F-Droid warns Google’s sideloading rules will kill the project & several open-source apps
F-Droid has publicly warned that Google’s upcoming sideloading restrictions will likely bring an end to its project, cutting off access to thousands of open source Android apps. Announced in August, the new rules require all developers, even those outside the Google Play Store, to verify their identity by registering with Google, which involves a fee, strict terms, and government ID. Under this policy, apps from unregistered developers will be blocked on nearly all certified Android devices, significantly reducing the ability to sideload software.
F-Droid says it cannot comply with these requirements, as it cannot force developers to register with Google or take control of app identifiers, as doing so would seize distribution rights from developers. If the rules are enforced, F-Droid apps will no longer run on certified Android devices (outside China), preventing users from installing or updating them. This would force the project to shut down after 15 years of operation, with most other third-party alternative app stores facing the same risk.
While Google presents the changes as a security measure, F-Droid emphasizes that it already has strong protections, such as public build logs, reproducible builds, and source code compilation that prevents malware injection. It also points out that malware has repeatedly been found in the Play Store, showing that mandatory registration does not guarantee user safety. According to F-Droid, the real effect of the new policy is the consolidation of Google’s control over the Android ecosystem and the creation of barriers for independent or volunteer developers. In response, the project is urging regulators and competition authorities, including the European Commission’s Digital Markets Act team, to investigate Google’s measures and is calling on users and developers to write to representatives, sign petitions, and push back against what it calls exclusionary registration schemes.
Related news
External links
- F-Droid and Google's Developer Registration DecreeF-Droid • Official source
- F-Droid says Google’s new sideloading restrictions will kill the projectArs Technica
- Google's dev registration plan 'will end the F-Droid projectThe Register
- Google’s Android developer registration requirement will kill F-Droid OSnews
- Google wants to 'break free app distribution,' says top open source libraryAndroid Police
Comments
If this actually goes through, I'm rooting my phone fr
Which is probably the least secure thing you can do.
Regardless of whether this is “blown out of proportion” or actually project-ending in scale is not what matters. What matters is, “It also points out that malware has repeatedly been found in the Play Store, showing that mandatory registration does not guarantee user safety.”
We know this is all about control - not protection. It's about knowing everything that can be known about people, at first for ads, but eventually for controlling people's feelings, actions, and even thoughts. Facebook and Snapchat are examples of this in software, while the UK's current phase? is a bigger example.
The only way knowing this information can protect anyone is by going the Westworld route. Using AI to predict what people will do, then forcing them to do it by creating the circumstances for it to happen. Suddenly feel like rewatching Westworld... 🤔
And then, of course, swooping in just in time to stop them from doing it and pretending you're a hero. Really can't believe these dystopian worlds are being recreated in real life and people are just looking on like they have no power to stop it.
This can't be true in the EU, the Digital Markets Act should give EU citizens freedom of choice and forces Google to enable competition in offering an app store!
Yes, but on these specific terms (not having to register the apps, for example)?
This needs to be stopped in it's tracks, it's anti consumer and anti freedom.
I think people are blowing this out of proportion. From the announcement article: "we are building a new Android Developer Console just for developers who only distribute outside of Google Play, so they can easily complete their verification; get an early look at how it works. A note for student and hobbyist developers: we know your needs are different from commercial developers, so we’re creating a separate type of Android Developer Console account for you." And also: "To be clear, developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer. We believe this is how an open system should work—by preserving choice while enhancing security for everyone."
While the change won't fully eliminate malicious apps, it will certainly make the distribution harder, therefore I see as a positive change for the majority of people, which, unfortunately, are tech illiterate. For "advanced" users (pretty much everyone that uses f-droid), there will always be options. We'll have to wait and see the system in practice, but I doubt it will be as apocalyptic as many people are prophesying.
The first sentence doesn't alarm you at all, straight from F-Droid? "F-Droid has publicly warned that Google’s upcoming sideloading restrictions will likely bring an end to its project."
It does to a certain extent. F-droid devs are rightfully worried by the proposal and should voice their concerns to push for a better implementation that does not violate user freedom. I believe Google is going to come up with a specific channel for app stores to sign apks, or f-droid will be able to sign the apks on behalf of the upstream developers, since they already build most things from source.
To be honest, I don't like this new measure, but how do one prevent regular users from shooting themselves in the foot and getting scammed by a malicious application without further locking down the OS? The truth is that a lot of people willingly give their freedom away for a "safer" restrictive OS, as demonstrated by people that buy iPhones.
i hope hardware like PinePhone and linux distro for phone like postmarketOS got more our attention and support,
Are they more secure? Can't have privacy without security.
https://madaidans-insecurities.github.io/linux.html
As Google announced back in August, the sideload limitation only concerns devices with Play Protect enabled (which is the default on many brand new devices which offer stock Android). Many companies still rely on sideloading and disable Play Protect since the they distribute their own (auto-signed) apps. AOSP is not concerned since Google Mobile Services (GMS) is required for Play Protect, but is installed on it (since proprietary). Google has strictly no control on sideloading on it. There is also the new "Android Developer Console" that seems to be able to allow sideloading, but Google hasn't said much about it. So F-droid would still be possible where GMS can be disabled or bypassed exceptionally, which would require more then toggling an settings option from users but would be less dangerous than rooting the device (except that some constructors could void the warranty in this case). It shouldn't change much for developers.