Fabio Manganiello2d ago

#Android is dying.

We all know that #Google wants to kill the “unverified/sideloaded” apps (names carefully selected by Google’s professional gaslighters to give a negative connotation to “apps that are not distributed by Google’s own store”).

We all know that the new “verification process” amounts basically to a ransom where you need to give Google your keys and your money if you want to build apps for Android.

It involves developers handing their signing keys to a user-hostile American company (so they will sign your package for you and will also able to decrypt your secrets) and paying them a $25 fee for each app.

Even if you don’t even use the Play Store to distribute your apps.

This is not a price to pay to get the app distributed through them, nor for using any of their services. It’s a price to pay just because they want to control the whole ecosystem end-to-end, and they know that they can get away with that because you’ll keep using their shitty OS even if you’re outraged at them.

We all know that they got a lot of backlash. And after the backlash they reiterated that they “listened to the community” and would have made a process to still allow people to “sideload apps”.

Well, today that process has been finally unveiled. And it sounds even shittier than I thought.

That’s because Google is currently filled with the best professional enshittificators in the world: the job role of these people is not to build new things, nor to listen to customers and build what they want. No, their job is specifically to find the sweet spot where they can make things as shitty as possible, add as much friction and user frustration as possible to prevent them from doing a certain thing, while still being able to tell regulators “well, it’s not that shitty, you see? We still give users an option - buried under 10 layers of dark patterns”.

In order to install apps external to the Play Store you will have to:

  • Activate the developer settings (the usual “tap the build number 7 times to show the hidden menu” thing)

  • In the developer settings, enable “Allow Unverified Padckages”

  • Confirm that you are not being coerced (seriously, how much malware did they actually see installed by people being coerced or tricked to download and install random APK files?)

  • Restart your device

  • Wait 24 hours

  • Return to the unverified packages settings

  • Scroll past 3-4 additional warnings whose sole purpose is to scare you off

  • Select either “Allow temporarily“ (7 days) or “Allow indefinitely“ (and I’ve got a hunch that the Allow indefinitely option will probably be gradually phased out)

https://arstechnica.com/gadgets/2026/03/google-details-new-24-hour-process-to-sideload-unverified-android-apps/

Google details new 24-hour process to sideload unverified Android apps

The "advanced flow" will be available before verification enforcement begins later this year.

Ars Technica
Show threadCharo del Genio
@fabio with the premise that I agree with the post in principle and certainly in spirit, there is still one big problem. Some companies (and some universities) require the use of authenticating apps that only run on "official" Android/iOS. Some banking applications have a similar requirement. What is a viable way to work around this, if there is one?
Mar 20 at 12:18pmWeb
Show threadFabio Manganiello2d ago

@paraw for now GrapheneOS seems to play well with most of them - at least in the case of my banking + ID apps. Mileage may vary however - the Google Wallet can’t work (I use a separate smartwatch for that), and I’ve heard of some banks (namely HSBC) whose apps also break on GrapheneOS. But in general, if you’re looking for a fully ungoogled Android with 90% of the ID/banking/government apps working, that could be a good pick.

On the long run, once I fully migrate to a Linux phone my plan is still to walk around with another device (switched off by default) that I only use if I need to use an app that wouldn’t otherwise work on my primary driver.

Show threadCarlos Solís2d ago
@paraw @fabio Sadly: being able to afford two separate devices, one that passes all the authentications, and another one for actual private usage.
Show threadszakib1d ago
@paraw @fabio Those companies/universities should provide the device if it is required and the user does not have them.
Show threadCharo del Genio1d ago
@szakib @fabio I agree, but they usually don't. On the other hand, I know of a university that, some time ago, used to pressure their faculty members to use uni-provided devices *also for all their personal stuff*. Devices that had a shitload of surveillance software on them, of course.