Android is losing a unique selling point. This will have an impact on what a techie may recommend to a non-techie in the future, because everything is beige now.

I have the feeling Google has given up on using nerds as beachheads. The market is saturated enough and they don't need us anymore to do grass roots spreading of their products. It's the same with Youtube. As long as there were enough people who were unencumbered by ads because of their ad block and kept spreading links, the importance of Youtube was growing. After market saturation that vehicle isn't necessary anymore and they can squeeze them out.

>I may as well switch and be able to use iMessage and FaceTime with them

I, too, love vendor lockin.

Check UbuntuTouch, it's really a nice third option. The OS is refreshing and the dev community active.

We do not have to choose the lesser of two evils this time.

I just switched to the iPhone with the new cycle, explicitly because of this news.

Sideloading was the killer feature for me as well.

F-droid routinely delivers me higher quality, more reliable apps that do exactly what I need then to do too.

It's become my go-to for "I need a utility for X task".

Refuse to participate in either walled garden.

There are no good reasons left to use either platform - you're basically paying an arm and a leg to rent a device whose primary purpose is to usurp your attention and plunder your wallet at every possible opportunity.

Use and encourage your circle to use Signal, so you're not limited to any given platform, or the political or ideological whims of the gardenmeisters.

Google has gone full enshittified with this move, might as well move as far and as fast away from all the shit if you're technically capable, introduce whatever pressure you can to signal that there's a desperate need in the smartphone market for something clean and honest.

You can still install apps outside the play store, but the developer does need to verify their signing information. Effectively this means that any app you install must have a paper trail to the originating developer, even if its not on the app store. On one hand, I can see the need for this to track down virus creators, but on the other, it provides Google transparency and control over side loaded app. It IS a concerning move, but currently this is far from 'killing' non-appstore apps for most of the market.

You could also use a thirdparty ROM.

Then you'd be rewarding the company that pioneered and normalized taking away these rights. The next rights you'll lose will probably originate on Apple again years before Google takes them away too.

Maybe it’s because I’m European but I’ve never understood what iMessage even is or what it offers above either sms or WhatsApp/signal. And I’ve used an iPhone for the past 15 years.

And in the EU you can install apps outside of the AppStore on your iPhone!

Same, I'm tempted to call android just a shittier iPhone now

> Installing any app I want outside the Play Store was the primary reason I decided to go with Android

You still can do that with PWAs in Android. Let's see for how long.

You can still side-load signed apps. It's a similar limitation to macOS which won't let you run apps that Apple hasn't signed without command line or control panel shenanigans. Compared to iOS, Android still has the advantage of installing your own full browser (like Firefox) with full-fat ad blocking (uBlock Origin, not Lite). iOS is Safari-only right now though, in theory, some alternative engines may be available in Europe later.

There needs to be a mandatory override for any lock down put in place by a manufacturer. I understand the need for security, but it should be illegal to prevent me from bypassing security if I decide to on my own device. Make it take multiple clicks and show me scary warnings, that's fine.

Technically Android still allows installation of anything if you use the debugging tool. Maybe that is where we have to draw the line, I'm not sure.

Especially when partaking in the duopoly is literally mandatory for life: banking, government services, basic communication, etc.

you don't need permission for the hardware... you can install your own OS.

I like the term "direct install" which someone suggested in one of the previous threads.

I wonder where the term started?

Android itself calls it "install" when you open an APK file, there's not mention of "sideload" in Android at all as far as I can tell.

How badly screwed are we that the term "installing" doesn't work because it doesn't exclude the now default assumption that someone else controls everything you are allowed to install.

if anything, installing the app spoon fed to you by your phone OS provider should get the pejorative.

Let's calling, "Lameloading" or something to really nail it home.

>The term "sideloading" makes it sound shady and hacky

"side" refers to the fact that it's not going through the first party app store, and doesn't have any negative connotations beyond that. Maybe if it was called "backloading" you'd have a point, but this whole language thing feels like a kerfuffle over nothing.

Mandatory googleloading.

How about "unlocked install"?

Consumers are already familiar with what a "locked phone" is.

I like your point. Never thought of it that way. Totally agree

If Google provides a permanent mechanism to disable this in developer settings, then this devolves to an inconvenience.

The setting to allow unsigned apps could be per appstore tracked by an on-device sqlite database, so a badly-behaving app will be known by its installer.

indeed, but they're not talking about your phone, they're talking about android, which is something you don't buy nor own, you buy a license to use it on the provider's terms.

linux phones can't come soon enough ...

your point about the termn "sideloading" is spot on, though. perverting the language is the first step of manipulation: installing software is "sideloading", sharing files is "piracy", legitimate resistance is "terrorism", genocide is "right to defend oneself" ...

> when in reality it is what we have been able to do on our computers since forever

You do realise that's been changing right? Slowly of course, there's no single villain that James Bond could take down, or that a charistmatic leader could get elected could change. The oil tanker has been moving in that direction for decades. There are legions defending the right to run your own software, but it's a continual war of attrition.

The vast majority of people on this site (especially those who entered the industry post dot-com crash) ridicule Stallman.

"Dan would eventually find out about the free kernels, even entire free operating systems, that had existed around the turn of the century. But not only were they illegal, like debuggers—you could not install one if you had one, without knowing your computer's root password. And neither the FBI nor Microsoft Support would tell you that."

https://www.gnu.org/philosophy/right-to-read.en.html

I always found this term utterly bizarre. It first showed up in the early days of the mobile "revolution" and felt astroturfed, since no developer would think we need a fundamentally new term for downloading software. It felt like something some dark patterns team came up with to discourage free installation of software on your own device.

Of course maybe I'm overthinking it. It's common for people deep in the bowels of an industry to invent pointless jargon, like "deplane" for getting off an airplane. Anyone know where the term "sideload" was coined or by whom?

I call "running unsigned binaries"

What country requires that?

In the US, there's no requirement for a company to honor the claims of prior advertisements for things that they might do in the future for a different product. And even if a company does lie about the features of their product, advertising law does not require a company to change the features of their product to meet those claims. What could be required is a change in the advertising, or a refund for people who bought the devices under the false terms.

But if you advertise a certain side of feature features in a phone three years ago, and sell something completely different next year, that's entirely legal.

You keep repeating this argument verbatim, but it doesn't hold up upon critical examination.

I already replied here: https://news.ycombinator.com/item?id=45512015

I think the reason you keep reiterating this is because once you realize that there is no legal justification to go after Google for this move under current US law, the only real solution becomes obvious: new legislation, and you really don't want that, because you know it will apply to Apple devices as well, which would be The End of the World.

If you want to see what the solution to this problem looks like: https://www.congress.gov/bill/119th-congress/house-bill/3209...

(This is before Apple lobbying efforts result in either the death of the bill or a bunch of exceptions allowing companies to do "notarization" or "developer verification".)

This is a massive stretch. What marketing campaign said that?

And even if it did, it’s not like marketing campaigns make claims that last forever.

Red Lobster doesn’t owe you anything because endless crab legs isn’t a thing anymore.

The EU doesn't need a legal justification. They can stop Google but they actually love this because it helps their total surveillance state ideas.

Probably Linux phones, they are not there yet, but maybe by the time Android becomes an iOS it will be there.

Problem will be with banking apps and such, well you can get an used iphone and in lockdown mode it should be fine even if it reaches EoL.

This is a weak argument. If things have slipped through the cracks with someone actively reviewing it, the alternative cant be 'lets not do any checking whatsoever'.

There are better arguments against this that other commenters here have provided (including "my device, my rule") but this isnt a strong argument.

We wrote about what it means for F-Droid at:

https://f-droid.org/en/2025/09/29/google-developer-registrat...

And it has been discussed in a couple of HN threads:

https://news.ycombinator.com/item?id=45409794

https://news.ycombinator.com/item?id=45507173

>The ID check at the airport has zero to do with safety or security and everything to do with the airlines' business model (no secondary market for tickets), enforced by government.

If it's really about protecting "airlines' business model", why did TSA recently start requiring REAL ID to board flights? Were airlines really losing substantial amounts of money through forged drivers licenses that they felt they needed to crack down?

This is nonsensical. The minute the government doesn’t check ID to get on a plane that coincides with your ticket, the airline will start doing ID checks before getting on domestic flights just like they do for international flights.

And some airports are now allowing non fliers inside the terminal.

Even hotels force you to verify your ID to check in even though the reservation I’d transferable - just add a guest to your room when you make the reservation.

Nope. Most of the world does the ID check, and it's recommended by the UN guidelines for security reasons.

If that ever does happen I really hope they just focus on making a proper phone, not trying to make it a hybrid phone and workstation. When they were working on Ubuntu touch (or whatever their phone version was called), they would show off how cool it was that you could just plug your monitor and input devices into it and boom you’ve got an all in one device.

But who wants that? It’s cool. But I’d rather just have a fully functional phone that happens to be Linux.

Yeah, all you need to add is a desktop environment and some kernel drivers that are specific for phone hardware.... except that's what AOSP already is.

I secretly wish Framework will do this one day.

It's unfriendly to developers and power users, but very friendly to the other 99.999% of users.

I used to work for Google, on Android security, and it's an ongoing philosophical debate: How much risk do you expose typical users to in the name of preserving the rights and capabilities of the tiny base of power users? Both are important but at some point the typical users have to win because there are far, far more of them.

The article implies that this move is security theater. It's not. I wasn't involved in this decision at all, but the security benefit is clear: Rate limiting.

As the article points out, Google already scans all the devices for harmful apps. The problem is knowing what apps to look for. Static analysis can catch them, dynamic analysis with apps running in virtual environments can catch them, researchers can catch them, users can report them... all of these channels are taken advantage of to identify bad apps and Google Play Protect (or whatever it's called these days) can then identify them on user devices and warn the users, but if bad actors can iterate fast enough they can get apps deployed to devices before Google catches on.

So, the intention here is to slow down that iteration. If attackers use the same developer account to produce multiple bad apps, the dev account will get shut down, requiring the attackers to create a new account, registered with a different user identity and confirmed with different government identification documents.

Note that in the short term this will just create an additional arms race. In order to iterate their malware rapidly, attackers will also need to fake government IDs rapidly. This means Google will have to get better at verifying the IDs, including, I expect, getting set up to be able to verify the IDs using government databases. Attackers will probably respond by finding countries where Google can't do that for whatever reason. Google will have to find some mitigation for that, and so on.

So it won't be a perfect solution, but in the real world, especially at Google scale, there are no perfect solutions. It's all about raising the bar, introducing additional barriers to abuse and making the attackers have to work harder and move slower, which will make the existing mechanisms more effective.

Check Stallman's The Right to Read short story.

This change would make Google's policies in line with the policies Apple has recently implemented to comply with those court orders you're talking about.

If that actually were the case, the iPhone would've died in 2007.

In reality, most people don't even know what sideloading is. Those are the people who are buying phones and supporting the market for their existence.

The 0.001% of people who want to side load applications onto their phone, can clamor for a new OS all they want, but unless they put the resources in place to make that happen, it won't.

> beginning of the end of Android.

You underestimate how much money & effort it takes to make an operating system.

Don't know how the Google's actions with affect AOSP. There are few options depending on location / country with base band frequencies.

Murena with e/OS/ [0], Purism with PureOS [1], Volla with Volla OS or Ubuntu Touch [2], and Furei Labs with FuriOS [3].

Those are the companies actually trying to sell a phone versus Pin64 selling a device to tinker with.

Alternative is checking personally managed OSes like postmarketOS [4] and Ubuntu Touch [5].

[0] https://murena.com/ [1] https://puri.sm/ [2] https://volla.online/en/ [3] https://furilabs.com/ [4] https://postmarketos.org/ [5] https://www.ubuntu-touch.io/

They all died. There were Linux phones until Android and there were some non-Android phones until Android 8 or so, such as Qt Extended, RIM BlackBerry OS, Palm webOS, Mozilla Firefox OS, and Microsoft Windows Phone, to name a few. They all died from numerous footgun wounds as well as pressures from competition.

VoLTE was one of major contributors to the situation, by the way. Only iOS and Android supported voice call on 4G LTE for first 3-5 years, due to it being a huge pile of TBDs and transitional hacks. There were political fights in whether the LTE is to be 4G or it was to be 3.9999G and superseded quickly by a completely separate 4G standard. This meant that companies and consortium that maintained alternative OS could spend unrealistic amount of lobbying and engineering effort trying to get into it, risking investments needed for it, or give up and start procurement process for a white flag. All chose the latter, and we ended up with an iOS/Android duopoly with unprecedented totality.

I've been using Sailfish OS for quite some time, but I don't do all of my computing on the phone. There's quite a high friction for using any of the mainstream Android apps, so usually you have to find an alternative if possible.

You don't really have a choice: it's either Android or Apple iOS.

GrapheneOS on a Pixel

> if you compile from source and deploy via adb nothing changes

That's not how I understand it. Do you have a source?

"Starting in September 2026, Android will require all apps to be registered by verified developers in order to be installed on certified Android devices."

https://developer.android.com/developer-verification

> anonymously published closed source software

Yes, like the software for my ebike conversion kit for which I only have the APK. I have vetted the software and would like to install it. If Google blocks that, then fuck them.

> - if you use a closed source binary, the identity of the owner becomes mandatory

So I can't just build an apk and distribute to others? What's the process for providing identity?

Yes, this verification will be implemented in the OS but not in the TEE, so rooting does give you the ability to affect it.

But Google is working hard to make sure important apps won't work anymore due to their "Play Integrity" crap.

Didnt EU rule that it was OK for Apple to do, and Google is just just mirroring that?

I'm okay with overridable warnings, having to open system settings to override the verification, etc. It's a "huge safety win" for the 80% of users who don't really know what they're doing, security wise. But not for me.

I won't be using any OS that doesn't allow me to step outside its walled garden, if I have any alternatives at all. With macOS it's quite simple - the second they won't allow apps from unverified/unsigned developers, I'm switching to Linux. On mobile, I might as well switch to iOS, since I'm not really sure what else Android offers anymore that's so compelling, other than being able to install apps directly. And then I'll just wait for a Linux phone or something.

There is a world of difference between "the OS throws up a bunch of warnings" and "the OS won't let you run unsigned software"

> I just dont see a future where being able to create and publish an app anonymously is going to be supported.

This is strongly needed if surveillance laws like Chat Control are not to be trivially bypassed. This way applications that don't offer governments the required surveillance features can be banned and the developpers can be sued. Not looking forward to that.

I'd be fine if it was just any old code "it" downloads. The problem is that it's any old code "I" download too.

I dunno man, it doesn't feel like a "huge safety win" that my computer has to check with a singular US tech company before it will let me use any software on it.

> eliminating the ability of our devices from running any old code it downloads and runs is a huge safety win

No, this is just false. There's numerous, well-documented instances of malware making it past gatekeepers security checks. This move is exclusively about Google asserting control over users and developers and has nothing to do with security or safety.

The only "huge safety win" comes from designing more secure execution models (capabilities, sandboxing, virtual machines) that are a property of the operating system, not manual inspection by some megacorp (or other human organization).

> Android/Pixel is still the most open mobile platform

There are 2 options in this space (practically). Being better than Apple, who is explicit about the fact that they own every iPhone on the planet, is not a flex.

Do you think Apple is being reckless not doing the same thing on MacOS, Microsoft on Windows? Is the population too stupid to be permitted general purpose computers?

AOSP is starting to be locked down. Google's idea of promoting safety is charging developers for recognition. When there's a profit incentive involved, no, we are not being "too harsh"

> …perhaps you and Google have different notions of who the consumers are.

A relatively small percentage of HN users have empathy for people who haven't the faintest idea how their gadgets work and no curiosity about learning that. It can seem inconceivable.

I agree with you that normal people deserve safety when using their most intimate device, and that backdoors that can give technical people unfettered access will ultimately be abused by bad actors. I wish the world didn't work this way, but it's the one we live in.

If I buy a Google Pixel device then I AM a consumer. You don't have to choose, you could release a separate device for those who know what they're doing, just like Mozilla releases a separate edition of Firefox that doesn't require signatures.

And yes, I while I can still install some alternative OS on my older Pixel (now Google has stopped providing device trees for the newer ones which I therefore won't buy), Google constantly tries to make this as insufferable as possible with their "Play Integrity" crap.