0xedbGoogle details new 24-hour process to sideload unverified Android apps
https://android-developers.googleblog.com/2026/03/android-de...
The part in the flow where you select between allowing app installs for 7 days or forever is a glimpse into the future. That toggle shows the thought process that's going on at Google.
I can bet that a few versions down the line, the "Not recommended" option of allowing installs indefinitely will become so not recommended that they'll remove it outright. Then shrink the 7 day window to 3 days or less. Or only give users one allowed attempt at installing an app, after which it's another 24 hour waiting period for you. Then ask the user to verify themselves as a developer if they want to install whatever they want. Whatever helps them turn people away from alternatives and shrink the odds of someone dislodging their monopoly, they will do. Anything to drive people to Google Play only.
Let's say I'm sitting outside of your office with a bazooka and boxes of high explosives. You ask my why, and I say, "someone might try to rob this office." You say, "somehow, that does not persuade me that a stranger should loiter outside of my workplace with a massive stockpile of ordinance." I reply, "what's your solution to combat robberies?"
let's say I put a lock on an office door. You say "Why? Bazookas will get through the door anyways".
I don't know how I feel about this change but context does in fact matter about whether something is a good idea or not
Is it a lock? I buy a building and the builder put an id verification lock on the doors and I am not allowed to remove it. And they also require a separate one time fee of 2 to 5 percent of the purchase price.
Metaphors have their limits.
In physical world, there’s only so many people who can rob you if you do something stupid (like constantly give away copies of your keys to strangers), they will be very noticeable when they are doing so, and if you feel like something’s off you can always change the lock.
On the Internet, an you are fair game to anyone and everyone in the entire world (where in some jurisdictions even if it’s known precisely who is the figurative robber they wouldn’t face any consequences), you could get pwned as a result of an undirected mass attack, and if you do get pwned you get pwned invisibly and persistently.
Some might say in these circumstances the management company installing a (figurative) biometric lock is warranted, and the most reliable way to stop unsuspecting residents from figuratively giving access to random masked strangers (in exchange for often very minor promised convenience) is to require money to change hands. Of course, that is predicated on that figurative management company 1) constantly upping their defences against tenacious, well-funded adversaries across the globe and 2) themselves being careful about their roster of approved trusted parties, whom they make it easy to grant access to your premises to.
The trouble with your analogy is that physical reality works the same way. People have been committing mail fraud since the advent of post offices. Spies have been planting bugs on delivered goods since the invention of bugs. The thing that causes this isn't digital devices, it's long-distance delivery of goods and messages.
Meanwhile installing software on your own device is the thing that isn't that. They're preventing it even when you're the owner of the device and have physical access to it. They're not installing a lock so that only you can get in, they're locking you out of your own building so they can install a toll booth on the door.
All of your examples require, to successfully attack one target, a level of effort (hiring human spies and keeping them happy so that they don’t whistleblow or swap sides, planting physical bugs, etc.) vastly incomparable with a level of effort required to attack millions upon millions of targets; and just as incomparably higher stakes of an unsuccessful operation (actual people going to jail, versus being perfectly safe in a jurisdiction that does not extradite).
it already has a lock, by default you're not allowed to install apps in android you have to accepts a bunch of prompts and configurations (the key) and now you won't even have the key