The Android verification is such a broken experience. Recently I decided to purchase a dev account for my company, so far:
1) Provided my company DUNS number etc. once to create the payment profile. I did this some times ago, don’t remember the details but it was an involved verification process and it is marked as verified business payment profile.
2) Later on the payment step verified myself with a passport and bank statement to be able to actually pay with a proper HSBC bank card. Not shady pre-paid card or something, those are not accepted anyway.
3) After I paid I was told that now I need to verify my identity once more but this time with the passport and the incorporation certificate or some other company document.
fingers crossed that in few days it will be verified. While waiting, it tells me that there are still website and email verification to do once the previous step is done. I already verified my e-mail a few times before paying.
It’s painful, slow and annoying because if you fail at a step(i.e. needs verification that takes days and you are told about it at the payment step) you have to start again with the forms.
I just remembered why I never use Android. It seems like no one owns the process and as a result you get unpolished shitty experience that fulfills the requirements of god knows how many people who work in the same company but don’t talk to each other.
I released an Android app to the Play Store ~10 years ago and the most important advice people were always sounding alarms about online in Android dev communities was to not publish under your real Google account you care about, because it's not unlikely a bot will ban your entire account because of some vague infraction that's near impossible to appeal.
Google seems to actively hate people who develop for their platforms. Which I don't believe is a good move with their current hand, where young people in wealthy countries (i.e. the future of people who will spend money on apps) are something like 90% iPhone users these days.
1) Re-submit an app after it was rejected and labelled a gambling app (it wasn't even close - a 15 second look by a real human would have seen that. This one was even appealed and the support was utterly useless. I ended up changing one word and re-submitting the app, approved no problem.
2) An existing app, in the Play store for years but a nice app - only about 500 installs. I had to submit a new version for no reason whatsoever... Except to keep the customers developer account active.
Those are just issues I've dealt with in the last month or two.
Every single time, Google Support is completely useless - including the appeals process, which is an absolute joke.
Not to mention if you made one app in college and then didn't keep up with the SDK updates, Google perma-closes the entire Play account such that the only way to publish a new app is by creating a brand new gmail account
Forcing people to keep up with SDK updates is a bad thing in itself. Let people target the earliest possible feature set and make the app run on as many phones as possible rather than showing scary messages to people due to targeting an older API.
I think the problem is that older SDK versions allowed you to do things like scan local WiFi names to get location data, without requiring the location permission.
So bad actors would just target lower SDK versions and ignore the privacy improvements
The newer Android version could simply give empty data (for example, location is 0,0 latitude longitude, there are no visible WiFi networks), when the permission is missing and an app on the old SDK version requests it.
Of course, they don't like this because then apps can't easily refuse to work if not allowed to spy.
Phone companies are required to make sure 911 works on their phones. Random people on the internet aren't required to make sure 911 works on random apps, even if they look like phones.
That sounds a lot like my experience as an Apple Developer too, with the added bonus (unclear from your description if you experienced this too) that they took my money before the verification process was finished and wouldn't refund it once their AI couldn't connect my face to my ID and wouldn't let me connect with a real person (the first dozen times were on them, but after that it was maybe my fault for including a middle finger in the photographs).
Going through hell with Apple Developer too. I didn't have to do much in terms of verification (probably because I created an account as an individual) but app submission is another story:
- first time I got rejected for mentioning a name of a third party in my app description. The app description said: DISCLAIMER: not affiliated with xxx
- after fixing the app description I got rejected for using my app name(?!), multiple back and forths with the reviewer got me nowhere, they just copy pasted the same response not addressing my messages at all
- filled the app store review board appeal, it's been 5 days and I've got no response.
At this point I'm seriously considering rewriting the app for MacOS and distributing myself. I can't imagine going through all of this with every app update, it's beyond ridiculous.
Lieutenant Appleby rejected my submission almost immediately. The notice informed me that I had committed the grave offense of impersonating a third party in the description.
"I didn't impersonate a third party," I explained in my message to Lieutenant Appleby. "I only wrote a disclaimer stating: Not affiliated with ACME."
"Exactly," lieutenant appleby replied. "By stating you have nothing to do with ACME, you have involved ACME. Therefore, you are unlawfully impersonating an unaffiliated party."
"But I only mentioned them to prove I wasn't affiliated with them!"
"Which is a violation," Lieutenant Appleby pointed out.
It was a Catch-22. The Guidelines stated that to prove you were not affiliated with a third party, you had to write a disclaimer. But to write the disclaimer, you had to type the third party’s name, which was a strict violation of the rule against mentioning third parties you were not affiliated with.
I deleted the disclaimer, thereby making myself safely affiliated with nobody by refusing to acknowledge anyone. I resubmitted the app.
Lieutenant Appleby rejected it again.
"What is it this time?" I asked.
"You are using your app's name," Lieutenant Appleby replied.
"Of course I am using my app's name," I replied back. "It is the name of my app."
"You cannot use that name. It is trademark infringement."
"Infringing on whose trademark?"
"The app's."
"But I am the app! It is my app!"
"Which is exactly why you cannot use it," Lieutenant Appleby wrote patiently. "If you use the app's name, you are impersonating the app. And impersonation is strictly forbidden by the Guidelines. An app cannot go around pretending to be itself!"
At this point, my phone is PDA level, mostly useful for quick checks. I use a laptop for computing. I know as a tech nerd, I’m far out of the bell curve, but I can’t really bother with those shenanigans unless they’re paying me for it.
Develop only Web applications, that are mobile friendly, notice I said mobile friendly, not PWA.
However, thanks to many of us that only favour Chrome like IE of yore, and ship it alongside their "native" applications, the Web is nowadays ChromeOS Application Platform, so we are only a couple of years away of Google owning that as well.
You might not have a way to actually file a complaint against them but quite often, their legal department will just have a quick look at your case and just give you what you want without bothering to tell you anything. Worth a shot.
I am doing leatherworking as well as woodworking. No idea if it is possible to actually make money with this¹, but damned if I'm not giving it a go just to have skills in an area where AI is not a threat for the coming decade. At the very least these crafts allow me to make things which do not exist and cannot be purchased off the shelf.
1: I mean, it is, certainly. I'm just not sure if I can make money by making leather gear.
If you are in EU you could try complaining to your local DPA. That certainly sounds like "automated decision which produces legal effects concerning him or her or similarly significantly affects him or her" which is against article 22 of GDPR. Or you could consider suing them directly at least for the refund.
Outside of EU maybe try passing law like GDPR to actually get some rights back.
If this is a business account why do they want your passport? And why are you paying with a personal bank card rather than a business one? Or do I misunderstand?
They may want proof that you, the human filling out this form, are authorized to publish apps, communications, etc. as the company you say you represent.
How does a passport solve that? Most small private companies are entirely opaque. A government ID doesn't help you determine authorization. It won't even help you determine ownership since anyone doing things sensibly will be using a registered agent to hold the company on his behalf.
The correct approach here (AFAIK) is to punt the trust decision to the bank by requiring payment with a method that you can confidently trace to the company.
Yeah I would imagine that the value the get out of a passport is not anything to do with validating a company (they’re cheap and easy to make anyway) but validating the person (which is not a throwaway entity)
My government ID card expired and I was too lazy to renew it but I had my passport at hand so why not?
BTW both the id card and the passport have cryptographic authentication and you are able to open a bank account or use govt services completely online by scanning it with the phone Rfid . They could have make me scan that, scan my face and be done with the identity verification. My identity is already verified and tied to my company the same way and also
listed in the companies registry which means they could have had skipped all the other company verification stuff too.
What you're describing is not "broken", it's the process and it appears it hasn't even failed for you.
My experience with getting a verified "business" developer account from Google mirrors the experience as getting one from Apple, except it's a one-time fee and much less than Apple.
Yes there are hoops to jump through, identification usually requires some hoops, but pretty it's straightforward. I am not commenting on the requirements of these hoops, yes, it's BS that they exist but it's their platform so it's their rules.
What type of "experience" are you expecting to have anyway?
> However, our recent analysis found over 90 times more malware from sideloaded sources than on Google Play
Google has seemingly never seen an elderly person's phone, where it is completely infected with crap including literal popup ads (that somehow overlay other apps), yet all of it was downloaded from GPlay.
What % of Android users actually want this? Do they know or care?
I've been using Android since 2010 because it was open in ways that the Apple ecosystem wasn't. I do not want this and imagine hardly any other power users (for lack of a better term) do. I'm already using a mostly deGoogled device but this really seals the deal. I have been longing for a true Linux phone for years and now seems like a good time to get serious about the search and migration plan.
> Android is for everyone. It’s built on a commitment to an open and safe platform. Users should feel confident installing apps, no matter where they get them from.
This intro immediately tells me that whatever comes after will be horrible for users and developers. Surprise surprise, I was right. Software to "verify" side loaded apps is a bad, anti user idea.
> Starting in April, Android Developer Verifier will be installed on devices.
so they're rolling out a system app that will call home to check whether any sideloaded apps have been "verified" with the developer's government ID? and this process will happen regardless of whether the user has enabled the "advanced flow" in Developer settings?
If they're taking on verification, are they also taking on liability? Do we get to sue them if grandma gets scammed through an app they allow onto their phone?
Maybe it's just me but what happened to "don't send your government id to anyone". I am from the EU but this is what was indoctrinated to me. Just seems very strange to all off a sudden send all this information to any company you require a service from.
Also the person is not the company, why is Google making the developer identify oneself while many apps are released under a company? My understanding is that Google has been mishandling this for a while but with the verification linked to a government id that just seems like another can of worms.
A few scenarios to consider:
- The developer is fired/resigns and the company does not want to be associated with the developer, for example if the developer is convicted for something.
- The developer is fired/resigns and the developer does not want to be associated with the company, developer found out about certain practices of the company they don't condone.
- The developer and the company part in good faith, however one of them is being exploited/pressured by a third party to abuse the relationship to the app.
- The developer or the company is on legal hold due to legal issues, arrests, malpractice etc.
- The developer passes away or the company ceases to exist.
- How does this work if you are making an app as a developer for hire, when entering into a contract with a publisher for example. Who will verify and how will that work (especially on small scale apps).
That's seriously horrible. There are 5+ open source android apps that I use and want to continue using that are not available on Play Store, but rather through alternative stores (like Zapstore, Obtainium).
If I get a phone with preinstalled Graphene OS (like the upcoming Motorola phone), then does it avoid this stupidity? Or even with Graphene it prevents me from installing apks?
My experience was worse than just frustrating verification - it cost me money twice.
I submitted my government-issued ID and bank statements multiple times. Each time rejected, no specific explanation why. After several rounds I gave up, assuming my developer account would at least stay dormant until I felt like trying again.
It didn't. Google deleted the account entirely. No warning, no refund of the €25 registration fee or whatever it costed. When I eventually wanted to publish again, I had to create a new account and pay again. The second time around they accepted my driving license - the same type of document category they had rejected before.
So the real cost of a bad verification experience isn't just time. If you give up and walk away, you lose your fee and start from zero. That's the part that stung, at least for me.
I'd say Hackernews knows enough people at Google to raise a stink about this, but it's not going to do any good. Sometime at the last WEF or Bilderberg meeting it was decided that KYC level identity verification should be required to use a computer or the internet, with more stringent requirements to program one. This, and much worse, is going to happen whether we like it or not.
The latest shift to lock down Google's android pushed me recently to install /e/OS. On paper it makes those kind of projects a lot harder, but its prompted me to be a bit more considered about what software projects I want to use/support.
Really glad I have done that - I've been a 'boiled frog' of sorts on Android for a while now. Not happy with being continually more and more locked down, but not quite unhappy enough to shift. Feels like a breath of fresh air to have software that's built to serve me, rather than just to serve me ads.
I am part of the team running keepandroidopen.org and corralling the signatures for the open letter opposing this program. We've been trying to get Google to reverse course on this program ever since it was announced.
As it stands, Android Developer Verification (ADV) is a death sentence for F-Droid, Obtainium, and other competitors to the Google Play Store, both commercial and non-commercial. We are disappointed that they are still trying to steamroll this through in the face of overwhelming public opposition.
There are numerous reasons to object to the program, but a few of the top ones are:
1. You own your computer, and you should be the sole decision-maker for what software you can install on it.
2. "Malware" means whatever Google says it means, and their terms and conditions change daily; today malware is banking scams, tomorrow it is … ad-blocking? VPNs? Their decisions are un-reviewable and opaque, and they have obvious commercial incentives to block certain kinds of (otherwise-legal) software.
3. Centralizing global developer registrations through a US corporation makes it subject to the rules (and whims) of the current regime. Citizens of sanctioned countries or members of sanctioned entities (like the International Criminal Court) will be legally barred from registering, blocking them from creating and distributing software _anywhere_ in the world (not just the US).
4. Scenarios that Google claims ADV will protect against — such as high-pressure phone calls manipulating vulnerable users into installing scam apps — have _already_ been addressed by incremental improvements to Android security over the years, such as "Enhanced Fraud Protection" introduced in Android 13 (and expanded in Android 15). Android has incrementally improved its security features over its near 20 years of existence. There is no evidence that anything has suddenly changed to justify such a disproportionate and extreme lockdown.
5. Being required to pay Google for the privilege of uploading your government identification so that you might be permitted to contribute to the Android software ecosystem is such an abominable insult to the developers that helped build the platform. It deserves all the utter contempt that has been heaped upon it thus far, and begs regulatory scrutiny from those few countries that still have the courage to stand up to these bullies.
We emphatically recommend against developers signing up for this program or endorsing it in any way.
Is there any information about how the "advanced flow" will be implemented? According to keepandroidopen.org, this is going to be handled by Google Play Services. Does it mean it will be automatically installed via the silent, always-on GMS update mechanism and I should root my devices and remove GMS altogether if I don't want this?
If I do software for Windows, Linux or FreeBSD I don't need verification. And potential users aren't required to get software only from a certain app store.
This is a case of companies forcing things on us "for our own good" and them knowing better than us what is good for us or not.
Android is for everyone. It’s built on a commitment to a... safe platform.
These two statements contradict. When something is public, it is not entirely safe; and to make something safe, there is exclusion of practices, behaviors, and often people.
> So as an extra layer of security, we are rolling out Android developer verification to help prevent malicious actors from hiding behind anonymity to repeatedly spread harm.
1. Well, then, surely Google can't be in charge of this process, because they are a malicious actor, known to manipulate social media search results and engage in mass surveillance of its users. And that's in addition to analyzing their personal data to try to manipulate them into buying things; which is called "targeted advertizing", but I would also characterize as harm.
2. To be slightly less tongue-in-cheek: Imagine that a two would prevent entry of unverified people - you know, to prevent malicious anonymous actors from bringing harm. That would be ridiculous - nobody should be able to restrict public space. Well, the space of computation and communications via our handheld phones/computers is enough of a public space to merit the same principle. Which means that it is not acceptable for it to be under Google/Alphabet's control. Government regulation could mitigate this problem, but then, governments collude with large corporations and often approve of such restrictions.
I don't see a way out of this except government regulation. The EU has the most motivation to do it, as a huge economic bloc with a lot of motivation right now to become as independent from the US as possible.
I guess I can sort of manage to keep my head above water and keep buying secondhand phones which I unlock and install a supported version of LineageOS. But it's cumbersome, it gets more difficult and more restrictive every time. And I literally have a doctorate in computers for crying out loud! Is there any hope for Granny? For a kid? For >99% of people? Of course not.
This is so clearly a matter for government oversight: prevent abuse, monopolies, protect the citizen's safety, rights, welfare, etc. It's not reasonable to expect consumers to figure out if the meat they buy is tainted, just as it's not to figure out if their phone spies on them, manipulates information, or sells their data (especially when there's a duopoly). That's why we have laws and food inspectors, paid for by the public, working for the public. Same thing with digital rights.
tl;dr how to install an app from unverified developer ("advanced flow")
1. enable developer mode
2. confirm you aren't being coached
3. restart your phone and reauthenticate
4. come back after 24 hours and unlock device
5. install app from unverified developer, option of enabling for 7 days or indefinitely
This is apparently a one-time process. Advanced flow for users launches globally August 2026. Verification requirement kicks in September 2026.
Personally I am hopeful that people work toward a completely new, non-Android OS. 15 GB of space on my phone, and 1.5 GB of RAM, is dedicated to Android OS alone. This design, and the control this company (and the mobile providers, and device manufacturers) have over the mobile world, is ridiculous. Let's start over.
Older Androids which are fully rootable and unbrickable are cheap (maybe even monetarily free) and will let you continue to have freedom despite what Google wants.
"Those who give up freedom for security deserve neither."
> The scale of this threat is significant: our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play
> It’s only when a user tries to install an unregistered app that they’ll require ADB or advanced flow, helping us keep the broader community safe while preserving the flexibility for our power users.
So, we have a sideloaded app now. Which has been increasingly tricky for our users to install. The warning they get is hard to understand. Does this mean essentially the end of sideloading?
At this point, I think I would prefer to carry a dumb flip phone for SMS and phone calls, and a smartphone-shaped generic touchscreen linux computer for everything else. It's becoming disturbingly impossible to find the former, and practically impossible (IME) to find the former.
Does anyone here have experience using Ubuntu Touch? That's the closest thing I've seen to "generic touchscreen linux" for mobile phone hardware. I'd love a device that works for multimedia, navigation, web browsing, and a handful of APKs like various chat apps (and really anything can can arbitrarily use the hardware), but it seems like tying a cellular modem to this ends up fucking up the whole dream because of carrier and manufacturer motivations/compensations.
Even once you've managed to verify, Google love throwing more challenges at you if you want to keep your apps in the store. "You need to declare your blood type or we will remove your apps in 30 days". I removed my apps myself as it was turning from a hobby to an unpaid job just to keep the apps in the store.
335 comments
1) Provided my company DUNS number etc. once to create the payment profile. I did this some times ago, don’t remember the details but it was an involved verification process and it is marked as verified business payment profile.
2) Later on the payment step verified myself with a passport and bank statement to be able to actually pay with a proper HSBC bank card. Not shady pre-paid card or something, those are not accepted anyway.
3) After I paid I was told that now I need to verify my identity once more but this time with the passport and the incorporation certificate or some other company document.
fingers crossed that in few days it will be verified. While waiting, it tells me that there are still website and email verification to do once the previous step is done. I already verified my e-mail a few times before paying.
It’s painful, slow and annoying because if you fail at a step(i.e. needs verification that takes days and you are told about it at the payment step) you have to start again with the forms.
I just remembered why I never use Android. It seems like no one owns the process and as a result you get unpolished shitty experience that fulfills the requirements of god knows how many people who work in the same company but don’t talk to each other.
Google seems to actively hate people who develop for their platforms. Which I don't believe is a good move with their current hand, where young people in wealthy countries (i.e. the future of people who will spend money on apps) are something like 90% iPhone users these days.
Recent things I've had to do:
1) Re-submit an app after it was rejected and labelled a gambling app (it wasn't even close - a 15 second look by a real human would have seen that. This one was even appealed and the support was utterly useless. I ended up changing one word and re-submitting the app, approved no problem.
2) An existing app, in the Play store for years but a nice app - only about 500 installs. I had to submit a new version for no reason whatsoever... Except to keep the customers developer account active.
Those are just issues I've dealt with in the last month or two.
Every single time, Google Support is completely useless - including the appeals process, which is an absolute joke.
So bad actors would just target lower SDK versions and ignore the privacy improvements
Of course, they don't like this because then apps can't easily refuse to work if not allowed to spy.
Consider - it's a voip dialing client which has a requirement to provide location for E911 support.
If the OS vendor starts providing invalid data, it's the OS vendor which ends up being liable for the person's death.
e.g. https://www.cnet.com/home/internet/texas-sues-vonage-over-91...
which is from 2005, but gives you an idea of the liability involved.
I guess Vonage should try to appeal the case and say pocksuppet said they're not required to do that.
And you can manually force only the voip dialing apps instead of everyone
Is there a way around this shitocracy?
- after fixing the app description I got rejected for using my app name(?!), multiple back and forths with the reviewer got me nowhere, they just copy pasted the same response not addressing my messages at all
- filled the app store review board appeal, it's been 5 days and I've got no response.
At this point I'm seriously considering rewriting the app for MacOS and distributing myself. I can't imagine going through all of this with every app update, it's beyond ridiculous.
"I didn't impersonate a third party," I explained in my message to Lieutenant Appleby. "I only wrote a disclaimer stating: Not affiliated with ACME."
"Exactly," lieutenant appleby replied. "By stating you have nothing to do with ACME, you have involved ACME. Therefore, you are unlawfully impersonating an unaffiliated party."
"But I only mentioned them to prove I wasn't affiliated with them!"
"Which is a violation," Lieutenant Appleby pointed out.
It was a Catch-22. The Guidelines stated that to prove you were not affiliated with a third party, you had to write a disclaimer. But to write the disclaimer, you had to type the third party’s name, which was a strict violation of the rule against mentioning third parties you were not affiliated with.
I deleted the disclaimer, thereby making myself safely affiliated with nobody by refusing to acknowledge anyone. I resubmitted the app.
Lieutenant Appleby rejected it again.
"What is it this time?" I asked.
"You are using your app's name," Lieutenant Appleby replied.
"Of course I am using my app's name," I replied back. "It is the name of my app."
"You cannot use that name. It is trademark infringement."
"Infringing on whose trademark?"
"The app's."
"But I am the app! It is my app!"
"Which is exactly why you cannot use it," Lieutenant Appleby wrote patiently. "If you use the app's name, you are impersonating the app. And impersonation is strictly forbidden by the Guidelines. An app cannot go around pretending to be itself!"
However, thanks to many of us that only favour Chrome like IE of yore, and ship it alongside their "native" applications, the Web is nowadays ChromeOS Application Platform, so we are only a couple of years away of Google owning that as well.
Companies operating in Europe must provide a clear way to appeal automated decisions: https://www.edps.europa.eu/data-protection/our-work/publicat...
You might not have a way to actually file a complaint against them but quite often, their legal department will just have a quick look at your case and just give you what you want without bothering to tell you anything. Worth a shot.
> Is there a way around this shitocracy?
Refuse to play. Switch to technologoy that the shitocracy has not gotten around to yet, or, eventually, pick up woodworking.
1: I mean, it is, certainly. I'm just not sure if I can make money by making leather gear.
> Is there a way around this shitocracy?
If you are in EU you could try complaining to your local DPA. That certainly sounds like "automated decision which produces legal effects concerning him or her or similarly significantly affects him or her" which is against article 22 of GDPR. Or you could consider suing them directly at least for the refund.
Outside of EU maybe try passing law like GDPR to actually get some rights back.
The correct approach here (AFAIK) is to punt the trust decision to the bank by requiring payment with a method that you can confidently trace to the company.
BTW both the id card and the passport have cryptographic authentication and you are able to open a bank account or use govt services completely online by scanning it with the phone Rfid . They could have make me scan that, scan my face and be done with the identity verification. My identity is already verified and tied to my company the same way and also listed in the companies registry which means they could have had skipped all the other company verification stuff too.
That is you, for tax and legal purposes in the jurisdictions within which you reside, an individual, operating a business by yourself as yourself.
My experience with getting a verified "business" developer account from Google mirrors the experience as getting one from Apple, except it's a one-time fee and much less than Apple.
Yes there are hoops to jump through, identification usually requires some hoops, but pretty it's straightforward. I am not commenting on the requirements of these hoops, yes, it's BS that they exist but it's their platform so it's their rules.
What type of "experience" are you expecting to have anyway?
> However, our recent analysis found over 90 times more malware from sideloaded sources than on Google Play
Google has seemingly never seen an elderly person's phone, where it is completely infected with crap including literal popup ads (that somehow overlay other apps), yet all of it was downloaded from GPlay.
I've been using Android since 2010 because it was open in ways that the Apple ecosystem wasn't. I do not want this and imagine hardly any other power users (for lack of a better term) do. I'm already using a mostly deGoogled device but this really seals the deal. I have been longing for a true Linux phone for years and now seems like a good time to get serious about the search and migration plan.
> Android is for everyone. It’s built on a commitment to an open and safe platform. Users should feel confident installing apps, no matter where they get them from.
This intro immediately tells me that whatever comes after will be horrible for users and developers. Surprise surprise, I was right. Software to "verify" side loaded apps is a bad, anti user idea.
> Starting in April, Android Developer Verifier will be installed on devices.
so they're rolling out a system app that will call home to check whether any sideloaded apps have been "verified" with the developer's government ID? and this process will happen regardless of whether the user has enabled the "advanced flow" in Developer settings?
Also the person is not the company, why is Google making the developer identify oneself while many apps are released under a company? My understanding is that Google has been mishandling this for a while but with the verification linked to a government id that just seems like another can of worms.
A few scenarios to consider:
- The developer is fired/resigns and the company does not want to be associated with the developer, for example if the developer is convicted for something.
- The developer is fired/resigns and the developer does not want to be associated with the company, developer found out about certain practices of the company they don't condone.
- The developer and the company part in good faith, however one of them is being exploited/pressured by a third party to abuse the relationship to the app.
- The developer or the company is on legal hold due to legal issues, arrests, malpractice etc.
- The developer passes away or the company ceases to exist.
- How does this work if you are making an app as a developer for hire, when entering into a contract with a publisher for example. Who will verify and how will that work (especially on small scale apps).
If I get a phone with preinstalled Graphene OS (like the upcoming Motorola phone), then does it avoid this stupidity? Or even with Graphene it prevents me from installing apks?
Has anyone seen the report for that analysis. I bet most people here would love to read it too.
I submitted my government-issued ID and bank statements multiple times. Each time rejected, no specific explanation why. After several rounds I gave up, assuming my developer account would at least stay dormant until I felt like trying again.
It didn't. Google deleted the account entirely. No warning, no refund of the €25 registration fee or whatever it costed. When I eventually wanted to publish again, I had to create a new account and pay again. The second time around they accepted my driving license - the same type of document category they had rejected before.
So the real cost of a bad verification experience isn't just time. If you give up and walk away, you lose your fee and start from zero. That's the part that stung, at least for me.
Really glad I have done that - I've been a 'boiled frog' of sorts on Android for a while now. Not happy with being continually more and more locked down, but not quite unhappy enough to shift. Feels like a breath of fresh air to have software that's built to serve me, rather than just to serve me ads.
As it stands, Android Developer Verification (ADV) is a death sentence for F-Droid, Obtainium, and other competitors to the Google Play Store, both commercial and non-commercial. We are disappointed that they are still trying to steamroll this through in the face of overwhelming public opposition.
There are numerous reasons to object to the program, but a few of the top ones are:
1. You own your computer, and you should be the sole decision-maker for what software you can install on it.
2. "Malware" means whatever Google says it means, and their terms and conditions change daily; today malware is banking scams, tomorrow it is … ad-blocking? VPNs? Their decisions are un-reviewable and opaque, and they have obvious commercial incentives to block certain kinds of (otherwise-legal) software.
3. Centralizing global developer registrations through a US corporation makes it subject to the rules (and whims) of the current regime. Citizens of sanctioned countries or members of sanctioned entities (like the International Criminal Court) will be legally barred from registering, blocking them from creating and distributing software _anywhere_ in the world (not just the US).
4. Scenarios that Google claims ADV will protect against — such as high-pressure phone calls manipulating vulnerable users into installing scam apps — have _already_ been addressed by incremental improvements to Android security over the years, such as "Enhanced Fraud Protection" introduced in Android 13 (and expanded in Android 15). Android has incrementally improved its security features over its near 20 years of existence. There is no evidence that anything has suddenly changed to justify such a disproportionate and extreme lockdown.
5. Being required to pay Google for the privilege of uploading your government identification so that you might be permitted to contribute to the Android software ecosystem is such an abominable insult to the developers that helped build the platform. It deserves all the utter contempt that has been heaped upon it thus far, and begs regulatory scrutiny from those few countries that still have the courage to stand up to these bullies.
We emphatically recommend against developers signing up for this program or endorsing it in any way.
https://news.ycombinator.com/item?id=47354917
This is a case of companies forcing things on us "for our own good" and them knowing better than us what is good for us or not.
>
Android is for everyone. It’s built on a commitment to a... safe platform.These two statements contradict. When something is public, it is not entirely safe; and to make something safe, there is exclusion of practices, behaviors, and often people.
> So as an extra layer of security, we are rolling out Android developer verification to help prevent malicious actors from hiding behind anonymity to repeatedly spread harm.
1. Well, then, surely Google can't be in charge of this process, because they are a malicious actor, known to manipulate social media search results and engage in mass surveillance of its users. And that's in addition to analyzing their personal data to try to manipulate them into buying things; which is called "targeted advertizing", but I would also characterize as harm.
2. To be slightly less tongue-in-cheek: Imagine that a two would prevent entry of unverified people - you know, to prevent malicious anonymous actors from bringing harm. That would be ridiculous - nobody should be able to restrict public space. Well, the space of computation and communications via our handheld phones/computers is enough of a public space to merit the same principle. Which means that it is not acceptable for it to be under Google/Alphabet's control. Government regulation could mitigate this problem, but then, governments collude with large corporations and often approve of such restrictions.
I guess I can sort of manage to keep my head above water and keep buying secondhand phones which I unlock and install a supported version of LineageOS. But it's cumbersome, it gets more difficult and more restrictive every time. And I literally have a doctorate in computers for crying out loud! Is there any hope for Granny? For a kid? For >99% of people? Of course not.
This is so clearly a matter for government oversight: prevent abuse, monopolies, protect the citizen's safety, rights, welfare, etc. It's not reasonable to expect consumers to figure out if the meat they buy is tainted, just as it's not to figure out if their phone spies on them, manipulates information, or sells their data (especially when there's a duopoly). That's why we have laws and food inspectors, paid for by the public, working for the public. Same thing with digital rights.
Personally I am hopeful that people work toward a completely new, non-Android OS. 15 GB of space on my phone, and 1.5 GB of RAM, is dedicated to Android OS alone. This design, and the control this company (and the mobile providers, and device manufacturers) have over the mobile world, is ridiculous. Let's start over.
"Those who give up freedom for security deserve neither."
> However, our recent analysis found over 90 times more malware from sideloaded sources than on Google Play
https://android-developers.googleblog.com/2025/08/elevating-...
> The scale of this threat is significant: our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play
Bald face lies are getting baldier.
> It’s only when a user tries to install an unregistered app that they’ll require ADB or advanced flow, helping us keep the broader community safe while preserving the flexibility for our power users.
So, we have a sideloaded app now. Which has been increasingly tricky for our users to install. The warning they get is hard to understand. Does this mean essentially the end of sideloading?
Does anyone here have experience using Ubuntu Touch? That's the closest thing I've seen to "generic touchscreen linux" for mobile phone hardware. I'd love a device that works for multimedia, navigation, web browsing, and a handful of APKs like various chat apps (and really anything can can arbitrarily use the hardware), but it seems like tying a cellular modem to this ends up fucking up the whole dream because of carrier and manufacturer motivations/compensations.
> our recent analysis found over 90 times more malware from sideloaded sources than on Google Play.
So, what I'm being told is; there's lots of malware on Google Play? Thank goodness for f droid (for now).