- Does this mean sideloading is going away on Android?
Absolutely not. Sideloading is fundamental to Android and it is not going away. Our new developer identity requirements are designed to protect users and developers from bad actors, not to limit choice. We want to make sure that if you download an app, it’s truly from the developer it claims to be published from, regardless of where you get the app. Verified developers will have the same freedom to distribute their apps directly to users through sideloading or through any app store they prefer.
- Making APKs available to your test team
If your team’s current test process relies on distributing APKs to testers for installation using methods other than adb, you will need to verify your identity and register the package. This also applies if you make APKs available to your test teams through Google Play Internal Testing, Firebase App Distribution, or similar solutions through other distribution partners.
- Do I still need to register my apps if I’m only distributing to a limited number of users?
We recommend you register. It’s a simple, one-time process that will allow anyone to download and install your app. However, if you prefer not to, we are also introducing a free developer account type that will allow teachers, students, and hobbyists to distribute apps to a limited number of devices without needing to provide a government ID.
- What can I do to prepare for developer verification?
The best way to get ready and stay updated is to sign up for early access. We’ll start sending invitations in October.
We recommend you participate in developer verification because, even though verification is not required to develop apps with Android Studio, you will need it to distribute apps to certified Android devices. Apps installed through enterprise management tools on managed devices will also be installable without being registered.
I know I will get downvoted for this opinion, but I like this.
Developers who decided not to use Play Store can still do so, but are required to identify themselves. I get that not everyone is willing to do this, but there still is a free way to compile apps yourself and put it on your phone.
I am a developer myself and I have published apps for iOS and Android in the past and this process still is way easier than anything an iOS developer has to do to just install an app on his personal phone.
Imagine if every program on your PC had to be verified by Microsoft, or Canonical.
Fuck that noise.
This won’t increase security. This just allows Google to tighten the reigns on their system to push out alternative app stores and enhance their monopoly. What do you think will be in the developer agreement - guarantee there’s clauses preventing YouTube frontend apps (Freetube, Grayjay) and root alternative apps (Magisk, Shizuku). If it’s not there on day one it will magically appear in a few months - and then the rug will be pulled from under those devs and they’ll be banned from working on Android again on anything, potentially sued, and Google will be able to enforce it because they know exactly whom the devs are and have their government IDs.
I totally agree with you that having Google as the only one able to assign these certificates is a problem. This needs to change (and I rely heavily on the EU to enforce this), but I still think that everyone who is publishing an app to an undisclosed number of people (and therefore there is no implicit trust by design) should identify him- or herself to some authority.
Why? Google is demanding personal ID for devs, but we have no idea who wrote code for the Google apps we install - was it a Californian, was it slopped together by an AI, was an NSA analyst supplying code? Sorry, Google deems that’s all private. Code is closed. Trust us.
Now, open source devs who value their privacy are forced to give it all up for users to continue using their vettable code that has earned them user trust over years or decades - just to give Google direct power over them. Power to ban from the store, power to sue, to litigate - you presume for benevolent reasons, however there is not much reason to believe this, given Google’s history.
Google has repeatedly spread malware through their store and it has had real world impacts, so if they want to improve their security and more thoroughly vet the devs that they charge to use their store to distribute their code, fine - that’s their call. But that’s not all they’re doing, is it - they’re demanding ID from any dev that uses any storefront, even if that storefront is completely out of Google’s hands and has over a decade of never distributing a single piece of malware.
Don’t be fooled, this is a ploy to kill third party apps and third party stores, while enabling Google to strike at any devs of apps they take issue with.
They’re taking away a BIG freedom in android, which is installing apps from wherever you want, however you want, and when you want.
And google play itself has WAY MORE malware than all FOSS sources combined.
Do you reconsider now?
FOSS is a thousand times more reliable than the standard app on play store.
Honestly this was one of the few major advantages to using android over iOS. Might have to consider a switch now…
no no no, hold your horses!
there is hope in custom roms and root!
and maybe, ADB (therefore shizuku).
unless you mean a switch to linux phones
then, do it.
That freedom is still there. The only thing going away is installing from an undisclosed source.
Why should we have to disclose the source to google? It’s evil, and this is just more bullshit they are trying to get your data.
You’ll get downvotes because this is just rationalizing kow-towing to Google.
There’s no technical, nor security reasoning to rationalize this.
There is security reasoning
The internet has a ton of malware and having a better way of identifying apps isn’t a bad thing. The problem is when it is used in order to make Google the sole gatekeeper of alllowed apps.
The malware is already on the Play Store.
Google is already doing nothing about malware that you can officially download directly from Google.
Google play is huge
Every time Google finds malware they take it down and improve their processes. I’m definitely not a big fan of Google but they do handle security pretty well. (Except for malware in ads)
There are plenty of reasons to hate Google. However, just because there have been cases of malware on Google play doesn’t mean that downloading apps is somehow less risky. You should stick to trusted sources and avoid questionable apps. The core problem here is the fact that the solution Google came up with for malware prevention allows them to block third party app stores and potentially apps not liked by Google like NewPipe.
I would have far less of an issue Android app verification if it was instead implemented in AOSP with a way for users to configure it in settings. Bonus if it allows users to install trusted certificates from third parties.
Yes and they actually have a malware service that already runs on side loaded apks. This isn’t about security and you can’t convince me otherwise.
The solution they “came up with” just didn’t just happen to exclude those apps. It is the entire purpose.
We have had anti-malware on desktops for decades. None of them set a system hard line at phoning home to (insert mega globo corp) to install software on hardware, I repeat, you own. It’s yours. You paid for it. What you do with it is none of Google’s concern.
What if they refuse to approve your developer identity application? Now you can’t sideload the app you developed for personal use.
At the moment (I am willing to change my opinion if that changes) Google has announced that for your personal use you won’t need to submit any ID. This just shows me you haven’t even read the whole thing, but just the headline and your opinion on this was set.
You do need to submit an ID if your app gets a larger audience. Plus, the account requirement stays. With the way google bans developer accounts I wouldn’t be surprised if your hobby developer gets an axe once a while.
It’s not hard to imagine them abusing/being compelled to limit apps based on regional restrictions or perhaps other apps terms of service. Like newpipe could be nuked out of nowhere assuming it even gets a say since it breaks YouTube’s Terms of service.
Or manga, book reading apps getting the axe due to copyright strike. Plus, the devs could get doxxed again due to copyright strike.
No sane developer should risk submitting this personal information to google for a side or hobby or even a community project.
Well yes. That’s what happens when your only argument boils down to “It could be worse”.
My argument isn’t “it could be worse” - my argument is “that’s how it should have been from the beginning”.
“No no, my argument is even worse than that!”
Then you deserve them even more. Fuck privacy and freedom I guess?