The detail that keeps getting lost in these threads: the "advanced flow" for power users is delivered through Google Play Services, not the Android OS. That's the whole game.
It means the safeguard is not part of AOSP. It ships as a closed component that Google can narrow, gate, or remove in any Play Services update, with no Android version bump, no OEM coordination, no user consent beyond the usual auto-update. "Open platform with an escape hatch" is load-bearing in the PR; "closed escape hatch bolted onto an open kernel" is what's actually shipping.
The second tell is timing. It's five months from enforcement and the flow has not appeared in any beta, dev preview, or canary build. We're being asked to treat a blog post and UI mockups as a functional guarantee. No other platform change of this scope lands without a shipping preview this late, and Google knows it.
The third piece most devs skim past: registration requires uploading evidence of your private signing key. Whatever you think of the verification program in principle, that specific requirement changes the threat model of every Android key in existence, including the ones protecting apps people already depend on.
"Sideloading still works" is only true in the narrow sense that some ceremony remains. The mechanism protecting that ceremony is owned by the party with the strongest incentive to eventually close it.
What follows is the "advanced flow." I feel like there should be a class action lawsuit in response to this as when I purchased my device I had an expectation that I could install apps without this insane limitation
Enable Developer Mode ↗ by tapping the software build number in About Phone seven times
In Settings > System, open Developer Options and scroll down to “Allow Unverified Packages.”
Flip the toggle and answer a scare screen confirming that you are not being coerced
Enter your device unlock pin/password
Restart your device
Wait 24 hours
Return to the unverified packages menu at the end of the security delay
Scroll past additional scare screen warnings and select either “Allow temporarily” (seven days) or “Allow indefinitely.”
On the next scare screen, confirm that you understand the risks.
You can now install unverified packages on the device by tapping the “Install anyway” option in the package manager.
How is this unreasonable? This is to prevent cases where people are told to urgently install the app while on a call, so the call has to be broken and person has a day to actually do something about the call.
Are you that zoomer brained to not be able to wait a day to install your APK?
> the "advanced flow" for power users is delivered through Google Play Services, not the Android OS. That's the whole game.
What is the source for this claim? I can believe it, but I haven't seen where the claim actually comes from, and it doesn't seem to be mentioned in Google's announcements.
If the "advanced flow" is delivered through play services, what does this mean for degoogled Android phones? Or are those not concerned with the new side loading limitations?
Put simply, If I were to install plain AOSP and F-Droid would I be able to continue installing apps normally?
>Combat astroturfing: when you encounter suspect posts on community forums and social media in support of the policy (“Well, actually…”), challenge them and do not be shy.
Someone contact Dang, because this is now allowed. I have been suspicious HN has actively supported astroturfers over the years for some sort of financial or mutually beneficial gain.
Anyway I basically changed to web apps. They are much easier to deal with and develop.
Hypothetically, if Pixel phones became the go-to phone on Android, would G be less or more likely to keep it open? I have a bad feeling that the former is more accurate. The fragmentation somewhat forces the openness, or at least a baseline of openness. If pixels went to 98% market share, a rug pull seems easy and desirable for the management classes.
I'll admit that my cynicism is in no small part to having seen Android team members at G carrying around iPhones. It kills me to think that the bad parts of Apple are so interwoven into Android through cultural assimilation.
This initiative is well-appreciated, but - are we not barking up the wrong tree? Should the effort really be focused on pressuring Alphabet to modify an ecosystem that they already partially closed, and that they already have overall control over - rather than promoting a properly free alternative? I mean, non-Android Linux phones are already a thing, albeit clunky and not very popular. Would it not make sense to get some non-US entities (NGOs, phone manufacturers/vendors, municipalities or even states or multi-state entities) to form a consortium and invest enough in finishing up the engineering work necessary to make that a viable alternative? Without any single party controlling it?
As I mentioned previously, the writing is on the wall. It is a matter of time.
We definitely need a true alternative on the market, preferably open, to balance things out and to free everyone from the duopoly. The political pressure that is needed is not to “keep” Android open, but to ensure that governments and institutions don't double down on the existing duopoly. Ensure that interoperability standards are in place, and don't lock people into the existing big tech platforms/solutions.
Android was never open. Its security model / the permission system is anticompetitive and the user is a third class citizen.
Google can do everything as they control the system - this gives full innovation capabilities. Then there are vendors which are restricted by Google via CDD (checked by CTS/VTS), they might add "privileged apps" but they can't touch what Google does on the system..
And only then there are regular developers/users, apps which they can install have very limited capabilities, they can't extend the system beyond a limited set of APIs that Google allows them to use.
This limits third party innovation already, but Google constantly makes it worse by restricting third party app capabilities even further under the guise of "security"..
I've had to deal with google's review process for docs add-ons and play store apps. It was a demotivating experience, disrespectful, inhumane and unfair. The idea that this will be the only way to be allowed to create things for android is so depressing. Putting hundreds of hours of effort into an app to hear back a vague "does not comply with some rule" is such a let down. This has been my main motivation to degoogle.
It feels like there is a wide open opportunity for some new OS's to enter the mainstream marketplace. I see nothing but dissatisfaction with the incumbents.
At this point, I'm just going to run a desktop OS on all of my future phones.
I've given up on cell phone software, but I wish cell phone hardware were better. I'm okay with a processor that isn't the latest and greatest, as long as it isn't in so-old-it-draws-watts-at-idle PinePhone territory, but fast processors seems to be all that phone manufacturers care about. They cut corners everywhere else, precluding the headphone ports, expandable storage, replaceable batteries, infrared transmitters, and physical buttons that made older phones much more useful, and they not only make the screens skinnier, but they literally cut off the corners. I want a nice uninterrupted at least 9:16 aspect ratio, if not higher.
The advanced flow is perfectly reasonable and I'm 100% sure there will be Magisk based bypasses for it if you absolutely require Google services + APK installs. The percentage of people installing legit 3rd party APKs is miniscule compared to the number of elderly scammed by these shitty apps. Glad Google is taking steps to close this security hole. Just wait the damn 24h you impatient "poweruser". 100% sure that there won't be a full lockdown or an extension of the timeout cuz this is gonna close most, if not all of the holes for these shitty apps.
> it will no longer be possible to develop apps for the Android platform without first registering centrally with Google
This is inaccurate. The enforcement is through Google Mobile Services. The article fails to point out that some manufacturers build versions/forks of Android that do not include GMS, but these are still technically Android.
68 comments
It means the safeguard is not part of AOSP. It ships as a closed component that Google can narrow, gate, or remove in any Play Services update, with no Android version bump, no OEM coordination, no user consent beyond the usual auto-update. "Open platform with an escape hatch" is load-bearing in the PR; "closed escape hatch bolted onto an open kernel" is what's actually shipping.
The second tell is timing. It's five months from enforcement and the flow has not appeared in any beta, dev preview, or canary build. We're being asked to treat a blog post and UI mockups as a functional guarantee. No other platform change of this scope lands without a shipping preview this late, and Google knows it.
The third piece most devs skim past: registration requires uploading evidence of your private signing key. Whatever you think of the verification program in principle, that specific requirement changes the threat model of every Android key in existence, including the ones protecting apps people already depend on.
"Sideloading still works" is only true in the narrow sense that some ceremony remains. The mechanism protecting that ceremony is owned by the party with the strongest incentive to eventually close it.
Are you that zoomer brained to not be able to wait a day to install your APK?
> the "advanced flow" for power users is delivered through Google Play Services, not the Android OS. That's the whole game.
What is the source for this claim? I can believe it, but I haven't seen where the claim actually comes from, and it doesn't seem to be mentioned in Google's announcements.
Put simply, If I were to install plain AOSP and F-Droid would I be able to continue installing apps normally?
Anyway, I did my part, basically I only use FDroid. I filled this out: https://docs.google.com/forms/d/e/1FAIpQLSfN3UQeNspQsZCO2ITk...
>Combat astroturfing: when you encounter suspect posts on community forums and social media in support of the policy (“Well, actually…”), challenge them and do not be shy.
Someone contact Dang, because this is now allowed. I have been suspicious HN has actively supported astroturfers over the years for some sort of financial or mutually beneficial gain.
Anyway I basically changed to web apps. They are much easier to deal with and develop.
I'll admit that my cynicism is in no small part to having seen Android team members at G carrying around iPhones. It kills me to think that the bad parts of Apple are so interwoven into Android through cultural assimilation.
We definitely need a true alternative on the market, preferably open, to balance things out and to free everyone from the duopoly. The political pressure that is needed is not to “keep” Android open, but to ensure that governments and institutions don't double down on the existing duopoly. Ensure that interoperability standards are in place, and don't lock people into the existing big tech platforms/solutions.
Google can do everything as they control the system - this gives full innovation capabilities. Then there are vendors which are restricted by Google via CDD (checked by CTS/VTS), they might add "privileged apps" but they can't touch what Google does on the system..
And only then there are regular developers/users, apps which they can install have very limited capabilities, they can't extend the system beyond a limited set of APIs that Google allows them to use.
This limits third party innovation already, but Google constantly makes it worse by restricting third party app capabilities even further under the guise of "security"..
Some more discussion in February
Open Letter to Google on Mandatory Developer Registration for App Distribution
https://news.ycombinator.com/item?id=47139765
I've given up on cell phone software, but I wish cell phone hardware were better. I'm okay with a processor that isn't the latest and greatest, as long as it isn't in so-old-it-draws-watts-at-idle PinePhone territory, but fast processors seems to be all that phone manufacturers care about. They cut corners everywhere else, precluding the headphone ports, expandable storage, replaceable batteries, infrared transmitters, and physical buttons that made older phones much more useful, and they not only make the screens skinnier, but they literally cut off the corners. I want a nice uninterrupted at least 9:16 aspect ratio, if not higher.
> it will no longer be possible to develop apps for the Android platform without first registering centrally with Google
This is inaccurate. The enforcement is through Google Mobile Services. The article fails to point out that some manufacturers build versions/forks of Android that do not include GMS, but these are still technically Android.
Not sure what I'll do. Does Asus still make a phone?