87636899376 2025-08-25 20:01 UTC link

Official announcement: https://android-developers.googleblog.com/2025/08/elevating-...

More info:

https://developer.android.com/developer-verification

https://support.google.com/googleplay/android-developer/answ...

Personally...we all know the Play Store is chock full of malicious garbage, so the verification requirements there don't do jack to protect users. The way I see it, this is nothing but a power grab, a way for Google to kill apps like Revanced for good. They'll just find some bullshit reason to suspend your developer account if you do something they don't like.

Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.

> we will be confirming who the developer is, not reviewing the content of their app or where it came from

This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.

TFA had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.

On the flip side, that's one less platform I care about supporting with my projects. We're down to just Linux and Windows if you're not willing to sell your soul (no, I will not be making a Google account) just for the right to develop for a certain platform.

EMIRELADERO 2025-08-25 20:11 UTC link

So that's it then.

If this actually goes through, there will be no option in the mobile OS market for an OS that both:

a) allows the installation of apps without any contractual relationship with any party, and

b) allows the use of mainstream and secure apps like banking

chenxiaolong 2025-08-25 20:29 UTC link

If this is enforced via Play Protect, then the whole mechanism can likely be disabled with:

    adb shell settings put global package_verifier_user_consent -1

This does not require root access and prevents Android from invoking Play Protect in the first place. (This is what AOSP's own test suite does, along with other test suites in eg. Unreal Engine, etc.)

I personally won't be doing this verification for my open-source apps. I have no interest in any kind of business relationship with anyone just to publish an .apk. If that limits those who can install it to people who disable Play Protect globally, then oh well.

mysteria 2025-08-25 20:51 UTC link

The article didn't say much about the account approval process, but from the looks of it Google will be able to arbitrarily accept and revoke applications as they see fit. So much for an open platform, bring forth the gatekeeping!

Personally I would be fine with unsigned apps requiring the user to click through a notice before install, or having a setting to toggle to enable unsigned apps. Windows does something similar to this where unsigned binaries get a pop up warning but signed ones are executed immediately.

gethly 2025-08-25 21:15 UTC link

> Google will begin to verify the identities of developers distributing their apps on Android devices, not just those who distribute via the Play Store

This is absolutely unacceptable. That's like you having to submit your personal details to Microsoft in order to just run a program on Windows. Absolutely nuts and it will not go as they think it will.

mid-kid 2025-08-25 21:26 UTC link

They have the ecosystem by the balls. Phone manufacturers in recent years have been making unlocking & modifying their devices more and more difficult, google and app developers have been cracking down harder on modded devices by implementing TPM equivalents in the hardware to sign and verify that your system is a google-appproved one, and alternatives still are decades behind in terms of app ecosystem.

I think they might just get away with it.

Kim_Bruning 2025-08-25 21:52 UTC link

I never really got into "phone" progrmaming, always waiting for the shenanigans to die down. But somehow the shanigans have gotten worse and for a significant chunk of the world population, the phone is the only computation device they have at all.

abeyer 2025-08-25 22:02 UTC link

Even aside from the privacy implications (which aren't trivial themselves,)

Doesn't this make it prohibitively difficult to do local builds of open source projects? It's been a long time since I've done this, but my recollection was that the process to do this was essentially you would build someone else's (the project's) package/namespace up through signing, but sign it locally with your own dev keys. A glance at the docs they've shared makes it sound like the package name essentially gets bound to an identity and you then can't sign it with another key. Am a I misremembering and/or has something changed in this process? Am I missing something?

cesarb 2025-08-25 22:14 UTC link

The reason I chose the Android ecosystem over the Apple ecosystem, once I found out that the Maemo/Meego ecosystem was a dead end and the Openmoko ecosystem was a non-starter, is that the Android ecosystem allowed me to develop and install my own apps on my own devices whenever I wanted to, without arbitrary limitations like having to periodically plug the phone into my computer to renew some authorization. Additionally, there was even for some devices the possibility of rebuilding the whole operating system with any changes I desired.

If I'm not allowed to develop and install my own apps on my own phone, what advantage does Android have over Apple?

zmmmmm 2025-08-25 22:21 UTC link

The worst part is the Orwellian opening sentence they start with in their blog post [0]:

> You shouldn’t have to choose between open and secure

2+2=5

Truly the end of an era. I've spent nearly two decades buying Android phones because of a single checkbox in settings that let me have the freedom I consider essential to any computing device that I own.

In a way, it's liberating, I've missed out on a lot from the Apple ecosystem because of that checkbox. Maybe finally I can let go of it now the choice is out of my hands.

[0] https://android-developers.googleblog.com/2025/08/elevating-...

seanw444 2025-08-25 22:25 UTC link

Makes sense why they had to get rid of the "don't be evil" motto. They've been on a roll.

I've seen a lot of similar sentiment on this thread, but the reason I use Android is because it gives me more control than iOS by allowing full-on painless sideloading, and custom distributions like GrapheneOS. They're doing everything they can to turn themselves into a worse Apple. All of the downsides of Apple, but none of the upsides. Apple beats them in every aspect that isn't "openness".

When will the straw break the camel's back? I'm shocked we've let it get to this point with no realistic alternatives. There's no reason a competitive Linux-based smartphone can't exist (no, I'm not counting Android in that).

marcodiego 2025-08-25 22:27 UTC link

How did we let this happen?

Oh, yes... Actually I remember: it was a long slow series of accepting small artificial restrictions. I remember people laughing at me at the time. They said it won't matter, they didn't care, that I was paranoid...

Now... Here we are.

throw10920 2025-08-26 02:51 UTC link

This is really bad. I think that most people on HN will agree with that.

The problem is that most normal people (HN is not normal - mostly for the better) don't even understand what sideloading is - let alone actually care.

How can we fix this?

(aside from making people care - apathy enables so many political problems in the current age, but it's such a huge problem that this definitely isn't going to be the impetus to fix it)

rvnx 2025-08-26 03:18 UTC link

If this is a thing then the solution they offer is incorrect. A big giant red screen: “warning the identity of this application developer has not been verified and this could be an application stealing your data, etc” would have worked.

What they want is to get rid of apps like YouTube Vanced that are making them lose money (and other Play Store apps)

medhir 2025-08-26 03:18 UTC link

Every day we stray farther from the premise that we should be allowed to install / modify software on the computers we own.

Will once again re-up the concept of a “right to root access”, to prevent big corps from pulling this bs over and over again: https://medhir.com/blog/right-to-root-access

jjani 2025-08-26 04:41 UTC link

Thank you, all HNers at Google, for continuing to work there.

And yes, before you ask, I have personally quit a job that paid 3x what I was able to get elsewhere over ethics. And no, I'm not rich, probably bottom 5% in terms of assets among my colleagues, coming from a lower-class background.

tgma 2025-08-26 05:37 UTC link

The funny thing is Stallman started his fight like half a century ago and on regular days Hacker News shits on him eating something off of his foot and not being polished and diplomatic, and loves practical aspects of Corporate Open Source and gratis goodies and doesn't particularly care about Free Software.

On this day suddenly folks come out of the woodwork advocating for half baked measures to achieve what Stallman portrayed but they still hardly recognize this was EXACTLY his concern when he started the Free Software movement.

sunshine-o 2025-08-26 07:44 UTC link

We have 2 ecosystems for mobile and the worst case scenario is starting to be clear for Android.

I love GrapheneOS but they can only thrive if Google tolerate them. So in its current form, this is not a medium or long term solution (anymore).

We really cannot afford to think in terms of "Android OS" or open source OS anymore the problem is getting much bigger.

My guess is soon in many "free" countries, ISP will mandate connecting with a "Certified" device (someone was saying that in Brazil only cell phones certified by the teleco government agency can be imported already). And on mobile it is easy to implement since you need a (e)SIM. The Internet is still hard to control at the protocol level, but the gates are easy to mostly control (your ISP).

In terms of mobile computing I mostly care about being able to access my home network from the places I am 80% of the time (and I can always bridge to the Internet from there). So the real battle is really at the mesh and multi-hop mobile ad hoc networks. This is the aspect we neglected for 25 years.

Regarding mobile, the battle for Android is lost, time to look into things like B.A.T.M.A.N [0] so we be able to keep another open source mobile platform useful.

For anything "money" related, your bank (which is inevitably regulated) will have to mandate a certified device too. It will work on (some) Linux too.

Ever wondered why for example the Fedora project [1] is proudly part of things like The Digital Public Goods Alliance [2] who works with many govs and if you really look into it they are all about digital ids and "restoring trust"?

- [0] https://www.open-mesh.org/projects/open-mesh/wiki

- [1] https://fedoraproject.org/

- [2] https://www.digitalpublicgoods.net/

arielcostas 2025-08-26 11:11 UTC link

Meaning to use your device you need to have a contractual relationship with a foreign (unless you are in the US) third party that decides what you can or cannot do with it. Plus using GrapheneOS is less of an option every day, since banks and other "regulated" sectors use Google Play Protect and similar DRMs to prevent you from connecting from whatever device you want. Client-side "trust" means the provider owning the device, not the user.

Android shouldn't be considered Open Source anymore, since source code is published in batches and only part of the system is open, with more and more apps going behind the Google ecosystem itself.

Maybe it's time for a third large phone OS, whether it comes from China getting fed up with the US and Google's shenanigans (Huawei has HarmonyOS but it's not open) or some "GNU/Linux" touch version that has a serious ecosystem. Especially when more and more apps and services are "mobile-first" or "mobile-only" like banking.

JCGoran 2025-08-26 15:27 UTC link

As someone who never comments on HN, I would like to voice my absolute disapproval of this new policy. As these decisions are not made in a vacuum, I have no doubt the recent developments in the political landscape have contributed to this decision (e.g. UK Online "Safety" Act, EU Chat Control, EU Age Verification solution, probably others). Coupled with the recent "mandatory" (read: forced) upgrade of my Pixel 4a, I get the impression Google's attitude towards phones has become equivalent to Apple's: namely, the illusion of choice.

Since there are no viable alternatives, I guess it's time to go back to owning a cheap corporate/government approved phone for official business (i.e. banking), and another one that I actually use.

As an aside, the presentation[0] doesn't really go into the details how they will enforce this (on-device? Remotely? If the latter, can I just remove Play Services from my device to sideload whatever?), but you can apparently submit feedback about the verification process here[1].

[0]: https://goo.gle/play-console-android-developer-verification [1]: https://docs.google.com/forms/d/e/1FAIpQLSdpZbsJCS-f7CtMbZPn...

CalRobert 2025-08-25 20:28 UTC link

In time, you will only be able to access banking from your desktop using an approved OS and browser with attestation...

prism56 2025-08-25 20:34 UTC link

I'll just have to disable it and choose a banking app that works on the browser. Tonnes of my apps are sideloaded. Quite a few are on the playstore or the dev might upload their details.

prism56 2025-08-25 20:35 UTC link

What does this break?

zozbot234 2025-08-25 21:09 UTC link

> had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.

I don't think we can know for sure before the change is actually in place. Going through Play Protect would certainly be the easiest way of implementing this - it would be a simple change from "Play Protect rejects known malware" to "Play Protect rejects any app that isn't properly notarized". This would narrowly address the issue where the existing malware checks are made ineffective by pushing some new variant of the malicious app with a different package id.

It's a big change for the ecosystem nonetheless because it will require all existing developers to register for verification if they want to publish a "legit" app that won't be rejected by any common Android device - and the phrasing of the official announcements accurately reflects this. But this says nothing much as of yet about whether power users will be allowed to proactively disable these checks (just like they can turn off Play Protect today, even though very few people do so in practice).

jojobas 2025-08-25 21:38 UTC link

I don't think Google can be blamed for this - their own phones are one of the last which can still be unlocked.

ocdtrekkie 2025-08-25 21:50 UTC link

I would say this is a bold choice for a company whose existing restrictions around third party apps and stores and in-app purchases has already been found illegal. While it doesn't look like they're pushing for it right now, forcing Google to sell Android was something the DOJ has considered as a penalty.

I'm not sure Google still has the ecosystem by the balls. It's very possible whatever Googlers who made this decision are the type of folks who don't comprehend they work for a monopoly that like actually can't do things like this anymore.

donmcronald 2025-08-25 21:56 UTC link

I never got into it because I was convinced developers would refuse to give up control over distribution when Apple started doing it. I wish I was right, but here we are.

black3r 2025-08-25 21:58 UTC link

> This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.

Requiring company verification helps against some app pretending to be made by a legitimate institution, e.g. your bank.

Requiring public key registration for package name protects against package modification with malware. Typical issue - I want to download an app that's not on available "in my country" - because I'm on a holiday and want to try some local app, but my "play store country" is tied to my credit card and the developer only made it available in his own country thinking it would be useless for foreigners. I usually try to download it from APKMirror. APKMirror tries to do signature verification. But I may not find it on APKMirror but only on some sketchy site. The sketchy site may not do any signature verification so I can't be sure that I downloaded an original unmodified APK instead of the original APK injected with some malware.

Both of these can be done without actually scanning the package contents. They are essentially just equivalents of EV SSL certificates and DANE/TLSA from TLS world.

donmcronald 2025-08-25 21:59 UTC link

Don’t worry though, the TPM requirements in everything are for your protection.

mzajc 2025-08-25 22:06 UTC link

How long until Google decides to lock it down because "scammers" can "abuse" it?

chasil 2025-08-25 22:10 UTC link

Unless they give F-Droid access, the antitrust prosecution will double.

luke-stanley 2025-08-25 22:15 UTC link

A repo is just files in a directory, so the namespace can be changed, but the whole thing stinks. Having to setup Android signing keys and needing to provide ID is not fun. It means you won't easily be able to run builds on Google certified Android devices that aren't from "approved" people.

UncleMeat 2025-08-25 22:19 UTC link

> Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.

You've never needed the internet permission to exfiltrate data. Just send an intent to the browser app to load a page owned by the attacker with the data to be exfilled in the query parameters.

lawlessone 2025-08-25 22:21 UTC link

i made and released some apps in the early days. Got tired of it and got tired of the reminders from google to add banners, screenshots, submitting icons to support multiple resolutions.. notifications that apps i haven't touched in decade are no longer compatible etc.

so much extra work involved that isn't building the app.

I worry how this will affect fdroid etc.

cesarb 2025-08-25 22:21 UTC link

> and alternatives still are decades behind in terms of app ecosystem.

That's if they're available at all. In my country, only cell phones certified by the telecommunications government agency (ANATEL) can be imported, so the alternatives (Jolla, PinePhone, Fairphone) simply don't exist.

fph 2025-08-25 22:24 UTC link

That's the first step toward banning NSFW apps like on Steam, I'm afraid.

IlikeKitties 2025-08-25 22:34 UTC link

> There's no reason a competitive Linux-based smartphone can't exist (no, I'm not counting Android in that).

Yes there is. You all don't understand that they will use remote attestation to force everyone to use approved devices with signed apps on signed OSes only

You won't be able to bank, call a cab, write a chat message, watch a youtube video or do anything relevant on a device anymore that isn't signed, approved and controlled by google. They've made us cattle and now they are going to milk us dry.

rmah 2025-08-25 22:38 UTC link

Software distribution control didn't start with phones, it started with game consoles.

A4ET8a8uTh0_v2 2025-08-25 22:49 UTC link

<< we will be confirming who the developer is, not reviewing the content of their app or where it came from

To be honest, it almost makes me wonder if the issue here is not related to security at all. I am not being sarcastic. What I mean is, maybe the issue revolves around some of the issue MS had with github ( sanctions and KYC checks ).

cesarb 2025-08-25 22:53 UTC link

> There's no reason a competitive Linux-based smartphone can't exist

There is; it's the "phone" part of "smartphone". Being a phone makes the device subject to a lot more requirements (for an obvious example, emergency dialing must always be available and work, and at the same time the phone must never accidentally dial the emergency number).

In my country, only cell phones certified by the government telecommunications agency (Anatel) can be imported, so I can't for instance go to the Jolla or PinePhone store and buy a Linux-based smartphone; if I tried, it would be sent back the moment the package entered the country. (See https://www.gov.br/anatel/pt-br/regulado/certificacao-de-pro... for details.)

WorldPeas 2025-08-25 23:02 UTC link

and don't forget all the people with the dismissive remarks about how it didn't affect them on their Graphene or Calyx phones. We're all downstream of something. The real product of Android for us was always the interoperability with the normal world for the tinkerer.

baby 2025-08-25 23:06 UTC link

They did it the right way for a very long time and yet people keep buying iPhones, I think I would do the same if I were them, users clearly don't seem to care about openness and freedom to use their devices however they want. I mean, people care about the color of archaic text messages. There is nothing to save.

akst 2025-08-25 23:19 UTC link

Ultimately it’s them that has market power.

To meaningfully challenge it, developers need to agree to withheld supply like a cartel (illegal?) or union.

I think it’s probably close to the union scenario in an industry with a single employer, as there is that one too many relationship (all developers vs Google). Whereas a cartel is a few suppliers conspiring against all consumers.

I’m not sure developers would go to those lengths, and I’m not sure it would work either as the benefit is too high from defecting from such a coalition.

al_borland 2025-08-25 23:32 UTC link

> will not go as they think it will.

How will it go? Where are people going to go? People who draw a hard line on this can’t go to iOS for more freedom. Linux phones aren’t ready for prime time. So what’s left? Going back to a flip phone that doesn’t even have the capability of running apps in the same class?

mrlatinos 2025-08-25 23:34 UTC link

We had no part in this. The blame lies squarely with Google and its employees, who trade away user freedom for profit and career gain. Many who are smart enough to know better but instead compromise their principles. It's just another symptom of late-stage capitalism.

rpdillon 2025-08-25 23:38 UTC link

Very much my exact feelings. I had the first Android phone ever and even wrote my own APKs and enjoyed the freedom of the mobile platform that let me install my own software. But it's been close to 20 years and maybe it's time to check out the other side, as much as I despise Apple's locked down ecosystem.

beeflet 2025-08-26 00:26 UTC link

eternal september

ycombinatrix 2025-08-26 00:43 UTC link

That notice already exists. In fact there are 2 or 3 extra confirmations required to sideload apps today.

ycombinatrix 2025-08-26 00:45 UTC link

Not just difficult - it becomes impossible. You can no longer develop any android app without Google's approval, just like iOS. The official emulators might not even work.

bobajeff 2025-08-26 00:48 UTC link

You now need to have an online account to setup and login on a Windows desktop. It's obvious what the trend is and it's not allowing consumers control over their stuff.

Editorial Channel

What the content says

Structural Channel

What the site does