Chrome isn't enough. We need Android to get clawed away from Google too.
In a healthy market, Chrome, Android, and YouTube would and should be their on entities.
There's nothing to stop them, and absolutely no reason to think they won't take away adb sideloading in the near future.
and they will be removed by play protect.
What if F-Droid distributes an app Google or its US overlords deems dangerous or illegal? Will they block and/or revoke that signature, thus taking down F-Droid in its entirety?
This makes no sense at all.
[1] https://en.wikipedia.org/wiki/File:User_Account_Control.png
Thought: Maybe we can organise and collectively hire this PR team to get Google, other big tech, and our governments, to look bad... And get shit done that way... If 2025 is the year of the PR spin, surely the only counter-measure is counter-spin?
Edit: Hold on, I think I just re-invented the concept of a political party.
We’ve got to a point where corporations are bigger than some countries and getting almost unlimited powers again.
People become willing to do things when you throw them out in the cold that they wouldn't do when you were still supplying the bread and circuses, and those people they don't like? It's because they're stubborn and they actually care and they know how to build things, isn't it?
If that goes away, might as well use apple's walled garden. There is no point for android to exist if freedom goes away.
However, if you prefer not to, we are also introducing a free developer account type that will allow teachers, students, and hobbyists to distribute apps to a limited number of devices without needing to provide a government ID.
I lobbied everyone for years against Apple devices, switching people to Android to have a little bit more freedom. Now Google Android will be the same shit.
If people working on Google are hanging out around here, please know that your company really sucks now...
Aren’t the changes only for Google certified Android devices, AKA those that come with the play store?
But, the biggest trap that we can easily expect is that a lot of apps like banking apps will use Google API to check that they can only run on devices with the check for signatures. Same as the check for rooted devices.
Sure the Play store was dominant when they started their own store. Yet companies tend to have excellent success if they control the OS on the device.
They could have offered no commission for 5 years, or some such.
Does anyone reading this know if the contract they had to sign with Google, to have the Play store pre-installed, reduced their ability to compete?
I mean look at the whole Epic thing. They could have offered them commission free use of the store, and used that to draw users in.
It's like they weren't trying.
Microsoft does this for Windows apps if you don’t want scary warnings popping up everywhere. Apple doesn’t even let you sideload at all for iOS and for macOS they do the forced trash malware thing unless you run commands to allow the app in the terminal.
Am I missing how this is different from what we already have on most platforms? Is it because you can’t force it to install the apps? Is there not a developer mode that lets you install unsigned apps, or a way to root the device to install apps?
(The fact that all those platforms still have malware, as well as the officially sanctioned google store, should also inform you about how effective this measure is for its stated goal)
Most? The only platform that is like that is ios.
On linux, in any form, I can run what I want.
On a mac I can run what I want.
On windows I can run what I want.
Obviously on BSDs, Illumos, etc, I can run what I want.
On android up to now, I can run what I want.
The one and sole exception where I don't really own the device and can't run what I want it ios (therefore I don't own anything that uses ios). And now google wants to join that evil club.
I understand this is a controversial position and I’m not in favor of this change, I just want to understand where the real differences are in an impartial way.
Of course Linux is an exception but it is also not widely used by consumers like Android and the other OSes I listed are.
Apple is of course locked down, but that's not news. The anger is because Android was the better option on this dimension.
Goodbye NewPipe. Goodbye anything that doesn't align with Google's capitalist interest or American imperial interest.
Sure, it’s possible they could retroactively ban your app, but they could do that without signing too. Just ban com.anonymous.newpipe or whatever the package name is. The signing doesn’t really change this.
- Purism runs ancient hardware, charges way too much and has questionable business ethics.
- Pine64 has equally bad hardware but reasonable prices. I don't like the Hong-Kong connection though. Not sure how the security patching environment is in practice.
The only option on the table as I see it is buying from the devil and installing GrapheneOS.
https://puri.sm/posts/the-danger-of-focusing-on-specs/
> charges way too much
https://news.ycombinator.com/item?id=21656355
> questionable business ethics
They retrospectively changed their return policy in order to not get bankrupt. AFAIK everything is find now. I'm a happy owner of Librem 5 btw.
Yes, it currently builds on top of Hallium. Anyone who thinks this should be a sticking point has their head in the sand; the device and effort is how you get a usable ecosystem rolling.
Seems like that will change soon.
But no, I think in the case when android is no option any more, I will seriously reconsider if we peaked on some enshitification with smartphones.
Maybe no smartphone or Linux phones will be more interesting for some time for me then.
Absolute bullshit Google. You have no right telling me what I can and cannot run on my own devices. Regardless of how I choose to install it.
I mean hey, at least we all know now that they aren't.
Just wished there was a viable* FOSS Linux based mobile OS project out there that I could offer my time and energy to instead.
I have been running Graphene on a Pixel for a while now and I don't think Linux phones are a viable alternative. The vast majority of Android apps just work on Graphene, and there are millions of them. The UI experience is polished, everything just works with the exception of apps that require Google Play Integrity. And of course these projects aren't affected by Google's restrictions on sideloading.
No, it's not.
Maybe that's something employers shouldn't do, but that doesn't change the fact that it's a reality and google is overstepping with this change.
I know both are objectionable in their own way, but these two scenarios are quite different and I want to understand this better.
It's disappointing that google has turned evil.
I loved how easy it waa to mod things in the beginning. All that is now gone.
The reaction to this change has truly changed my opinion that developer's opinions on a lot of subjects affecting the public's safety and security shouldn't be valued much (and yes, I realize I am on HN). If this is a bridge too far, then why should anyone listen to devs about "we can't backdoor cryptography" and things like chat control and more? You can't make every hill the hill you die on. I wouldn't even be against requiring a professional certification organization for developers before they're allowed to publish software to the masses. I would very much find it unpleasant, but we live in a society. You need a license to drive, to be a doctor, engineer and just about any profession where people's safety and well being is in jeopardy. Even real estate agents are licensed! and people all up in arms about a simple id verification.
This is just to address malicious code. How does the public know your code isn't full of vulnerabilities, that you're not selling their data to the highest bidder? How do they know that you have a good understanding of secure coding practices and knowledge of privacy laws? Let's talk about that instead, if you publish software for a private group of people, there should be no restrictions. If you're publishing it on a platform that would expose your software to billions of people, get a license after id verification and passing a globally standardized exam (multiple choice and a practical coding exam!).
See, the big disconnect is that most developers see software as something similar to writing a book or selling a home-made item on etsy or ebay. But in reality, it's more like manufacturing a car or a gun, or opening a bank (if your app takes payments), or even opening a restaurant or a food truck. all these things require licensing. The malware and privacy loss people suffer is akin too food poisoning, car accidents,etc.. but since it all happens virtually and there is typically no physical harm, developers are dismissive of it. This isn't the 90's anymore, people's lives and livelihoods are all online, all the security measures you can take, using signal for chat, passkeys and password managers for creds,vpns,etc.. and you're still one legit looking app install away, one convincing phish away from your phone being compromised along with all your accounts, finances , job and your entire life as you recognize it from being harmed or destroyed.
I urge you all to temper passions with reason and practicality.
It's hard to see how you could get the necessary level of careful code review with just volunteer effort. But I suspect that most developers who don't want to register with Google are also unlikely to pay money to a third party to work around this.
Is Google that organization? Because they themselves have decided that they are. I think what people are worried about is that Google is positioning itself to be the judge, jury, and executioner within such a licensing framework, not necessarily the licensing itself.
> This is just to address malicious code.
Yes, and if Google had shown that it's capable of identifying and rejecting malicious code distributed via its own app store, then maybe their proposed expansion of that security program to the entirety of the Android app ecosystem would carry some weight. But as it stands, their Play Store is full of user-hostile and often malicious apps[1].
> If you publish software for a private group of people, there should be no restrictions. If you're publishing it on a platform that would expose your software to billions of people, get a license after id verification
But that's exactly the opposite of what Google is doing, here, and why people are mad. Google isn't adding a new policy to their app distribution platform (the play store that grants exposure to billions of users), but rather they are forcing ID verification on any form of app distribution: If you want any regular user to be able to install your code, no matter how small the audience, you'll need to first give your identity to Google, and obtain a (paid[1]?) license. So the restrictions do apply to "a private group of people" too.
The crux, and what has people up in arms I think, is the overreach of Google's peoposed licensing policy to cover not only their own app distribution ecosystem, but all others targeting Android.
Many technical users of Android consider it to be a general purpose computing platform, and they want to retain the freedom to install and run whatever software they trust.
Google should focus their supposed concerns about regular user's safety on the user-hostile apps that they allow to exist in their own app store, rather than grasping for broader control that they'll "probably use at some point but only for good things like user security".
1: https://f-droid.org/en/2025/09/29/google-developer-registrat...
I agree, it isn't and shouldn't be, an industry self-regulating org is needed, like the CA/B forum for browsers. Maybe one day we can transition to that.
> Yes, and if Google had shown that it's capable of identifying and rejecting malicious code distributed via its own app store,
You're making the opposite point there, they can't do a good job at scanning their appstore, so requiring devs to id themselves is a better option, so that anyone publishing malicious code might risk real-world criminal penalties. That's a better deterrent than google scanning code.
> If you want any regular user to be able to install your code, no matter how small the audience, you'll need to first give your identity to Google, and obtain a (paid[1]?) license. So the restrictions do apply to "a private group of people" too.
This applies to google certified phones, and such phones at the time of certification are sold to the public, not to a private audience. Private audiences need to buy non-google-certified phones (which exist). The question of google certification is one you need to have with phone vendors not Google. Samsung can opt to avoid google certification just fine. They have every right to demand that a phone with their stamp on it can only run apps by devs they authenticated, this is the price of their seal of approval.
> Many technical users of Android consider it to be a general purpose computing platform, and they want to retain the freedom to install and run whatever software they trust.
Yeah, for example I have an x86 android VM, it won't be affected because it isn't google certified. If you came up with a custom tablet or laptop that runs android, you can load random apps on it just fine.
> Google should focus their supposed concerns about regular user's safety on the user-hostile apps..
They can do multiple things, but this helps with that as well. the dev making user hostile apps now has to use his real name and their reputation will now follow them forever.
Where "malicious" is defined as anything that Google or the American Empire doesn't agree with.
It doesn't take much effort to enable Developer Options, plug into a laptop and run "adb install whatever.apk". It's kind of like the floppy disk era again, having to physically insert things into one's computer to install software. Not a big deal.
This is clearly a troll, confirmed by the green username.