Haven't generated an APK for months inside Android Studio
(midwest.social)
(midwest.social)
Does anyone here actually support Google's Developer Verification?
I don’t. I’ve put a warning about it in my repo because I’m against policies like sideloading restrictions, forced ID verification.
Curious what other devs here think. Is Play Store still worth the hassle?
If I were a mobile dev I'd make GTK apps for Linux phones and use Pixiewood to create Android builds:
no and that's why i turned in my samsung for a pixel and flashed graphene on it.
Is Play Store still worth the hassle?
If you're a for-profit business yeah more or less, if not hell no just publish on f-droid or something
f-droid needs the app to be foss. maybe something like codebergXobtainium will work for closed source. There is also itch.io with the inofficial mitch client which could be worth a upload pipeline but i dont know
Is Android Studio forcing you to register?
Does anyone here actually support Google's Developer Verification?
At best some are indifferent but I've never heard of anyone who actively supports this.
Is Play Store still worth the hassle i?
Never has been 🔫
Continue publishing app freely, do not verify yourself
Fuck google
I have getgoogleoff.me email domain 👍🏼
edit: from disroot
Why would you want to pleasure them?
https://keepandroidopen.org/
Googgle?
typo
Did you actually have to calculate the price of 12 coffees (if the extra g is a typo)?
I think if Google (or Apple for that matter) wants to play this game, then everyone from the reviewer to the CEO should be held legally responsible when malware ends up not only verified but distributed by them. And by legally I mean also as accessory to the crime.
I paid the fee for a dev account near the beginning of Android. Haven't had any apps published in over a decade, but from what I understand my account is grandfathered in so I don't have to jump through as many hoops to get something published if I chose to, compared to newer accounts. Anyhow, since I have an account I suppose I'm unaffected by this decision. Still, it goes against the original spirit of Android as a free and developer-centric platform and I condemn it.
I think you still need to register/verify since it will require a valid ID and app IDs (package names).
Went to https://play.google.com/console and it all seems to be okay. The two derelict apps already have package IDs and my info is on the identity tab. I think I may have visited that page a year or two ago in response to an email from Google. Or is there something else?
we'll see in the next months
With any luck there will be pushback somewhere that Google can't ignore.
Does that mean this app won't be available on app store, but can be installed from other places? I know there are on going changes regarding this topic, but I'm not fully informed. And researching will bring probably ton of Ai generated articles I'm not willing to look into. Could F-Droid still be used on a "regular" Android?
What it means can be read, for example, in Detail here: https://keepandroidopen.org/en/
Holy mother of duck! This is worse than I thought. I assume custom firmware like LineageOS or e/OS don't have these restrictions. But most people have stock Android off course.
This rules are part of and enforced by the google play framework, so I would assume that as soon as Google Play and/or Google Play Services are installed on Lineage or other custom roms that then the same limitations come in effect. This is only an assuption by me, based on how I understand it, so I may be, and I hope that I am, very wrong.
There is an alternative service called microG, an Open Source alternative to Google libraries to replace Google Play Services in example. This makes it possible to use the Play Store without Googles proprietary stuff. However I don't know how compatible it is, but it is big part of alternative custom roms to replace Google as much as possible. I don't use the Play Store, so cannot say first hand how good it works. More info on https://en.wikipedia.org/wiki/MicroG .
Maybe this new policy and stuff could affect this alternative implementation of Google Services?
They've been continually removing things from that and making actual Google stuff more required. To be fair, they had a good reason because it let them get around the carriers never updating anything.
they're going to make it more difficult too. you basically need to enable dev mode a second time, then for every application that can install ap, you need to re-approve then wait 24 hours.
Fuck that, I'll stay unverified/nogapps. They can keep their malware.
No it means you won't be allowed to install the app on any certified devices at all. Regardless of where it's obtained.
@thingsiplay@lemmy.ml is right, it just means Google will refuse to publish it on the Play Store. It can still be installed by going through a convoluted process to enable sideloading.
Yes I am.
I spend a long time of my career in IT Sec.
80% of android users will freely install whatever APK from wherever.
Info stealer infected fake apps are a massive risk to a huge part of the user base.
Yes, it will get a little bit more complicated to sideload. But nobody is prevented from it.
And everybody that is against user protection (and yes, this is fucking user protection, just not for you) is invited next Christmas to de-worm the android devices of my family without wiping them.
EDIT for all those that only read the memes. Sideloading will NOT be disabled. You have to jump though extra hoops.
Yes, the way they do this is not even testable yet and we can argue over details.
I support the principal idea, as someone who had to live with the fallout of people who installed "it support apps" because someone told them to
80% of android users will freely install whatever APK from wherever.
I should care because? Do they care about me not wanting google shoved in every aspect of my life?
Then just don't use an android phone, that's a choice isn't it????
"Google shouldn't have restricted Android, that's their (anti-user) choice, isn't it????"
The other party shouldn't be able to unilaterally chance the terms. It is my phone, after all, and I strongly believe I should be able to do whatever I can with the devices I own.
Even then, what other choice for an usable but actually of property of the user phone do you suggest? iPhone?
It's also extremely convenient for Google, a company lobbying ID laws, to add ID harvesting; or for Google, a company pushing for anti-user behaviour to add anti-user behaviour. If this was about security, they would stop shipping spyware, and take security seriously, something they do not.
Technically, you can always use the library and the post office, so yeah, it's a choice. I guess.
How about an apple phone?
Or how about that: projects like Linux and Ubuntu phones died because there was no interest in it, because there was Google. And now, everybody wants an alternative.
They are out there, you can use opensource Android forks, you don't have to use Google
Android forks
Soon to be locked out from participating in society because of play integrity, digital IDs and age verification. The EU is very likely to use strictly Apple/Google, the very monopolists they "despise". Don't give me the "just go to the post office by foot".. I could also "technically" live in a cave, I guess. Man stfu, your bullshit doesn't stick here.
Ah another myth "the EU App", I will not go I to detail, but each member state must implement its own app. Yes, the reference implementation uses Google services currently, but there is not a single , working , published app! Not one.
So I'll be back at the end of the year, be proven right and you got your pay and your karma anyway.
I think you should invite people to join you on not one, but two Christmasses to compare before and after. I'm sure they won't magically fix things this time, at best it would be a little setback not changing much in the end. What it would do is directly giving Google even more power while hurting open source community, alternative appstores and OSes.
Most scam apps are in the Google Play Store btw
maybe because it was to easy to upload to the googleplay store. Maybe there should be some kind of verification of the person uploading. How could this be accomplished?
Joking aside I don't think side loading should be encoumbered like this, but for the official app store it makes sense.
If their IA was so great, they would use it to curate the mess that is their app store...
80% of android users will freely install whatever APK from wherever.
A ridiculous and absurd lie. 90% have zero clue what one is, let alone go into the developer settings (there are one, maybe two settings you have to enable) to change the settings to even make that possible. Why are you lying about this? It's weird.
I am lying? OK, so is:
I have over 2 decades of background in hardcore IT-Sec, i know my stuff. And you? What is your qualification, where are your sources?
I have over 2 decades of background in hardcore IT-Sec, i know my stuff. And you? What is your qualification, where are your sources?
I wonder if a statement like this ever once convinced anyone of anything. My guess would be it nearly always has the opposite effect. You basically told me that whatever I know doesn't matter because "trust me bro". For all I know, you're the worst source ever for literally every topic. Your articles didn't back you up. Why do people bother with shit like this? "I'm an expert so what I say goes" is idiotic and in no way addresses the common sense point I was making: the average person definitely doesn't know or install apks because of fucking course they don't. If you said 80% would if scammed, that's at least plausible but I'm not even sure I could believe that. The well is poisoned now in any case so you're not convincing anyone here after this... Whatever masturbatory shit this was. Or just shilling for a corporation? Who the fuck knows
He just using the old "Argument from Authority" logical fallacy. I've worked with tons of people, even those that did in fact "know their stuff", that thought it was perfectly valid to dismiss others because of their experience being more extensive than others. Ironically, after I'd prove these people wrong in serious matters (usually several times), I somehow got added to the nebulous authority whitelist in their head. I don't want to just be believed became I'm dammit, believe me when I'm correct and provide evidence!
That is why I linked sources. I don't say trust me bro.
You do, actually.
I have over 2 decades of background in hardcore IT-Sec, i know my stuff. And you? What is your qualification, where are your sources?
This translates to anyone who isn't you to:
I know a lot, you know very little. Trust me, not you.
And again if you're going to make this 80% claim and then say you sourced it, don't link shit that's sort of related but in no way backing up that claim. No one here is saying malware isn't a problem. You're getting downvoted for making specific claims which are absurd.
That is a general issue of online debates.
I can not squash 20 years of daily learning into a comment.
I can point you to sources where you can verify it our self. Social engineering studies, blog post about campaigns from other researchers.
Placing m credentials there is my kind of saying "I have insight, ask", but how do you think should something like this communicated.
We have a highly sensitive topic, with a lot of obsolete or just misinformation.
It is a highly complex topic that can not be simply understood by most persons, but social media opens a place for debate anyways.
There are many other examples for this happening and it is bad. Very bad.
Another example Google wants to get rid of third party cookies. Instead they want to to adspace action on your local system. In our browser, protected. But bad, because Google. Firefox could implement the same API on better, but no, bad because Google.
Google is not the good guy. But just throwing out every fucking Idea because Google Had it (or was forced into it, allowing sideloading again was because of pressure) is just not what we need
This is so much beating around the bush. Somehow you've managed to ignore the 15 times I've pointed it out: most users do not install apks. That's all. You claimed they did and I said that was dumb. So anything else is just a distraction from the point I was trying to make. Google is pretty shitty but you might have a point that not everything they do is shitty... But that's not what the conversation started as. And I don't really care to change the subject at this point.
Given that your first article says nothing about 80% I'm not continuing to click your links.
I was being generous when I said 90%.
Source: I have ever spoken to another human.
Because people do not know what apps are and that they can be installed via sideloading, faked appstores and more, they are vulnerable.
If I ask a "normal" person if the ever drunk di-hydrogen-monoxid they would say no, because they have no idea this is water
Okay either you're trolling or clueless. Because you just made my argument for me. How exactly are people who don't know what an app is going to enable side loading and then do it? That makes no sense whatsoever.
How does somebody give his bank account creds to a scammer?
Ok, trolling. Got it.
for all those that only read the memes.
For someone who possibly considers themselves better informed than others, you're seem to be missing the fact that Google's plan had no option for sideloading unverified apps until a sizeable outcry from us (a lot of professional developers and users). Unverified app installation was only allowed (via new hoops) after this action. For now. The fact that Google's plan did not have an option for installing unverified apps shows us what they really want. Therefore it won't be surprising if they make it increasingly difficult or impossible in the future.
I'm pretty sure they originally planned to allow sideloading through ADB, but I might be mistaken.
I think I recall the same. Otherwise development would be a nightmare. But then again, that isn't remotely equivalent to sideloading (as colloquially understood) and would still kill F-Droid. Not saying you're saying it's equivalent.
Nobody asked if I would be fine with disabling sideloading. The answer would be no
So with your career in ITSec, you're aware of the massive amount of malware found in the play store? That it has historically been the main distribution vector for malware?
You have to jump though extra hoops.
You are downplaying the hoops here by a lot. To install software on my own phone.
Stop calling installing software "side loading". Its nonsense.
I k ow that the Playstore is also full of crap, I don't deny this.
But, just because our back window does not close correctly, do you leave the front entrance open?
Not the best analogy maybe, but a visual one
Except you have it backwards. The play store is the primary vector. The play store is also pre-installed on Android devices, and even without the whole verification nonsense, you still need to allow a different app repository to install.
Not cleaning their own play store up first means it has nothing to do with what they are claiming. And lets be candid - they have absolutely not.
The analogy is bad specifically because its not reflecting the issues anywhere near accurately. This is closing a window on the second floor while the front door is wide open with a sign that says "Come on in!".
That assumes that Google does not do anything about the appstore and that is objectively not true.
Is it enough? No ideas, but still, it does not change the need for better endpoint security.
I firmly disagree. The issue has nothing to do with the endpoint. They have done very little with the play store relative to this massively impactful change to installation practices in creating a walled garden - precisely the reason many, myself included, chose not to go with iOS in the first place.
So the very idea that this is an endpoint security issue rather than an app store issue is, to me, laughable at best.
Then we agree to disagree.
I think we are manly on the same page, but different opinions on priority and that's fine.
I declare both as a risk.
From my perspective, with this change, we could make Google directly reliable for malware in the appstore.
While this started as a very anti consumer change, as long as sideloading stays possible, this is a good measure.
we could make Google directly reliable for malware in the appstore.
There is no reason they shouldn't be now. Developer verification for the play store is one thing. Developer verification for installing an application on your own device is wholly separate.
I declare both as a risk.
And one is substantially higher risk than the other. Namely, the play store. As we recently saw with tens of millions of downloads from just a handful of apps in the play store. Does requiring this developer verification on a device resolve that problem? No. Not even remotely, does it?
While this started as a very anti consumer change
As long as it impacts the device use (it does), it still is.
I'm leaving Android over this. I doubt I'll be the only one.
Alternate stores like Accrescent and FDroid are blocked by this policy, and Google refuses to implement any mechanism for authorising at the store level either. Store level authorization is an obvious alternative to verification of each individual app.
Both Accescent and FDroid have some oversight processes in place, and do not contain "random" APKs. Googles actions show the real motive, which is control... not security.
Ok, why are they blocked? Technically? Explainer please
They are de-facto "blocked" for developers that refuse to submit their identity to Google. I think you might not be understanding the implications of Google's policy, please read this open letter to learn more: https://keepandroidopen.org/open-letter/
If a developer doesn't submit to identify verification, under the new system their app could not be installed regardless of what store it is distributed on.
Needing individual devs to identify themselves directly to Google is invasive. Stores, however, could identity themselves to Google (or the world) as having security processes in place. Then they could be allowed as official 3rd party stores, similar to how the Linux repository system works.
That is no longer true!
It is what I would call "functionally true". You have to enable developer mode to install unverified apps. A very, very small subset of users are going to do that.
https://android-developers.googleblog.com/2026/03/android-developer-verification.html?m=1
If you have more information on this, please share.
You have to enable it. And I would love a dedicated switch.
Currently, you need to enable third party install sources.
And one could argue that the fact that most people will not enable developer mode is a clear sign that this is a protection.
In my very very personal opinion: people that do not want to enable developer mode should maybe not install apps from third parties. Developer mode itself unlocks a few switches, and none of them is enabled per default. This is a pretty safe action IMHO.
There is a way to avoid this, but this is the device owner mode. You need an app that takes full control over device ownership, and those apps are allowed to do anything including installing any app.
One example is OwnDroid.
An opensource app that is signed by a dev and allows to manage install sources would be a working solution with better security.
If someone builds it
Spoken like a true Microsoft and Google agent.
Because I think we should protect people that are not tech savvy. I am open for a debate
Your heart is in the right place, but your mind is not.
Google et.al. is pushing for IDV in every segment due to lobby pressure from meta to build REAL user database for advertisement purposes in the age of LLM drivel. Every "protect the *" has meta's government lobbyists behind it.
There could be alternative approaches, but meta's goals just so happens to align well with a fascist government's that thinks they need to stamp out dissenting voices and anonymity.
Not denying that there could be better ways, and also, that was never the question .
Total control and taking away freedom is not negotiable. Not literally, but: "Maybe we should ban programming languages on Windows and Linux too, because it could be used to program viruses. We should protect the not so tech savvy." See what I mean? Instead we should look forward to a better way of helping them. The proposed way of Google is not acceptable.
so the real-world id requirement is also user protection? play store is basically an info stealer at this point.
At least make it a toggle, like you need to request access for your account for your phone.
Kneecapping everyone because idiots exist is idiotic.
It is a toggle. they just locked said toggle behind a 24 hour time lock. It's ridiculous. I think if they kept it the way it was without said time lock it wouldn't be anywhere near as controversial.
so your family's devices get their apps from outside the play store?
people are effectivly prevented from sideloading. not "just a little more complicated"
of course nana uses adb exclusively to install apps on her smartphone, after all this is a totally real story about user protection right?

Matrix chat room: https://matrix.to/#/#midwestsociallemmy:matrix.org
Communities from our friends:
LiberaPay link: https://liberapay.com/seahorse