When Google said they were going to require verification from every single Android developer that would end the ability to install applications from outside of the Play Store (commonly wrongfully referred to as “sideloading”), it caused quite a backlash. The company then backtracked a little bit, and said they would come up with an “advanced flow” to make sure installing applications from outside of the Play Store remained possible. Well, Google has detailed this “advanced flow”, and as everyone expected, it’s such a massive list of onerous hoops to jump through they might as well just lock Android down to the Play Store and get it over with.
First, if a developer is verified, you can download their applications to your device and install them the same way you can do now. Second, developers with “limited distribution accounts”, such as students or hobby projects, can share their applications with up to 20 devices without verification. Third, and this is where the fun starts, we have unverified developers – basically what all Android developers sharing applications outside of the Play Store are now.
Here’s the full “advanced flow” as described by Google to allow you to install an application from an unverified developer:
- Enable developer mode in system settings: Activating this is simple. This prevents accidental triggers or “one-tap” bypasses often used in high-pressure scams.
- Confirm you aren’t being coached: There is a quick check to make sure that no one is talking you into turning off your security. While power users know how to vet apps, scammers often pressure victims into disabling protections.
- Restart your phone and reauthenticate: This cuts off any remote access or active phone calls a scammer might be using to watch what you’re doing.
- Come back after the protective waiting period and verify: There is a one-time, one-day wait and then you can confirm that this is really you who’s making this change with our biometric authentication (fingerprint or face unlock) or device PIN. Scammers rely on manufactured urgency, so this breaks their spell and gives you time to think.
↫ Matthew Forsythe at the Android Developers Blog
- Install apps: Once you confirm you understand the risks, you’re all set to install apps from unverified developers, with the option of enabling for 7 days or indefinitely. For safety, you’ll still see a warning that the app is from an unverified developer, but you can just tap “Install Anyway.”
Setting aside the fact that developer verification is, in and of itself, a massive problem, I’m kind of okay with a few scary warnings, a disclaimer, and perhaps a single reboot to enable installing applications outside of the Play Store – a few things to make normal people shrug their shoulders and not bother. However, adding enabling developer mode and a goddamn 24-hour waiting period is batshit insanity, and clearly has the intention of discouraging everyone, effectively locking Android to the Play Store.
Android is already basically an entirely locked-down, closed-source platform, and once this “advanced flow” comes into force, there’s virtually no difference between iOS and Android, especially for us Europeans who get similarly onerous anti-user nonsense when trying to install alternative application stores on iOS. I see no reason to buy Android over iOS at this point – might as well get the faster phone with better update support.
