Discussion
Android developer verification: Balancing openness and choice with safety
focusedone: I'm generally OK with this, but the 24 hour hang time does seem a bit onerous.Most of the apps on my phone are installed from F-Droid. I guess the next time I get a new phone I'll have to wait at least 24 hours for it to become useful.I'm seriously considering Graphene for a next personal device and whatever the cheapest iOS device is for work.
janice1999: The apps might be available though. Many developers are simply stopping in the face of Google's invasive policies. I don't blame them. Say goodbye to useful apps like Newpipe.
janice1999: The forced ID for developers outside the Play store is already killing open source projects you could get on F-Droid. The EU really needs to identify this platform gatekeeping as a threat. As an EU citizen I should not be forced to give government ID to a US company, which can blacklist me without recourse, in order to share apps with other EU citizens on devices we own.
9cb14c1ec0: It's getting harder and harder to be an Android enthusiast. Especially given the hypocrisy of Google Play containing an awful lot of malware.
mosura: From a detached perspective Play Services itself is practically sanctioned malware and this is to protect that monopoly.
astra1701: This is going to hurt legitimate sideloading way more than actually necessary to reduce scams:- Must enable developer mode -- some apps (e.g., banking apps) will refuse to operate and such when developer mode is on, and so if you depend on such apps, I guess you just can't sideload?- One-day (day!!!) waiting period to activate (one-time) -- the vast majority of people who need to sideload something will probably not be willing to wait a day, and will thus just not sideload unless they really have no choice for what they need. This kills the pathway for new users to sideload apps that have similar functionality to those on the Play Store.The rest -- restarting, confirming you aren't being coached, and per-install warnings -- would be just as effective alone to "protect users," but with those prior two points, it's clear that this is just simply intended to make sideloading so inconvenient that many won't bother or can't (dev mode req.).
pmontra: You have to wait one day only once, when enabling the feature. I agree that enabling developer mode could be a problem but mostly because it's buried below screens and multiple touches. As a data point, I enabled developer mode on all my devices since 2011 and no banking app complained about it. But it could depend by the different banking systems of our countries.
frays: You don't use the HSBC or Citibank app then I assume?
tadfisher: We'll see when this rolls out, but I don't foresee the package manager checking for developer mode when launching "unverified" apps, just when installing them. AFAICT the verification service is only queried on install currently.
MishaalRahman: Googler here (community engagement for Android) - I looked into the developer options question, and it's my understanding that you don't have to keep developer options enabled after you enable the advanced flow. Once you make the change on your device, it's enabled.If you turn off developer options, then to turn off the advanced flow, you would first have to turn developer options back on.
summermusic: 24 hour mandatory wait time to side load!? All apps I want to use on my phone are not in the Play Store. So I buy a new phone (or wipe a used phone) and then I can’t even use it for 24 hours?
occz: The 24 hour wait period is the largest of the annoyances in this list, but given that adb installs still work, I think this is a list of things I can ultimately live with.
curt15: The one-day waiting period is so arbitrary. Have they demonstrated any supporting data? We know google loves to flaunt data.Something like Github's approach of forcing users to type the name of the repo they wish to delete would seem to be more than sufficient to protect technically disinclined users while still allowing technically aware users to do what they please with their own device.
trillic: To paste code into the chrome dev console you just need to type “allow pasting”
2OEH8eoCRo0: Seems like a very reasonable compromise. What's the catch?
janice1999: Developers, including non-US citizens, are forced to give Google their government ID to distribute apps. This enables Google to track and censor projects, like NewPipe, an alternative open source Youtube frontend, by revoking signing permissions for developers.
occz: That's not correct - the flow described in the post outlines the requirements to install any apps that haven't had their signature registered with Google.That means those apps still keep on existing, they are just more of a hassle to install.
xnx: This is eminently reasonable.Now if only Android would allow for stronger sandboxing of apps (i.e. lie to them about any and all system settings).
tadfisher: Honestly, if coerced sideloading is a real attack vector, then this seems to be a pretty fair compromise.I just remain skeptical that this tactic is successful on modern Android, with all the settings and scare screens you need to go through in order to sideload an app and grant dangerous permissions.I expect scammers will move to pre-packaged software with a bundled ADB client for Windows/Mac, then the flow is "enable developer options" -> "enable usb debugging" -> "install malware and grant permissions with one click over ADB". People with laptops are more lucrative targets anyway.
dfabulich: I predict that they're going to introduce further restrictions, but I think the restrictions will only apply to certain powerful Android permissions.The use case they're trying to protect against is malware authors "coaching" users to install their app.In November, they specifically called out anonymous malware apps with the permission to intercept text messages and phone calls (circumventing two-factor authentication). https://android-developers.googleblog.com/2025/11/android-de...After today's announced policy goes into effect, it will be easier to coach users to install a Progressive Web App ("Installable Web Apps") than it will be to coach users to sideload a native Android app, even if the Android app has no permissions to do anything more than what an Installable Web App can do: make basic HTTPS requests and store some app-local data. (99% of apps need no more permissions than that!)I think Google believes it should be easy to install a web app. It should be just as easy to sideload a native app with limited permissions. But it should be very hard/expensive for a malware author to anonymously distribute an app with the permission to intercept texts and calls.
yjftsjthsd-h: > But it should be very hard/expensive for a malware author to anonymously distribute an app with the permission to intercept texts and calls.And how hard/expensive should it be for the developer of a legitimate F/OSS app to intercept calls/texts?
Tostino: Yep, I have a legitimate use case for exactly this. It integrates directly with my application and gives it native phone capabilities that are unavailable if I were to use a VoIP provider of any kind.
dfabulich: As a legitimate developer developing an app with the power to take over the phone, I think it's appropriate to ask you to verify your identity. It should be an affordable one-time verification process.This should not be required for apps that do HTTPS requests and store app-local data, like 99%+ of all apps, including 99% of F-Droid apps.But, in my opinion, the benefit of anonymity to you is much smaller than the harm of anonymous malware authors coaching/coercing users to install phone-takeover apps.(I'm sure you and I won't agree about this; I bet you have a principled stand that you should be able to anonymously distribute malware phone-takeover apps because "I own my device," and so everyone must be vulnerable to being coerced to install malware under that ethical principle. It's a reasonable stance, but I don't share it, and I don't think most people share it.)
limagnolia: I don't see anything on NewPipe's website about not continuing development?
MishaalRahman: >- Must enable developer mode -- some apps (e.g., banking apps) will refuse to operate and such when developer mode is on, and so if you depend on such apps, I guess you just can't sideload?Hi, I'm the community engagement manager @ Android. It's my understanding that you don't have to keep developer options enabled after you enable the advanced flow. Once you make the change on your device, it's enabled.If you turn off developer options, then to turn off the advanced flow, you would first have to turn developer options back on.>- One-day (day!!!) waiting period to activate (one-time) -- the vast majority of people who need to sideload something will probably not be willing to wait a day, and will thus just not sideload unless they really have no choice for what they need.ADB installs are not impacted by the waiting period, so that is an option if you need to install certain unregistered applications immediately.
hbn: > ADB installs are not impacted by the waiting period, so that is an option if you need to install certain unregistered applications immediately.Someone is just going to make a nice GUI application for sideloading apks with a single drag-and-drop, so if your idea is that ADB is a way to ensure only "users who know what they're doing" are gonna sideload, you've done nothing. This is all security theatre.
grishka: At this point I'm convinced that there's something deeply wrong with how our society treats technology.Ruining Android for everyone to try to help some groups of people is the wrong solution. It's unsustainable in the long run. Also, the last thing this world needs right now is even more centralization of power. Especially around yet another US company.People who are unwilling to figure out the risks just should not use smartphones and the internet. They should not use internet banking. They should probably not have a bank account at all and just stick to cash. And the society should be able to accommodate such people — which is not that hard, really. Just roll back some of the so-called innovations that happened over the last 15 years. Whether someone uses technology, and how much they do, should be a choice, not a burden.
Tostino: I think you read a bit too much into my message. I agree, it's complicated, I don't want my parents and grandparents easily getting scammed.But yes they are my devices, and I should be able to do exactly what I want with them. If I'm forced to deal with other developers incredibly shitty decisions around how they treat VoIP numbers, guess who's going to have a stack of phones with cheap plans in the office instead of paying a VoIP provider...But no, I have no interest in actually distributing software like that further than than the phones sitting in my office.
TurboSkyline: A few apps have been showing pop-ups warning users in advance that they are not going to do the verification. Obtanium is definitely on of them. I think I saw something similar on NewPipe.
xnx: > The one-day waiting period is so arbitrary.Scammers aren't going to wait on the phone for a day with your elderly parent.
cogman10: Sure, but what about a 30 minute delay? 1 hour? 2 hour?24 is just so long.But also, my expectation is that a scammer is going to just automate the flow here anyways. Cool, you hit the "24 hour" wait period, I'll call you back tomorrow, the next day, or the next day and continue the scam process.It might stop some less sophisticated spammers for a little bit, but I expect that it'll just be a few tweaks to make it work again.
fwip: 24 hours is long enough to get them off the phone, and potentially talking to other people who might recognize the scam.There will be some proportion of people who mention to their spouse/child/friend about how Google called them to fix their phone, and are saved by that waiting period.
hypeatei: I'll say it again: this isn't a problem for Android to solve. Scammers will naturally adapt their "processes" to account for this 24-hour requirement and IMO it might make it seem more legitimate to the victim because there's less urgency.The onus of protecting people's wealth should fall on the bank / institution who manages that persons wealth.Nevertheless, this solution is better than ID verification for devs.
limagnolia: Why should the bank/institution be responsible for protecting individuals from themselves? They don't have police power- protecting people from bad actors is like, the reason to have a state. If the state wishes to farm it out to third parties, then we don't need the state anymore!
richwater: Yea I have no idea why the original commenter thinks Banks should have the power to tell me what I can and can't do with my own money.It's nice that Zelle has checks and identity information shown to you when you're sending money, but if I click through 5 screens that say "Yes I know this person" but I actually don't.....no amount of regulation is going to solve that.
hypeatei: Banks absolutely have that power and will stop transactions that seem suspicious or fraudulent already, no? Sometimes they'll call/text to verify you want it go through. I imagine that type of thing but cranked up for accounts flagged "vulnerable" where a family or the person themselves can check a box saying "yes, lockdown this account heavily please" (or whatever you can imagine, idk, I'm not a bank)
xnx: > some apps (e.g., banking apps) will refuse to operate and such when developer mode is onJFC. Why would an app be allowed to know this? Just another datapoint for fingerprinting.
ninininino: Because estimates suggest Americans lose about $119 billion annually to financial scams, which is a not insignificant fraction of our entire military budget, or more than 5% of annual social security expenditures.
wolvoleo: Maybe they should educate them then. Oh wait education is communist. And bad for the religious conservatives.
rtkwe: > - Must enable developer mode -- some apps (e.g., banking apps) will refuse to operate and such when developer mode is on, and so if you depend on such apps, I guess you just can't sideload?What apps are those? I've yet to run into any of my banking apps that refuse to run with developer mode enabled. I've seen a few that do that for rooted phones but that's a different story. I've been running android for a decade and a half now with developer mode turned on basically the whole time and never had an app refuse to load because of it.
adzm: I enable developer mode on every android phone to at least change the animation durations to twice the speed. I also have never run into an issue fwiw
lucasay: The goal seems to be breaking the real-time guidance scammers rely on. 24h probably works, but it feels like a heavy tradeoff for legit users.
serial_dev: > This is going to hurt legitimate sideloading … way more than actually necessary to reduce scamsGoogle: I already said I love it, you don’t have to sell it to me.
wolvoleo: Do you need a Google account to opt out of the restriction? It says something about authenticating.I don't have a Google account on my Androids. But I can't remove play services on them, sadly. As an intermediate protection I just don't sign in to Google play, that gives them at least a bit less identifying information to play with.I hope this can be done without a Google account.
aboringusername: The reauthenticate means using device pin/biometrics if you have them enabled.You will not need a Google account.
free_bip: Brother, there's an entire genre of scamming where the scammers spend months building rapport with their victims, usually without ever asking for anything, before "cashing out". One day is nothing.
nvme0n1p1: Have you ever watched Kitboga? Scammers call people back all the time. They keep spreadsheets of their marks like a CRM. It takes time to build trust and victimize someone, and these scammers are very patient.
ronsor: Scammers will gladly wait on hold for 10 hours a day, for a week, if they think they'll get their Bitcoin.They have infinite time and patience.
devsda: Death, taxes and escalating safety are the only certainities in this tech dominated world. So, be ready for more safety in the next round few months/years down the line. Eventually Android will become as secure as ios. We need a third alternative before that day comes.It's not a win by any means. I hope that we don't stop making noise.
wolvoleo: It's not secure when one of the main adversaries (Google) controls all the keys.
anonym29: >And what is malware? For [Android Ecosystem President], malware in the context of developer verification is an application package that “causes harm to the user’s device or personal data that the user did not intend.”Like when Google, Facebook, Apple, Microsoft, et al. cooperated with¹ the unconstitutional and illegal² PRISM program to hand over bulk user data to the NSA without a warrant? That kind of harm to my personal data that I did not intend?If so, I'd love to hear an explanation of why every Google/Alphabet, Facebook/Meta, and Microsoft application haven't been removed for being malware already.¹ https://www.theguardian.com/world/2013/jun/06/us-tech-giants...² https://www.reuters.com/business/media-telecom/us-court-mass...
frogperson: Its not society, this is simply more fascism. Corperate and government cooperation to surviel and controll the masses.So long as the 5g chips and the 2 mobile app stores remain under control, then 5 eyes has nearly full coverage.
andyjohnson0: I'd rather not have to go through this ritual, but I appreciate that there is a genuine security problem that google are trying to address. I also suspect that they have other motivations bound-up in this - principally discouraging use of alternative app stores. But basically I could live with this process.Yeah, I know... Stockholm syndrome...Although I may not have to live with it, as none of my present devices are recent enough to still receive ota updates.Context: I don't use alternative app stores. I occasionally side-load updates to apps that I've written myself, and very occasionally third party apps from trusted sources.
int0x29: Most of the victims were last in school in the 1960s when all this stuff didn't exist. Also from experience teaching people with dementia or memory issues is kinda challenging as they just forget.
Dwedit: Medical apps (such as those that talk to insulin pumps) also refuse to run when developer mode is turned on.
RIMR: This is hopefully an exciting time to consider a Motorola device, since they are partnering with GrapheneOS, but I worry that Google will block Google Play Services on any device that doesn't comply, so this might actually be a demoralizing time to be a GrapheneOS fan, when we watch them worm their stupid walled garden nonsense into the Motorola version of it.
politelemon: I'm not in agreement with most of you, hn. They've found a decent compromise that works for power users and the general population. Your status as a power user does not invalidate the need to help the more vulnerable.Having to wait a day for a one off isn't a big deal, if they kept it looser then you'd be shouting about the amount of scams that propagate on the platform.
keanebean86: My personal hard line is having to ask Google for permission to sideload. Even if it's free and no personal info is exchanged. This new process is annoying but I can see it helping prevent scams.
RIMR: I am not happy about this, but as long as advanced Android users can still turn this off and keep it off, we're still in a better place than iOS.Even though I understand the design decisions here, I think we're going about this the wrong way. Sure, users can be pressured into allowing unverified apps and installing malware, and adding a 24-hour delay will probably reduce the number of victims, but ultimately, the real solution here is user education, not technological guardrails.If I want to completely nuke my phone with malware, Google shouldn't stand in my way. Why not just force me to read some sort of "If someone is rushing you to do this, it is probably an attack" message before letting me adjust this setting?Anyone who ignores that warning is probably going to still fall for the scam. If anything, scammers will just communicate the new process, and it risks sounding even more legitimate if they have to go through more Google-centric steps.
varispeed: Google serves ads with known scams and nothing seems done about it.Yet, they are concerned about this.It has nothing to do with safety, but everything to do with control.I remember when Google disabled call recording in Android, so you no longer could record scammers. Thanks to recording I was able to get money back from insurance company that claimed they absolutely didn't sell me this and that over the phone (paid for premium insurance and got basic).
beepbooptheory: [delayed]
tbodt: > “For a lot of people in the world, their phone is their only computer, and it stores some of their most private information,” Samat said.Not applying the policy to adb installs makes a lot more sense if the people this is trying to protect don't have a computer
eclipxe: You can run adb install locally without a computer
grishka: If you mean things like Shizuku or local adb connection through Termux, it's quite an awkward process to set up even for someone like me who's been building Android apps since 2011. Like, you can do if you really really need it, but most people won't bother. You have to do it again after every reboot, too.
g947o: Scammers will figure something out to help that workflow smoother, you can count on that.
guelo: > just should not use smartphones and the internetThat's ridiculous. Phones are being made more and more of a requirement to participate in society, including by governments.
grishka: Which is exactly my point! This is exactly the thing that desperately needs to be undone.
NullPrefix: >They should probably not have a bank account at all and just stick to cashPretty much illegal in some parts of EU
cenamus: Source?Also how is it related to the EU if it only affects certain places? Could have just said certain places in Europe
hjadal: Also illegal in Denmark. You need a NemKonto by law. Also making cash payments over 15000 is illegal since 2024. So you can't make a large purchase without a bank transfer.
MishaalRahman: Right, this friction makes it much harder for a scammer to get away with saying something like, "wire me $10,000 right now or you won't see your child ever again!" as the potential victim is forced to wait 24 hours before they can install the scammer's malicious app, thus giving them time to think about it and/or call their trusted contacts.
pfortuny: Spain: you must be paid through a bank if you-have a steady contract -are paid more than 1000€ for a job (say you are self-employed).
grishka: Not sure how it works in countries that didn't go through 80 years of socialism, but I assume that you're saying that in those countries, your salary is required to go to your bank account and can't be paid in cash. Then you can still pretty much "stick to cash" by withdrawing the whole thing on your payday. But then idk, maybe everyone in those countries is aware of the risks related to keeping their money in a bank, it's just the internet banking that introduces the new ones for them.
itsdesmond: what
pfortuny: Completely illegal in Spain if you have a paid job.
derfniw: Illegal would by a hyperbole. But the noose is tightening a bit.There are upcoming limits for cash transactions (10K, countries can opt to go lower), and strong requirements for identity verification at 3K or more euros in cash.See: https://www.deloittelegal.de/dl/en/services/legal/perspectiv...EDIT: The other side of the coin is that banks are _required_ to give legal residents of a country a basic account that can be used for payments.
plorg: If you install it or update it you will get a banner to this effect at first use.
zadikian: Is this even the reason? If Android phonemakers are simply concerned about tech-illiterate users switching to iPhone, they could sell a locked-down Android phone that requires some know-how to unlock.
acrophiliac: I wonder if you might be relying on a stereotype of victims. Here's some recent data: "The 2024 FTC Consumer Sentinel Network reported that 44% of all 20-somethings claimed losses in 2023". More data here: https://www.synovus.com/personal/resource-center/fraud-preve...
