Eugen Rochko
Denzil Ferreira@Gargron the review process at Google can be a PITA, but for a good reason. Permissions to access more than an app really needs can be exploited for harvesting private information on a seemless update that most won't even notice. Side loaded apps downloaded from say APK mirror can have been tampered with using smali edits and you won't know. What Google should do is certified dev signing keys to trace and confirm if an APK is legit or not and coming from the actual dev, regardless of being side loaded.
Chickerino@denzilferreira @Gargron so why dont we do this on windows or linux then, both oses by default dont even have a permissions system and give applications near full access to the device
@Chickerino @Gargron that's not true, you do need to raise admin rights to install something not digitally signed on Windows, and admin credentials to install on Linux. On Linux you have Flatpaks that do have permissions in place, and the software runs on a sandbox with only access to what you allow. Windows does not do any of that - hence I'm not gonna even recommend it.
@denzilferreira @Gargron thats why i said "near" everything, for example on android you need to give permission for the app to be able to access your files outside of the app container, windows by default lets every app access every file that your user has access to, i think thats a bit stinky
@Chickerino @Gargron yes 😅 btw Google is doing exactly what I said: verification of dev certificate on the .APK allowing you to side load authentic apps. Only unverified .APK are blocked https://arstechnica.com/gadgets/2025/08/google-will-block-sideloading-of-unverified-android-apps-starting-next-year/
JuMi@denzilferreira @Chickerino @Gargron it's still opening a door to censor whomever they decide is not an approved developer for whatever reason. It's still not justifiable to completely lock out users to do what they want with their devices.
@jumianr @Chickerino @Gargron I understand this. But we are a minority who want to tinker. For Google, the priority is to protect the large majority of Android users from installing apps that are not legitimately packaged by developers who did publish their app on the Play Store. Developers will be able to install their own apps on their devices if developer mode is enabled and via ADB. And a user will be able to adb install an app if compiled with debug keys. The thing here are release keys, which need to match the play store version of legit apps. This also attempts to prevent repackaging of apps with malware. This is the same on Apple devices. I think people are overreacting to be honest. EU also dictated alternative play stores are possible and pretty sure Google will not be able to enforce Play Store only verified apps to install.
@denzilferreira @jumianr @Gargron this is not a reasonable excuse to remove the freedom that users have to install whatever they want, i would be ok with this if and only if the user was given a clear warning before installing an application and given a choice to do so anyway
besides, apps on android are sandboxed, the damage they can cause (notwithstanding any security vulnerabilities) is limited to the permissions that the user gives, if theres any place this would make sense, i dont think its android, especially considering that mallicious apps or just data stealing apps are very common place on the play store anyway
@Chickerino @jumianr @Gargron and I do believe that will be the case. The only thing they are preventing is installing an app that the package matches what is available on the Play Store and signed with a verified developer account and the app you are trying to install has not been signed with the same certificate. You should be able to install the apks otherwise (no package match, nor verified developer). That does not sound bad to me.
Kevin Karhan 
@denzilferreira @jumianr @Gargron @Chickerino PRECISELY THAT!
- #Google of all companies (worse is only #StasiBook / #NSAbook) has no moral right given their business is based around data harvesting and microtargeting users.
@denzilferreira @Chickerino @Gargron @jumianr precisely!
- If you can't use a device against the manufacturer's will and/or intentions, then you don't own it!