Android to require developer verification for all apps, potentially impacting sideloading
Google is introducing mandatory developer verification for all Android apps installed on certified devices, including those distributed outside of the Google Play Store. This change, set to start next year, aims to make it significantly more difficult for repeat bad actors to distribute harmful software after earlier takedowns. Google's analysis of recent threat patterns revealed over fifty times more malware present in internet-sideloaded apps compared to those on Google Play, highlighting the scale of the security risk addressed by this new policy.
While this requirement will initially be implemented in select countries most impacted by fraudulent app scams, it represents a major shift in Android's approach to application security. To support developers who do not use Google Play, Google is building a dedicated Android Developer Console to streamline the verification process. Following this, a separate type of developer console will be made available for students and hobbyist developers, recognizing their different requirements compared to commercial developers.
Although this new developer verification process will confirm a developer's identity, it will not involve reviewing the content of the apps or their distribution sources. This move is designed to strengthen developer accountability while keeping the process straightforward for legitimate developers.
Related news
External links
- Android Developers Blog: A new layer of security for certified Android devicesGoogle • Official source
- Google will require developer verification to install Android apps9to5Google
- Google will block sideloading of unverified Android apps starting next yearArs Technica
- Google wants to make sideloading Android apps safer by verifying developers’ identitiesAndroid Authority
- Google wants Android app developers to verify their identity, this could affect sideloading appsgHacks
- Google will require developer verification for Android apps outside the Play StoreTechCrunch
- Apps distributed outside the Play Store will soon be tied to verified developer identitiesAndroid Police
Comments
Yes, there is re a fair share of malicious content on Google Play Store, however this isn't the way to go to limit that. ID verification is a slippery slope (read UK's Online Safety Act), and will further grant Google a power to dictate what is and isn't considered "good for its users". Further, as a company with a global reach, they can effectively use this to sway opinions of the masses, especially if a nation-state were to use/exploit Google for this purpose.
As with UK's Online Safety Act, whose primary purpose is to protect children online, has resulted in several things that predictably will happen for Google as well. Including but not limited to: Addendums of the act, lackluster/backfiring effects of primary goal, and exposing important personal data to yet another angle of malicious acquisition.
Especially in the case for genuine open-source alternatives to Big Tech's "everyday use" apps that you can't find in the Google Play Store, this can only spell trouble for us Android users. What if it's a legitimate developer you trust? If they can't bring themselves to be verified, then it's simply impossible to download their APKs, and even harder to lessen your connections with Google (deGoogling, to be specific) without turning toward the just-as-privacy-invasive Google Play Store.
Super ironic considering Google is responsible for hosting malicious apps on its stores. And the fact that Apple in the meantime is opening up.
All in the name of securing Google's monopoly...
We should have control over our own hardware we paid for with our own money...
Google pulling an Apple, didn't see that coming (sarcasm)
"Google's analysis of recent threat patterns revealed over fifty times more malware present in internet-sideloaded apps compared to those on Google Play"
Classic (corporate) framing.
No but really, destroying the last pillars of android's competitive edge, offering "freedom" (as inflated as that word may be now) of them not being able to dictiate what apps you can install.
Combined with as I understood Samsung's spontaneous move to suddenly lock the Bootloader on new devices... Feels like an unreal step back.
But on the other hand, it's not surprising, given that currently image sells better than any freedom. Really gonna show if a new niche market will pop up with "uncertified" devices.
But actually, this is boring. I'm excited for the next Chapter, when Google finally unveils it's brand-new AndroidClosedSourceProject
Google having even more power to decide what can or can't be run on hardware you own is a very very bad thing. Look into your device's compatibility with LineageOS or GrapheneOS.