Android Developer Verification

285 pointsposted 15 hours ago
by ingve
(android-developers.googleblog.com)

286 Comments

mrtksn

14 hours ago

The Android verification is such a broken experience. Recently I decided to purchase a dev account for my company, so far:

1) Provided my company DUNS number etc. once to create the payment profile. I did this some times ago, don’t remember the details but it was an involved verification process and it is marked as verified business payment profile.

2) Later on the payment step verified myself with a passport and bank statement to be able to actually pay with a proper HSBC bank card. Not shady pre-paid card or something, those are not accepted anyway.

3) After I paid I was told that now I need to verify my identity once more but this time with the passport and the incorporation certificate or some other company document.

fingers crossed that in few days it will be verified. While waiting, it tells me that there are still website and email verification to do once the previous step is done. I already verified my e-mail a few times before paying.

It’s painful, slow and annoying because if you fail at a step(i.e. needs verification that takes days and you are told about it at the payment step) you have to start again with the forms.

I just remembered why I never use Android. It seems like no one owns the process and as a result you get unpolished shitty experience that fulfills the requirements of god knows how many people who work in the same company but don’t talk to each other.

hansvm

10 hours ago

That sounds a lot like my experience as an Apple Developer too, with the added bonus (unclear from your description if you experienced this too) that they took my money before the verification process was finished and wouldn't refund it once their AI couldn't connect my face to my ID and wouldn't let me connect with a real person (the first dozen times were on them, but after that it was maybe my fault for including a middle finger in the photographs).

Is there a way around this shitocracy?

pjmlp

6 hours ago

Develop only Web applications, that are mobile friendly, notice I said mobile friendly, not PWA.

However, thanks to many of us that only favour Chrome like IE of yore, and ship it alongside their "native" applications, the Web is nowadays ChromeOS Application Platform, so we are only a couple of years away of Google owning that as well.

_66o

7 hours ago

Going through hell with Apple Developer too. I didn't have to do much in terms of verification (probably because I created an account as an individual) but app submission is another story: - first time I got rejected for mentioning a name of a third party in my app description. The app description said: DISCLAIMER: not affiliated with xxx

- after fixing the app description I got rejected for using my app name(?!), multiple back and forths with the reviewer got me nowhere, they just copy pasted the same response not addressing my messages at all

- filled the app store review board appeal, it's been 5 days and I've got no response.

At this point I'm seriously considering rewriting the app for MacOS and distributing myself. I can't imagine going through all of this with every app update, it's beyond ridiculous.

edarchis

6 hours ago

Play the GDPR card, even if you're not from Europe. Find their DPO and state that you want to appeal the automated decision to a human.

Companies operating in Europe must provide a clear way to appeal automated decisions: https://www.edps.europa.eu/data-protection/our-work/publicat...

You might not have a way to actually file a complaint against them but quite often, their legal department will just have a quick look at your case and just give you what you want without bothering to tell you anything. Worth a shot.

cuu508

8 hours ago

> Is there a way around this shitocracy?

Refuse to play. Switch to technologoy that the shitocracy has not gotten around to yet, or, eventually, pick up woodworking.

Freak_NL

6 hours ago

I am doing leatherworking as well as woodworking. No idea if it is possible to actually make money with this¹, but damned if I'm not giving it a go just to have skills in an area where AI is not a threat for the coming decade. At the very least these crafts allow me to make things which do not exist and cannot be purchased off the shelf.

1: I mean, it is, certainly. I'm just not sure if I can make money by making leather gear.

kaizenb

6 hours ago

Exactly. This is why I love building web apps, shipping features easily without needing any one's approval.

ozim

6 hours ago

Do what everyone is doing a web app.

lm411

11 hours ago

The whole Google Play experience is awful.

Recent things I've had to do:

1) Re-submit an app after it was rejected and labelled a gambling app (it wasn't even close - a 15 second look by a real human would have seen that. This one was even appealed and the support was utterly useless. I ended up changing one word and re-submitting the app, approved no problem.

2) An existing app, in the Play store for years but a nice app - only about 500 installs. I had to submit a new version for no reason whatsoever... Except to keep the customers developer account active.

Those are just issues I've dealt with in the last month or two.

Every single time, Google Support is completely useless - including the appeals process, which is an absolute joke.

umvi

11 hours ago

Not to mention if you made one app in college and then didn't keep up with the SDK updates, Google perma-closes the entire Play account such that the only way to publish a new app is by creating a brand new gmail account

Dwedit

11 hours ago

Forcing people to keep up with SDK updates is a bad thing in itself. Let people target the earliest possible feature set and make the app run on as many phones as possible rather than showing scary messages to people due to targeting an older API.

AussieWog93

10 hours ago

I think the problem is that older SDK versions allowed you to do things like scan local WiFi names to get location data, without requiring the location permission.

So bad actors would just target lower SDK versions and ignore the privacy improvements

john01dav

10 hours ago

The newer Android version could simply give empty data (for example, location is 0,0 latitude longitude, there are no visible WiFi networks), when the permission is missing and an app on the old SDK version requests it.

Of course, they don't like this because then apps can't easily refuse to work if not allowed to spy.

jpollock

8 hours ago

That can have some very extreme legal ramifications.

Consider - it's a voip dialing client which has a requirement to provide location for E911 support.

If the OS vendor starts providing invalid data, it's the OS vendor which ends up being liable for the person's death.

e.g. https://www.cnet.com/home/internet/texas-sues-vonage-over-91...

which is from 2005, but gives you an idea of the liability involved.

eviks

7 hours ago

It can't have "extreme ramifications", Google's own phone couldn't call 911 for a while.

And you can manually force only the voip dialing apps instead of everyone

pocksuppet

7 hours ago

Phone companies are required to make sure 911 works on their phones. Random people on the internet aren't required to make sure 911 works on random apps, even if they look like phones.

lm411

11 hours ago

Yeah the SDK updates... For sure. Another pain in the ass.

thayne

10 hours ago

Maybe it's better now, though I doubt it, but my experience publishing on the Apple app store years ago wasn't any better.

fc417fc802

12 hours ago

If this is a business account why do they want your passport? And why are you paying with a personal bank card rather than a business one? Or do I misunderstand?

__float

11 hours ago

They may want proof that you, the human filling out this form, are authorized to publish apps, communications, etc. as the company you say you represent.

fc417fc802

11 hours ago

How does a passport solve that? Most small private companies are entirely opaque. A government ID doesn't help you determine authorization. It won't even help you determine ownership since anyone doing things sensibly will be using a registered agent to hold the company on his behalf.

The correct approach here (AFAIK) is to punt the trust decision to the bank by requiring payment with a method that you can confidently trace to the company.

kube-system

11 hours ago

Yeah I would imagine that the value the get out of a passport is not anything to do with validating a company (they’re cheap and easy to make anyway) but validating the person (which is not a throwaway entity)

fc417fc802

10 hours ago

Fair point.

However that invites those bad scenarios where someone gets blacklisted by BigTech in some manner, later gets hired by a small business, the new employer adds an association to the blacklisted account, and suddenly the company app is banned from the app store seemingly without reason. At least a few such stories have appeared on HN over the years.

I feel like pay to play ought to be sufficient because in addition to being a barrier to entry it also provides funds for moderation efforts.

Muromec

5 hours ago

>suddenly the company app is banned from the app store seemingly without reason. At least a few such stories have appeared on HN over the years.

Which is not that unreasonable even. If a person is flagged for making scam apps, them having publishing rights in a reputable place makes taints the reputation of such place.

You should be able to appeal of course and the oauth should not be towards google in the first place, but being associated with known fraudsters and scammers is not what you want.

fc417fc802

2 hours ago

That seems at odds with how our society is structured. We treat employees as interchangeable cogs. If someone commits a crime they are tried but their family, friends, and coworkers are not. Guilt by association without any act having been committed seems wholly incompatible with both our principles and common practices.

It's even more nefarious when it comes to BigTech because you can be blacklisted without having committed any actual crime and without anything resembling a trial.

Individual accounts and employee accounts are conceptually distinct. Permitting anything less gives large companies free reign to run roughshod over the individual by unilaterally depriving him of his livelihood.

kube-system

9 hours ago

There are better ways to do it but Google has long demonstrated they’re not primarily concerned with accuracy or user experience, but instead, whichever solution can be automated and effective.

mrtksn

9 hours ago

My government ID card expired and I was too lazy to renew it but I had my passport at hand so why not?

BTW both the id card and the passport have cryptographic authentication and you are able to open a bank account or use govt services completely online by scanning it with the phone Rfid . They could have make me scan that, scan my face and be done with the identity verification. My identity is already verified and tied to my company the same way and also listed in the companies registry which means they could have had skipped all the other company verification stuff too.

fc417fc802

5 hours ago

That all makes perfect sense but consider that if they simply punted to the bank as I described they would still get the same benefits only with even less complexity. The bank fundamentally has to do robust identity verification. Any party that needs to handle payments while also lacking a reason to be good at performing in house identify verification really ought to make use of the bank because you are highly unlikely to be better at it than they are.

The entire cumbersome process you describe can be viewed as Google doing a significantly worse job of verifying your identity than the bank would have.

As an aside, I suspect that leaving it to the bank would also provide additional legal protection. Specifically anyone attempting deception will most likely be forced to commit fraud against the bank which will probably be taken much more seriously than otherwise.

mrtksn

5 hours ago

I agree, in Europe(EU, UK, Turkey and other countries) banks are considered perfect for proof of ID. In UK a bank statement is as good as an ID, in Turkey for example, you can sign in into the government portal through your online banking and it is considered higher level secure authentication and you can take high risk actions(like signing legally binding contracts) that you can't do by signing in just with password and 2FA.

Muromec

5 hours ago

The bank has to perform the authorization and identity checks, but the bank will not make them for you, they do them for themselves based on their own risk analysis. The scope of authorization could also be different based on who it's presented to.

The authorization is not transitive so to say.

>As an aside, I suspect that leaving it to the bank would also provide additional legal protection

If it would, they will have to pay the bank for it and the bank should also be willing to accept the liability (spoiler alert -- the will not be willing to accept the liability)

fc417fc802

2 hours ago

> The bank has to perform the authorization and identity checks, but the bank will not make them for you

We aren't talking about authorization, only about identity verification. I'm no domain expert but it is my understanding that banks provide these sorts of services. They certainly already have all the necessary information on hand both for practical reasons (security) as well as legal (KYC and AML laws).

> If it would, they will have to pay the bank for it ...

For the identity verification? Probably, depending on how you went about it. What's the issue? This is already a paid process we're talking about here.

For the additional legal assurance that I described? No, that doesn't cost extra. Please read what I wrote more carefully. It's a transitive property due to the penalties involved in addition to the degree to which the legal system and the bank care (at least assuming my understanding of that legal environment is correct).

afferi300rina

5 hours ago

Google wants the authority of a gatekeeper without the overhead of human accountability. They automate the "no" but offer no path to a human "yes."

Muromec

4 hours ago

That's all fine, they can want their wants, but then, once the bad cop writes them strongly worded letter and they start throwing tantrums over "regulation".

nandomrumber

11 hours ago

It’s entirely ordinary to carry on a business as a sole trader.

That is you, for tax and legal purposes in the jurisdictions within which you reside, an individual, operating a business by yourself as yourself.

heyethan

10 hours ago

Feels like too many owners. Each step makes sense, but the whole thing doesn’t.

intended

8 hours ago

You should see the account recovery workflows.

hnburnsy

13 hours ago

Can you pay with Google Play GC or Google Play points, and if not, why not?

mrtksn

13 hours ago

I believe you can’t. BTW Apple allows you to pay for a developer account with in app purchase from the developer app on your iPhone. Still has limitations and you may be rejected depending on your payment method and some other factors but even the fact that it’s possible makes it 1000 better than Google’s way of handling it.

mcsniff

13 hours ago

What you're describing is not "broken", it's the process and it appears it hasn't even failed for you.

My experience with getting a verified "business" developer account from Google mirrors the experience as getting one from Apple, except it's a one-time fee and much less than Apple.

Yes there are hoops to jump through, identification usually requires some hoops, but pretty it's straightforward. I am not commenting on the requirements of these hoops, yes, it's BS that they exist but it's their platform so it's their rules.

What type of "experience" are you expecting to have anyway?

mrtksn

13 hours ago

With Apple I filled the forms, accepted the agreements, entered the DUNS and paid with a card on my name and that was it.

How does that mirror uploading my passport many times, entering company details many times, typing my e-mail and phone numbers many times both because I had to start over and because I was asked many times even if I provided these some steps back? Now I paid and waiting, hopefully I will later be verifying my e-mail address or something that I verified a few times prior.

> What type of "experience" are you expecting to have anyway?

The Apple experience. An experience that is well thought and streamlined, that doesn’t keep me entering the same information over and over again. I don’t mind paying a little more for well designed products. The $75 difference is nothing to justify this charade, I don’t think that that Google was short of $75 and designed this low quality experience, I think it’s engraver in their DNA.

debazel

13 hours ago

> What type of "experience" are you expecting to have anyway?

Being told upfront what is required to complete the process so you don't have to start over again multiple times?

63stack

4 hours ago

It's not broken, it's the process ???

What would you consider broken?

creatonez

11 hours ago

> However, our recent analysis found over 90 times more malware from sideloaded sources than on Google Play

Google has seemingly never seen an elderly person's phone, where it is completely infected with crap including literal popup ads (that somehow overlay other apps), yet all of it was downloaded from GPlay.

1970-01-01

11 hours ago

100.00% this take. Google is redefining "malware" to fit their corporate narrative so ads-with-ads-with-tracking is labeled as fine wine. It simply cannot be malware because that truth would decimate their shareholders. Malware by any other definition remains software that disrupts the user's ability to operate the device:

https://en.wikipedia.org/wiki/Malware

https://www.ibm.com/think/topics/malware

https://www.cloudflare.com/learning/ddos/glossary/malware/

https://www.cisco.com/site/us/en/products/security/what-is-m...

https://www.britannica.com/technology/malware

https://www.fortinet.com/resources/cyberglossary/malware

https://www.kaspersky.com/resource-center/threats/what-is-ma...

https://www.mcafee.com/learn/malware/

https://www.trendmicro.com/en_us/what-is/malware.html

https://www.t-mobile.com/home-internet/the-signal/internet-h...

https://www.merriam-webster.com/dictionary/malware

Xunjin

7 minutes ago

Which analysis, where is the data? Where is the independent peer review to conclude what you see is actually real?

I'm so tired of companies claiming stuff with "we did research, just trust me bro" and providing no source to be scrutinized.

CobrastanJorji

9 hours ago

Both things might be true. Sideloaded apps are probably way more likely to be malicious, but also most installed malware/crapware is quite likely coming from Google Play.

xigoi

8 hours ago

I’ve never found a malicious app on F-Droid.

SkiFire13

7 hours ago

To be honest the limited popularity of F-Droid also helps it be less targetted by bad actors. If it was more popular I would bet the situation would surely be different

fsflover

5 hours ago

This argument can be refuted by considering Debian repositories. No malware exists there despite it being a good target. It's the FLOSS that solves the malware problem, with a bit of moderation.

duckmysick

14 minutes ago

There were a few mishaps with PyPI and npm - including in the past week and even today. Not sure if those meet your criteria of FLOSS, but if it does I wouldn't call it solved.

fc417fc802

an hour ago

I'd argue OSS isn't sufficient on its own and that I suspect moderation only plays a small role. I think it's primarily the separation of roles. For a complete outsider whose only interest is exploiting users publishing a sufficiently popular piece of software and also gaining the ability to add things to the debian repos is a huge barrier. You'd have to invest years of work to do both of those things and then hope that no one happened to notice anything before it was too late.

Of course the FLOSS aspect adds an additional hurdle that this popular piece of software will have to somehow avoid having much of a contributor community around it since that would greatly increase the risks of your malicious changeset being reviewed. I guess what happened with XZ was about the best case scenario that an attacker could realistically hope for.

izacus

6 hours ago

Are you really unable to comprehend just how small of a userbase F-droid represents for Android ecosystem?

xigoi

6 hours ago

If it’s that small, how does killing it help anything?

IshKebab

5 hours ago

Nobody said it did. Google is not doing this to kill F-Droid.

kuschku

3 hours ago

Google already knows whether an app is being installed from an app store, such as fdroid, or not.

Just like they allow installing apps from the Play Store without the 24h verification, they should allow installing apps from F-Droid or the Epic Games Store without verification.

xigoi

5 hours ago

Why do you think they are doing it?

jeroenhd

4 hours ago

To stop scammer-guided malware installation, and probably those "download whatsappupdate.apk for free new emoji" ads that pop up all the time.

Google doesn't care about F-Droid one way or the other. It's a niche project that barely registers on the scale of all Android users.

fc417fc802

an hour ago

They don't care about F-Droid but they do care to choke out any potential competitors to their ecosystem before they can get a foothold. See their behavior surrounding device certification for example. They want to abuse the network effects of their ecosystem to prevent consumers from leaving. This is just more of that - vendor lock-in masquerading as an unfortunate necessity.

lern_too_spel

4 hours ago

F-Droid still works the same as it did before. This just means that McDonald's can distribute its apps on its website without showing a scary warning on install on Google's Android builds.

xigoi

4 hours ago

No it doesn’t. You will now have to follow a lengthy process before being allowed to install apps from F-Droid.

dr_hooo

24 minutes ago

Likely true, but also many technically oriented people (myself included) would turn away from Android if f-droid stopped working. And I would actively start recommending friends and family against it. What is the benefit of Android at this point? an extended Ads platform, controlled by Google.

TiredOfLife

6 hours ago

Worst of all is that the ad that leads to that download is usually in Googles Youtube app

badpenny

2 hours ago

My recent analysis found that Google is 90 times scummier than other companies.

My analysis consisted of pulling a completely baseless number out of my arse that fit my agenda.

ethagnawl

14 hours ago

What % of Android users actually want this? Do they know or care?

I've been using Android since 2010 because it was open in ways that the Apple ecosystem wasn't. I do not want this and imagine hardly any other power users (for lack of a better term) do. I'm already using a mostly deGoogled device but this really seals the deal. I have been longing for a true Linux phone for years and now seems like a good time to get serious about the search and migration plan.

JLCarveth

14 hours ago

Being able to side load apps was why I switched to android 10 years ago

tejtm

11 hours ago

Please call it what it is and always has been:

   I.N.S.T.A.L.L.I.N.G   S.O.F.T.W.A.R.E
"side load" is like "jay walking' seeks to stigmatize humans being human.

JLCarveth

an hour ago

Please don't try and police my language

realusername

6 hours ago

I call it "direct install" personally, implying the play store is the indirect install.

mastermage

5 minutes ago

actualy yeah its way more direct than google play store technically

tredre3

8 hours ago

When you jay walk you take the risk of being hit by a car, causing injuries to you, to the driver, and to other nearby people.

So I don't understand your analogy? Are you suggesting that pedestrians own the streets and should do what they please, as users own their phone and should have the right to do as they please? Or something else?

Xirdus

8 hours ago

The term jaywalking was invented (or possibly hijacked) by automotive lobbyists as part of a campaign in 1910s and 1920s to convince the public and the lawmakers that crossing streets outside designated points is bad and should be made illegal. Before then, it was generally considered basic human right to walk anywhere on a street. Whether you agree that jaywalking is bad or not, that's the history of the term.

Grandparent is saying that the term sideloading was invented in a similar fashion to delegitimize a previously completely normal way to use an electronic device.

pjc50

4 hours ago

"Jaywalking" is one of those things that's uniquely American. Most other countries have realized that the risk of being hit by a car is its own deterrent. Or restrict the legal ban on crossing to highways, not all streets.

The UK Highway Code has a RFC-like use of MUST/SHOULD; MUST parts are legally binding, the parts relating to pedestrians are SHOULD.

kuschku

3 hours ago

The German regulation is also really interesting:

Jaywalking is only illegal if there's a crossing less than 50m away. (And even then it's only a misdemeanor, not a crime).

That also means that city planners have to balance between people jaywalking, putting crossings everywhere, and how crossings slow down traffic.

And every time a car makes a turn, pedestrians automatically have priority. Which creates an implicit zebra crossing.

The only roads exempt from this are autobahn/motorways. These are by law prohibited from having direct access to anything.

That's IMO also a way for the US to get out of its current situation. Set up a rule like that, with a large distance at the beginning, and slowly reduce it over the next few years, forcing local planners to introduce additional crossings, which also reduces through traffic. The separation of streets vs autobahn also mostly prevents stroads.

fc417fc802

an hour ago

I believe most jurisdictions in the US have largely the same framework. At least everywhere I've lived all street corners were implicit pedestrian crossings with a legal requirement (often blatantly ignored) that vehicles yield. Similarly jaywalking is a misdemeanor and only applies within a certain distance of a crossing.

The only situations where it's enforced (from what I've seen so obviously biased) is major highways, city streets with dense traffic and a marked crossing within half a block, and when they want to search someone for contraband. In the latter case it's just an excuse to stop and harass you in the hopes they will manage to generate sufficient articulable suspicion to justify a search.

wiseowise

7 hours ago

> Are you suggesting that pedestrians own the streets and should do what they please

In the cities? Yes, absolutely.

spaqin

8 hours ago

Yeah, I'm willing to use my brain and look at incoming cars and just walk when it's empty and safe to do so? Where's the problem in that? I have eyes and can judge distance and speed?

ux266478

14 hours ago

Yeah. Computing freedom to have a root shell and do as I please is the entire reason I put up with Android. Google is positioning Android to just be nothing more than a worse iOS. There's pretty much no point to it anymore.

matheusmoreira

13 hours ago

Same. If Google does this, my next phone will be an iPhone. Freedom is the only reason to put up with Android's shittiness. If they turn it into a walled garden, then we'll choose the better kept garden and it sure as hell isn't Google's.

foxes

11 hours ago

What? So you dont value freedom at all? Theres other alternatives too.. graphene, lineage

matheusmoreira

3 hours ago

GrapheneOS is Android's last hope. They're making great progress with deals with smartphone manufacturers. However, the threat of remote attestation looms eternal. I have essential apps that I cannot afford to lose and if they refuse to work on a non-Google phone the usefulness of GrapheneOS is severely degraded.

fc417fc802

an hour ago

If attestation ever became ubiquitous the difference between iOS and Android would cease to exist for me. I'd need a black box that lived in a desk drawer for interfacing with specific services and otherwise I'd cart around a camera in my pocket that happened to double as a linux tablet.

linuxmobile

3 hours ago

No, the solution is having a linux micro-computer. You buy an iPhone shitphone to do banking and whatnot, and never touch it, then just do everything you need off a retroconsole since it runs literally 120% of the other apps a phone would.

m4rtink

10 hours ago

Sailfish OS - they even run a device preorder right now.

anonzzzies

7 hours ago

But is it open? Seems not; parts are closed so is that not just more of the same?

fsflover

5 hours ago

postmarketOS, Mobian, PureOS are open.

EvanAnderson

11 hours ago

I switched from iOS to Android about three years ago. I saved all the APKs for everything I installed (or updated) on that first phone. When I got a new phone last fall it was pleasantly like getting a new PC. I imported my SMS and contacts from my last backup (taken with an open source took I'd installed from an APK), then installed all the apps I use and imported or manually set any settings I wanted to customize.

Every non-stock app on my phone was installed from an APK directly downloaded from the manufacturer or open source developer's site / Github releases. I've never had a Google Play account and have never used any Android "app store".

The biggest pain was having to manually logon the couple of sites I allow to keep persistent cookies since device owners aren't allowed to just import/export cookies from mobile Chrome.

It has been a very nice experience. I appreciate the feeling of sovereignty and ownership of my device (even though it does have a locked bootloader and I don't actually have root).

Of course Google would take this away. >sigh<

wishfish

10 hours ago

I did something similar. Wanted a Pixel with Graphene OS but the screen hurt my eyes. Went with a Motorola with an IPS screen. Uninstalled or disabled all the crap. Never logged into Google. Went with Obtanium and F-Droid for most software. Aurora for a couple of apps that were only on the Play Store. Used NetGuard with a whitelist to lock it all down.

After all that was done, the phone felt like mine in a way that my iPhone doesn't. Was a good feeling. With luck, the Motorola + Graphene partnership will produce phones with screens better than the Pixel and I can keep doing this.

EvanAnderson

10 hours ago

I ended up with a Motorola phone, too (albeit with an AMOLED screen so not the model you have). I got hooked on Motorola phones because of the "chop/chop" flashlight gesture. I don't think I can use a phone without that gesture ever again! >smile<

I'm hopeful, too, re: Motorola + Graphene. I wanted to use Graphene last fall wehn I got the new phone but I was committed to not giving Google any money.

drnick1

8 hours ago

This, but fortunately I don't find the Pixel screen offensive, and so I use Graphene on a Pixel.

cosmotic

14 hours ago

Rounded to the nearest percent, I'd guess power users make up 0% of android user base.

HerbManic

6 hours ago

That is true but they are also some of the most vocal advocates of certain systems. It is a king of trust errotion that doesnt show up for a very long time but by the time it does it is too late to reverse.

Tge flipside of that is that Google and Apple have no viable alternatives. It would take years to build what they have.

It took Huawei about 5 years with Harmony OS to do it but odds if that making it far out side of China is limited.

blackbear_

7 hours ago

Is it because people genuinely don't care, or because the barrier to become a power user is becoming taller and taller every passing year?

izacus

6 hours ago

Is it because Android literally has billions of users across the world.

cosmic_cheese

4 hours ago

A large portion of which are using it in a feature phone capacity. Many only use smartphones because it’s what their carrier gave them after their old candybar dumbphone either broke or became unable to connect to cell towers.

The other groups are those who use it identically to how they would iOS (and don’t root or sideload), those that use it as computer replacement, and those who just like to tinker. Those last two groups are a tiny, tiny sliver relative to the others.

TeMPOraL

5 hours ago

Especially once you start counting car entertainment systems, POTS terminals, digital signage, and hundreds of other classes of devices that are not genera-purpose toys.

eimrine

8 hours ago

And what is your view on the percentage of power users among iphone user base? Also zero? One hundred? So interesting.

cosmic_cheese

4 hours ago

The share of power users on iOS might be larger than expected because a lot of people working in tech fight computers for a living and prefer their phones to be simple appliances assigned to a relatively focused set of tasks.

eimrine

4 hours ago

You are talking not about Apple's walled garden. Don't confuse a skilled power user with a pesky celebrity who always prefers one button over two buttons because of complexity issue.

cosmic_cheese

3 hours ago

I am, though. Someone who uses their phone for mail, chat, music, and calls with everything else being done on a proper computer has little to gain from sideloading, and plenty of computer power users use their phones that way.

I know because I’m one of them and something like 70% of my SWE colleagues I’ve known — including Android users — fit that description too. Most have never sideloaded anything and maybe 20% have flashed their phone with an alternative ROM or rooted at some point.

An individual being good with computers or even being capable of programming has little bearing on if they’re also a phone power user.

linuxmobile

3 hours ago

> Most have never sideloaded anything

I have never told anyone what I, ahem, install.

Rohansi

11 hours ago

> What % of Android users actually want this? Do they know or care?

If Apple announced that they were going to allow installing apps like how you can install APKs you will have a whole group of people on here arguing against it because they want Apple to have control over everything. You could have seen those people in action on the Epic v. Apple and Digital Markets Act discussions.

throwaway85825

13 hours ago

It would be good if there was less malware and outright scams in the play store but that's really orthogonal to the developer verification issue.

fc417fc802

12 hours ago

Not sure why your observation was received poorly. It's true. If they actually wanted to fight bad actors they could (for example) introduce a voluntary verification program where an app cost $$$ per year to list, is permitted only a fixed number of updates per year, and the uploads are manually audited by an actual person. This would add a second tier to the app store.

Just to drive the point home. Not that you would do this but you _could_ even implement such a system fully anonymously - with uploads via tor and payments via XMR - and it should still work just as well.

Add in a third even more expensive tier for those providing source code to the auditor where google verifies a signed deterministic build the same way fdroid does. Now clearly mark the three different tiers in the app store.

And if they went this route the next logical step for highly sensitive stuff like banking and password management would be a fourth licensed and bonded tier where a verified individual located in a friendly country took on liability for any fraud or other malpractice. That tier would be the equivalent to the situation for civil engineers.

Instead we're stuck in a reality where I don't trust sourcing password managers (among other things) from the play store. Those only ever come from fdroid for me - you know, an actually secure model for how to do app distribution and verify builds.

realusername

6 hours ago

What you are proposing won't solve anything, the #1 source of malware on Android is Play Store ads, here I said it.

And Google benefits financially from the problem.

fc417fc802

5 hours ago

Financial incentives aside, a higher assurance tier on the app store would enable me to tell my relatives "all apps that handle money or government details will always have this mark next to them" among other things. Whereas the current situation has me actively investigating moving them over to graphene.

tedk-42

10 hours ago

Google/Android don't want AI bots spamming marketplaces with dodgy apps.

Tie in the app to a verified identity/individual and it makes the audit process easier as well as engagement with authorities from the user's country if required (e.g. app facilitating child abuse).

tredre3

8 hours ago

> e.g. app facilitating child abuse

I'm going to go on a limb and say that the amount of apps dedicated to facilitating child abuse is close to 0, and the popular apps from verified developers being used for child abuse is close to 100%.

pocksuppet

7 hours ago

Session Messenger comes to mind. It's available in the Play Store and also in F-Droid.

wiseowise

7 hours ago

Of course it’s the apps that checks notes facilitate child abuse.

thayne

10 hours ago

But they don't have a problem with using unreliable AI bots to audit apps and deal with support.

marcprux

12 hours ago

> What % of Android users actually want this? Do they know or care?

2%, according to the keepandroidopen.org poll[^1]

[^1] https://techhub.social/@keepandroidopen/116251892296272830

akerl_

12 hours ago

Do we think that maybe the 3,732 people who responded to a poll on Mastodon by an account centered around one side of this disagreement might potentially not be a representative sample of all Android users?

jeroenhd

4 hours ago

It's a bit hard to poll 4 billion devices, but out of all 4 billion devices I think it's safe to assume that the percentage of users who do care can be rounded up to maybe 1% at most.

Developers and enthusiasts are an extreme minority that's incredibly vocal. I think most people here disagree with Google's approach but too many people are pretending like their interests and use cases are significant on a "half the planet" scale.

satvikpendem

12 hours ago

Sampling bias.

marcprux

11 hours ago

Perhaps. And yet … 98% opposition from 4K respondents? I'd be very surprised to see any other poll that tilts the other way, regardless of sampling bias.

warkdarrior

8 hours ago

Does this count? Putin won 88% of the vote in the 2024 Russian election. Not sure of the sampling bias there.

motbus3

14 hours ago

But but but it is for your security! You need to be protected!

Android isn't open source for a while. They started by pushing device certification which crippled any abilities of OEMs to make a better framework. Then they took many of the opensource packages out of android and redistributed as applications that they controlled via play services.

Then they made it harder to publish packages and created tons of rules that they can arbitrarily decide to cut ties with you or remove your remuneration.

What they are effectively doing now is to remove any ability of individual developers to push applications. Some will say the costs ain't that high, but (1) maybe not in USD dollars for Americans and (2) both Google and Apple will push those numbers way up high soon.

Even if that is not the case, if you don't agree with anything and you decide to have your own version of your family wiki, messenger or anything, they will be able to tell the authorities about it.

This is insane....

binkHN

11 hours ago

Android is becoming more Apple-ized everyday; it's horrible and more and more APIs get neutered or disappear, further limiting functionality available to developers.

tonyedgecombe

5 hours ago

It's worse than Apple because not only are they locking it down in the same way but the whole thing is funded by adverts.

izacus

6 hours ago

Significantly larger than the number of users wanting to sideload.

There are millions of people affected by targeted scams every year, significantly outnumbering the non-developer sideload community. Especially when you take into account that the sideload community doesn't all use Google Android and isn't affected by this.

beacon294

14 hours ago

You were wrong at percentage. The question is what count would want this.

lern_too_spel

4 hours ago

This change on its own doesn't make Google Android builds less open. It does the opposite. Now people can download apps directly from the websites of the publishers without getting a scary warning on Google Android builds. That's all this does.

Separately, they're going to increase friction the first time you allow installing apps outside of the Play Store or via this mechanism and also decrease friction on subsequent times, also on Google Android builds.

misir

14 hours ago

> What % of Android users actually want this? Do they know or care?

Bold of you assuming they're doing for users. It's fear-mongering at its finest - using the threat of security to install more control that has little to no protection against the said threats.

Now you might say it's going to raise the bar for the scammers, but nobody is going to be spending time on writing scam or malware for a few bucks. When the reward is high, they can just pay out already verified developers to distribute their builds under their accounts, or just find a workaround (fake ids?) which could be still way cheaper than the potential revenue potential of a successful attack. It's just an inconvenience that didn't existed before.

This is just a policy directly targeting the legit developers distributing apps to work around some of the platform's limitations (ie. uncrappifying youtube). They were previously free to share the workarounds they've developed for themselves since it was just as easy as sharing your APK. Now with added threat of losing your developer account and probably being perma-banned from google, those devs are less likely to continue distributing their workarounds.

WarmWash

13 hours ago

It's not about users, it's about a single judges idiotic ruling that Google play store is a monopoly, and the Apple app store is not.

Different judge you say? You're right. But when Google in their appeal asked the judge why the app store isn't a monopoly, the judge told Google with a straight face

"You can't be anti-competitive if you have no competitors."

Google took note.

charcircuit

14 hours ago

People don't want it until they've been scammed. Then they'll complain why you didn't save them.

fc417fc802

12 hours ago

People will erroneously complain about all sorts of things. Doesn't mean you should act.

Anyway in this case it's nothing more than a thinly veiled excuse to justify making ecosystem changes that are in their favor. They aren't acting in good faith.

cubefox

13 hours ago

Do people complain about being scammed with Windows or macOS? Apparently not. So they probably also don't complain about Android. The security seems more an excuse to become more closed. Like iOS.

andersonpico

12 hours ago

> Do people complain about being scammed with Windows

They do. They absolutely do. Where have you been in the last 20 years? Windows has had a reputation as an unsafe ecosystem for decades. Even amongst non-tech people. And even with the various exploits the biggest source of viruses on windows was always that, lacking a proper channel to distribute applications, they had trained their users to double click any .exe on the internet and the next>next>next in whatever installer. I don't agree with the tightening of developer account requirements, but this argument doesn't hold at all.

cubefox

6 hours ago

> They do. They absolutely do. Where have you been in the last 20 years?

The last time I heard these complaints were before Windows XP Service Pack 2, which added automatic Windows updates and ended the flood of viruses like Sasser or MyDoom.A. That was more than 20 years ago. On top of that, Windows Vista later added an integrated virus scanner and UAC dialogues, which gave you a big warning whenever you wanted to open an executable file. I haven't heard of any widespread viruses since. Nowadays most people don't even need to install software because most things are SAAS/cloud and run via the browser now.

Now the biggest "security issue" seems to stem from not-so-bright users being convinced by phone scammers to transfer them money or something like that. I don't think this is a problem with Windows.

DashAnimal

13 hours ago

I don't necessarily like the idea of a company wiping their hands clean and saying "well - not our problem!" either though.

Companies shouldn't wait to solve issues like this - they should be proactively helping their most vulnerable users. That is the "do no evil" motto.

I don't know enough to say whether this method is the right approach however.

Zak

12 hours ago

Saying that computer/OS manufacturers should prevent malware is effectively equivalent to saying that they should not sell general purpose computers to the public. A general purpose computer is one that can run any program the users tells it to, which necessarily includes one that's malicious.

That doesn't necessarily preclude helping the user to notice when they're doing something dangerous, but a waiting period before the computer becomes general-purpose seems pretty extreme.

bitwize

9 hours ago

> Saying that computer/OS manufacturers should prevent malware is effectively equivalent to saying that they should not sell general purpose computers to the public.

(in Gilbert Huph (Wallace Shawn) voice) Yes, precisely!

charcircuit

10 hours ago

The general consumer does not care about the distinction of if a product is technically a "general purpose computer" or not. They care about if the device is able to do what they want from it, providing them value.

rcMgD2BwE72F

12 hours ago

>Companies shouldn't wait to solve issues like this

Unless you built your house yourself, you should expect the construction company to be responsible for verifying the identities of anyone entering your house. Asking for a passport and a one time payment, just in case the person who rings the bell may not be a friend.

That should be proactively helping you in case you're a vulnerable homeowner. Not checking in on every visitor would be evil, no?

I can't think of a better approach.

akerl_

12 hours ago

I lived in an apartment building, and one of the upsides was that the building had a security system and a front desk that helped control who could be wandering down my hall.

rcMgD2BwE72F

12 hours ago

Me too.

But we, owners, collectively choose that. We choose the security company, we pay then, we can vote them out. Most importantly: the construction company has zero say in this.

Also, no one actually check the IDs of my friends, and they don't have to pay the construction company when they first come.

I give the codes, they ring, I open. I hire a company to monitor the building but I can kick then out any day.

I own the place, you see?

fc417fc802

12 hours ago

Doesn't really seem like it fits the analogy. Even ignoring that, I doubt they were checking passports and collecting tolls from guests, right?

cubefox

6 hours ago

> Companies shouldn't wait to solve issues like this - they should be proactively helping their most vulnerable users.

I think they should help their median users and empower their power users, and they should absolutely throw a few "most vulnerable" users under the bus if that's necessary. Otherwise you think about banning kitchen knives to protect the "most vulnerable users" who are too stupid to handle a knife. No, we shouldn't do that. Their stupidity should be their problem, not our problem.

Some degree of collateral damage must be accepted to maximize the expected value of a product or service. Minimizing risks can't be the top priority. Don't ban kitchen knives. What you are effectively arguing for is transforming both Windows and macOS into a closed iOS. Don't do that.

skybrian

12 hours ago

Pretty much everyone would hate it if a relative lost their life savings to a scammer, though they may not know it yet.

The idea isn't to protect the power users or average users. It's to protect the most vulnerable. Android is for everyone. Us power users will have a minor speed bump, but we can deal.

JCTheDenthog

11 hours ago

I would buy this argument if the Play Store wasn't already full of garbage and viruses and scams.

gumby271

12 hours ago

Android is for everyone, provided they submit to Google exclusively. It's not about power users, and that isn't a speed bump. You can protect vulnerable users without centralizing power like they did, but that's not their motivation so here we are.

skybrian

9 hours ago

What's an example of a decentralized system that protects people from scammers?

CivBase

11 hours ago

How very noble of Google /s

ecshafer

12 hours ago

> Android is for everyone. It’s built on a commitment to an open and safe platform. Users should feel confident installing apps, no matter where they get them from.

This intro immediately tells me that whatever comes after will be horrible for users and developers. Surprise surprise, I was right. Software to "verify" side loaded apps is a bad, anti user idea.

Vinnl

3 hours ago

Whenever I find that I need to install something from the Play Store rather than from F-Droid, it fills me with dread, because I'm not confident about what those apps do behind the scenes.

varispeed

28 minutes ago

I am waiting for Google to require bodily fluid sample to verify identity.

postsantum

11 hours ago

It's like a slimy HR telling you to come over for a chat. You immediately know it's not a chat

Andebugulin

3 hours ago

My experience was worse than just frustrating verification - it cost me money twice.

I submitted my government-issued ID and bank statements multiple times. Each time rejected, no specific explanation why. After several rounds I gave up, assuming my developer account would at least stay dormant until I felt like trying again.

It didn't. Google deleted the account entirely. No warning, no refund of the €25 registration fee or whatever it costed. When I eventually wanted to publish again, I had to create a new account and pay again. The second time around they accepted my driving license - the same type of document category they had rejected before.

So the real cost of a bad verification experience isn't just time. If you give up and walk away, you lose your fee and start from zero. That's the part that stung, at least for me.

rvnx

14 hours ago

Hey boss: “40M users are running a cracked version of YouTube premium on mobile, what can we do ?”

londons_explore

12 hours ago

Exactly this.

And that launch country list is most likely the countries where cracked YouTube Premium is most common.

App piracy is huge by copying around modded APK's, and everyone's grandma is doing it.

sporp

12 hours ago

I pay for YouTube Premium and I have an alt app on my phone because the user experience is just better. You're supposed to have background play in the regular YouTube app, but videos regularly pause until you return to the yt app to reload.

It all worked perfectly fine back on my iPod touch, pre-premium bs. Tech is regressing.

I'm on a family plan (cheap) and I use it for the music player for the inevitable question of why I'm doing this.

ori_b

10 hours ago

If they're taking on verification, are they also taking on liability? Do we get to sue them if grandma gets scammed through an app they allow onto their phone?

RandyOrion

2 hours ago

Yeah, let's hold Google accountable. Is there a way to practice anti-trust laws?

eviks

7 hours ago

Nice try, but no, shit only flows down.

bstsb

15 hours ago

from https://9to5google.com/2026/03/30/android-developer-verifier... -

> Starting in April, Android Developer Verifier will be installed on devices.

so they're rolling out a system app that will call home to check whether any sideloaded apps have been "verified" with the developer's government ID? and this process will happen regardless of whether the user has enabled the "advanced flow" in Developer settings?

birdsongs

14 hours ago

Good of a reason as any to go google-less on my Graphene pixel, I guess. But man it sucks, mostly for all the people who can't. I can manage my financials and 2FA from my laptop, that was my last real reason to have google play installed, but it's just a convenience. (I know it's mandatory for others.)

I wonder how that sys app will be handled in GrapheneOS's google play sandbox?

subscribed

14 hours ago

It'll probably always confirm it's been verified.

GOS have already said users won't be impacted by this clampdown.

kevin_thibedeau

12 hours ago

So F-Droid will be installable without sacrificing livestock?

fc417fc802

12 hours ago

That essay about being licensed to use a debugger was supposed to be an absurdist over-extrapolation for the sake of making a deeper point about software freedoms ... right? Seems more like they're using it as an instruction manual.

nout

14 hours ago

That's seriously horrible. There are 5+ open source android apps that I use and want to continue using that are not available on Play Store, but rather through alternative stores (like Zapstore, Obtainium).

If I get a phone with preinstalled Graphene OS (like the upcoming Motorola phone), then does it avoid this stupidity? Or even with Graphene it prevents me from installing apks?

ekianjo

13 hours ago

Graphene allows APKs

throwaway85825

13 hours ago

A 'safe' app store would promote and prioritize open source apps compiled on public auditable runners.

pxc

13 hours ago

F-Droid is in fact what an app store concerned about user safety looks like. Nobody gets hoodwinked into installing apps that track them or sell their data or otherwise abuse them on F-Droid.

throwaway85825

13 hours ago

It is yes. Their build system is somewhat arcane and difficult so some apps dont get updated from the git repo though. It could use some polish.

selectively

12 hours ago

This is non-technical. F-Droid is horrible. https://privsec.dev/posts/android/f-droid-security-issues/#5...

F-Droid has not meaningfully improved since that piece was written, either. No one should use F-Droid.

rpdillon

12 hours ago

That article's premise is that the Android security model is something that I want. It really isn't.

The F-Droid model of having multiple repositories in one app is absolutely perfect because it gives me control (rather than the operating system) over what repositories I decide to add. There is no scenario in which I wish Android to question me on whether I want to install an app from a particular F-Droid repository.

yjftsjthsd-h

9 hours ago

Can you describe the threat model / specific attack under which... any of the supposed flaws on that page matter? (Most of the particular section you've linked appears to be about extra defenses that could be added, but which are unlikely to make a difference in the face of Android's TOFU signature verification on installed APKs.)

fc417fc802

8 hours ago

Reads like a cheap hit piece to me.

The section you linked in particular is a load of editorialized bullshit IMO. As far as I can tell the only legitimate complaint is that there is (or was?) some sort of issue with the signing methodology for both APKs and repository metadata. Specifically they were apparently very slow to replace deprecated methods that had known issues. However it's worth noting that they appear to have been following what were at one point standard practices.

The certificate pinning nonsense is particularly egregious. APT famously doesn't need TLS unless you're concerned about confidentiality. It's the same for any package manager that securely signs everything, and if there's ever a signing vulnerability then relying on TLS certainly might save you but seems extremely risky. On top of that the Android TOFU model means none of this matters in the slightest for already installed apps which is expected to be the case the vast majority of the time.

As far as I'm concerned F-Droid is the best currently available option. That said of course there are places it could improve.

izacus

6 hours ago

F-Droid is so irrelevant that it doesn't even begin being targeted by supply chain and scam attacks. Being obscure always help with this, but pretending that it's the same threat model is absolutely false.

fsflover

5 hours ago

Are Debian repositories also irrelevant? If not, why aren't they targeted?

takluyver

3 hours ago

The XZ utils backdoor made it into Debian repositories undetected, although it was caught before it was in a stable version.

Debian repositories are quite secure, but also pretty limited in scope and extremely slow to update. In practice, basically everyone (I'm sure there are a few counterexamples) using a Linux distro uses it as a base and runs extra software from less tightly controlled sources: Docker hub, PyPI, npm, crates, Flathub etc. It's far easier for attackers to target those, but their openness also means there's a lot of useful stuff there that's not in Debian.

Holding up Debian as a model for security is one step up from the old joke about securing your computer by turning it off and unplugging it. It's true, but it's not really interesting.

tubs

7 hours ago

Yeah like npm! Don’t think there’s ever been security issues in that.

wg0

7 minutes ago

I'll probably ship PWAs but hope those are not killed by Google.

Steve16384

3 hours ago

Even once you've managed to verify, Google love throwing more challenges at you if you want to keep your apps in the store. "You need to declare your blood type or we will remove your apps in 30 days". I removed my apps myself as it was turning from a hobby to an unpaid job just to keep the apps in the store.

m132

13 hours ago

Is there any information about how the "advanced flow" will be implemented? According to keepandroidopen.org, this is going to be handled by Google Play Services. Does it mean it will be automatically installed via the silent, always-on GMS update mechanism and I should root my devices and remove GMS altogether if I don't want this?

marcprux

12 hours ago

I am part of the team running keepandroidopen.org and corralling the signatures for the open letter opposing this program. We've been trying to get Google to reverse course on this program ever since it was announced.

As it stands, Android Developer Verification (ADV) is a death sentence for F-Droid, Obtainium, and other competitors to the Google Play Store, both commercial and non-commercial. We are disappointed that they are still trying to steamroll this through in the face of overwhelming public opposition.

There are numerous reasons to object to the program, but a few of the top ones are:

1. You own your computer, and you should be the sole decision-maker for what software you can install on it.

2. "Malware" means whatever Google says it means, and their terms and conditions change daily; today malware is banking scams, tomorrow it is … ad-blocking? VPNs? Their decisions are un-reviewable and opaque, and they have obvious commercial incentives to block certain kinds of (otherwise-legal) software.

3. Centralizing global developer registrations through a US corporation makes it subject to the rules (and whims) of the current regime. Citizens of sanctioned countries or members of sanctioned entities (like the International Criminal Court) will be legally barred from registering, blocking them from creating and distributing software _anywhere_ in the world (not just the US).

4. Scenarios that Google claims ADV will protect against — such as high-pressure phone calls manipulating vulnerable users into installing scam apps — have _already_ been addressed by incremental improvements to Android security over the years, such as "Enhanced Fraud Protection" introduced in Android 13 (and expanded in Android 15). Android has incrementally improved its security features over its near 20 years of existence. There is no evidence that anything has suddenly changed to justify such a disproportionate and extreme lockdown.

5. Being required to pay Google for the privilege of uploading your government identification so that you might be permitted to contribute to the Android software ecosystem is such an abominable insult to the developers that helped build the platform. It deserves all the utter contempt that has been heaped upon it thus far, and begs regulatory scrutiny from those few countries that still have the courage to stand up to these bullies.

We emphatically recommend against developers signing up for this program or endorsing it in any way.

RandyOrion

2 hours ago

Thank you for standing against the Android Developer Verification enforced by Google. Now in addition to stopping using Youtube, replacing chrome with ungoogled chromium, I'm moving to de-googled AOSP builds, e.g., lineageOS, insted of stock OEM ROMs.

curt15

2 hours ago

Are there any anti-trust angles to this?

fsflover

4 hours ago

> I am part of the team running keepandroidopen.org

Perhaps your team should promote GNU/Linux phones instead, which do not depend on a megacorp.

Sent from my Librem 5.

sgt

4 hours ago

> It’s only when a user tries to install an unregistered app that they’ll require ADB or advanced flow, helping us keep the broader community safe while preserving the flexibility for our power users.

So, we have a sideloaded app now. Which has been increasingly tricky for our users to install. The warning they get is hard to understand. Does this mean essentially the end of sideloading?

takluyver

4 hours ago

If you get 'verified' by Google and sign your app, sideloading shouldn't change. That means money and ID checks, or a free 'hobbyist' carve out if you have <20 users.

If you don't want to play their game, sideloading will get substantially harder.

0xbadcafebee

13 hours ago

tl;dr how to install an app from unverified developer ("advanced flow")

  1. enable developer mode
  2. confirm you aren't being coached
  3. restart your phone and reauthenticate
  4. come back after 24 hours and unlock device
  5. install app from unverified developer, option of enabling for 7 days or indefinitely
This is apparently a one-time process. Advanced flow for users launches globally August 2026. Verification requirement kicks in September 2026.

Personally I am hopeful that people work toward a completely new, non-Android OS. 15 GB of space on my phone, and 1.5 GB of RAM, is dedicated to Android OS alone. This design, and the control this company (and the mobile providers, and device manufacturers) have over the mobile world, is ridiculous. Let's start over.

0x1ceb00da

9 hours ago

Nah. This sucks. My banking app refuses to open if devtools are enabled. 24h window means I can't do dev work on my personal phone.

robotnikman

13 hours ago

>15 GB of space on my phone, and 1.5 GB of RAM, is dedicated to Android OS alone

The original Droid phone I used had only 256mb of memory, and could still multitask and run multiple apps at once with that limited memory. Its crazy how bloated things have become over the years.

fsflover

4 hours ago

> I am hopeful that people work toward a completely new, non-Android OS

Mobian, PureOS, postmarketOS already exist. Sent from my Librem 5.

bossyTeacher

14 hours ago

"However, our recent analysis found over 90 times more malware from sideloaded sources than on Google Play."

Has anyone seen the report for that analysis. I bet most people here would love to read it too.

curt15

2 hours ago

Suppose for argument this statistic were true. It still does not fully capture people's risk.

P(malware) = P(nalware | Google Play) * P(Google Play) + P(malware | non-Google Play) * P(non-Google Play)

It's the combination of both factors that counts. Even if Google Play has a lower malware rate, a user is still far more likely to try to install apps through Google Play given the sheer size of its catalog and its prominent, default placement on people's devices.

Macha

13 hours ago

I mean, I’m sure “Fortnite with infinite vbucks.apk” has a much worse malware rate than the play store, but I’m almost certain that fdroid has a lower malware rate than the play store and I honestly suspect even “random apks off github” might have a similar rate to the play store

userbinator

13 hours ago

Older Androids which are fully rootable and unbrickable are cheap (maybe even monetarily free) and will let you continue to have freedom despite what Google wants.

"Those who give up freedom for security deserve neither."

stavros

12 hours ago

Older Androids won't exist for long.

userbinator

11 hours ago

That's what Google wants, but they're not getting their way with mine.

fsflover

4 hours ago

How about security updates?

shit_game

12 hours ago

At this point, I think I would prefer to carry a dumb flip phone for SMS and phone calls, and a smartphone-shaped generic touchscreen linux computer for everything else. It's becoming disturbingly impossible to find the former, and practically impossible (IME) to find the former.

Does anyone here have experience using Ubuntu Touch? That's the closest thing I've seen to "generic touchscreen linux" for mobile phone hardware. I'd love a device that works for multimedia, navigation, web browsing, and a handful of APKs like various chat apps (and really anything can can arbitrarily use the hardware), but it seems like tying a cellular modem to this ends up fucking up the whole dream because of carrier and manufacturer motivations/compensations.

arcmutex

6 hours ago

Great. This will make web apps popular again. Let's take back the web. HTML, JavaScript, CSS!

geokon

10 hours ago

Does anyone know how this will work vis a vis China, where Android is everywhere, but Google is not?

Will bypassing this bureaucracy be just a matter of buying a Chinese Android phone?

RandyOrion

2 hours ago

Please no.

If you want to install APKs directly on Android phones selling in China, you'll face even more draconian restrictions imposed by both Chinese OEMs and Chinese government, e.g., cannot install telegram [1], cannot install VPNs [2], called by local police station after installing VPNs [3], and so on. And you do not have the freedom to even talk about these restrictions freely without getting sued or censored.

[1] https://xcancel.com/whyyoutouzhele/status/168915238841261670...

[2] https://xcancel.com/whyyoutouzhele/status/197843066556268971...

[3] https://xcancel.com/whyyoutouzhele/status/170299205759627676...

bitwize

9 hours ago

I'd say Hackernews knows enough people at Google to raise a stink about this, but it's not going to do any good. Sometime at the last WEF or Bilderberg meeting it was decided that KYC level identity verification should be required to use a computer or the internet, with more stringent requirements to program one. This, and much worse, is going to happen whether we like it or not.

BatteryMountain

6 hours ago

Good job google. You just convinced our entire business to abandon our app (utilities company) and only target web. We are done with this shit. All our resources the next two weeks will be to fill in the gaps in our web clientzone so our thousands of customers can still buy electricity and pay water bill and have a similar experience than the app (it's 90% the same anyway).

Oh and my three personal apps that I installed via adb (not released on playstore) - the moment they stop working on my phone or hassle me about verification, I will get in my car and go buy an iPhone.

Next will be to degoogle the rest of my life, which is luckily only gmail. Guess how long it will take me to port out? Less than two days.

I only let companies violate me once. Then I'm out.

Play store is the biggest piece of trash malware system that exists today, but us normal businesses have to pull teeth and spend days jumping through hoops to get an app out, but the playstore is filled with infinite garbage that rot childrens brains.

Wake up.

fredgrott

2 hours ago

Sounds like age verification exp in EU....

Maybe not expose potential internet users to such as high obstacle if your goal is to get their eyeballs to buy your advertised product???

__fst__

13 hours ago

Let everyone who wants it be safe using the Google App Store. But please let me do stupid/experimental things with my phone.

sylos

10 hours ago

The google app store isn't even that safe. This is all just stupid

hnburnsy

13 hours ago

What Android versions is this applicable to?

hnburnsy

11 hours ago

Found the answer...

>What Android versions will the developer verification requirements be enforced on? It will apply to all certified Android devices running Android 7 or higher. These updates are delivered through Google Play services to help maintain consistent security across the ecosystem. Last updated: March 23, 2026

ncr100

8 hours ago

So, Google TVs too?

hirako2000

14 hours ago

The sad thing is only a tiny minority of android users side load apps. The rest will feel their phone is one step more secure.

stavros

12 hours ago

How is it more secure for the people who don't sideload apps?

fc417fc802

12 hours ago

They'll feel it's more secure. It won't actually be but they'll feel that way and vibes are important. /s

Fordec

14 hours ago

Yeah, no, going back to web native. Keep your verification and your 20%.

jaimex2

11 hours ago

The only malware I've had to clean off peoples devices has come from the Google Play Store.

krick

13 hours ago

So, anyway, how do we make sure that our phones don't turn into a pumpkin on a set date? I suppose it's all shit long term, but at the very least I don't want to be forced to look for a solution before I need a new phone. So, what do you do? Can you just disable android updates somehow and it will solve the issue? Or it is already a ticking bomb that will be activated on the set date no matter what?

userbinator

13 hours ago

Root and kill everything that could be used to remotely install software without your consent.

DeathArrow

7 hours ago

If I do software for Windows, Linux or FreeBSD I don't need verification. And potential users aren't required to get software only from a certain app store.

This is a case of companies forcing things on us "for our own good" and them knowing better than us what is good for us or not.

mhitza

2 hours ago

It's a pathetic excuse of a reason. Google Ads is a mechanism for scam delivery, probably 90 times more effective than sideloaded scam apps.

kayson

14 hours ago

> our recent analysis found over 90 times more malware from sideloaded sources than on Google Play

So what's the solution then? At the same time, I'm curious how this ends up happening to end users. Enabling unknown sources is trivial in a way (it's just one check box and if you try to install an APK from, say, Firefox, it'll take you right there), but how are people even getting to that point??

lmz

11 hours ago

Phone scammers guiding users to install apps.

donatj

11 hours ago

I would genuinely like to know more about these supposed users who are side loading things and getting hoodwinked. It seems high enough friction that you have to have something of an idea of what you're doing to begin with. Everyone I've known who is side loaded anything has been reasonably technical.

My dad on the other hand, who worked for Control Data in the 1980s regularly installs some of the scummiest apps imaginable, and they're all from the Play Store proper.

Launchers that don't actually launch things and serve ads. Apps that launch full screen ads while you're doing things saying your device is infected. Absolute trash.

Like maybe just maybe put some energy into going after the stuff in the Play Store first. As the Play Store exists now, it is unsafe.

bsimpson

10 hours ago

Have you seen those YouTube videos of people punking scammers? Scammers will convince people to drive to Target, buy gift cards, and read the credentials out over the phone. Those same people can surely talk you through tapping out a dialog flow.

That's presumably why there's a lockout period - it keeps a scammer from reasonably holding the line until they can pressure you to finish it.

yjftsjthsd-h

9 hours ago

> Have you seen those YouTube videos of people punking scammers? Scammers will convince people to drive to Target, buy gift cards, and read the credentials out over the phone. Those same people can surely talk you through tapping out a dialog flow.

...if the scammer can get the victim to physically drive to Target a buy a bunch of gift cards, what makes you think they need to install anything on your phone? Having RCE on a human is more useful than RCE on a device.

jeroenhd

4 hours ago

Their deception often relies on remote-controlling a PC, modifying a bank balance to show a fake number using basic "inspect element", and convincing the victim that they "accidentally" received a refund that's too high (often by having the victim type out the "refund" amount in their notepad-looking "refund system" and adding a couple of zeroes).

By making the victim believe that they're to blame for this innocent worker losing his job, they convince these people that they need to go outside normal financial systems to get the money back before anyone notices. Alternative scam scripts also have scammers pretend to be government officials threatening with fines and lawsuits, but the end goal is often to get into the victim's bank account in a way that the victim will tell the bank that everything is fine when fraud detection systems catch wire transfers or suspicious behaviour.

If the victim at any point opens up their official banking app, which scammers cannot control, they'll see that they never received the supposed "refund". With banks moving more and more functionality to apps, scammers can't pull the same tricks if they don't have access to your phone.

Scambaiting Youtubers have shown to be able to throw scammers of their guard by doing the most basic things. Disabling "inspect element" and cmd.exe will stop a scammer right in their tracks, because suddenly their phone script doesn't work any more.

If the victim needs to wait a full day, they'll be more likely to talk to someone. There are plenty of interviews with victims where they will say they realized their mistake hours or even minutes after it's too late. Stress and constant pressure is one of the primary means scammers employ to prevent people from thinking rationally so their obvious and ridiculous lies don't get spotted.

While I think developer verification is monumentally stupid and won't stop any serious scams, I do believe that the timeout measure Google makes people jump through does help.

TeMPOraL

4 hours ago

Having RCE on a human is like having RCE on a SOTA LLM webservice - tricky to get, and you'll probably lose it if the other side reloads.

thomasgeelens

13 hours ago

oh so I'm not the only one, always believed Apple was the hard ass but I've been having a better experience with them.

stuaxo

15 hours ago

Sorry, but absolutely not.

I stuck with Android for years as a dev as I once did Android apps and occasionally do tinker.

This is my last Android phone and Jolla is my next phone.

birdsongs

14 hours ago

I really want to like the concept of Jolla / a European mobile alternative but I see no reason why they're closed source SW in 2026. Open source everything, let the community help develop, and sell your hardware (and support/deals for B2B).

A single for-profit company owning the full HW and SW stack? My trust in companies lately is at a lifetime low. It just leaves a bad taste in my mouth.

amarant

14 hours ago

Ooh, are you gonna go for their Ubuntu touch alternative, or their own OS?

jaimex2

11 hours ago

It's kinda funny. I used to run custom roms all Android phones came with a shit OS.

I stopped because Pixel AOSP phones were actually decent.

Now I guess i'll be buying phones based on which I can flash with custom roms again.

myko

10 hours ago

Google freaked out that Apple had a better reputation and went all in on fucking their Android store up. Everything about it is worse now than it was before. So tiring.

parrellel

14 hours ago

Yeah, no. No one needs your spyware.

andrepd

14 hours ago

I don't see a way out of this except government regulation. The EU has the most motivation to do it, as a huge economic bloc with a lot of motivation right now to become as independent from the US as possible.

I guess I can sort of manage to keep my head above water and keep buying secondhand phones which I unlock and install a supported version of LineageOS. But it's cumbersome, it gets more difficult and more restrictive every time. And I literally have a doctorate in computers for crying out loud! Is there any hope for Granny? For a kid? For >99% of people? Of course not.

This is so clearly a matter for government oversight: prevent abuse, monopolies, protect the citizen's safety, rights, welfare, etc. It's not reasonable to expect consumers to figure out if the meat they buy is tainted, just as it's not to figure out if their phone spies on them, manipulates information, or sells their data (especially when there's a duopoly). That's why we have laws and food inspectors, paid for by the public, working for the public. Same thing with digital rights.

pzo

14 hours ago

> I don't see a way out of this except government regulation.

IMHO governments are partially behind those initiatives so they are unlikely to regulate themself- reason in last few years they intensified work on Digital ID, Age Verification, Chat control, KYC, etc.

nout

14 hours ago

EU is schizophrenic enough that it often produces very conflicting directions, opinions and policies.

One thing EU loves is regulation though, so I expect they will introduce preemptive regulations to enforce strict ID verification as well as regulations to fine big companies for breaching user privacy with strict ID verification policies.

zoobab

4 hours ago

ID verification for app stores already discussed and voted behind closed-doors trilogue meetings, unelected governments like darkness:

https://www.patrick-breyer.de/en/end-of-chat-control-eu-parl...

"Next up in the ongoing trilogue, lawmakers will negotiate whether messenger and chat services, as well as app stores, will be legally obliged to implement age verification."

lokar

14 hours ago

For the limits on side-loading in particular, there are a few southeast asian nations (I can't recall, Vietnam? Thailand?) where almost all internet access is via Android, including banking. And social engineering fraud, where they call someone up, pretend to be the bank, and get them to side-load malware, has become a major financial, and political problem.

AIUI, they have told Google to find a fix, or else.

pzo

14 hours ago

> pretend to be the bank, and get them to side-load malware, has become a major financial, and political problem.

I been living in SE Asia for few years each in Thailand, Malaysia, Indonesia, Vietnam and really didn't notice that this is supposed to be like major political problem.

'Fraud' is the same smoke screen and excuse as 'protect the children from social media or pedophiles'.

lokar

14 hours ago

I can't find it now, but the article I read seemed to say that the gov was specifically upset about the banking issue, and might tell the banks they can't allow apps anymore.

fc417fc802

11 hours ago

Someone has to stop the pedophiles from using social media to scam vulnerable children out of their millions of hard earned robux.

zrm

14 hours ago

There are different governments and different subdivisions within any given government. The only thing you need to get a government that had been pushing Chat Control to do some trust busting is to get more votes.

burnerthrow008

11 hours ago

But what motivation has the EU to promulgate these regulations?

* Chat control is toothless if users can simply side-load an app without snooping.

* The EU companies who successfully lobbied for regulations against Apple now see that the 15% tax is worth it when they can A/B test the counterfactual. So those companies no longer care if Google will do the same thing.

* The EU is now in an awkward position that it is ok for a newspaper to sell your personal info via pay-or-consent, but not for a social network to do it. Some will keep yammering on about "gatekeepers", but it's sort of an emperor has no clothes moment.

* Declaring that iPadOs is a gatekeeper (after it failed to meet the quantitative criteria for such) was another such emperor has not clothes moment. The whole "gatekeeper" narrative has turned into a farce.

* The people commenting on this forum are not even a rounding error in the EU electorate.

> It's not reasonable to expect consumers to figure out if the meat they buy is tainted, just as it's not to figure out if their phone spies on them, manipulates information, or sells their data (especially when there's a duopoly).

Indeed! Neither would it be reasonable for the sellers of meat to demand anonymity! If one sells tainted meat, he should be held accountable! We should identify him!

Yet, the creators and sellers of software for a General Purpose Computer (remember, that is the argument why phones should be regulated) demand that they should be above the law, anonymous and unaccountable!

Schrodinger's computing device: The one which is so vital to everyday life that we must not prohibit the user to run whatever software he likes, yet so unimportant that we have not a care in the world to identify any fraudster who might wish to distribute software.

seanalltogether

14 hours ago

"This is so clearly a matter for government oversight: prevent abuse, protect the citizen's safety, rights, welfare, etc. It's not reasonable to expect consumers to figure out if the meat they buy is tainted, just as it's not to figure out if the APPS THEY INSTALL spies on them, manipulates information, or sells their data"

Do you see how quickly that argument can be flipped to support what google is doing here? Honestly I wouldn't be surprised if half the reason to to lock down phones is because governments keep pressuring them to do so.

EmbarrassedHelp

14 hours ago

I'm wondering if the EU is complicit in this somehow, despite claiming that they want to fight back against tech companies.

The EU Commission is currently pushing the shitty EU Identity Wallet for mandatory age verification, and it requires GooglePlay Services to be installed for "anti-tampering". That also means a ban on non official versions of Android like LineageOS and GrapheneOS.

zoobab

5 hours ago

The DMA team replied to me that they did not see any legal issues with Google enforcing mandatory ID for sideloading apps.

We need an urgent upgrade of the DMA v2.O, in the fast paced Omnibus package.

Feel free to post proposals here.

zoobab

5 hours ago

On the DMA, I have said that it does not go far enough, the Operating System (OS) market should be opened up, with a regulation in place so that alternative mobile and non-mobile OSes can be installed by the end user, notably by the mandatory registration and publication of technical hardware specifications, unlocking of bootloaders, etc...

30 years ago, the Linux community fought the pre-installed Windows tax and mostly lost that fight.

hrmtst93837

5 hours ago

The "anti-tampering" excuse lands flat when sideloaded apps on stock Android can still touch the same sensitive data through Play Integrity, and the only people it shuts out are the ones technical enough to care about their own OS. That is vendor lock-in. For a bloc that spends half its time scolding Big Tech, the Comission looks weirdly happy to route age checks and state ID through Google Play Services.

user34283

14 hours ago

You'd think in 2026 regulators would finally step up their game to break up the mobile app distribution duopoly.

And Google thinks it can pull this ridiculous stunt.

retrodaredevil

14 hours ago

The thing is, the EU needs to be able to not only sell that the regulation they propose is good to the public, but also not piss off the US administration.

Most people are too non-technical to understand why this is a bad thing even when it's explained to them. Plus, whatever administration is in power in the US has a lot of influence.

Trump has already said that he wouldn't tolerate regulation that affects American companies [1], painting regulation that happens in another country as something that will affect US citizens. (I mean if you use the GDPR as an example, it's not wrong. Think of cookie pop ups while browsing the web in the US)

I would like the the EU would go harder with their regulations, because it usually results in other countries or states following their lead, but I dont see that happening. Regulation has been painted as "bad", and we have at least 3 more years until that changes.

[1] https://www.cnn.com/2026/01/12/tech/us-eu-tech-regulation-fi...

burnerthrow008

11 hours ago

> rump has already said that he wouldn't tolerate regulation that affects American companies

This lays bare the stupidity of applying the pay-or-consent law to only Facebook and not everyone. Every important newspaper in Europe has pay-or-consent. It does not matter that each one individually is smaller, the effect is the same.

The law was carefully crafted to ensure European businesses (newspapers) are not "gatekeepers" while ensuring American businesses (social networks) are. That fact did not go unnoticed in the rest of the world.

microtonal

6 hours ago

So? There is a fundamental difference. The app stores have effectively become utility companies through the Android-iOS duopoly and it is neigh-impossible to make a new competitive ecosystem. Utility companies are regulated because they can distort the market with their power otherwise. E.g. if the power lines are owned my a single company (which is the case in many countries), if they were not regulated, they could pretty much ask any price. What are you going to do to compete? Roll out a completely new power grid? The Android/iOS duopoly is the same, the fact that they could ask for an insane 30% (!) of every transaction before the regulatory squeeze started should tell you enough.

The newspaper market is very different, because there are many players and you can always go to a competitor. There are even newspapers that make all content available and ask an optional donation (e.g. Taz in Germany or to some extend The Guardian, who do not seem actively block ad blockers).

tsoukase

an hour ago

In the last few years all apps I install in a phone come outside of Play Store, because either they are full of ads, throttle their usage or simply similar ones don't exist. Without them the phone loses half of it's functionality, which is pretty much. So, I am willing to wait a day in the "advanced flow" to keep a multi-year experience.

glenstein

13 hours ago

Don't love it but (1) it's addressing a serious problem and I'm not sure what the alternative is and (2) if you all remember the starting place, it was staggeringly, dramatically worse, practically a death sentence for F-Droid and seemingly testing the waters for if they could simply power through and do it despite objection.

This is a major course correction that doesn't kill F-Droid. A one time 24 hour hoop to jump through and then never again is monumentally better than losing F-Droid forever.

supern0va

12 hours ago

Is it a serious problem that you can run whatever software you want on your computer? Should we make it so that no one can do that without permission to protect them?

I recommend Cory Doctorow's talk on why this is a serious problem for society:

https://en.wikisource.org/wiki/The_Coming_War_on_General_Com...

https://www.youtube.com/watch?v=HUEvRyemKSg

bitwize

9 hours ago

Not enough people give a shit about "general purpose computing" to matter. They use computers for a few things and as long as they can do those things they're fine with it. My wife loves all her Apple gear. It provides her with a wonderful, curated experience. Okay, maybe it hasn't been so good with recent iOS releases but it still beats Android or Microslop. Being able to hack, modify, or install arbitrary stuff on your device is something only a minority of a minority care about, statistical noise in the quarterly sales figures. When you compare that to the harm done by malware, illegal or indecent material, and the negative blowback to YOUR OS's reputation—or worse, the "felony contempt of business model" enabled by a general-purpose OS (piracy, ad blocking, etc.)—it's a no-brainer to implement restrictions.

renewiltord

11 hours ago

Yes, lots of vulnerable users get harmed by modern tech. E.g. people have lost their minds using AI, their livelihoods using smartphones, their life savings using the Internet. In general, I prefer a solution where any mental health issue (age-related infirmity, ADHD, etc.) result in protection from modern exploitative tech like this.

Every application use for such people should be supervised by a government official trained to ensure you are not hurting yourself.

This way people who want to use AI, smartphones, or the Internet can do so if they’re healthy and the mentally disabled can be protected. We know that this need exists because even on this “Hacker” News forum everyone gets very upset when a mentally disabled person gets injured after AI use.

cyberax

7 hours ago

> Is it a serious problem that you can run whatever software you want on your computer?

Unfortunately. I talked about this a bit on LWN: https://lwn.net/Articles/1063741/

The problem is very, very real. I don't doubt that Google also has ulterior motives, but in this case they _are_ justified at least partially.

fsflover

4 hours ago

Why doesn't Debian have this serious problem?

Zak

12 hours ago

It's pretending to address a serious issue while giving Google significant power to limit distribution of apps Google doesn't like, which could sometimes include legal apps that certain governments don't like such as the recently famous ICEBlock.

Google says they don't intend to do that, but even if I believe that's their current intention, they have a strong incentive to do otherwise in the future. Incentives predict outcomes more reliably than intentions.

I say it's pretending because scammers are good at shifting tactics. If convincing users to install malware ceases to be the path of least resistance, they'll convince users to install legitimate remote access utilities, hand over credentials directly, or some other scheme I haven't thought up because I'm not a scammer.

fc417fc802

12 hours ago

> they have a strong incentive to do otherwise in the future.

The reality is far worse than that. Remember FBI vs Apple? That defense came down to Apple not having software in place that could facilitate the demand being made of them. If they'd had such a system they would presumably have been required to comply.

The government can presumably get an illegal app forcibly removed from an app store but at present you could still install it yourself. With this system they could compel Google to block it entirely.

snackbroken

12 hours ago

"Meet me in the middle" says the unjust man.

You take a step forward.

He takes a step back.

"Meet me in the middle" says the unjust man.

pserwylo

11 hours ago

F-Droid has spent many years trying to step out of the "only for technical/power users" into the "This is a tool that normal phone users should have and use". A one time 24hr wait moves back to the "F-Droid is only for technical users" big time.

Bought a new phone? Moved from iPhone to Android? Want help from your friend/family member/librarian/other to setup your new phone for getting apps? Sorry, you need to come back a day later before you can actually use it.

Guess what the normal/non-tech user does in this 24hr period? Go to Play Store, install a bunch of apps, forget that you had the desire to use an alternative.

This indeed does make F-Droid no longer a tool for normal people, but only a tool for those willing to do a bunch of "Advanced" things on their phone. By definition, not regular users.

userbinator

13 hours ago

It's only a "serious problem" because they want you to think it is.

tvbusy

6 hours ago

Phone sellers should enforce a mandatory 30 days no use after purchasing to ensure that people are not harmed by phone usage.

Newspapers should only report news at a minimum 7 days after the fact to ensure accurate reporting.

Toasters should lock everything in until it's completely room temperature to avoid accidental burns.

These are serious problems.

TiredOfLife

6 hours ago

It addresses Youtube app showing an ad that installs malware from Google Play?

TGower

14 hours ago

It really seems like they are doing a lot to appease the tiny minority of us power users, adb load unaffected, one time toggle in settings to opt out, no change to alternative app stores as long as the apk was built by a verified developer. Crazy how harsh the sentiment is here, there are real people being harmed by scam apps intercepting sms one time codes and this will reduce the rate of that happening. It's not like we can't sideload anymore, though a lot of comments here seem to be implying otherwise.

hnburnsy

13 hours ago

Because this is a glide path to what they really want, look at Apple and running unsigned apps on your Mac, how it started, simple right click, how is it going, near impossible.

selectively

12 hours ago

How it started: almost everything is signed, even pirated apps

How it's going: almost everything is signed, even pirated apps.

????

kcb

14 hours ago

Because the initial announcement included none of that... it wasn't addressed at all until the harsh sentiment.

fc417fc802

11 hours ago

It still hasn't been addressed. They walked back half of their wholly unreasonable position in an attempt to legitimize the other half.

TGower

14 hours ago

Then shouldn't we celebrate the victory, drop it, and move on?

kcb

13 hours ago

Victory is my device and its OS working the same way it always worked and the way it worked when I bought it.

TGower

13 hours ago

Just don't install the OS updates then.

fc417fc802

11 hours ago

> intercepting sms one time codes

Crazy idea, maybe they shouldn't be using those then. Maybe they should use email? Or god forbid a TOTP app. Or perhaps webauthn via the platform provided authenticator.

They very clearly aren't behaving in good faith. That's why the harsh sentiment.

circuit10

12 hours ago

But that "tiny minority" are the people developing apps, which all their other users use... if you drive away devs from wanting to develop on your platform that's not going to go well for you (of course, they may still be forced to develop for Android if they want a wide audience, but you're driving away hobbyists with new ideas)

TGower

10 hours ago

I still don't get how they are driving away devs. It's super easy for us to click the setting. If I urgently need to test my app during the 24 hour waiting period, I can just adb it on my device.

Based on the reaction here, it's obvious I'm missing something here, but I just don't see any real reason devs are feeling like they are being driven away. It's hardly more of an inconvenience than enabling developer mode, and I feel like we all get why they hide the developer settings menu behind that.

brnt

14 hours ago

Those scam apps largely are installed from the Play store. Let them fix that first.

TGower

14 hours ago

Really, there are apps that will intercept and exfiltrate your bank one time code sms that are just sitting on the play store? First I'm hearing of this, what's the name of one?

xigoi

8 hours ago

Many of the most popular apps on the Play Store will monitor all activity on your device and send it to a for-profit company.

microtonal

6 hours ago

The pre-installed privileged services will monitory all activity on your device and send it to a for-profit company.