- Does this mean sideloading is going away on Android?
Absolutely not. Sideloading is fundamental to Android and it is not going away. Our new developer identity requirements are designed to protect users and developers from bad actors, not to limit choice. We want to make sure that if you download an app, it’s truly from the developer it claims to be published from, regardless of where you get the app. Verified developers will have the same freedom to distribute their apps directly to users through sideloading or through any app store they prefer.
- Making APKs available to your test team
If your team’s current test process relies on distributing APKs to testers for installation using methods other than adb, you will need to verify your identity and register the package. This also applies if you make APKs available to your test teams through Google Play Internal Testing, Firebase App Distribution, or similar solutions through other distribution partners.
- Do I still need to register my apps if I’m only distributing to a limited number of users?
We recommend you register. It’s a simple, one-time process that will allow anyone to download and install your app. However, if you prefer not to, we are also introducing a free developer account type that will allow teachers, students, and hobbyists to distribute apps to a limited number of devices without needing to provide a government ID.
- What can I do to prepare for developer verification?
The best way to get ready and stay updated is to sign up for early access. We’ll start sending invitations in October.
We recommend you participate in developer verification because, even though verification is not required to develop apps with Android Studio, you will need it to distribute apps to certified Android devices. Apps installed through enterprise management tools on managed devices will also be installable without being registered.
Let’s talk security:
- No smart phones
- profit
In today’s digital age its not doable. You need a smartphone if you work, get medical assistance, access social media, do online payments.
Now, if you mentioned using an alternative OS like Linux we can agree.
(Coming from the US)
- Your personal device isn’t a work provide piece of equipment. They will provide one for you. Keep it professional like a work computer, don’t do personal things on it.
- there’s plenty of ways to get help medically = cvs, Walgreens, anyone can call 911, you don’t need to go to a hospital; there’s plenty of clients, those medical apps also have 1-800 numbers
- you don’t NEED access to social media and also use a tablet or computer
- tablet of computer, you’re not paying bills daily and payment cards still work.
- Does this mean sideloading is going away on Android?
No, but we have to approve it.
FTFY.
Yeah this sucks. And right after I made an app for the first time and everything
Yeah, fuck that noise. They know exactly that this is the problem.
Or alternatively:
- Does this mean unverified sideloading is going away on Android?
Yes
I’m hearing this as:
every single apk you make needs to be registered with google so users devices can “phone home” to verify the app signature.
Talk about privacy.
“security” my ass
TLDR:
Yes.
If this is adopted, soon github would require your SSN for writing hello world.
They already have it but it’s Microsoft, so yes
Getting off with just a wrist slap on their monopoly trial has embolden them. They think they’re untouchable now. I wouldn’t be surprised they have a backroom deal with the feds too.
Given the current corrupt and invulnerable administration, absolutely.
It’s the whole “if a fine is less than the profit, the fine is just considered a cost of business.”
I’ve been thinking about strategies to get Google to back down on this. And I think the most viable strategy is to let them know that we will all move to iOS if they go through with it. If they lock down their OS, then we might as well use the OG locked down OS and turn to Apple. We only have to make this convincing enough.
I don’t want to go to the dark side either. But as the light is going out on this side: I’m gonna need a new phone within the next 12-18 months. For the first time since ditching my blackberry I’m thinking about switching again. And for the first time ever I’m seriously thinking about an iPhone. All my purchases and what not be dammed. LOOK WHAT YOU MADE ME DO, GOOGLE!
Apple sucks though
It is like going out of the pot and into the fire
This would not help us much at all, Google clearly doesn’t consider iOS a completing platform because Google’s core business is still advertising not selling phones or phone OS (which Apple does both since all iPhones are iOS devices and all iOS phones are iPhones). And on iPhones Google already have most of their ads delivery platform and services offered, you have iOS apps for YouTube, YouTube Music and all of them, while the closed nature of iOS makes it even more difficult for people to do things like blocking Google’s ads with system-wide adblockers or bypassing YouTube ads with modded YouTube clients, like you can easily so on Android.
Year of the Linux phone.
I’ve been looking at Ubuntu Touch and thinking that it might be time to attempt virtualizing it and trying it out before I need a new device.
I really hope that the magnification and the screen reader are up to par because I’m a low vision user who really needs the accessibility to work.
I know I will get downvoted for this opinion, but I like this.
Developers who decided not to use Play Store can still do so, but are required to identify themselves. I get that not everyone is willing to do this, but there still is a free way to compile apps yourself and put it on your phone.
I am a developer myself and I have published apps for iOS and Android in the past and this process still is way easier than anything an iOS developer has to do to just install an app on his personal phone.
You don’t understand how easy it is to get a fake Id/passport with any photo you like in some countries.
Bad actors already do this, which clearly doesn’t stop bad apps from appearing in the play store. If the main reason why this new thing exists is to prevent malware and such, and it immediately fails to do that, what other motives do you think there could be?
You may have apps on iOS and Android, but you’re either very naive or privileged enough that can’t see a problem with this whole verification.
They’re taking away a BIG freedom in android, which is installing apps from wherever you want, however you want, and when you want.
And google play itself has WAY MORE malware than all FOSS sources combined.
Do you reconsider now?
FOSS is a thousand times more reliable than the standard app on play store.
Honestly this was one of the few major advantages to using android over iOS. Might have to consider a switch now…
no no no, hold your horses!
there is hope in custom roms and root!
and maybe, ADB (therefore shizuku).
unless you mean a switch to linux phones
then, do it.
That freedom is still there. The only thing going away is installing from an undisclosed source.
Why should we have to disclose the source to google? It’s evil, and this is just more bullshit they are trying to get your data.
You’ll get downvote because this is just rationalizing know-towing to Google.
There’s no technical, nor security reasoning to rationalize this.
There is security reasoning
The internet has a ton of malware and having a better way of identifying apps isn’t a bad thing. The problem is when it is used in order to make Google the sole gatekeeper of alllowed apps.
The malware is already on the Play Store.
Google is already doing nothing about malware that you can officially download directly from Google.
Google play is huge
Every time Google finds malware they take it down and improve their processes. I’m definitely not a big fan of Google but they do handle security pretty well. (Except for malware in ads)
There are plenty of reasons to hate Google. However, just because there have been cases of malware on Google play doesn’t mean that downloading apps is somehow less risky. You should stick to trusted sources and avoid questionable apps. The core problem here is the fact that the solution Google came up with for malware prevention allows them to block third party app stores and potentially apps not liked by Google like NewPipe.
I would have far less of an issue Android app verification if it was instead implemented in AOSP with a way for users to configure it in settings. Bonus if it allows users to install trusted certificates from third parties.
Yes and they actually have a malware service that already runs on side loaded apks. This isn’t about security and you can’t convince me otherwise.
The solution they “came up with” just didn’t just happen to exclude those apps. It is the entire purpose.
We have had anti-malware on desktops for decades. None of them set a system hard line at phoning home to (insert mega globo corp) to install software on hardware, I repeat, you own. It’s yours. You paid for it. What you do with it is none of Google’s concern.
Are you stubborn?
I know I will get downvoted for this opinion
Well yes. That’s what happens when your only argument boils down to “It could be worse”.
My argument isn’t “it could be worse” - my argument is “that’s how it should have been from the beginning”.
“No no, my argument is even worse than that!”
Then you deserve them even more. Fuck privacy and freedom I guess?
Imagine if every program on your PC had to be verified by Microsoft, or Canonical.
Fuck that noise.
This won’t increase security. This just allows Google to tighten the reigns on their system to push out alternative app stores and enhance their monopoly. What do you think will be in the developer agreement - guarantee there’s clauses preventing YouTube frontend apps (Freetube, Grayjay) and root alternative apps (Magisk, Shizuku). If it’s not there on day one it will magically appear in a few months - and then the rug will be pulled from under those devs and they’ll be banned from working on Android again on anything, potentially sued, and Google will be able to enforce it because they know exactly whom the devs are and have their government IDs.
I totally agree with you that having Google as the only one able to assign these certificates is a problem. This needs to change (and I rely heavily on the EU to enforce this), but I still think that everyone who is publishing an app to an undisclosed number of people (and therefore there is no implicit trust by design) should identify him- or herself to some authority.
Why? Google is demanding personal ID for devs, but we have no idea who wrote code for the Google apps we install - was it a Californian, was it slopped together by an AI, was an NSA analyst supplying code? Sorry, Google deems that’s all private. Code is closed. Trust us.
Now, open source devs who value their privacy are forced to give it all up for users to continue using their vettable code that has earned them user trust over years or decades - just to give Google direct power over them. Power to ban from the store, power to sue, to litigate - you presume for benevolent reasons, however there is not much reason to believe this, given Google’s history.
Google has repeatedly spread malware through their store and it has had real world impacts, so if they want to improve their security and more thoroughly vet the devs that they charge to use their store to distribute their code, fine - that’s their call. But that’s not all they’re doing, is it - they’re demanding ID from any dev that uses any storefront, even if that storefront is completely out of Google’s hands and has over a decade of never distributing a single piece of malware.
Don’t be fooled, this is a ploy to kill third party apps and third party stores, while enabling Google to strike at any devs of apps they take issue with.
I agree if someone makes something like the ice app for their country the government should be able to track them down if they want. There shouldn’t be a way for citizens to distrupt things for any reason. We need government to control every aspect of our lives and key is to make everything trackable for a safer world so the authorities in power can remain in power.
Every action should be identifiable. Including lemmy. It disturbs me that such a site where people arent required to provide real IDs exists.
This won’t increase security.
I don’t know, man. If every app were signed, and one of them fucked my system, the signature would make the author of the app that enabled the fuckery pretty clear. With an unsigned app, anyone could tamper with the package before I get it: I can’t authenticate the package is untampered, and the author can repudiate they introduced any fuckery.
because they know exactly whom the devs are and have their government IDs
They already wrote the free developer account for limited distributions doesn’t require those.
None of that is necessary when installs over Android Debug Bridge bypass verification entirely.
Will Android Debug Bridge (ADB) install work without registration? As a developer, you are free to install apps without verification with ADB.
If I want to modify or hack some apk and install it on my own device, do I have to verify? Apps installed using ADB won’t require verification.
Enforcement only applies to certified Android devices, ie, those certified for and that ship with Play Protect, and even Play Protect can be disabled.
This all seems like a huge nothingburger by the willfully illiterate.
What if they refuse to approve your developer identity application? Now you can’t sideload the app you developed for personal use.
At the moment (I am willing to change my opinion if that changes) Google has announced that for your personal use you won’t need to submit any ID. This just shows me you haven’t even read the whole thing, but just the headline and your opinion on this was set.
You do need to submit an ID if your app gets a larger audience. Plus, the account requirement stays. With the way google bans developer accounts I wouldn’t be surprised if your hobby developer gets an axe once a while.
It’s not hard to imagine them abusing/being compelled to limit apps based on regional restrictions or perhaps other apps terms of service. Like newpipe could be nuked out of nowhere assuming it even gets a say since it breaks YouTube’s Terms of service.
Or manga, book reading apps getting the axe due to copyright strike. Plus, the devs could get doxxed again due to copyright strike.
No sane developer should risk submitting this personal information to google for a side or hobby or even a community project.
I understand where you’re coming from with this comment. I’m also generally frustrated when I see people commenting on sensationalized headlines without taking the time to learn more.
I, however, have read their published plans for developer ID’s.
Think back, and be objective about how Google has managed Android since AOSP launched. Time and time again, Google has borrowed and adapted code which was submitted to the project by talented, passionate developers who expected no compensation. At each milestone, Google has taken steps to apply additional restrictions on developers- Siding instead with hardware manufacturers to limit the public’s ability to use their purchased hardware as they see fit.
I am aware that there is a balance that must be struck to limit expense, exploitation, and to prevent widespread security incidents and piracy, but how many times in the past have end users and developers been in this precise situation over the years? How long until Google decides that they don’t need the AOSP project at all and fork the entire project? They’ve already taken large parts of the framework private.
Maybe I’m a little jaded, but I can’t see a benefit here for anyone but Google and hardware manufacturers. This is just another step towards locking us out.
You could do what I did and let them know via feedback that you’ll be leaving for Apple since its the same thing now.
I won’t actually be going to apple, but to a linuxphone, but saying Apple is probably going to have more impact so I went with that.
How are Apple and Google remotely the same
If we’re talking about loading apps - as in the subject of this post - pretty much exactly the same. Registered developer account, a walled garden ecosystem, etc.
Not at all
Android still has way more flexibility that iOS will ever have. App verification is very much a step in the wrong direction but it isn’t nearly as locked down as iOS.
Its more that from the position of optics stating you are going to leave for Apple is a bigger deal to Google than saying you are upset. Average person isn’t going to use adb or install a custom rom to get non play store apps working.
So just approaching it like a regular person who happens to use Android who isn’t super tech savvy saying might as well go to Apple if sideloading isn’t easy is more effective than ranting about sideloading from the position of an Android nerd. Those people are truly niche and less than 1% and would be dismissed with a laugh.
Please read the first comment in this chain again.
can i a(i)db on iphone to permanently install applications?
Is it relevant to complaining to google about their stupid decision they are trying to brush off as if it were nothing?
Because I assume you (and others) are missing the entire point of my comment.
There is a feedback form linked directly in the blog post. Use it. Let them know this would impact their income.
it would have to get much worse in order for an android enthusiast to move to a worse platform for developers.
they would rather go full linux than ios
Sounds familiar… oh, right, from my comment this entire chain is from.
I won’t actually be going to apple, but to a linuxphone, but saying Apple is probably going to have more impact so I went with that.
I’m responding to
If we’re talking about loading apps - as in the subject of this post - pretty much exactly the same. Registered developer account, a walled garden ecosystem, etc.
they’re not the same at all. even after this registration change fully rolls out it will still be much easier to sideload apks on android than ipa on ios.
you cannot distribute updates at all on ios without their review and there’s no ability to sideload with random apps. you can now and still can easily do this on android especially for registered businesses that do sideloading.
i work professionally releasing on both platforms and it’s so much easier releasing to production vs apple who suddenly rejected future updates until i changed the screenshots to fit their aesthetic.
they’re not “pretty much exactly the same” for developers nor consumers.
how does one start repressions and censorship? by saying “it’s for your own safety”
Fuck you, Google.
deleted by creator
This doesn’t fix anything
The problem is Google gate keeping the platform.
After all that outcry. They only wrote about devs demanding longer. Conveniently ignoring fdroid’s post among others.
Even for hobby projects you would be required to create a limited developer account and submit government identification if you want to distribute apps to a larger audience.
If you want to distribute an app to a larger audience you should be willing to do so. Sure you could say it’s everyone’s personal risk installing an unsigned app on their phone, but making these people compile the app themselves isn’t too much to ask for. Tools to automate this to the max will appear.
What kind of nonsense is this?
Go on, lick some more boots.
Couldn’t you get around it with ADB?
Yes, but there’s no guarantee that remains true.
