F-Droid publishes an advocacy article opposing Google's new Android developer verification requirements, arguing that the policy violates users' property rights in their devices and developers' freedoms of expression and work. The article frames device autonomy and software freedom as fundamental human rights rooted in UDHR principles, appeals for regulatory intervention and democratic participation, and calls users to contact their representatives—emphasizing that device owners, not corporations, should control what software runs on their phones.
>Regardless, the term “sideload” was coined to insinuate that there is something dark and sinister about the process, as if the user were making an end-run around safeguards that are designed to keep you protected and secure.
I also recall a time in the nascent era of web file hosts, like Rapidshare.de and Mega upload, and some others that came and went so quick that I don't even remember their names, some services offered the option to "sideload" (as opposed to download) straight to their file server.
I think we could set the bar substantially higher. Don't even bother with discussion of sideloading. Talk about bounded transactions and device control.
What is needed is: Once I have purchased a device, the transaction is over. I then have 100% control over that device and the hardware maker, the retailer, and the OS maker have a combined 0% control.
On MacOS it warns you when you're about to open an app you've downloaded and installed yourself. "Foo has been downloaded from the internet, are you sure you want to open it?". It doesn't stop you from installing it. Why should doing so on your phone be any different?
As an iOS user who's been frustrated with Apple's approach to "self-loading" (i.e., running your own code on your own devices) and who's actually gone out and gotten Android devices to write PoC/PoV apps on instead, I really don't like Google's stance on this--even if I would not, at this time, choose to daily drive an Android device, I do rely on F-Droid for getting software on six or seven different devices _right now_ and they would be useless to me if I couldn't do it.
You know, this would be a fantastic time for Google to get their sandbox in order. If we need to do it like this, go ahead and create a secondary user, call it sandbox and let me install all my wild and unapproved apps there. SecureNet can automatically fail in Sandbox.
But I don't think they're going to do that, ultimately users who actually care about this are an absolute tiny percentage of the market.
And weirdos like us can always just import a Chinese phone that doesn't have mandatory Google verification crap.
Author here. I admit I am rather startled by the tone of many comments here and the accusations of disingenuity. Splitting hairs about the origin of the term "sideload" does not change the fact that those who promote the term tend to do so in order to make it feel deviant and hacker-ish. You don't "sideload" software on your Linux, Windows, or macOS computer: you install it.
You have the right to install whatever you want on your computer, regardless of whether that computer is on your desk or in your pocket. That's a hill I'll die on. I'm dismayed to see that this sentiment is not more widespread in this of all communities.
I think this misses the forest for the trees here. The platforms behavior here is a symptom and not the core problem. I think the following are pretty clearly correct:
1. It's your damn phone and you should be able to install whatever the hell you want on it
2. Having an approved channel for verified app loading is a valuable security tool and greatly reduces the number of malicious apps installed on users devices
Given that both of these things are obviously true, it seems like a pretty obvious solution is to just have a pop up that has a install at your own risk warning whenever you install something outside of the official app store. 99.9% of users would never see the warning either because almost all developers would register their apps through the official store.
But there is a reason why Apple/Google won't do that, and it's because they take a vig on all transactions done through those apps (a step so bold for an OS that even MSFT never even dared try in its worst Windows monopoly days). In a normal market there would be no incentive to side load because legitimate app owners would have no incentive not to have users load apps outside of the secure channel of the official app store, and users would have no incentive to go outside of it. But with the platforms taxing everything inside the app, now every developer has every incentive to say "sideload the unofficial version and get 10% off everything in the app". So the platforms have to make it nearly impossible to keep everything in their controlled channel. Solve the platform tax, solve the side loading issue.
Why are OEMs like Samsung just letting this happen? A lot of power users who buy flagships will leave for iPhones if Android ceases to be an open platform. (This segment is what is preventing the “green bubbles = poor” narrative from taking over.)
You cannot beat them at their own game without some other Goliath like the EU getting involved. The complain and watch strategy doesn't make a difference.
The entire App Store system is broken. It should have always been sideloadable apps by default. And app stores for verified app makers. Instead we have Google withholding play store. And now withholding sideloading.
Note that the Android permission system is designed so that you are not in control by design, some permissions are "not for you" and only for "system apps" which you can't control. This gives Google and device manufacturers advantage over third party software developers in the name of security...
I think we should focus on defending the slowly-vanishing ability to unlock the bootloader and fight for the core parts of Android to stay open source.. without these two, installing an APK will mean less and less until it might eventually become synonymous with installing a PWA.
It makes me a little sad that there’s no mention of Raymond Carver in this thread.
https://en.wikipedia.org/wiki/What_We_Talk_About_When_We_Tal...
The current state of dominant mobile OS’s is about as bleak as the bleakest Carver story.
Since I’m on a tangent I’ll also highly recommend the movie Shortcuts.
I'm struck with how long the history of Apple's earliest iPhone has shaped and produced long-term damage to the concept of digital ownership. Apple originally didn't allow anybody but Apple to create software for the 1st gen iPhone, and only later was forced "opening" it my market forces.
People who realized they actually owned the thing they bought wanted to do what they wanted, which required circumventing Apple's control or "jailbreaking". This differentiator stimulated Google to "allow" installing on Android without "jailbreaking" the device aka "sideloading", giving the illusion of the kind of freedom that was never in question on normal computers.
It is interesting though how this same conversation doesn't exist in the same way in other areas of computing like video game consoles or other embedded computing devices where the controls against arbitrary applications is even stronger.
The fact that mobile phones aren't yet just a standard type of portable computer with an open-ish harware/driver ecosystem that anybody can just make an OS for (and hence allow anybody to just install what they want) is kind of wild IMHO. Why hasn't the kind of ferver that created Linux driven engineers to fix their phones? Is Android and iOS just good enough to keep us complacent and trapped forever? I can't help but think there might be some effect here that's locking us all in similar to how the U.S. healthcare system can't seem to shake for profit insurance.
I'm sometimes surprised at the plethora of cheap handheld gaming systems coming out of China that support either Linux, Android, or sometimes both, and seem to be based on a handful of chipsets. If anybody ever slapped an LTE module and drivers onto one of those things we'd have criminally cheap and powerful, open phone ecosystem.
In the past, they forced Steam to implement proper refund policies, and they are currently suing Microsoft about the way subscribers were duped into paying more for "AI features" they didn't want.
Despite all the bad moves, one of the reasons why I use android and not iPhone is installing apps from places like fdroid.
If this stops, it fundamentally disallows me to have the privacy that Apple app store can't provide. The amount of garbage apps in play store is horrible. I don't try out any new apps from there cos of this. So I will just switch to iPhone.
Already degoogled for pretty much most things. This will be the last. And maybe switch my website from netlify which I think is using google cloud (need to check).
I have coded some apps that are customized for my mother's usage and accessibility. I plan on coding some more. I need to install them on just 2 phones - my own for testing and my mother's.
As of now, I can create APKs of my apps and install them on my mother's phone by unchecking the "prevent apps from other sources" option.
Even after going through so many articles, I still don't know unambiguously whether I can continue this workflow in future, or I'll need Google's approval to install on just our own 2 family phones.
There's a failure in communications here from both sides.
Ambiguity suits Google perfectly fine.
But it's counterproductive to its opponents because every dev who's confused will remain a fence-sitter rather than an ally, even if only motivated by personal inconvenience rather than any principled stand.
I doubt I'm the only Android dev who's confused. I hope at least f-droid communicates more clearly the consequences of this policy to all types of developers and deployment scenarios.
Sorry, but "welcome to HN?" Commenters here regularly miss the forest for the trees, ratholing on minutiae and nitpicking one or two words in a 1000 word article. Often totally missing the overall point. We're notorious for it.
macOS warns you literally about every downloaded app not from MAS (signed!), unless you build it yourself or remove quarantine manually.
I think it is mostly about expectations, macOS trained people that it is relatively safe to install signed apps. If your app is unsigned, Gatekeeper will refuse to run it.
I believe they are saying that this update will remove the ability to decide if you want to install it and will require developers to register and pay for their applications to be installable at all. It's been several years since I developed for Mac, but they operated a similar way, secretly marking a file as quarantined and saying "XYZ Is Damaged and Can’t Be Opened. You Should Move It To The Trash" if you didn't pay to play. Maybe this has since changed, or maybe I'm just a dummy. Regardless, whether a platform has any business funneling a user into their walled garden is another philosophical argument altogether.
What does this even mean? You don't want software updates? Or strictly only software updates that are 100% aligned with your wishes whatever they may be at the time?
it also sometimes says `"Foo" Not Opened` `"Apple could not verify “Foo” is free of malware that may harm your Mac or compromise your privacy."` This is frankly pretty insulting to the intelligence of the user and /does/ stop them. I think the paradigm is flowing towards "less" rather than "more"
First thing on the list for me is dramatically reforming the Digital Millenium Copyright Act (DMCA), which currently makes it a federal felony to provide other people any information or tools they might use to control the devices they own, ex:
> Thanks to DMCA 1201, the creator of an app and a person who wants to use that app on a device that they own cannot transact without Apple's approval. [...] a penalty of a five year prison sentence and a $500,000 fine for a first criminal offense, even if those tools are used to allow rightsholders to share works with their audiences.
In some ways, I think this is even more important than attempting to bar companies from putting in the anti-consumer digital locks in the first place: It's easier to morally justify, easier to legally formulate, and more likely to politically pass. The average person won't be totally stuck lobbing the government to enforce anti-lock rules for them, consumers can act independently to develop lockpicks.
Plus it removes the corporations' ability to bully people using your tax-dollars and government lawyers.
I would say the situation is worse as this "subscription-esque" model is "spreading" to areas beyond software. Exercise equipment like ellipticals and bicycles - whose software is/could be borderline +/- resistance level trivial - has been moving to "only works with an online subscription" business models for a long time.
I mean, I have had instances that controlled resistance with like a manual knob, but these new devices won't let you set levels without some $30+/month subscription. It's like the planned obsolescence of the light bulb cartels of the 1920s on steroids.
Personally, I have a hard time believing markets support this kind of stuff past the first exposé. I guess when you don't have many choices or the choices that you do have all bandwagon onto oligopoly/cartel-like activity things, pretty depressing, but stable patterns can emerge.
Heck, maybe someone who knows the history of retail could inform us that it came to software "from business segment XYZ". For example, in high finance for a long-time negotiated charging prices that are a fraction of assets under management is not uncommon. Essentially a "percent tax", or in other words the metaphorical "charging Bill Gates a million dollars for a cheeseburger".
EDIT: @terminalshort elsethread is correct in his analysis that if you remove the ability to have a platform tax, the control issues will revert.
> And weirdos like us can always just import a Chinese phone that doesn't have mandatory Google verification crap.
No, we can't. One of the first countries with that mandatory Google verification is Brazil, and we can't import phones which are not certified by ANATEL, they will be rejected by customs in transit.
I haven't tested it myself, but as far as I know you can run ADB in the phone itself via Termux. Perhaps it's possible to make a wrapper that install apps from F-Droid with ADB? It would mean that you would only need to be tethered to the your PC once.
Obviously they'll eventually remove this because Google is hostile to things like ReVanced / some spook wants this power.
> 2. Having an approved channel for verified app loading is a valuable security tool and greatly reduces the number of malicious apps installed on users devices
I would instead say that having a trustworthy channel for verified app loading is a valuable security tool. F-Droid is such a channel; the Google Play Store is not. So Google is trying to take this valuable security tool away from users.
That bar would require infinitely good software on the hardware. Then it will be your device. Otherwise, they will constantly need to improve it. then it will be their software on your device.
> it seems like a pretty obvious solution is to just have a pop up that has a install at your own risk warning whenever you install something outside of the official app store
That's close enough to how Android already works. Google wants to additionally prohibit installation of apps unless they're signed by a developer registered with (and presumably bannable by) Google.
> This segment is what is preventing the “green bubbles = poor” narrative from taking over.
In the US maybe. In Europe, not so much. With Apple having a market share of "only" about one third and WhatsApp being the de facto default messaging app, this discussion never happened here.
Therefore your argument doesn't apply to Europe at all. Android is more than the "hacky" part. Albeit I'd really love to keep that.
This year, I discovered SideStore on iOS, and its wonderful auto-refresh feature. Since then, I have written two iOS apps and am happily using them daily with zero issues. This plus the new Google announcement mean no going back to Android for me any time soon.
That's also a large part of the issue IMO. I currently _have_ root on my rooted and Lineaged Poco F3. But as hardware attestation is becoming the norm I am deeply worried about the future. I have been a pretty eager Android fan due to its achievable-if-savvy openness. If I lose root and sideloading, then Android is dead to me. There would be nothing valuable in it, just another corporate walled garden.
A great example of this is the 'networking' permission. Being able to control which app can speak to the WAN/LAN is a very important security consideration. Instead, every Android app can send any data it wants without the user being able to have a say in the matter. A lot of apps work just fine without being able to 'phone home'.
Thankfully there's the likes of GrapheneOS, however, with Google's recent changes, unless their OEM partner pulls through, their days are likely numbered.
> Given that both of these things are obviously true, it seems like a pretty obvious solution is to just have a pop up that has a install at your own risk warning whenever you install something outside of the official app store.
It is an obvious solution, and it's a good first solution. This popup already exists.
A problem in security engineering is that when people are motivated (which is easy to achieve), they will just click through warnings. That is why, for example, browsers are increasingly aggressive about SSL warnings and why modifying some of the Mac security controls make you jump through so many hoops.
The usual take on HN is take the attitude that the developer is absolved of responsibility since they provided a warning to the user. That's not helpful. Users are inundated with stupid warnings and aren't really equipped to deal with a technical message that's in between them and their current desire. They want to click the monkey or install the browser toolbar. The attitude that it's not my problem because I provided a warning they didn't understand doesn't restore the money that was stolen from them by malware.
Regardless of its origin, its usage in context clearly implies it's supposed to be understood as a non-standard, non-default process. Making preferred software design choices feel like defaults, or making preferred app or distribution ecosystems feel like default is the product of extraordinary and intentional effort to set expectations, and so I don't see it as an accident that the nomenclature would be used for the purposes you describe.
I did make a comment in this thread about the historical usage of the term sideload, although for my purposes, I was noting a historical quirk frim a unique time in the history of the internet rather than disputing any premise in your post. It was the first and only comment at the time I posted it and I was not anticipating such an unfortunate backlash that seized on terminology for the purpose of disputing your point, or for otherwise missing your point.
But it is indeed missing the point. Requiring developer registration to install is exercising a degree of control over the software ecosystem that's fundamentally out of step with something I regard as a pretty important and fundamental ideal in how software is able to be accessed and used.
>Given that both of these things are obviously true, it seems like a pretty obvious solution is to just have a pop up that has a install at your own risk warning whenever you install something outside of the official app store.
Android already does this. It's the thing that's going away.
Explicitly frames device as property: 'You own your phone' repeated as foundational principle. Argues Google is violating property rights by forcing lock-in.
FW Ratio: 50%
Observable Facts
Direct statement: 'You own your phone. You have the right to decide who to trust.'
Article argues Google is removing property rights: 'they will be non-consensually pushing an update to your operating system that irrevocably blocks this right.'
Inferences
Device ownership is presented as inalienable property right, core to personal autonomy.
Corporate lockdown violates property rights of device owners.
Freedom to develop software and share it directly with users framed as core free expression right. 'Sideload' redefined as simple 'installing'—normal speech act.
FW Ratio: 50%
Observable Facts
Article: 'Putting software on your computer is simply called installing...direct installing versus going through intermediary marketplace.'
Directly addresses developer freedom: 'You, the creator, can no longer develop an app and share it directly...without first seeking Google's approval.'
Inferences
Software development and distribution are forms of expression and speech.
Approval gatekeeping suppresses this form of expression.
Right to work as developer without corporate gatekeeping or arbitrary approval barriers. Frames software development as legitimate work deserving protection.
FW Ratio: 50%
Observable Facts
Article emphasizes developers' right to 'develop an app and share it directly with friends, family, and community.'
Criticizes requirement for 'Google's approval' as barrier to work.
Inferences
Software development is legitimate work deserving recognition without gatekeeping.
Approval requirements function as barrier to employment/livelihoods.
Content appeals to fundamental human rights principles (dignity, equality, freedom) in digital context. Frames device autonomy as foundational human right.
FW Ratio: 60%
Observable Facts
Article states 'You own your phone' as foundational principle.
F-Droid platform operates without centralized approval gatekeeping.
Article invokes universal human rights language ('fundamental rights,' 'equal rights').
Inferences
Framing device ownership as human right connects digital autonomy to UDHR preamble dignity principles.
F-Droid's voluntary donation model and open governance structure demonstrates commitment to equality of access.
Open-source software development explicitly framed as participation in cultural and scientific commons. Developers contribute to shared knowledge and culture.
FW Ratio: 50%
Observable Facts
Article discusses 'communities' of developers collaborating on software.
Open-source model enables visible participation in scientific commons (published code).
Inferences
Software development is scientific and cultural activity deserving participation rights.
Gatekeeping restricts participation in shared scientific knowledge.
Core argument: Google's policy aims to destroy fundamental rights (device autonomy, property, free development). Article defends against this Article 30 violation through advocacy and alternative.
FW Ratio: 50%
Observable Facts
Article: 'developer verification decree effectively ends the ability for individuals to choose what software they run on the devices they own.'
Frames policy as 'existential threat' to rights and freedoms.
Inferences
Corporate monopoly control aims to destroy rights enumerated in UDHR.
Open alternatives and advocacy for regulation are defenses against rights destruction.
Discusses unequal treatment: developers must seek Google approval while Play Store apps face different standards. Advocates for equal treatment of all developers.
FW Ratio: 50%
Observable Facts
Article describes Google's required registration, fees, ID, and conditional terms as unequal burden on developers.
F-Droid operates without developer registration requirements.
Inferences
Unequal approval burdens violate principle of equal dignity among developers.
Platform structure difference (gate vs. no gate) reflects different values regarding developer equality.
Advocates for equal treatment under software distribution law. All developers should face same rules, not have gatekeepers decide whose apps are permitted.
FW Ratio: 50%
Observable Facts
Article frames developer approval requirement as unequal legal treatment.
F-Droid publicly operates under consistent, transparent principles for all projects.
Inferences
Corporate gatekeeping creates unequal legal standing for developers.
Community-governed alternative provides more equal treatment framework.
Criticizes Google's approval process as 'opaque,' lacking due process and fair hearing. Developers 'hope and wait' without transparent standards or appeal mechanism.
FW Ratio: 50%
Observable Facts
Article describes process as 'opaque whims' of corporation.
No mention of transparent appeal mechanism or due process standards in Google's policy.
Inferences
Opacity and lack of standards violate due process principles.
Open-source structure of F-Droid provides transparent alternative.
Device autonomy and control over personal device are framed as privacy and dignity rights. Software chosen for device reflects personal/private choices.
FW Ratio: 50%
Observable Facts
Article emphasizes 'devices that you own' as personal/private sphere.
F-Droid infrastructure includes no telemetry, tracking, or user profiling.
Inferences
Device control is integral to privacy dignity in digital age.
Platform structure (no tracking, open code) demonstrates commitment to privacy rights.
Calls for participation in governance through civic advocacy: 'contact your representative agencies,' engage with regulatory bodies. Emphasizes democratic political participation as remedy.
FW Ratio: 50%
Observable Facts
Article directs: 'visit keepandroidopen.org for information on how to contact your representative agencies.'
Identifies 'public policymakers' as decision-makers needing education.
Inferences
Democratic participation and regulatory engagement are presented as essential remedies.
Community governance structure (F-Droid board) reflects participatory principle.
Implies Google may discriminate based on app content or developer compliance with non-negotiable terms. References unspecified 'civil society groups and regulatory agencies' concerned about discrimination.
FW Ratio: 50%
Observable Facts
Article describes Google's terms as 'non-negotiable' and 'ever-changing,' implying potential for discriminatory application.
Article mentions 'regulatory agencies' engaged in concerns.
Inferences
Opaque, non-negotiable terms create conditions for discriminatory enforcement.
F-Droid's transparency and consistency address discrimination risks through structural design.
Calls for remedy through democratic participation: 'contact your representative agencies,' advocacy campaigns, regulatory engagement. Names keepandroidopen.org as remedy resource.
FW Ratio: 50%
Observable Facts
Article states 'public policymakers still need to be educated about the threat.'
Directs readers to keepandroidopen.org with instructions to contact representatives.
Inferences
Advocacy for remedy through legal/political channels (representative democracy) is core message.
F-Droid's existence is itself a practical remedy and counterbalance.
Criticizes Google's model for reversing burden of proof: developers must 'hope and wait for Google's approval' rather than presumed acceptable until proven harmful.
FW Ratio: 50%
Observable Facts
Developers must 'hope and wait for Google's approval' without explicit criteria.
Implies presumption of guilt until approved by corporate authority.
Inferences
Approval requirement reverses presumption of innocence in software development.
Community-based alternatives allow developers to share code without pre-conviction.
Advocates for fair international digital order and global principles of openness. Argues Google's dominance (95%+ of Android devices) creates unjust global power structure.
FW Ratio: 50%
Observable Facts
Article: 'over 95% of all Android devices outside of China' subject to Google control.
Emphasizes global scope: 'over half of all humankind uses an Android smartphone.'
Inferences
Monopoly control of global digital infrastructure is unjust international order.
Principles of openness and competition reflect fairer international digital order.
Mentions 'authoritarian regimes' and concerns about state-level digital sovereignty, but not primary focus. Addresses concerns about corporate gatekeeping in repressive contexts.
FW Ratio: 50%
Observable Facts
Article references 'track record of complying with the extrajudicial demands of authoritarian regimes.'
Implies Google may remove apps based on government pressure.
Inferences
Corporate monopoly in authoritarian contexts enables censorship.
F-Droid alternatives provide some refuge but not primary framing of article.
'irrevocably blocks,' 'non-consensually pushing,' 'clandestinely implement,' 'at the mercy of'—emotionally charged language designed to trigger negative response.
appeal to fear
'existential threat to free software distribution platforms,' 'at the mercy of their judgement,' 'opaque whims of a distant and unaccountable corporation'—frames as threat to user safety and freedom.
exaggeration
'over 50 times more malware' (suspiciously round number), 'irrevocably' blocks rights, described as threat to 'over half of all humankind.'
appeal to emotion
Direct address to reader identity: 'You, the consumer,' 'You, the creator,' 'You, the state'—personalizes threat and appeals to self-interest.