Android developer verification: Balancing openness and choice with safety
dfordp11
101 points
64 comments
March 21, 2026
Related Discussions
Found 5 related stories in 61.0ms across 3,471 title embeddings via pgvector HNSW
- Android developer verification: Balancing openness and choice with safety WalterSobchak · 45 pts · March 19, 2026 · 100% similar
- Android Developer Verification ingve · 197 pts · March 30, 2026 · 69% similar
- Google details new 24-hour process to sideload unverified Android apps 0xedb · 651 pts · March 19, 2026 · 56% similar
- Google details new 24-hour process to sideload unverified Android apps MBCook · 16 pts · March 19, 2026 · 56% similar
- Why Brave is opposing Google's Android developer registry XzetaU8 · 13 pts · March 07, 2026 · 55% similar
Discussion Highlights (20 comments)
taspeotis
Did they add another one? https://news.ycombinator.com/item?id=47442690
panny
>A new layer of security for certified Android devices May I purchase a non-certified android device now? Because frankly, fuck you.
koolala
It could be worse. Do this after you buy the phone and then in 24 hours its like normal.
dfordp11
I must have missed that yesterday.
selectively
The 'headline' is false. This is specifically for unsigned applications, not for all sideloaded apps.
phr4ts
I hope consumers return these phones in droves like Windows RT and Windows 10 S. The issue is that sideloading isn’t an immediate concern—users would only realize the limitation later, when it’s too late to return the device.
butz
Following this logic, adding a checkbox "I swear this app does not contain malware" to app publishing process would solve the problem with malicious apps on Play Store, right?
RicoElectrico
This is so outrageous I wouldn't mind it being on the front page every day until they back off.
askonomm
So I buy a device ... with my own money ... which I supposedly then own, but then I need to ask some corporation permission to use it, and it treats me like a toddler by giving me a 24 hour wait period for the ability to install applications on that device? I'd understand if this "feature" was a part of Parental Controls, but I'm not a child, so this is insulting. I see Google saw how Microsoft likes to spit on its users and wanted a piece of that action. How is this legal?
pmarin
WHy not just add a hardware switch to allow Android sideloading? Are these multibillion companies so incompetent to not think about it?
tuom1s
I may be missing something, but what does the title have to do with the article? There is no mention about any waiting or mandatory reboot. What does OP have in mind?
Markoff
this was already discussed, so no point for dupe, but there is no wait period for ADB install and AFAIK this also affects only unverified developers, though hard to imagine why would someone install app from verified dev outside the play store, for the record I don't have gapps in my phone and use Aurora
gabordemooij
Would it not be nicer to have a dual boot phone where one OS is baked in rom and only contains certain necessary government/banking/medical service apps and the other is just completely free to use for whatever purpose? Just a thought...
mindslight
The only sane way to buy a device is to pick a user-representing OS (eg Graphene), pick a device from its list of supported devices, and then install your desired OS on that device as soon as you get it as part of your setup process. Then if it's 24, 48, or 168 hours to receive your unlock code to install the secure OS, it's all just part of the setup process (and if they refuse to unlock for whatever reason, then you're still in the return period!). The longer you let the surveillance industry keep its hooks in you, the more friction and dependence they will add to every single thing you want to do that goes against their business interests.
Narkov
> Think of it like an ID check at the airport That's an interesting way of selling this.
riedel
Actually this OP seems to be the old announcement from 2025 with no additional news as far as I saw. If implemented like this, it will be horror. The baseline for a usable solution for me is still that I can keep my banking apps and that I am able to use fdroid trusted builds from source, can install builds from other open source CI builds, install builds from my students I know personally without needing them to verify with a foreign entity and publishing their personal data. Practically the law will require me to buy another 'developer phone' the for work. Actually allowing more profiles like the work or hidden profile would allow users to at least chose per profile and could at least put their banking apps into a sandbox where they work (requirement would be that Google wallet can also run from such a profile) . I actually would be very happy to run the main profile without any Google play services like Graphene does: I guess a lot of data protection risks would be solved by this.
ece
There should be one screen each for self signing individual apps and it's updates, and another one for adding a public app store key to allow verifying apps and updates from that key. That would be factual and not scary. Yes, the question should be asked with the play store too. People should by default not trust a developer or store or OS for that matter that is scaring you into doing something.
petterroea
In school I learned the definition of politics was "the distribution of benefits and burdens". We can and probably should view this as a political question. The benefit is the consumer right to do whatever you want with the device you bought (used by some), vs the burden of making yourself attackable by scammers etc. Google are pushing first and foremost for protecting end-users from scammers. They do benefit from this, so there is probably an incentive for them to do so. It is very practical that they can call locking down their phones "protecting users". The big question here is where on the balance scale we care about "protecting users against scammers" vs "protecting users against enshittification, closed ecosystems, and possible future power grabs". One side is very tangible and easy to understand, the other more abstract, and most consumers simply don't understand it well enough to make educated choices about it. This uncertainty is being used by powers that benefit from pushing towards the "lock-down" extreme of the scale. Peter Thiel said so himself. It is also worth noting that it is these security guys' job at Google to invent security schemes. All in all they did their job as engineers, and ignoring personal responsibility to engineer solutions that balance needs not only technical but also social, they did everything right. In a larger society there should be people who take on the job of setting boundaries for these technical solutions. Just like you need technical people to push back on technical demands from non-technical people within a company, we people who push back on this sort of stuff in our society. Us technical folks are best suited to do this job. TL;DR: The political question boils down to how many grandmas are we as a society happy with getting scammed in the name of protecting consumer freedoms? In the extreme and hyperbolic case, are we happy with an infinite number of grandmas being sacrificed? Where on the line do we want to be? And what other measures can we put into place to make the problem easier to solve without sacrificing basic freedoms? If you are technical you should probably consider taking more space in the public debate.
BrandoElFollito
This is what I have with my bank. I need to wait 24h after adding a new recipient for wire transfers. Being treated as a toddler by an organization that is itself completely disfunctional is mzking me angry.
zombot
More Google bullshit about how they must have total control over the device you bought. And lawmakers won't move against it because they can use that total control for their own purposes by proxy.