Discussion

A new layer of security for certified Android devices

panny: Shit OP, I watched your account go [dead] in five minutes. I guess we know who owns this site.

panny: >A new layer of security for certified Android devicesMay I purchase a non-certified android device now? Because frankly, fuck you.

girvo: Not if you want to run any of your banking apps or all sorts of things. The open android I knew and loved is long gone

panny: >banking appsI only run what I can find in f-droid repos. I don't care for or want your proprietary apps on my hardware. Fuck off.

selectively: The 'headline' is false. This is specifically for unsigned applications, not for all sideloaded apps.

taspeotis: Did they add another one?https://news.ycombinator.com/item?id=47442690

dfordp11: I must have missed that yesterday.

koolala: It could be worse. Do this after you buy the phone and then in 24 hours its like normal.

raincole: OP account has only five comments in total, and three of them are copy-pasting exact the same words.

dfordp11: it was an error on my part, my keyboard kind of suck they keys sometimes work, sometimes they don't, so I had to clarify this mistake on my part.Apologies, sir

panny: Yeah, just shoot Paul Revere in the head. I'm tired of hearing>The British are coming!I'm trying to sleep bro.

phr4ts: I hope consumers return these phones in droves like Windows RT and Windows 10 S. The issue is that sideloading isn’t an immediate concern—users would only realize the limitation later, when it’s too late to return the device.

butz: Following this logic, adding a checkbox "I swear this app does not contain malware" to app publishing process would solve the problem with malicious apps on Play Store, right?

m132: This submission leads to a generic press release about the anti-feature from 6 months ago, when it was first announced. There's absolutely no mention of the information that has been revealed and posted here since, not even that regarding the 24-hour wait from the submission's title.If this is what the other submissions of this account look like, it's no wonder they're being taken down.

panny: HAHA, flagged!! I DO NOT CARE about your banking apps. I only run open source apps on my hardware. I will NEVER run your closed source software on my hardware. FOR ANY REASON.BOOT LICKERS

askonomm: So I buy a device ... with my own money ... which I supposedly then own, but then I need to ask some corporation permission to use it, and it treats me like a toddler by giving me a 24 hour wait period for the ability to install applications on that device? How is this legal?

RicoElectrico: This is so outrageous I wouldn't mind it being on the front page every day until they back off.

Markoff: this was already discussed, so no point for dupe, but there is no wait period for ADB installand AFAIK this also affects only unverified developers, though hard to imagine why would someone install app from verified dev outside the play store, for the record I don't have gapps in my phone and use Aurora

pmarin: WHy not just add a hardware switch to allow Android sideloading?Are these multibillion companies so incompetent to not think about it?

rapidaneurism: If they add a switch people might use the switch. You are confusing the excuse with the reason.

Markoff: you buy your hardware, you don't buy the software, you buy the license to use the software according license terms

xyzzy123: This will not be a popular comment, but...A 24 hour wait like this can sometimes be the result of a security team not knowing what else to do. There are all sorts of weird threat models when you think hard about how devices are used, like partners who have legit access to a phone at a certain point in time.

r721: >25 August 2025

tuom1s: I may be missing something, but what does the title have to do with the article? There is no mention about any waiting or mandatory reboot. What does OP have in mind?

dfordp11: yeah i was researching and accidently added an old article while copy pasting the link, the orginal blog was released yesterday on developer blog and is prob linked below.I would have added it here, but i don't want hn to be label my account as spam

pprotas: It’s not incompetence, it’s malice

askonomm: What's next? I buy a car which I cannot drive in certain locations unless I ask for permission and wait 24h? Daddy Car Dealership please let me drive in this location, pretty please?

riedel: Actually this OP seems to be the old announcement from 2025 with no additional news as far as I saw. If implemented like this, it will be horror.The baseline for a usable solution for me is still that I can keep my banking apps and that I am able to use fdroid trusted builds from source, can install builds from other open source CI builds, install builds from my students I know personally without needing them to verify with a foreign entity and publishing their personal data.Practically the law will require me to buy another 'developer phone' the for work. Actually allowing more profiles like the work or hidden profile would allow users to at least chose per profile and could at least put their banking apps into a sandbox where they work (requirement would be that Google wallet can also run from such a profile) . I actually would be very happy to run the main profile without any Google play services like Graphene does: I guess a lot of data protection risks would be solved by this.

dfordp11: yeah i accidently added an old article while copy pasting the link, the orginal blog was released yesterday on developer blog and is prob linked below.I have asked the admin to update this with the latest blog, as i can't update it myself nor i can remove the submission

fluxusars: Return them and get what instead? Every other popular phone platform is even more restrictive.

ece: There should be one screen each for self signing individual apps and updates, and another one for adding a public app store key to allow verifying apps and updates from that key. That would be factual and not scary. Yes, the question should be asked of the play store too.People should by default not trust a developer or store that is scaring you into doing something.

gabordemooij: fine, but can you buy alternatives that run your software then?

Narkov: > Think of it like an ID check at the airportThat's an interesting way of selling this.

mindslight: The only sane way to buy a device is to pick a user-representing OS (eg Graphene), pick a device from its list of supported devices, and then install your desired OS on that device as soon as you get it as part of your setup process. Then if it's 24, 48, or 168 hours to receive your unlock code to install the secure OS, it's all just part of the setup process (and if they refuse to unlock for whatever reason, then you're still in the return period!). The longer you let the surveillance industry keep its hooks in you, the more friction and dependence they will add to every single thing you want to do that goes against their business interests.

b00ty4breakfast: If the hardware wasn't locked down on so many devices, this wouldn't be an issue because people could choose to use a different OS.

petterroea: In school I learned the definition of politics was "the distribution of benefits and burdens". We can and probably should view this as a political question. The benefit is the consumer right to do whatever you want with the device you bought (used by some), vs the burden of making yourself attackable by scammers etc. Google are pushing first and foremost for protecting end-users from scammers. They do benefit from this, so there is probably an incentive for them to do so. It is very practical that they can call locking down their phones "protecting users".The big question here is where on the balance scale we care about "protecting users against scammers" vs "protecting users against enshittification, closed ecosystems, and possible future power grabs". One side is very tangible and easy to understand, the other more abstract, and most consumers simply don't understand it well enough to make educated choices about it. This uncertainty is being used by powers that benefit from pushing towards the "lock-down" extreme of the scale. Peter Thiel said so himself.It is also worth noting that it is these security guys' job at Google to invent security schemes. All in all they did their job as engineers, and ignoring personal responsibility to engineer solutions that balance needs not only technical but also social, they did everything right. In a larger society there should be people who take on the job of setting boundaries for these technical solutions. Just like you need technical people to push back on technical demands from non-technical people within a company, we people who push back on this sort of stuff in our society. Us technical folks are best suited to do this job.TL;DR: The political question boils down to how many grandmas are we as a society happy with getting scammed in the name of protecting consumer freedoms? In the extreme and hyperbolic case, are we happy with an infinite number of grandmas being sacrificed? Where on the line do we want to be? And what other measures can we put into place to make the problem easier to solve without sacrificing basic freedoms? If you are technical you should probably consider taking more space in the public debate.

djmips: https://android-developers.googleblog.com/2026/03/android-de...

djmips: It's a one time 24 hour wait.

askonomm: Right so by this logic, if I buy an electric car, and they decide to not let me drive on dirt-roads because the software won't allow me to and I need to ask special permission and wait 24h to be able to, that's also totally fine then, right? Do you not see the ridiculousness of this premise?

jzs: I never bought into the apple ecosystem for the exact reason of not being able to feel ownership over my own device.However i also understand the challenges google has. They/vendors are selling consumer devices with a consumer OS on it. Not everybody is tech savvy and a fair bit of people are too easy to trick into installing things.An alternative could be to offer two versions(perhaps on phone activation). A business like version where a business(and people on HN) get full access. MDM and all. And average Joe mamas version that comes with more guard rails activated.I can personally live with that 24 hour wait once, if it helps protect the average people from scammers etc.

askonomm: I can understand that point, but I'd much rather vote for increased education than increased babysitting. Increased education would affect those that need it whereas increased babysitting affects everyone, including those who do not need it, and living in a society where everybody assumes you're a toddler because some people are easily gullible and ignorant is just horrible.

t0bia_s: [delayed]