[jadbox]

You can still install apps outside the play store, but the developer does need to verify their signing information. Effectively this means that any app you install must have a paper trail to the originating developer, even if its not on the app store. On one hand, I can see the need for this to track down virus creators, but on the other, it provides Google transparency and control over side loaded app. It IS a concerning move, but currently this is far from 'killing' non-appstore apps for most of the market.

[AdmiralAsshat]

So let's pick a random example app that might be popular on F-Droid today. Oh, I dunno...newpipe.

Given that Google both owns Android/Google Play Store and YouTube: what do you think they would do with the developer information of someone who makes an app that skirts their ad-model for YouTube?

[ACCount37]

I can't help but feel that this move is aimed specifically at ReVanced.

The "security" wording is the usual corpospeak - you can always trust "security" to mean "the security of our business model, of course, why are you asking?"

[constantcrying]

Exactly. I don't think Google is doing this so that people don't install some random FOSS alternatives through F-Droid.

Things like Newpipe seems much more of a target, especially if you want to take legal action. More so than stopping users, this gives Google fat more leverage about what Apps can exist. If they ever want to stop Newpipe a serious lawsuit against whoever signed the APK seems like an effective way to shut down the whole project. Certainly more effective then a constant battle between constraining them and them finding ways to circumvent the constraints.

[GeekyBear]

Google is following the same game plan we saw when they decided that the full version of uBlock Origin (the version that is still effective on YouTube) should no longer be allowed within their browser monopoly.

The fact that there was a temporary workaround didn't change the endgame.

It's just there to boil the frog more slowly and keep you from hopping out of the pot.

It's the same game plan Microsoft used to force users to use an online Microsoft account to log onto their local computer.

Temporary workarounds are not the same thing as publicly abandoning the policy.

[southernplaces7]

Curiously, for me Ublock light works just as well after I was essentially forced to switch. I could still get the original to function, but with every random chrome update, the thing would be deactivated, obviously as "insecure".

[detectivestory]

From a quick glance at /r/GooglePlayDeveloper/ it looks like Google is just as interested in killing playstore apps! It seems that they only want to support the existing larger apps now. I think they are giving a clear message to developers that its not really worth developing for that platform anymore. I think we will all agree that the playstore needed a purge but they seem to be making it impossible for any new solo devs at this point.

[instagib]

I thought most devs didn’t want to develop on android because IOS devs made more income per user (0) and spent more on in app purchases. Android does well with ad supported apps. Paid apps have had issues with piracy also.

“In 2024, the App Store made $103.4 billion to Google Play’s $46.7 billion.”

0 https://www.businessofapps.com/data/app-data-report/

[01HNNWZ0MV43FF]

To wit, there is only one business playbook with two strategies: When you are weak, make friends. When you are strong, make war.

Android used to be weak against iPhone and needed to cooperate, so they allowed more apps in to grow the userbase. Now that they're big and strong, they don't need allies, so they start kicking out everyone who isn't making them money.

Every "enshittified" service does it - Imgur, Reddit, whatever. Everyone selling $10 bills for $9 does it. Microsoft did it. They took a step backwards by buying GitHub, when they realized they were totally blowing it on cloud. But now that they have users stuck on GitHub and VS Code, they're defecting again.

[jadbox]

I have no idea what this means. How does this change "kill playstore apps"?

[andrewl-hn]

Not related to this particular news item, but several high-profile App developers are either killing their apps on Android entirely (like iA Writer) or removing features due to Google tightening submission requirements and increasing costs for apps that integrate with their services.

[detectivestory]

not the change mentioned in the news link. I was referring to what people are discussing over on the reddit play store sub. Google are terminating dev accounts without giving any reasons or warnings. I'm sure most, if not all terminations have have some element of justification but ultimately it means that Google seem pretty happy to terminate any dev account without letting the developer know why. And to make things worse, that developer is forever banned from ever publishing any content on the playstore for life. They cannot make a new account. Their career in android app development can be destroyed in an instant. Most terminations seem to be handled by bots... and to rub salt in the wound, Google only responds to appeals... using more bots. That is according to what the community has been saying at least. I'm sure they know what they are doing and one thing we all know is that Google actually IS big enough not to fail. But it does seem like the right thing to at least make new developers more aware of the risks. And it is obviously a very stressful time for anyone who is actually making a living off an android app.

[JohnFen]

> currently this is far from 'killing' non-appstore apps for most of the market.

It means that Android is no longer suitable for my own private dev projects.

[gabrielhidasy]

If it's for your own projects, for yourself only, ADB still works without this verification.

[JohnFen]

True, although using adb requires the use of the usb port, which for some of my projects is highly impractical.

Also, with this move, Google has made it very clear that they don't want people to have any real control over their machines -- so I'm not inclined to think that using adb to work around the problem will always be possible.

It's fine, though. My hobby projects will continue into the future, just probably without using Android.

[spogbiper]

I didn't think a usb port was required since the introduction of wifi adb?

https://www.androidpolice.com/use-wireless-adb-android-phone...

[alex7o]

I know that this is how shizuku (0) does it and it is required anyway if you want to install multi apk applications so stiff won't change for most people then?

(0): https://shizuku.rikka.app/

[JohnFen]

Ah, I didn't know this was a thing. Thank you!

[preisschild]

You can use GrapheneOS or LineageOS without the Google rootkit and continue installing any apps you want

[erinnh]

Considering both Graphene and Lineage have been complaining about google making development harder and harder for how long will that be a possibility?

[CommanderData]

Play Store has an attestation API, Google could simply make it harder to run banking apps and similar if you run GrapheneOS. Something like requiring banking apps to use a stricter mode. GrapheneOS even mentions it's not easy spoofing this entirely as it change often on the FAQ page.

There's only so much you can do as a maintainer of a custom OS like Graphene before its too hard to maintain. I don't think there's enough coming in by way of donations to play catch-up.

Need legislation quick. But I suspect the EU doesn't want side loading either in the grand scheme of surveillance.

[preisschild]

> Google could simply make it harder to run banking apps and similar if you run GrapheneOS

Thats the Banks fault then. I complained to mine and they removed the safetynet check / let you skip it.

[JohnFen]

My devices are not supported by either of those, sadly.

[duskdozer]

sure. now. why do you think google won't choose a way to destroy them in the near future?

[jhasse]

Well with that thinking you can't use an OS by any corparation???

[preisschild]

Its open source and thus can be forked.

[msh]

It also makes it easy for google to blacklist a developer, if for example the trump administration don’t like them (the same way apple removing apps documenting ICE).

[pkulak]

And basically every corporation with any business in the US has proven _more_ than willing to instantly capitulate to any demand made by the administration.

[blaze33]

Pretty sure virus creators could just pick a real ID leaked by the "adult only logins" shenanigans, whereas legit app developers probably wouldn't want to commit identity fraud.

[gjsman-1000]

If it gets that bad; Google can do what they already do with business listings - send a letter to the physical address matching the ID, containing a code, which then must be entered into the online portal.

Do that + identity check = bans for virus makers are not easily evaded, regardless of where they live.

[nosianu]

That physical address will be useless, and probably easily worked around, in many if not most countries. Expecting Google to be able to use that address together with the law is a pretty US-centric expectation. I don't think most virus creators would be impacted, especially not the ones that are part of professional (criminal or government) organizations.

[thayne]

Even in the US, it won't always work. If you moved in the past few years, the address on your ID will be wrong.

[JetSpiegel]

Will they send letters to sanctioned countries? What about a PO box, or a remailer service?

[voxl]

Can you imagine what you're suggesting for a Linux machine? It's absurd. My box my rules, I'll run any damn code I please.

[omnimus]

Yeah... no. This is normal with desktop computers. Let's stop handholding people. If I trust the source, I trust the domain... I want to be able to install app from its source.

Googles/Apples argument would have been much stronger if their stores managed to not allow scams/malware/bad apps to their store but this is not the case. They want to have the full control without having the full responsibility. It's just powergrab.

[JohnTHaller]

It's normal for Windows and *nix, not for modern macOS which has big limitations on unsigned apps requiring command line and control panel shenanigans.

[raw_anon_1111]

And you are completely ignoring viruses, ransomware, keyloggers, the 50 toolbars etc that has been the staple of Windows and before that DOS for over 40 years.

Scam apps are rife in the iOS App Store. But what they can’t do easily install viruses that affect anything out of its sandbox, keyloggers, etc

[getpokedagain]

You are missing the part where the OS provider is the virus and keylogger. Unless of course you feel it reasonable that google and apple datamine everything you type via their software keyboard[0] or reading the contents of your notifications via play services[1].

0 - https://discuss.grapheneos.org/d/16046-google-keyboard-w-net... 1 - https://discuss.privacyguides.net/t/sandboxed-google-play-pr...

[raw_anon_1111]

You mean if you run an OS made by a company whose whole profit model is based on tracking users so they can advertise to you is invading your privacy?

[omnimus]

Sandboxing isn't feature dependent on Apple being a big curator is it? These are orthogonal but not the same issues. I've never said that PCs don't have viruses or that it isn't a problem, only that I should be able to install software from developer I trust if I want to.

I agree let's have sandboxed app instalations on platforms. Flatpak is already going this way. But it looks like big players Microsoft,Apple and Google are gatekeeping app sandboxing behind their stores instead of allowing people/devs to use sandboxing directly.

[raw_anon_1111]

And then there will still be complaints about Google limiting what apps can do and take away “your freedom”. What happens when a third party app wants to be able to read in other apps internal storage to create a back up solution like iCloud? Should that be allowed? What about if they want to create an app that autocompletes what you type when working in another app requiring key logger like capabilities?

[heavyset_go]

What part of "I should be able to install software from developer I trust if I want to" was hard to understand?

[raw_anon_1111]

Then you don’t want sandboxing if you want all of those permissions.

[xigoi]

The toolbars don’t just magically appear there. They are the product of a technically illiterate user.

[raw_anon_1111]

Yes because technically literate users shouldn’t have trusted mainstream companies to not install bundle ware back in the Day? They shouldn’t have trusted Zoom not to install a web server on Macs surreptitiously that caused a vulnerability? They shouldn’t have searched Google for printer drivers not knowing that it was a fake printer driver? They shouldn’t have trusted Facebook when they installed VPN software that tracked all of their traffic from any app?

Is that really your answer? To make the phone ecosystem as fraught as Windows PCs for the average user? How is they worked out for PC users since the 80s?

[orangecat]

How is they worked out for PC users since the 80s?

Just to be clear, are you claiming that we would be better off if PC hardware and OS vendors had the level of control that smartphone vendors do today?

[raw_anon_1111]

For almost every user - yes. If apps had to run in a strict sandbox it would be better for most users. Where it would make you jump through an incredible number of hoops or even install “developer editions” of operating systems.

You really can’t trust developers to do the right thing - even major developers like Zoom (the secret web server) , Facebook (the VPN that trashed usage actoss apps on iOS) and Google (convincing consumers to install corporate certificates to track usages on iOS).

Even more to the point, you read about some app installed outside of the Google Play store that’s malware - including the official side loaded version of FortNite…

https://blog.checkpoint.com/research/fortnite-vulnerability-...

[Wowfunhappy]

Technically illiterate users should leave the default security settings enabled.

In the modern day, I actually think this mostly works? Are you aware of instances where normies installed Windows malware because they purposefully disabled Windows Defender?

Everyone always talks about the "Dancing Bunnies Problem" but I'm not convinced it's actually a thing.

[raw_anon_1111]

You mean like all of the ransomware that is being reported on a monthly basis? My mom looked for a printer driver by searching on Google and installed some type of crap that wasn’t the official driver. She is 80. But she has actively been using computers since we had an Apple //e in the house in 1986.

On the Mac, people installed Zoom and it installed a backdoor web server.

[debtta]

The default security settings only got to be the way they are after more than a decade of exploited windows xp machines breaking the whole internet.

[close04]

> need for this to track down virus creators

I think they’re just going to track down a random person in a random country who put their name down in exchange for a modest sum of money. That’s if there’s even a real person at the other end. Do you really think that malware creators will stumble on this?

This has to be about controlling apps that are inconvenient to Google. Those that are used to bypass Google’s control and hits their ad revenue or data collection efforts.

[rpdillon]

It's killing F-Droid, which is the only place I want to sideload from.

[j45]

It makes sense for average users to have identifiable traceability.

Developers, and power users often pre-date these kinds of smartphones.