The Android verification is such a broken experience. Recently I decided to purchase a dev account for my company, so far:
1) Provided my company DUNS number etc. once to create the payment profile. I did this some times ago, don’t remember the details but it was an involved verification process and it is marked as verified business payment profile.
2) Later on the payment step verified myself with a passport and bank statement to be able to actually pay with a proper HSBC bank card. Not shady pre-paid card or something, those are not accepted anyway.
3) After I paid I was told that now I need to verify my identity once more but this time with the passport and the incorporation certificate or some other company document.
fingers crossed that in few days it will be verified. While waiting, it tells me that there are still website and email verification to do once the previous step is done. I already verified my e-mail a few times before paying.
It’s painful, slow and annoying because if you fail at a step(i.e. needs verification that takes days and you are told about it at the payment step) you have to start again with the forms.
I just remembered why I never use Android. It seems like no one owns the process and as a result you get unpolished shitty experience that fulfills the requirements of god knows how many people who work in the same company but don’t talk to each other.
If this is a business account why do they want your passport? And why are you paying with a personal bank card rather than a business one? Or do I misunderstand?
They may want proof that you, the human filling out this form, are authorized to publish apps, communications, etc. as the company you say you represent.
I believe you can’t. BTW Apple allows you to pay for a developer account with in app purchase from the developer app on your iPhone. Still has limitations and you may be rejected depending on your payment method and some other factors but even the fact that it’s possible makes it 1000 better than Google’s way of handling it.
What you're describing is not "broken", it's the process and it appears it hasn't even failed for you.
My experience with getting a verified "business" developer account from Google mirrors the experience as getting one from Apple, except it's a one-time fee and much less than Apple.
Yes there are hoops to jump through, identification usually requires some hoops, but pretty it's straightforward. I am not commenting on the requirements of these hoops, yes, it's BS that they exist but it's their platform so it's their rules.
What type of "experience" are you expecting to have anyway?
With Apple I filled the forms, accepted the agreements, entered the DUNS and paid with a card on my name and that was it.
How does that mirror uploading my passport many times, entering company details many times, typing my e-mail and phone numbers many times both because I had to start over and because I was asked many times even if I provided these some steps back? Now I paid and waiting, hopefully I will later be verifying my e-mail address or something that I verified a few times prior.
> What type of "experience" are you expecting to have anyway?
The Apple experience. An experience that is well thought and streamlined, that doesn’t keep me entering the same information over and over again. I don’t mind paying a little more for well designed products. The $75 difference is nothing to justify this charade, I don’t think that that Google was short of $75 and designed this low quality experience, I think it’s engraver in their DNA.
> However, our recent analysis found over 90 times more malware from sideloaded sources than on Google Play
Google has seemingly never seen an elderly person's phone, where it is completely infected with crap including literal popup ads (that somehow overlay other apps), yet all of it was downloaded from GPlay.
What % of Android users actually want this? Do they know or care?
I've been using Android since 2010 because it was open in ways that the Apple ecosystem wasn't. I do not want this and imagine hardly any other power users (for lack of a better term) do. I'm already using a mostly deGoogled device but this really seals the deal. I have been longing for a true Linux phone for years and now seems like a good time to get serious about the search and migration plan.
Same. If Google does this, my next phone will be an iPhone. Freedom is the only reason to put up with Android's shittiness. If they turn it into a walled garden, then we'll choose the better kept garden and it sure as hell isn't Google's.
Yeah. Computing freedom to have a root shell and do as I please is the entire reason I put up with Android. Google is positioning Android to just be nothing more than a worse iOS. There's pretty much no point to it anymore.
Android is becoming more Apple-ized everyday; it's horrible and more and more APIs get neutered or disappear, further limiting functionality available to developers.
Do we think that maybe the 3,732 people who responded to a poll on Mastodon by an account centered around one side of this disagreement might potentially not be a representative sample of all Android users?
But but but it is for your security! You need to be protected!
Android isn't open source for a while. They started by pushing device certification which crippled any abilities of OEMs to make a better framework. Then they took many of the opensource packages out of android and redistributed as applications that they controlled via play services.
Then they made it harder to publish packages and created tons of rules that they can arbitrarily decide to cut ties with you or remove your remuneration.
What they are effectively doing now is to remove any ability of individual developers to push applications. Some will say the costs ain't that high, but (1) maybe not in USD dollars for Americans and (2) both Google and Apple will push those numbers way up high soon.
Even if that is not the case, if you don't agree with anything and you decide to have your own version of your family wiki, messenger or anything, they will be able to tell the authorities about it.
Not sure why your observation was received poorly. It's true. If they actually wanted to fight bad actors they could (for example) introduce a voluntary verification program where an app cost $$$ per year to list, is permitted only a fixed number of updates per year, and the uploads are manually audited by an actual person. This would add a second tier to the app store.
Just to drive the point home. Not that you would do this but you _could_ even implement such a system fully anonymously - with uploads via tor and payments via XMR - and it should still work just as well.
Add in a third even more expensive tier for those providing source code to the auditor where google verifies a signed deterministic build the same way fdroid does. Now clearly mark the three different tiers in the app store.
And if they went this route the next logical step for highly sensitive stuff like banking and password management would be a fourth licensed and bonded tier where a verified individual located in a friendly country took on liability for any fraud or other malpractice. That tier would be the equivalent to the situation for civil engineers.
Instead we're stuck in a reality where I don't trust sourcing password managers (among other things) from the play store. Those only ever come from fdroid for me - you know, an actually secure model for how to do app distribution and verify builds.
It's not about users, it's about a single judges idiotic ruling that Google play store is a monopoly, and the Apple app store is not.
Different judge you say? You're right. But when Google in their appeal asked the judge why the app store isn't a monopoly, the judge told Google with a straight face
"You can't be anti-competitive if you have no competitors."
People will erroneously complain about all sorts of things. Doesn't mean you should act.
Anyway in this case it's nothing more than a thinly veiled excuse to justify making ecosystem changes that are in their favor. They aren't acting in good faith.
Do people complain about being scammed with Windows or macOS? Apparently not. So they probably also don't complain about Android. The security seems more an excuse to become more closed. Like iOS.
> Do people complain about being scammed with Windows
They do. They absolutely do. Where have you been in the last 20 years? Windows has had a reputation as an unsafe ecosystem for decades. Even amongst non-tech people. And even with the various exploits the biggest source of viruses on windows was always that, lacking a proper channel to distribute applications, they had trained their users to double click any .exe on the internet and the next>next>next in whatever installer. I don't agree with the tightening of developer account requirements, but this argument doesn't hold at all.
>Companies shouldn't wait to solve issues like this
Unless you built your house yourself, you should expect the construction company to be responsible for verifying the identities of anyone entering your house. Asking for a passport and a one time payment, just in case the person who rings the bell may not be a friend.
That should be proactively helping you in case you're a vulnerable homeowner. Not checking in on every visitor would be evil, no?
I lived in an apartment building, and one of the upsides was that the building had a security system and a front desk that helped control who could be wandering down my hall.
But we, owners, collectively choose that. We choose the security company, we pay then, we can vote them out. Most importantly: the construction company has zero say in this.
Also, no one actually check the IDs of my friends, and they don't have to pay the construction company when they first come.
I give the codes, they ring, I open. I hire a company to monitor the building but I can kick then out any day.
Saying that computer/OS manufacturers should prevent malware is effectively equivalent to saying that they should not sell general purpose computers to the public. A general purpose computer is one that can run any program the users tells it to, which necessarily includes one that's malicious.
That doesn't necessarily preclude helping the user to notice when they're doing something dangerous, but a waiting period before the computer becomes general-purpose seems pretty extreme.
> What % of Android users actually want this? Do they know or care?
Bold of you assuming they're doing for users. It's fear-mongering at its finest - using the threat of security to install more control that has little to no protection against the said threats.
Now you might say it's going to raise the bar for the scammers, but nobody is going to be spending time on writing scam or malware for a few bucks. When the reward is high, they can just pay out already verified developers to distribute their builds under their accounts, or just find a workaround (fake ids?) which could be still way cheaper than the potential revenue potential of a successful attack. It's just an inconvenience that didn't existed before.
This is just a policy directly targeting the legit developers distributing apps to work around some of the platform's limitations (ie. uncrappifying youtube). They were previously free to share the workarounds they've developed for themselves since it was just as easy as sharing your APK. Now with added threat of losing your developer account and probably being perma-banned from google, those devs are less likely to continue distributing their workarounds.
Pretty much everyone would hate it if a relative lost their life savings to a scammer, though they may not know it yet.
The idea isn't to protect the power users or average users. It's to protect the most vulnerable. Android is for everyone. Us power users will have a minor speed bump, but we can deal.
Android is for everyone, provided they submit to Google exclusively. It's not about power users, and that isn't a speed bump. You can protect vulnerable users without centralizing power like they did, but that's not their motivation so here we are.
> Android is for everyone. It’s built on a commitment to an open and safe platform. Users should feel confident installing apps, no matter where they get them from.
This intro immediately tells me that whatever comes after will be horrible for users and developers. Surprise surprise, I was right. Software to "verify" side loaded apps is a bad, anti user idea.
I pay for YouTube Premium and I have an alt app on my phone because the user experience is just better. You're supposed to have background play in the regular YouTube app, but videos regularly pause until you return to the yt app to reload.
It all worked perfectly fine back on my iPod touch, pre-premium bs. Tech is regressing.
I'm on a family plan (cheap) and I use it for the music player for the inevitable question of why I'm doing this.
> Starting in April, Android Developer Verifier will be installed on devices.
so they're rolling out a system app that will call home to check whether any sideloaded apps have been "verified" with the developer's government ID? and this process will happen regardless of whether the user has enabled the "advanced flow" in Developer settings?
Good of a reason as any to go google-less on my Graphene pixel, I guess. But man it sucks, mostly for all the people who can't. I can manage my financials and 2FA from my laptop, that was my last real reason to have google play installed, but it's just a convenience. (I know it's mandatory for others.)
I wonder how that sys app will be handled in GrapheneOS's google play sandbox?
That essay about being licensed to use a debugger was supposed to be an absurdist over-extrapolation for the sake of making a deeper point about software freedoms ... right? Seems more like they're using it as an instruction manual.
Don't love it but (1) it's addressing a serious problem and I'm not sure what the alternative is and (2) if you all remember the starting place, it was staggeringly, dramatically worse, practically a death sentence for F-Droid and seemingly testing the waters for if they could simply power through and do it despite objection.
This is a major course correction that doesn't kill F-Droid. A one time 24 hour hoop to jump through and then never again is monumentally better than losing F-Droid forever.
F-Droid has spent many years trying to step out of the "only for technical/power users" into the "This is a tool that normal phone users should have and use". A one time 24hr wait moves back to the "F-Droid is only for technical users" big time.
Bought a new phone? Moved from iPhone to Android? Want help from your friend/family member/librarian/other to setup your new phone for getting apps? Sorry, you need to come back a day later before you can actually use it.
Guess what the normal/non-tech user does in this 24hr period? Go to Play Store, install a bunch of apps, forget that you had the desire to use an alternative.
This indeed does make F-Droid no longer a tool for normal people, but only a tool for those willing to do a bunch of "Advanced" things on their phone. By definition, not regular users.
Is it a serious problem that you can run whatever software you want on your computer? Should we make it so that no one can do that without permission to protect them?
I recommend Cory Doctorow's talk on why this is a serious problem for society:
Yes, lots of vulnerable users get harmed by modern tech. E.g. people have lost their minds using AI, their livelihoods using smartphones, their life savings using the Internet. In general, I prefer a solution where any mental health issue (age-related infirmity, ADHD, etc.) result in protection from modern exploitative tech like this.
Every application use for such people should be supervised by a government official trained to ensure you are not hurting yourself.
This way people who want to use AI, smartphones, or the Internet can do so if they’re healthy and the mentally disabled can be protected. We know that this need exists because even on this “Hacker” News forum everyone gets very upset when a mentally disabled person gets injured after AI use.
It's pretending to address a serious issue while giving Google significant power to limit distribution of apps Google doesn't like, which could sometimes include legal apps that certain governments don't like such as the recently famous ICEBlock.
Google says they don't intend to do that, but even if I believe that's their current intention, they have a strong incentive to do otherwise in the future. Incentives predict outcomes more reliably than intentions.
I say it's pretending because scammers are good at shifting tactics. If convincing users to install malware ceases to be the path of least resistance, they'll convince users to install legitimate remote access utilities, hand over credentials directly, or some other scheme I haven't thought up because I'm not a scammer.
> they have a strong incentive to do otherwise in the future.
The reality is far worse than that. Remember FBI vs Apple? That defense came down to Apple not having software in place that could facilitate the demand being made of them. If they'd had such a system they would presumably have been required to comply.
The government can presumably get an illegal app forcibly removed from an app store but at present you could still install it yourself. With this system they could compel Google to block it entirely.
That's seriously horrible. There are 5+ open source android apps that I use and want to continue using that are not available on Play Store, but rather through alternative stores (like Zapstore, Obtainium).
If I get a phone with preinstalled Graphene OS (like the upcoming Motorola phone), then does it avoid this stupidity? Or even with Graphene it prevents me from installing apks?
Is there any information about how the "advanced flow" will be implemented? According to keepandroidopen.org, this is going to be handled by Google Play Services. Does it mean it will be automatically installed via the silent, always-on GMS update mechanism and I should root my devices and remove GMS altogether if I don't want this?
Older Androids which are fully rootable and unbrickable are cheap (maybe even monetarily free) and will let you continue to have freedom despite what Google wants.
"Those who give up freedom for security deserve neither."
F-Droid is in fact what an app store concerned about user safety looks like. Nobody gets hoodwinked into installing apps that track them or sell their data or otherwise abuse them on F-Droid.
That article's premise is that the Android security model is something that I want. It really isn't.
The F-Droid model of having multiple repositories in one app is absolutely perfect because it gives me control (rather than the operating system) over what repositories I decide to add. There is no scenario in which I wish Android to question me on whether I want to install an app from a particular F-Droid repository.
I am part of the team running keepandroidopen.org and corralling the signatures for the open letter opposing this program. We've been trying to get Google to reverse course on this program ever since it was announced.
As it stands, Android Developer Verification (ADV) is a death sentence for F-Droid, Obtainium, and other competitors to the Google Play Store, both commercial and non-commercial. We are disappointed that they are still trying to steamroll this through in the face of overwhelming public opposition.
There are numerous reasons to object to the program, but a few of the top ones are:
1. You own your computer, and you should be the sole decision-maker for what software you can install on it.
2. "Malware" means whatever Google says it means, and their terms and conditions change daily; today malware is banking scams, tomorrow it is … ad-blocking? VPNs? Their decisions are un-reviewable and opaque, and they have obvious commercial incentives to block certain kinds of (otherwise-legal) software.
3. Centralizing global developer registrations through a US corporation makes it subject to the rules (and whims) of the current regime. Citizens of sanctioned countries or members of sanctioned entities (like the International Criminal Court) will be legally barred from registering, blocking them from creating and distributing software _anywhere_ in the world (not just the US).
4. Scenarios that Google claims ADV will protect against — such as high-pressure phone calls manipulating vulnerable users into installing scam apps — have _already_ been addressed by incremental improvements to Android security over the years, such as "Enhanced Fraud Protection" introduced in Android 13 (and expanded in Android 15). Android has incrementally improved its security features over its near 20 years of existence. There is no evidence that anything has suddenly changed to justify such a disproportionate and extreme lockdown.
5. Being required to pay Google for the privilege of uploading your government identification so that you might be permitted to contribute to the Android software ecosystem is such an abominable insult to the developers that helped build the platform. It deserves all the utter contempt that has been heaped upon it thus far, and begs regulatory scrutiny from those few countries that still have the courage to stand up to these bullies.
We emphatically recommend against developers signing up for this program or endorsing it in any way.
At this point, I think I would prefer to carry a dumb flip phone for SMS and phone calls, and a smartphone-shaped generic touchscreen linux computer for everything else. It's becoming disturbingly impossible to find the former, and practically impossible (IME) to find the former.
Does anyone here have experience using Ubuntu Touch? That's the closest thing I've seen to "generic touchscreen linux" for mobile phone hardware. I'd love a device that works for multimedia, navigation, web browsing, and a handful of APKs like various chat apps (and really anything can can arbitrarily use the hardware), but it seems like tying a cellular modem to this ends up fucking up the whole dream because of carrier and manufacturer motivations/compensations.
I mean, I’m sure “Fortnite with infinite vbucks.apk” has a much worse malware rate than the play store, but I’m almost certain that fdroid has a lower malware rate than the play store and I honestly suspect even “random apks off github” might have a similar rate to the play store
So, anyway, how do we make sure that our phones don't turn into a pumpkin on a set date? I suppose it's all shit long term, but at the very least I don't want to be forced to look for a solution before I need a new phone. So, what do you do? Can you just disable android updates somehow and it will solve the issue? Or it is already a ticking bomb that will be activated on the set date no matter what?
I really want to like the concept of Jolla / a European mobile alternative but I see no reason why they're closed source SW in 2026. Open source everything, let the community help develop, and sell your hardware (and support/deals for B2B).
A single for-profit company owning the full HW and SW stack? My trust in companies lately is at a lifetime low. It just leaves a bad taste in my mouth.
> our recent analysis found over 90 times more malware from sideloaded sources than on Google Play
So what's the solution then? At the same time, I'm curious how this ends up happening to end users. Enabling unknown sources is trivial in a way (it's just one check box and if you try to install an APK from, say, Firefox, it'll take you right there), but how are people even getting to that point??
tl;dr how to install an app from unverified developer ("advanced flow")
1. enable developer mode
2. confirm you aren't being coached
3. restart your phone and reauthenticate
4. come back after 24 hours and unlock device
5. install app from unverified developer, option of enabling for 7 days or indefinitely
This is apparently a one-time process. Advanced flow for users launches globally August 2026. Verification requirement kicks in September 2026.
Personally I am hopeful that people work toward a completely new, non-Android OS. 15 GB of space on my phone, and 1.5 GB of RAM, is dedicated to Android OS alone. This design, and the control this company (and the mobile providers, and device manufacturers) have over the mobile world, is ridiculous. Let's start over.
>15 GB of space on my phone, and 1.5 GB of RAM, is dedicated to Android OS alone
The original Droid phone I used had only 256mb of memory, and could still multitask and run multiple apps at once with that limited memory. Its crazy how bloated things have become over the years.
I don't see a way out of this except government regulation. The EU has the most motivation to do it, as a huge economic bloc with a lot of motivation right now to become as independent from the US as possible.
I guess I can sort of manage to keep my head above water and keep buying secondhand phones which I unlock and install a supported version of LineageOS. But it's cumbersome, it gets more difficult and more restrictive every time. And I literally have a doctorate in computers for crying out loud! Is there any hope for Granny? For a kid? For >99% of people? Of course not.
This is so clearly a matter for government oversight: prevent abuse, monopolies, protect the citizen's safety, rights, welfare, etc. It's not reasonable to expect consumers to figure out if the meat they buy is tainted, just as it's not to figure out if their phone spies on them, manipulates information, or sells their data (especially when there's a duopoly). That's why we have laws and food inspectors, paid for by the public, working for the public. Same thing with digital rights.
> I don't see a way out of this except government regulation.
IMHO governments are partially behind those initiatives so they are unlikely to regulate themself- reason in last few years they intensified work on Digital ID, Age Verification, Chat control, KYC, etc.
EU is schizophrenic enough that it often produces very conflicting directions, opinions and policies.
One thing EU loves is regulation though, so I expect they will introduce preemptive regulations to enforce strict ID verification as well as regulations to fine big companies for breaching user privacy with strict ID verification policies.
For the limits on side-loading in particular, there are a few southeast asian nations (I can't recall, Vietnam? Thailand?) where almost all internet access is via Android, including banking. And social engineering fraud, where they call someone up, pretend to be the bank, and get them to side-load malware, has become a major financial, and political problem.
AIUI, they have told Google to find a fix, or else.
> pretend to be the bank, and get them to side-load malware, has become a major financial, and political problem.
I been living in SE Asia for few years each in Thailand, Malaysia, Indonesia, Vietnam and really didn't notice that this is supposed to be like major political problem.
'Fraud' is the same smoke screen and excuse as 'protect the children from social media or pedophiles'.
I can't find it now, but the article I read seemed to say that the gov was specifically upset about the banking issue, and might tell the banks they can't allow apps anymore.
There are different governments and different subdivisions within any given government. The only thing you need to get a government that had been pushing Chat Control to do some trust busting is to get more votes.
"This is so clearly a matter for government oversight: prevent abuse, protect the citizen's safety, rights, welfare, etc. It's not reasonable to expect consumers to figure out if the meat they buy is tainted, just as it's not to figure out if the APPS THEY INSTALL spies on them, manipulates information, or sells their data"
Do you see how quickly that argument can be flipped to support what google is doing here? Honestly I wouldn't be surprised if half the reason to to lock down phones is because governments keep pressuring them to do so.
I'm wondering if the EU is complicit in this somehow, despite claiming that they want to fight back against tech companies.
The EU Commission is currently pushing the shitty EU Identity Wallet for mandatory age verification, and it requires GooglePlay Services to be installed for "anti-tampering". That also means a ban on non official versions of Android like LineageOS and GrapheneOS.
The thing is, the EU needs to be able to not only sell that the regulation they propose is good to the public, but also not piss off the US administration.
Most people are too non-technical to understand why this is a bad thing even when it's explained to them. Plus, whatever administration is in power in the US has a lot of influence.
Trump has already said that he wouldn't tolerate regulation that affects American companies [1], painting regulation that happens in another country as something that will affect US citizens. (I mean if you use the GDPR as an example, it's not wrong. Think of cookie pop ups while browsing the web in the US)
I would like the the EU would go harder with their regulations, because it usually results in other countries or states following their lead, but I dont see that happening. Regulation has been painted as "bad", and we have at least 3 more years until that changes.
It really seems like they are doing a lot to appease the tiny minority of us power users, adb load unaffected, one time toggle in settings to opt out, no change to alternative app stores as long as the apk was built by a verified developer. Crazy how harsh the sentiment is here, there are real people being harmed by scam apps intercepting sms one time codes and this will reduce the rate of that happening. It's not like we can't sideload anymore, though a lot of comments here seem to be implying otherwise.
But that "tiny minority" are the people developing apps, which all their other users use... if you drive away devs from wanting to develop on your platform that's not going to go well for you (of course, they may still be forced to develop for Android if they want a wide audience, but you're driving away hobbyists with new ideas)
Because this is a glide path to what they really want, look at Apple and running unsigned apps on your Mac, how it started, simple right click, how is it going, near impossible.
Really, there are apps that will intercept and exfiltrate your bank one time code sms that are just sitting on the play store? First I'm hearing of this, what's the name of one?
1) Provided my company DUNS number etc. once to create the payment profile. I did this some times ago, don’t remember the details but it was an involved verification process and it is marked as verified business payment profile.
2) Later on the payment step verified myself with a passport and bank statement to be able to actually pay with a proper HSBC bank card. Not shady pre-paid card or something, those are not accepted anyway.
3) After I paid I was told that now I need to verify my identity once more but this time with the passport and the incorporation certificate or some other company document.
fingers crossed that in few days it will be verified. While waiting, it tells me that there are still website and email verification to do once the previous step is done. I already verified my e-mail a few times before paying.
It’s painful, slow and annoying because if you fail at a step(i.e. needs verification that takes days and you are told about it at the payment step) you have to start again with the forms.
I just remembered why I never use Android. It seems like no one owns the process and as a result you get unpolished shitty experience that fulfills the requirements of god knows how many people who work in the same company but don’t talk to each other.
My experience with getting a verified "business" developer account from Google mirrors the experience as getting one from Apple, except it's a one-time fee and much less than Apple.
Yes there are hoops to jump through, identification usually requires some hoops, but pretty it's straightforward. I am not commenting on the requirements of these hoops, yes, it's BS that they exist but it's their platform so it's their rules.
What type of "experience" are you expecting to have anyway?
How does that mirror uploading my passport many times, entering company details many times, typing my e-mail and phone numbers many times both because I had to start over and because I was asked many times even if I provided these some steps back? Now I paid and waiting, hopefully I will later be verifying my e-mail address or something that I verified a few times prior.
> What type of "experience" are you expecting to have anyway?
The Apple experience. An experience that is well thought and streamlined, that doesn’t keep me entering the same information over and over again. I don’t mind paying a little more for well designed products. The $75 difference is nothing to justify this charade, I don’t think that that Google was short of $75 and designed this low quality experience, I think it’s engraver in their DNA.
Being told upfront what is required to complete the process so you don't have to start over again multiple times?
Google has seemingly never seen an elderly person's phone, where it is completely infected with crap including literal popup ads (that somehow overlay other apps), yet all of it was downloaded from GPlay.
I've been using Android since 2010 because it was open in ways that the Apple ecosystem wasn't. I do not want this and imagine hardly any other power users (for lack of a better term) do. I'm already using a mostly deGoogled device but this really seals the deal. I have been longing for a true Linux phone for years and now seems like a good time to get serious about the search and migration plan.
2%, according to the keepandroidopen.org poll[^1]
[^1] https://techhub.social/@keepandroidopen/116251892296272830
Android isn't open source for a while. They started by pushing device certification which crippled any abilities of OEMs to make a better framework. Then they took many of the opensource packages out of android and redistributed as applications that they controlled via play services.
Then they made it harder to publish packages and created tons of rules that they can arbitrarily decide to cut ties with you or remove your remuneration.
What they are effectively doing now is to remove any ability of individual developers to push applications. Some will say the costs ain't that high, but (1) maybe not in USD dollars for Americans and (2) both Google and Apple will push those numbers way up high soon.
Even if that is not the case, if you don't agree with anything and you decide to have your own version of your family wiki, messenger or anything, they will be able to tell the authorities about it.
This is insane....
Just to drive the point home. Not that you would do this but you _could_ even implement such a system fully anonymously - with uploads via tor and payments via XMR - and it should still work just as well.
Add in a third even more expensive tier for those providing source code to the auditor where google verifies a signed deterministic build the same way fdroid does. Now clearly mark the three different tiers in the app store.
And if they went this route the next logical step for highly sensitive stuff like banking and password management would be a fourth licensed and bonded tier where a verified individual located in a friendly country took on liability for any fraud or other malpractice. That tier would be the equivalent to the situation for civil engineers.
Instead we're stuck in a reality where I don't trust sourcing password managers (among other things) from the play store. Those only ever come from fdroid for me - you know, an actually secure model for how to do app distribution and verify builds.
Different judge you say? You're right. But when Google in their appeal asked the judge why the app store isn't a monopoly, the judge told Google with a straight face
"You can't be anti-competitive if you have no competitors."
Google took note.
Anyway in this case it's nothing more than a thinly veiled excuse to justify making ecosystem changes that are in their favor. They aren't acting in good faith.
They do. They absolutely do. Where have you been in the last 20 years? Windows has had a reputation as an unsafe ecosystem for decades. Even amongst non-tech people. And even with the various exploits the biggest source of viruses on windows was always that, lacking a proper channel to distribute applications, they had trained their users to double click any .exe on the internet and the next>next>next in whatever installer. I don't agree with the tightening of developer account requirements, but this argument doesn't hold at all.
Companies shouldn't wait to solve issues like this - they should be proactively helping their most vulnerable users. That is the "do no evil" motto.
I don't know enough to say whether this method is the right approach however.
Unless you built your house yourself, you should expect the construction company to be responsible for verifying the identities of anyone entering your house. Asking for a passport and a one time payment, just in case the person who rings the bell may not be a friend.
That should be proactively helping you in case you're a vulnerable homeowner. Not checking in on every visitor would be evil, no?
I can't think of a better approach.
But we, owners, collectively choose that. We choose the security company, we pay then, we can vote them out. Most importantly: the construction company has zero say in this.
Also, no one actually check the IDs of my friends, and they don't have to pay the construction company when they first come.
I give the codes, they ring, I open. I hire a company to monitor the building but I can kick then out any day.
I own the place, you see?
That doesn't necessarily preclude helping the user to notice when they're doing something dangerous, but a waiting period before the computer becomes general-purpose seems pretty extreme.
Bold of you assuming they're doing for users. It's fear-mongering at its finest - using the threat of security to install more control that has little to no protection against the said threats.
Now you might say it's going to raise the bar for the scammers, but nobody is going to be spending time on writing scam or malware for a few bucks. When the reward is high, they can just pay out already verified developers to distribute their builds under their accounts, or just find a workaround (fake ids?) which could be still way cheaper than the potential revenue potential of a successful attack. It's just an inconvenience that didn't existed before.
This is just a policy directly targeting the legit developers distributing apps to work around some of the platform's limitations (ie. uncrappifying youtube). They were previously free to share the workarounds they've developed for themselves since it was just as easy as sharing your APK. Now with added threat of losing your developer account and probably being perma-banned from google, those devs are less likely to continue distributing their workarounds.
The idea isn't to protect the power users or average users. It's to protect the most vulnerable. Android is for everyone. Us power users will have a minor speed bump, but we can deal.
This intro immediately tells me that whatever comes after will be horrible for users and developers. Surprise surprise, I was right. Software to "verify" side loaded apps is a bad, anti user idea.
And that launch country list is most likely the countries where cracked YouTube Premium is most common.
App piracy is huge by copying around modded APK's, and everyone's grandma is doing it.
It all worked perfectly fine back on my iPod touch, pre-premium bs. Tech is regressing.
I'm on a family plan (cheap) and I use it for the music player for the inevitable question of why I'm doing this.
https://news.ycombinator.com/item?id=47354917
> Starting in April, Android Developer Verifier will be installed on devices.
so they're rolling out a system app that will call home to check whether any sideloaded apps have been "verified" with the developer's government ID? and this process will happen regardless of whether the user has enabled the "advanced flow" in Developer settings?
I wonder how that sys app will be handled in GrapheneOS's google play sandbox?
GOS have already said users won't be impacted by this clampdown.
This is a major course correction that doesn't kill F-Droid. A one time 24 hour hoop to jump through and then never again is monumentally better than losing F-Droid forever.
Bought a new phone? Moved from iPhone to Android? Want help from your friend/family member/librarian/other to setup your new phone for getting apps? Sorry, you need to come back a day later before you can actually use it.
Guess what the normal/non-tech user does in this 24hr period? Go to Play Store, install a bunch of apps, forget that you had the desire to use an alternative.
This indeed does make F-Droid no longer a tool for normal people, but only a tool for those willing to do a bunch of "Advanced" things on their phone. By definition, not regular users.
I recommend Cory Doctorow's talk on why this is a serious problem for society:
https://en.wikisource.org/wiki/The_Coming_War_on_General_Com...
https://www.youtube.com/watch?v=HUEvRyemKSg
Every application use for such people should be supervised by a government official trained to ensure you are not hurting yourself.
This way people who want to use AI, smartphones, or the Internet can do so if they’re healthy and the mentally disabled can be protected. We know that this need exists because even on this “Hacker” News forum everyone gets very upset when a mentally disabled person gets injured after AI use.
Google says they don't intend to do that, but even if I believe that's their current intention, they have a strong incentive to do otherwise in the future. Incentives predict outcomes more reliably than intentions.
I say it's pretending because scammers are good at shifting tactics. If convincing users to install malware ceases to be the path of least resistance, they'll convince users to install legitimate remote access utilities, hand over credentials directly, or some other scheme I haven't thought up because I'm not a scammer.
The reality is far worse than that. Remember FBI vs Apple? That defense came down to Apple not having software in place that could facilitate the demand being made of them. If they'd had such a system they would presumably have been required to comply.
The government can presumably get an illegal app forcibly removed from an app store but at present you could still install it yourself. With this system they could compel Google to block it entirely.
You take a step forward.
He takes a step back.
"Meet me in the middle" says the unjust man.
If I get a phone with preinstalled Graphene OS (like the upcoming Motorola phone), then does it avoid this stupidity? Or even with Graphene it prevents me from installing apks?
"Those who give up freedom for security deserve neither."
F-Droid has not meaningfully improved since that piece was written, either. No one should use F-Droid.
The F-Droid model of having multiple repositories in one app is absolutely perfect because it gives me control (rather than the operating system) over what repositories I decide to add. There is no scenario in which I wish Android to question me on whether I want to install an app from a particular F-Droid repository.
As it stands, Android Developer Verification (ADV) is a death sentence for F-Droid, Obtainium, and other competitors to the Google Play Store, both commercial and non-commercial. We are disappointed that they are still trying to steamroll this through in the face of overwhelming public opposition.
There are numerous reasons to object to the program, but a few of the top ones are:
1. You own your computer, and you should be the sole decision-maker for what software you can install on it.
2. "Malware" means whatever Google says it means, and their terms and conditions change daily; today malware is banking scams, tomorrow it is … ad-blocking? VPNs? Their decisions are un-reviewable and opaque, and they have obvious commercial incentives to block certain kinds of (otherwise-legal) software.
3. Centralizing global developer registrations through a US corporation makes it subject to the rules (and whims) of the current regime. Citizens of sanctioned countries or members of sanctioned entities (like the International Criminal Court) will be legally barred from registering, blocking them from creating and distributing software _anywhere_ in the world (not just the US).
4. Scenarios that Google claims ADV will protect against — such as high-pressure phone calls manipulating vulnerable users into installing scam apps — have _already_ been addressed by incremental improvements to Android security over the years, such as "Enhanced Fraud Protection" introduced in Android 13 (and expanded in Android 15). Android has incrementally improved its security features over its near 20 years of existence. There is no evidence that anything has suddenly changed to justify such a disproportionate and extreme lockdown.
5. Being required to pay Google for the privilege of uploading your government identification so that you might be permitted to contribute to the Android software ecosystem is such an abominable insult to the developers that helped build the platform. It deserves all the utter contempt that has been heaped upon it thus far, and begs regulatory scrutiny from those few countries that still have the courage to stand up to these bullies.
We emphatically recommend against developers signing up for this program or endorsing it in any way.
Does anyone here have experience using Ubuntu Touch? That's the closest thing I've seen to "generic touchscreen linux" for mobile phone hardware. I'd love a device that works for multimedia, navigation, web browsing, and a handful of APKs like various chat apps (and really anything can can arbitrarily use the hardware), but it seems like tying a cellular modem to this ends up fucking up the whole dream because of carrier and manufacturer motivations/compensations.
Has anyone seen the report for that analysis. I bet most people here would love to read it too.
I stuck with Android for years as a dev as I once did Android apps and occasionally do tinker.
This is my last Android phone and Jolla is my next phone.
A single for-profit company owning the full HW and SW stack? My trust in companies lately is at a lifetime low. It just leaves a bad taste in my mouth.
So what's the solution then? At the same time, I'm curious how this ends up happening to end users. Enabling unknown sources is trivial in a way (it's just one check box and if you try to install an APK from, say, Firefox, it'll take you right there), but how are people even getting to that point??
Personally I am hopeful that people work toward a completely new, non-Android OS. 15 GB of space on my phone, and 1.5 GB of RAM, is dedicated to Android OS alone. This design, and the control this company (and the mobile providers, and device manufacturers) have over the mobile world, is ridiculous. Let's start over.
The original Droid phone I used had only 256mb of memory, and could still multitask and run multiple apps at once with that limited memory. Its crazy how bloated things have become over the years.
I guess I can sort of manage to keep my head above water and keep buying secondhand phones which I unlock and install a supported version of LineageOS. But it's cumbersome, it gets more difficult and more restrictive every time. And I literally have a doctorate in computers for crying out loud! Is there any hope for Granny? For a kid? For >99% of people? Of course not.
This is so clearly a matter for government oversight: prevent abuse, monopolies, protect the citizen's safety, rights, welfare, etc. It's not reasonable to expect consumers to figure out if the meat they buy is tainted, just as it's not to figure out if their phone spies on them, manipulates information, or sells their data (especially when there's a duopoly). That's why we have laws and food inspectors, paid for by the public, working for the public. Same thing with digital rights.
IMHO governments are partially behind those initiatives so they are unlikely to regulate themself- reason in last few years they intensified work on Digital ID, Age Verification, Chat control, KYC, etc.
One thing EU loves is regulation though, so I expect they will introduce preemptive regulations to enforce strict ID verification as well as regulations to fine big companies for breaching user privacy with strict ID verification policies.
AIUI, they have told Google to find a fix, or else.
I been living in SE Asia for few years each in Thailand, Malaysia, Indonesia, Vietnam and really didn't notice that this is supposed to be like major political problem.
'Fraud' is the same smoke screen and excuse as 'protect the children from social media or pedophiles'.
Do you see how quickly that argument can be flipped to support what google is doing here? Honestly I wouldn't be surprised if half the reason to to lock down phones is because governments keep pressuring them to do so.
The EU Commission is currently pushing the shitty EU Identity Wallet for mandatory age verification, and it requires GooglePlay Services to be installed for "anti-tampering". That also means a ban on non official versions of Android like LineageOS and GrapheneOS.
And Google thinks it can pull this ridiculous stunt.
Most people are too non-technical to understand why this is a bad thing even when it's explained to them. Plus, whatever administration is in power in the US has a lot of influence.
Trump has already said that he wouldn't tolerate regulation that affects American companies [1], painting regulation that happens in another country as something that will affect US citizens. (I mean if you use the GDPR as an example, it's not wrong. Think of cookie pop ups while browsing the web in the US)
I would like the the EU would go harder with their regulations, because it usually results in other countries or states following their lead, but I dont see that happening. Regulation has been painted as "bad", and we have at least 3 more years until that changes.
[1] https://www.cnn.com/2026/01/12/tech/us-eu-tech-regulation-fi...
How it's going: almost everything is signed, even pirated apps.
????