't killing sideloading, but it's making it a lot harder
2
Replies
36
Views
630
trparky
T
D
AI-powered defenses help Google shield Android users from malicious apps
Replies
3
Views
123
ScottSoapbox
S
A
F-Droid says Google's new rules intentionally block free and open-source apps
Replies
22
Views
396
ZedRM
ZedRM

Latest posts

Back