0xedbGoogle details new 24-hour process to sideload unverified Android apps
https://android-developers.googleblog.com/2026/03/android-de...
The part in the flow where you select between allowing app installs for 7 days or forever is a glimpse into the future. That toggle shows the thought process that's going on at Google.
I can bet that a few versions down the line, the "Not recommended" option of allowing installs indefinitely will become so not recommended that they'll remove it outright. Then shrink the 7 day window to 3 days or less. Or only give users one allowed attempt at installing an app, after which it's another 24 hour waiting period for you. Then ask the user to verify themselves as a developer if they want to install whatever they want. Whatever helps them turn people away from alternatives and shrink the odds of someone dislodging their monopoly, they will do. Anything to drive people to Google Play only.
All apps should be open source and subject to verification by nonprofit repositories like F-Droid which have scary warnings on software that does undesirable things. For-profit appstores like Google and Apple that allow closed source software are too friendly to scams and malware.
That's absurd.
No more absurd than letting a megacorp control what I install on my own device.
Instead the megacorp forces open source licensing, which doesn't solve any of this shit anyway lol
It's also true, the best way to audit software is source-code and behavior analysis. Google and Apple do surprisingly minimal amounts of auditing of the software they allow on the Play Store and App Store, mostly because they can't, by design. It should shock absolutely nobody then that those distribution methods are much more at risk of malware.
No one is auditing. Behavior analysis works on closed source software too.
Most open source repositories do have eyes on the code. Debian often has separate maintainers who maintain patches specific to Debian.
It's not a coincidence that Linux distros are much less susceptible to malware in their official repositories. It's a result of the system. Trusted software currated and reviewed by maintainers.
The play store will always have significant amounts of malware, so this entire conversation is moot.
A lot of dubious claims here.
1. "Most open source repositories do have eyes on the code"
Seems basically impossible that this is true.
"Debian often has separate maintainers who maintain patches specific to Debian." does not support the previous statement. Debian cherry picks patches, yes.
2. "It's not a coincidence that Linux distros are much less susceptible to malware in their official repositories."
Not only is it not a coincidence, it seems to not even be true.
3. "The play store will always have significant amounts of malware, so this entire conversation is moot."
This seems to just be "a problem can not be totally solved, therefor making progress on this problem is pointless to attempt". I... just reject this?
Why would I need to invalidate claims made with no support that seem obviously incorrect? Certainly I won't accept them.