Mastodawn

www.androidauthority.com/android-developer-verification-requirements-3590911/

I must reiterate. I really like open systems.

This is the opposite of that. It's yet more infrastructure for Google to force dependence on Google Play Services in the wider Android ecosystem.

It's also a great way to kill off a bunch of independent developers that make zero money from their project from publishing software for your platform.

This idea needs to be canned.

Google wants to make sideloading Android apps safer by verifying developers’ identities

Google wants to make sideloading safer on Android by verifiying the identities of developers who distribute apps outside the Play Store.

Android Authority

Jonathan Evraire Aug 26, 2025

Software should not require permission to be written.

Software should not require permission to be distributed.

Software should not have a central entity controlling it.

The future is decentralized, fuck your centralized signature verification checks.

Ryan Hyde Aug 26, 2025

@alexia @bigzaphod What’s cool about anarchy is that it always works because everyone is altruistic. See also libertarianism.

Sean Heber Aug 26, 2025

@RyanHyde @alexia it's not anarchy to want to be free to write and run software without permission. People don't need permission to write a novel or build a contraption in their garage.

Ryan Hyde Aug 26, 2025

@bigzaphod @alexia False equivalency. Your garage contraption doesn’t have the same potential for harm as software. Your novel can never log my keystrokes.

zoe Aug 26, 2025

@RyanHyde @bigzaphod @alexia cool story, I still don't want google deciding what software I fucking run on my devices and who's allowed to make it

Ryan Hyde Aug 26, 2025

@zoee @bigzaphod @alexia That’s fine for you to want that. I don’t want that. Both things can be true.

Look, I’m not saying that <Big Tech Company> should have all the power in the world, or at they should be the sole arbiters. But I also don’t think <Whatever Developer> should have free rein. These forces need to be in proper tension for the industry and society to function well.

If you want to make the argument that the system is not currently balanced, I’d agree with you. But I’ll never agree to arguments for an unregulated market.

zoe Aug 26, 2025

@RyanHyde @bigzaphod @alexia Yeah okay but that's exactly what this is doing? Google will have the choice to approve or not of a developer. That's absolute and they will abuse this, as companies always do.

What even is the "free rein" for developers you are talking about? That they can make and publish stuff without being forced to go through 50 hoops including revealing their identity to get the approval of your favorite megacorp? Maybe I, a user, don't want a corporation to have more power over my own hardware than me?

We're not even talking about an "industry", or a "market"? This is nonsensical

Ryan Hyde Aug 26, 2025

@zoee @bigzaphod @alexia This is absolutely a market. Software wants distribution. Distribution wants an audience. An audience is a market. We are that market.

I’m not here to teach basic economic theory though. It’s plainly evident that malicious software exists. Reducing friction to publish software will of course increase the publication rate of malicious software. Security measures are always annoying, but are usually important.

zoe Aug 26, 2025

@RyanHyde @bigzaphod @alexia

Well that's wrong, distributing something and having an audience does not make something a market. See mutual aid for example. And look up "gift economy", hope that helps further your knowledge in basic economic theory!

Tying security measures to the will of a company that has the only goal of making profits is actually not the way to go. If they were actually serious about security, they'd implement better app spawning, use a more hardened memory allocator, prevent apps from using ptrace, and a number of other measures for better sandboxing that are well known at this point. They don't. Because security actually isn't that important to them.

mag Aug 26, 2025

@RyanHyde @zoee @bigzaphod @alexia

> Software wants distribution

My software does not want distribution.

Glyph Aug 26, 2025

@zoee @RyanHyde @bigzaphod @alexia this is the free reign in question, and probably why these stories are breaking at the same time: https://www.bleepingcomputer.com/news/security/malicious-android-apps-with-19m-installs-removed-from-google-play/

Malicious Android apps with 19M installs removed from Google Play

Seventy-seven malicious Android apps containing different types of malware were found on Google Play after being downloaded more than 19 million times.

BleepingComputer

Glyph Aug 26, 2025

@zoee @RyanHyde @bigzaphod @alexia My feelings about this are really complicated so please do not take this as a blanket defense of google (or for that matter, apple). If you like, you can assume that they are merely using this threat as a pretext for a power grab, rather than remediating it. But it is important to understand that the threat itself is real.

fox Aug 26, 2025

@glyph @zoee @RyanHyde @bigzaphod @alexia How is the threat real? I have a hard time imagining a user accidentally sideloading an app or even getting tricked into it. You have turn on sideloading in the settings, somewhere deep in the permissions setting. Then you have to find the apk file in the file manager. Most file managers that are installed by default on Android hide the internal directory and dont surface apks by default. So you most probably need to install an external file manager.

fox Aug 26, 2025

@glyph @zoee @RyanHyde @bigzaphod @alexia And then you have to turn off play protect as that blocks any malicious apps from being sideloaded. That is another setting in the security settings. Finally even when play protect is off, you still get prompted to turn on play protect each time you try to sideload an apk. So thats additional dialog (and warning) to dismiss. How is that in anyway not enough security?

Sandelinos Aug 26, 2025

@pixelsfanryo @glyph @zoee @RyanHyde @bigzaphod @alexia It is not that complicated. You download an .apk, then you either click on the download notification, or find it in your Downloads folder and click on it. You get a popup saying "<your browser app>: For security reasons, your phone isn't allowed to install apps from this source...". There is a button on the popup that sends you straight to the correct settings page, you flip the switch and the app installs.

fox Aug 26, 2025

@Sandelinos @glyph @zoee @RyanHyde @bigzaphod @alexia Oh yeah I forgot you could install it from the download notification, but even then you need to flip the unknown apps switch. In the settings page linked you have to scroll to your browser (at least on my device) and then flip the switch. And even then Play Protect is on so Google scans the app before its allowed to be installed.

Sandelinos Aug 26, 2025

@pixelsfanryo @glyph @zoee @RyanHyde @bigzaphod @alexia Yes I agree with your point, just correcting the details.

fox Aug 26, 2025

@glyph @zoee @RyanHyde @bigzaphod @alexia I didnt even notice you linked a article that says malicious apps on *Google Play store*. Apps there are already verified! So no its not the free reign in question, in fact it shows that this verification scheme is not the solution.

Glyph Aug 26, 2025

@pixelsfanryo @zoee @RyanHyde @bigzaphod @alexia put yourself into the mindset of a google exec looking at this problem with the play store. You realize you are going to have to institute much more onerous, slower app reviews, like apple has, to stop this from happening. You know that this will piss off devs, so they will immediately turn to sideloading to get around the new requirements you are pushing on them. So, first, you start tightening the screws to make sure users don’t get used to this

Glyph Aug 26, 2025

@pixelsfanryo @zoee @RyanHyde @bigzaphod @alexia i am not saying they are correct or that they are justified in doing this. What i am saying is that if there is *any* hope to take this power away from corporations, we need to set up a parallel authority with a better mandate that serves the interests of public safety and not just corporate profits. “There’s no reason for this, I sideload what I want!” is not a position that can do that.

Ryan Hyde Aug 26, 2025

@glyph @pixelsfanryo @zoee @alexia I’m just gonna pluck Sean Heber out of this thread because I know he’s not interested in more notifications on this debate. Kindly respond from here if you would.

Li ~ Crystal System Aug 26, 2025

@glyph @pixelsfanryo @zoee @RyanHyde @bigzaphod @alexia

changing whos allowed to decide what software exists and doesn't exist from google to someone else, does not fix the problem that someone who is not me is deciding what i am allowed to run on my device

weather i have to ask googles express permission to be 'allowed to' make applications, or i have to ask the state, changes fuck all, i still do not get to run what i want on my own device.

the issue is it happening at all, and its not who is doing it, and its not magically okay because you swapped out the corporation for the state;

if anything doing this would just ensure the harm that this is explicitly seeking to cause, is more likely to actually happen.

advocating for more authority figures in any sense, is advocating for someone to hold power over others, and to force them to comply (at worst with violence, at best via malware they installed on their device); which is- advocating for people to be harmed and abused.

i.e "i install what i want."

Li ~ Crystal System Aug 26, 2025

@RyanHyde @zoee @bigzaphod @alexia

> Market

this is people making software, its not corperate corperations publish shit in the play store, stop making everything capitalist

> Unregulated

aka: your rights arent violated by the state if you do osmething it doesnt approve of

it is of course neither, this is not a market get that capitalist bullshit out of here, this is me making software and sharing it with everyone; not asking for money or anything the fuck off;

and its not 'unregulated' your free to run av software on your thing, reverse engineer the program, and see that it does things you don't want, and then tell other people this file does things you don't want, this is self-regulated.

unregulated software market is what Google Play is.

you cannot demand i verify my identity, as if thats even a static or clear thing to begin with, for the express purpose of the state being able to hurt me easier if it turns out they deem it 'bad' .

Otto Rask Aug 26, 2025

@RyanHyde @zoee @bigzaphod @alexia

False dilemma. You make it seem like the only option to centralized gatekeeping is an unregulated market infested with malicious actors.

Dame_Sep 3, 2025

@ojrask since have the answers then what are they?

Jacqueline Aug 26, 2025

@RyanHyde @zoee @bigzaphod @alexia

LMAO there are literally only 2 options: letting people run code on their own personal property, and letting a fucking capitalist act as Big Brother

Ryan Hyde Aug 26, 2025

@burnoutqueen @zoee @alexia 👍

Li ~ Crystal System Aug 26, 2025

@burnoutqueen @RyanHyde @zoee @bigzaphod @alexia

i think he wants option 3:

you require permission from the state to make software, and state controls what people run on their phone;

which is functionally equivalent to option 2,

oh yeah, and also your not allowed to point this out, or else your apparently being naive and unrealistic; but ofc; the entire point of this requirement is basically;

so that when someone makes something that is deemed 'malicious' (or, is just pirated, or whatever else they decide,), they can send the police to come and use violence against you.

that's the kinda unwritten part;
since simply requiring id verification on its own does absolutely nothing,

the purpose is to cause harm.

Jacqueline Aug 26, 2025

@RyanHyde @zoee @bigzaphod @alexia

> Look, I’m not saying that <Big Tech Company> should have all the power in the world, or at they should be the sole arbiters.

That's literally what you're defending here. You are literally defending a measure that would, using boomer talk here, stop people from running exes on their own fucking computer.

Ryan Hyde Aug 26, 2025

@burnoutqueen @zoee @alexia Cool, I’m a millennial btw. I wholeheartedly disagree with you, but I don’t think this conversation is going anywhere, so I’m gonna hang this one up.

Have a good one.

Pete / Syllopsium Aug 26, 2025

@RyanHyde @bigzaphod @alexia I'm not sure I have the energy for this argument, but it's not just false equivalence but completely wrong.

Write whatever novel you want - if it violates obscenity laws, hate speech, incitement, or terrorism you'll get prosecuted.

A contraption in your garage *very definitely* needs permission if it transmits into non permitted parts of the EM spectrum, emits too much noise, pollution, has the potential to harm anyone, or you wish to take it out in a public place where standards apply (i.e. building your own car).

I don't like the direction this software is going in, but it's something I've predicted for years and been repeatedly downvoted for particularly when it applies to phones.

A manufacturer releases a phone with a very short security lifecycle. People buy it anyway because they don't care if it affects anyone else, as long as it appears to work for them. Go down this road, *eventually* the result is signed, time bombed, mandated, remote disableable firmware.

@RyanHyde @bigzaphod @alexia you're incorrect

A 2x4 with a nail through it can do plenty of harm and that's at the very bottom of harmful devices a determined hobbyist could make. Or, going by novels, Mein Kampf, Atlas Shrugged, Turner Diaries etc have inspired all kinds of vile people and events.

None of that justifies requiring permission and ID to access basic tools that 99.99% of people use completely innocuously.

Ryan Hyde Aug 26, 2025

@beeoproblem @bigzaphod @alexia Buying tools is not distributing weapons. Building code is not publishing malware. You’re free to the former in both scenarios. You’re not allowed to do the latter, and someone has to be sure that’s not your aim.

There are reasons regulation exists, and while many regulations go too far, eliminating them would be worse than having them.

I encourage you to read my other responses elsewhere here. I’m not advocating for corporations to wield all the power. But I also don’t trust every random developer in the world.

Ryan Hyde Aug 26, 2025

@beeoproblem @bigzaphod OP asked me to get the fuck out of her replied, so this comment omits her. Please reply here if you need to continue.

Edit: pronouns

@RyanHyde @bigzaphod if your issue is not trusting J Random Developer you already have a solution that mostly works. Get your apps from a trusted and vetted app store and never side load. You never need to trust J Ransom Dev ever again.

If one decides to forego that protection then it's on them. Google is pretending to solve a problem that barely exists likely to get around recent court rulings. If they actually cared about security they'd vet play store apps more thoroughly.

Ryan Hyde Aug 26, 2025

@beeoproblem @bigzaphod I wholeheartedly agree that the details here are complex and the motivations are murky. The original statement that there should be no regulation in place for software distribution on a given platform is nonsense. That’s 100% of my point.

As I’ve said elsewhere, regulation and distribution should be in tension. The proper tension is super hard to achieve and often is somewhat out of balance, but getting pissed like OP and saying there should be no regulation at all is a very problematic overreaction that would obviously invite more harm that the current system in the marketplace of software distribution.

Li ~ Crystal System Aug 26, 2025

@RyanHyde @beeoproblem @bigzaphod @alexia

> There are reasons regulation exists, and while many regulations go too far, eliminating them would be worse than having them.

"regulations" are enforced through systemic violence and harm from the state & the entire purpose of ' verifying identity ' of developers is so you can inflict said violence and harm onto them, using said weapons given to those whom '"""have to"""" make sure thats not your aim;'

the world is and always will be, better off without large power authority figures with the ability to cause harm to people and pretend its fine,

eliminating regulations would be eliminating systemic violence and harm being done to people in the name of 'enforcing' said regulations, thus the world would be infinitely better off without them

doing so is harm reduction which is good; - what we need is standardization

you don't trust every random developer in the world? cool dont install their software then. don't demand they dox themselves to an authority figure

Ryan Hyde Aug 26, 2025

@Li @beeoproblem @bigzaphod lol. Yikes. Jfc, what a naive and unrealistic worldview you’ve constructed or adopted.

Honestly, just wow.

Li ~ Crystal System Aug 26, 2025

@RyanHyde @beeoproblem @bigzaphod

naieve and unrealistic?

everything i have stated here is correct;

in order to 'enforce regulations' the one enforcing them will:

- violate peoples fundamental right to free movement and travel (state sanctioned kidnapping, legitimized as: prisons, mental hospitals, border control, etc)

- violate peoples fundamental right to exist and live (see state sanctioned murder, legitimized as: executions, military, police).

- violate peoples fundamental right to autonomy, (see everything.)

i am stating the inevitable conclusion of what endorsing your leads too.

if you are on support of authority figures and laws and shit, then you are in support of human rights violations, and systemic dehumanization and violence, because that is how that effectively works; and therefore, what you are implicitly advocating in favour of.

google isn't going to send you anything, or come over to your place, they have no reason to ask for your information besides to do this;

Ryan Hyde Aug 26, 2025

@Li @beeoproblem This is so embarrassing for you.

To be clear, I have no respect for your argument and I’m not open to engaging with you further.

Ariaflame Aug 26, 2025

@beeoproblem @RyanHyde @bigzaphod @alexia So you leave your house completely unlocked so anyone can get in all the time then?

@ariaflame @RyanHyde @bigzaphod @alexia

This is about access to tools, not about how individuals secure their systems or choose to install software. If we were to go with your metaphor my position is "If you leave your door unlocked and get robbed it's your fault. Big government does not need to enforce a curfew to protect you from your own carelessness"

LR Aug 26, 2025

@RyanHyde @bigzaphod @alexia fun fact: lots of trojan horses on google play with verified status. grammarly is one example. does "ai-powered text correction", and sends all text you enter into any form to its servers to achieve that.

the fallacy here is seeing google as a trustable arbiter.

Li ~ Crystal System Aug 26, 2025

@lritter @RyanHyde @bigzaphod @alexia

no no you see its only malware if the one whos doing it is not a corperation or the state-

such is the shitlib way <3

Ryan Hyde Aug 26, 2025

@lritter @bigzaphod @alexia Regulation creates friction. Just because it’s not perfect doesn’t mean it’s better than nothing. Nothing is ever perfect. It’s about finding the correct balance, and while the current system is not in balance, advocating for the elimination of the entire thing is naive and harmful.

LR Aug 26, 2025

@RyanHyde @bigzaphod @alexia you're apparently replying to something with the subtext of "there should be no arbiters", which i didn't write. so i can only agree with you on this.

Li ~ Crystal System Aug 26, 2025

@RyanHyde @bigzaphod @alexia

False False Equivalency,

it is literally impossible to make a keylogger on mobile, due to the permission system on mobile oses;

he only way it would be possible is if
1- your device is rooted and you grant the app root permissions

2- you explicitly gave it permission to see all your keystrokes via accessibility settings (only on some os'es i think?)

3- your app is literally a custom keyboard.

most malware on mobile is infostealers, or spyware, maybe ransomware is possible but i've never heard of it,

but also -- most "legitimate" software on the play store or otherwise following commercial interests, thus actually going to 'the market' .. is spyware or infostealers.

please get the details correct before you endorse systemic violence

Li ~ Crystal System Aug 26, 2025

@RyanHyde @bigzaphod

anyway, bit of a rant but; whats this, a permissions system? it can only access your keystrokes if you specifically allow it to access your keystrokes?

its possible to make actual safetynets that
1- actually do something and work (i.e malware on mobile is actually almost non-existent)

and

2-
*theretically* don't have to encroach on user freedom (i can still make a keylogger and install it if i want too, it just is very obviously a keylogger and i have to approve my keys being logged, which .. no one would really do, (unless you frame it as a 'ai spellchecker' and its backed by a big company, of course <3)

(note: i am not saying android* does this just that its doable)

AND that don't rely on systemic violence and human rights violations just renamed to something more 'acceptable' and we all pretend its fine and collectively dehumanize those its happening too, whom demands you all give them your information in advance so it can do that easier if it decides it wants too?

whaoo

fox Aug 26, 2025

@RyanHyde @bigzaphod @alexia Who defines whats a "harmful" software? Google? And even if we assume Google is a good corporation, you are still creating a central checking point for all software. What happens when payment processors start demanding that apps harmful to their reputation are blocked by Google? Now you are at the mercy of anyone that can force Google's hand which includes governments around the world. This is just handing more power to those already in power.

fox Aug 26, 2025

@RyanHyde @bigzaphod @alexia And if you are so afraid of harmful software dont sideload apps, its that simple. All apps on the play store are already verified by Google. And even right now, any app that you try to sideload is scanned by play protect by default, and if Google deems it "unsafe" it gets blocked. That is on top of the switch for sideloading deep in the settings that has to be flipped before you can sideload apps. I dont see how this is not enough security for the ordinary user.

)}]Aug 26, 2025

@RyanHyde @bigzaphod @alexia
My Android device has four different custom keyboards that I can choose between at any time. All operate offline and are Not Cloud and Not AI.

I specifically trust the developer of FlickBoard to not log my keystrokes. Even after reading this:
https://natkr.com/2025-01-08-trust/

Trust | natkr's ramblings

A few days ago, I was talking to an old friend of mine about that weird project I've been working on for the last few months.

Jacqueline Aug 26, 2025

@RyanHyde @bigzaphod @alexia

Hey, I don't want a major corporation to stop me from running my own code on my own device that I bought with my own money.

Thanks for listening to my Ted talk

Jacqueline Aug 26, 2025

@RyanHyde @bigzaphod @alexia

I don't know about you, but I don't think it's a good thing for a fucking corpo to tell me what I can and cannot do.

leah & tigers & bears, oh my!Aug 26, 2025

@RyanHyde @alexia @bigzaphod and what's cool about relying on big centralised bureaucracies to make sure everyone plays nicely is that they're always benevolent, always hyper-efficient, never make mistakes, and never leak confidential information. see also the US government.

(this *is* how we play this game, right?)

Ryan Hyde Aug 26, 2025

@thamesynne @alexia @bigzaphod Not really, to answer your last question. A repudiation of one dumb idea isn’t an endorsement of its inversion. What’s fun about middle ground is that it always exists, and there’s more of it than you’d think!

Li ~ Crystal System Aug 26, 2025

@RyanHyde @thamesynne @alexia @bigzaphod

not endorsing the first idea-- is endorsing anarchy, otherwise your just endorsing the first one again;

there is no 'middle ground' on this -- that's just unironically doing the centrist meme where its like "what if we murder half the jews"

.. either you support actual human rights (i.e where they arent violated just because an authority figure said so) .. or you don't ...

it sounds like you don't.

Ryan Hyde Aug 26, 2025

@Li @thamesynne @bigzaphod So, you’re right that I should have said “almost always” a middle ground. There are plenty of things for which there is no middle ground.

The topic at hand isn’t genocide though, so let’s not extend this to illogical extremes.

Enys (Yao)Aug 26, 2025

@RyanHyde the middle ground already exists, and it's the current side-loading process, which requires you to *explicitly* choose a somewhat obscure setting, to allow installation of apps of "unknown sources"

someone who is sideloading will generally already know what they're doing, since they have to flip this permission on. even if done permanently, it's not a global option but a per-app option to allow such installs from, say, the file manager. malware detection via Google Play Protect is *also* already a thing, mentioned in the linked article

you appear to have assumed that arguing against centralized signature verifiers to be *allowed to develop for Android,* means arguing against *any* attempt at verification. instead, it's really just: "Android, let's not do exactly what Apple is doing to wall in the garden, thanks"

seems like the best middle ground would be for Google to simply, not do this thing

Ryan Hyde Aug 26, 2025

@yaodema That’s not what I’m arguing about. Go to my original post. I’m just saying that advocating for the tearing down of all regulation is dumb. I get that the statement I responded to was in relation to this side loading question, but the statement itself went far beyond that context.

Serenus Aug 26, 2025

@RyanHyde So basically, you’re arguing an entirely separate point from the OP?

OP said that systems should not require (emphasis on require) software to be approved for creation or distribution. That’s different from the idea that there shouldn’t be any approved source or sources of software, which is the strawman you seem to have set up. Having signed software is fine, the critique is that you should have the choice to run whatever you want to run, approved or otherwise, on your own hardware.

Ryan Hyde Aug 26, 2025

@Serenus I don’t see the original comment I responded to as being this nuanced. If you do, that’s fine, but it stood out as a pretty stark “gtfo of here with all of your regulation” statement, and I think that stance is very very dumb.

You can call this a strawman if you want, but I disagree with the assessment.