- Does this mean sideloading is going away on Android?
Absolutely not. Sideloading is fundamental to Android and it is not going away. Our new developer identity requirements are designed to protect users and developers from bad actors, not to limit choice. We want to make sure that if you download an app, it’s truly from the developer it claims to be published from, regardless of where you get the app. Verified developers will have the same freedom to distribute their apps directly to users through sideloading or through any app store they prefer.
- Making APKs available to your test team
If your team’s current test process relies on distributing APKs to testers for installation using methods other than adb, you will need to verify your identity and register the package. This also applies if you make APKs available to your test teams through Google Play Internal Testing, Firebase App Distribution, or similar solutions through other distribution partners.
- Do I still need to register my apps if I’m only distributing to a limited number of users?
We recommend you register. It’s a simple, one-time process that will allow anyone to download and install your app. However, if you prefer not to, we are also introducing a free developer account type that will allow teachers, students, and hobbyists to distribute apps to a limited number of devices without needing to provide a government ID.
- What can I do to prepare for developer verification?
The best way to get ready and stay updated is to sign up for early access. We’ll start sending invitations in October.
We recommend you participate in developer verification because, even though verification is not required to develop apps with Android Studio, you will need it to distribute apps to certified Android devices. Apps installed through enterprise management tools on managed devices will also be installable without being registered.
There is security reasoning
The internet has a ton of malware and having a better way of identifying apps isn’t a bad thing. The problem is when it is used in order to make Google the sole gatekeeper of alllowed apps.
The malware is already on the Play Store.
Google is already doing nothing about malware that you can officially download directly from Google.
Google play is huge
Every time Google finds malware they take it down and improve their processes. I’m definitely not a big fan of Google but they do handle security pretty well. (Except for malware in ads)
There are plenty of reasons to hate Google. However, just because there have been cases of malware on Google play doesn’t mean that downloading apps is somehow less risky. You should stick to trusted sources and avoid questionable apps. The core problem here is the fact that the solution Google came up with for malware prevention allows them to block third party app stores and potentially apps not liked by Google like NewPipe.
I would have far less of an issue Android app verification if it was instead implemented in AOSP with a way for users to configure it in settings. Bonus if it allows users to install trusted certificates from third parties.
Yes and they actually have a malware service that already runs on side loaded apks. This isn’t about security and you can’t convince me otherwise.
The solution they “came up with” just didn’t just happen to exclude those apps. It is the entire purpose.
We have had anti-malware on desktops for decades. None of them set a system hard line at phoning home to (insert mega globo corp) to install software on hardware, I repeat, you own. It’s yours. You paid for it. What you do with it is none of Google’s concern.