When Google said they were going to require verification from every single Android developer that would end the ability to install applications from outside of the Play Store (commonly wrongfully referred to as “sideloading”), it caused quite a backlash. The company then backtracked a little bit, and said they would come up with an “advanced flow” to make sure installing applications from outside of the Play Store remained possible. Well, Google has detailed this “advanced flow”, and as everyone expected, it’s such a massive list of onerous hoops to jump through they might as well just lock Android down to the Play Store and get it over with.
First, if a developer is verified, you can download their applications to your device and install them the same way you can do now. Second, developers with “limited distribution accounts”, such as students or hobby projects, can share their applications with up to 20 devices without verification. Third, and this is where the fun starts, we have unverified developers – basically what all Android developers sharing applications outside of the Play Store are now.
Here’s the full “advanced flow” as described by Google to allow you to install an application from an unverified developer:
- Enable developer mode in system settings: Activating this is simple. This prevents accidental triggers or “one-tap” bypasses often used in high-pressure scams.
- Confirm you aren’t being coached: There is a quick check to make sure that no one is talking you into turning off your security. While power users know how to vet apps, scammers often pressure victims into disabling protections.
- Restart your phone and reauthenticate: This cuts off any remote access or active phone calls a scammer might be using to watch what you’re doing.
- Come back after the protective waiting period and verify: There is a one-time, one-day wait and then you can confirm that this is really you who’s making this change with our biometric authentication (fingerprint or face unlock) or device PIN. Scammers rely on manufactured urgency, so this breaks their spell and gives you time to think.
↫ Matthew Forsythe at the Android Developers Blog
- Install apps: Once you confirm you understand the risks, you’re all set to install apps from unverified developers, with the option of enabling for 7 days or indefinitely. For safety, you’ll still see a warning that the app is from an unverified developer, but you can just tap “Install Anyway.”
Setting aside the fact that developer verification is, in and of itself, a massive problem, I’m kind of okay with a few scary warnings, a disclaimer, and perhaps a single reboot to enable installing applications outside of the Play Store – a few things to make normal people shrug their shoulders and not bother. However, adding enabling developer mode and a goddamn 24-hour waiting period is batshit insanity, and clearly has the intention of discouraging everyone, effectively locking Android to the Play Store.
Android is already basically an entirely locked-down, closed-source platform, and once this “advanced flow” comes into force, there’s virtually no difference between iOS and Android, especially for us Europeans who get similarly onerous anti-user nonsense when trying to install alternative application stores on iOS. I see no reason to buy Android over iOS at this point – might as well get the faster phone with better update support.
“I’m kind of okay with a few scary warnings”
I am not. Stores like f-droid and are demonstrably safer than google’s distribution platform, even when not considering that the latter is an ad-riddled piece of peddleware filled with legalised scams.
I reported a fake Google calendar app, and it stayed up on the play store for over 3 months. Also, I’d rather not have to enable developer mode to sideload apps. I shouldn’t have to open up that kind of access for it.
FlyingBoats
It’s a slow moving lock-down. Keep taking away little by little to effectively kill competition for the masses, yet still be able to say owners aren’t restricted for antitrust purposes. Apple have been moving this way with macos, google with android…microsoft tried with windows and backed out due to outrage, but they’ll probably try again. By taking baby steps towards restricted computing, restrictions becomes normalized and accepted by society long term.
Our digital rights are fragile, especially when they get taken away by corporations pretending to be our pals. Selling us hardware and not giving us the keys is a scam and always has been. Ethically corporations are not entitled to have any rights whatsoever over hardware they don’t own, and yet governments have become too corrupt to protect consumer rights over their own electronics. If there were justice owners would have the explicit right to control the keys to their own hardware if they so desire and we should all be allowed to tell google/microsoft/apple to fuck off when it comes to hardware we’ve paid for.
Keep in mind the scary warnings are for unsigned apps only. Every mainstream OS that supports “sideloading” has some form of app signing in place nowadays (Windows, MacOS, Android), and bypassing it invariably involves some scary warnings and also finding some almost-hidden button to loosen up the security.
I haven’t decided if this is a good thing or a bad thing. Let’s not forget Microsoft played it loose with app signing before Vista (with minimal warnings), and as a result, even major app vendors didn’t sign their exe files. If you don’t believe me, go here and see how many of those exe files from the Windows XP era (published by major GPU vendors!) are unsigned. And when legitimate apps are commonly found unsigned, this makes it harder to tell the dubious apps. So, I haven’t decided how much “friction” an OS vendor should introduce for running unsigned apps, but I am veering towards “at least some to bother casual users”.
There’s a “Turn on indefinitely” option apparently. Giving Google benefit-of-doubt, I can understand the logic behind these, and how making my 70 years old uncle-in-law wait for a whole day before installing something someone posing as a cop on the phone is trying to make him do, will help against scams.
Still, I’d appreciate the same level of effort against all that junk on playstore. I’m looking at you “torchlight 2026” subscription apps. Is it ok for scammers to scam my uncle-in-law into paying 5 dollars just to use the phone’s torch if Google is given a cut?
GrapheneOS officially on Motorola phones (in 2027?) gives me hope
I switched from Android to iOS and now use my old Pixel 6 with GrapheneOS as a second device. This is an “ideal” setup, as neither device runs Google’s Android.
In the context of the article, you consider iOS to be ideal compared to Google locking down their app store in a similar fashion as Apple? I’m sorry that just doesn’t make sense to me. And to be clear, I use an iPhone for right now (my Pixel 8 Pro glitched out and I need a reliable phone until I can replace it with another phone that can run GrapheneOS).
Ideally we’d[1] all be running Linux phones that we fully control…well, apart from the baseband firmware anyway. But that will never happen as long as Apple and Google maintain their duopoly with zero repercussions from the various governments who should be regulating them better.
[1] “We” being the nerds who hang out here, obviously bare Linux on a phone isn’t for everyone…yet.
It’s an “ideal” combination for me (and there were quotes). I get the best of both worlds: I have banking apps and a good camera on my iPhone, and I have the freedom that GrapheneOS offers on my second device when I need it.
I used to be a mobile developer, and I can say that you probably don’t want to use Linux devices, as all of them have bad UX, no security, and no tools for mobile developers that are comparable to what Google and Apple provide for their platforms.
GrapheneOS is probably the best thing we’ve got right now, and honestly, considering all the intimidation they’re getting, platforms are just going to get more closed.
That’s fair; I don’t think I have the patience to juggle two compromise devices, let alone one, so kudos to you.
Well… *I* do, I still miss my Nokia N900, warts and all. The current crop of mobile interfaces available on postmarketOS are far better than Maemo ever was, and my preference is Plasma Mobile as it feels the most cohesive and complete (at least on my x86 tablet). You’re right though, until both the developer ecosystem improves and the various governments support Linux on mobile, it’s not going to happen outside of a single company throwing billions of dollars/euros at it. And then we just end up with three evil corporations bending *nix OSes to serve us ads and spy on us instead of the current two. The fact that iOS is based on Mach and BSD, and Android is based on the Linux kernel, means it can be done. It just once again won’t be the *nix we know and love, rather a bastardization designed to drain us of our privacy and money.
Still, I’d totally rock a Linux smartphone again if one could be had here in the US with actual support from the hardware company that makes it and from the carriers. And no, Purism isn’t the answer, they are one of the most corrupt companies involved in open source, I can’t believe they are still in business.
100% agreed.
I hope more OEMs get onboard. We need alternatives for folks that did not ask for any this locked-down dystopian crap.
This was my first thought as well. But as a Linux user my main concern with iOS / iPadOS continues to be its weird filesystem abstractions and the dependency on iTunes to manually transfer and organize files via USB. On Linux there is a hodgepodge of a few applications and reverse-engineered USB mobile device access libraries that *usually* allow transferring certain file types to certain folders that iOS / iPadOS chooses to present, assuming that Apple doesn’t randomly change its protocol and break stuff for Linux. It’s a far cry from the convenience of accessing and organizing files on an Android device as a USB mass storage device.
And then there is the insanity of iOS / iPadOS forcing even third-party browsers to use the internal WebKit engine that is tied to the OS version, which in turn has major limitations for browser extensions, and it’s probably the most flagrant example of Apple’s forced obsolescence. (This may eventually change in the EU, but still, I hate Apple’s begrudging compliance.) At least when running a crappy Android device that the manufacturer/carrier threw over the fence and never bothered to update I can still usually run an up-to-date browser with important extensions for privacy and convenience.
Frankly I see it as an untenable situation in both camps. Full speed ahead toward Encrapification.
I dunno, these all seem rational to me — except the 24h wait time. One hour is probably sufficient to cause most urgency manufacturers to give up and walk away.
The 24hr wait is really annoying…but I could live with it. Making each and every developer pay $25 and wait to get “verified” means, effectively, a tax and de-anonymization of every single open source/etc app developer/installation, especially via F-Droid and the like.
I run LineageOS anyways, but the whole forcing developers to register, EVEN IF NOT DISTRIBUTING VIA Play store, is complete and utter bull****.
In my work I have actually seen someone get called by “the police” who told them there was a problem with their credit card and they must buy bitcoins to help pay the fee of the Police’s investigation. This someone actually went in person to a store to try and buy bitcoins for that.
The cashier too was completely unaware of what bitcoins were and the someone eventually went back home and gave up on that.
All that to say that I must, extremely begrudgingly, agree that all these security points can make sense when you see the average level of awareness of the enduser.
I still want an easy “I know what I’m doing now leave me alone” button in the initial install of any tool.
I guess it comes down to whether you agree with Google’s security motive for the change, or whether there are underlying motives.
Europe (if it were a real integrated economy, which it isn’t) should do what America does – inject massive amounts of state money in to their tech industry, to build an alternative. Don’t let the American “libertarians” fool you – there is no free market. American businesses get TONS of free money from government, constantly. That’s how they out compete Europe.
Europe is a continent, so I guess you mean the EU. Well, the EU tried to do exactly that, by funding the development of Symbian OS (the last EU-made OS to be relevant to anything):
https://www.zdnet.com/article/embedded-symbian-scheme-gets-eur11m-in-eu-funding/
https://web.archive.org/web/20101104013235/http://blog.symbian.org/2010/11/01/euromillions-for-the-symbian-ecosystem-e22m-committed-to-next-generation-technologies-for-symbian/
However, since the EU operates at the speed of the EU, they did it only months before Nokia decided to ditch Symbian OS in favor of Windows Phone:
https://www.engadget.com/2011-02-11-rip-symbian.html
Fortunately, the EU was able to cancel the proverbial cheque before Nokia could cash it, so at least no taxpayer money was spent:
https://www.engadget.com/2011-05-24-european-commission-regains-sanity-cancels-22-million-symbeose.html
—
Generally, that ship has sailed. The EU’s labor laws essentially prevent companies from competing with American or Asian technology companies (where working 14 hours 7 days a week during “crunch time” is considered “normal”), and no amount of taxpayer euros will fix that. The reason Symbian OS held on for so long was due to the coincidental stagnation of Windows Mobile and the smartphone market in general.
I know, I owned a Nokia N70, and I was surprised by how little the OS had changed since I’d used a friend’s Nokia 6600, not just in appearance but also in functionality (in fact, some of the changes, such as a gallery that didn’t recognize folders, were for the worse).
The alternative is Android. The EU just needs to fund the open-source parts, wrestle control of it from Android.
Google will never be allowed to obstruct normal installation of applications on Android in any meaningful way.
Never allowed by who? Outside the EU, where they don’t have to offer alternative app stores, they can do whatever they want. Play Services can block any app Google wants on your Android device.
Yes, you can theoretically run a Play Services-less AOSP build (using MicroG or whatever), but compatibility with banking and government apps isn’t guaranteed, so most people don’t and won’t.
To be honest, I expected much worse. I expected it to require you to connect your Android device to a PC and run obscure ADB commands (like you already have to do in order to install an apk targeting a low API level) or having to “register as a developer” on some website controlled by Google.
The fact it can be achieved only through local clicks (okay, taps) on the device is much less worse than I expected. The 24-hour waiting period is a minor roadblock, but fortunately you have to do it only once.
The problem with this approach is that you need to be in “Developer” mode indefinitely. There are banking and government apps that refuse to run on devices that have “Developer” mode enabled. In this particular scenario:
1. You would have to jump through hoops to install your app, disable “Developer” mode when using these restrictive apps.
2. Jump through hoops again to enable the feature, to update your app, Disable “Developer” mode again when you’re done.
3. Repeat the above until you eventually just give up or Google makes it even harder.
I don’t think we are out of the woods just yet. The fact that bootloader unlocking is no longer a thing, leaves us with very little choices. Google knows and is exerting this pressure to limit our choices. The fact that Google is resorting to these measures after loosing their battle with Epic, is too convenient of an excuse that they are now concerned with user’s safety.
adkilla,
Google are very two faced about the whole thing and I think they do it for antitrust reasons. Google have weaponized 3rd parties to do google’s bidding. They want to be able to say “look it’s not us who are preventing owners from rooting/modding firmwares/etc, it’s 3rd parties that did this. Meanwhile google have been conniving behind the scenes with the intent of explicitly helping 3rd parties to discriminate against power users on android. Google know what they’re doing and this isn’t a side effect, this malicious goal is the point: create lots of friction and make alternatives much less appealing. The original owner of android believed in openness and did everything he could to ensure android would stay open, but it’s no longer his baby and modern day google don’t believe in this cause anymore.
The travesty is that these corporate schemes actually work in shaping the future of technology. Even if a few percent strongly resist, it becomes a case of permanent hardship while constantly trying to paddle upstream. Tech industry giants seem to be set on leading via enshitification. Even government regulators are so corrupt that they seem to be effectively playing for the corporations too. And so every generation things become worse and worse for owner rights & control. I wish more could be done to stop this corporate take over. 🙁
In my opinion, the hard lesson here is that using an open-source OS doesn’t shield you from DRM or the general enshittification of the OS experience:
– Android has Play Services (which includes a DRM framework and a also includes a “platform integrity” framework for good measure)
– Desktop Linux has Steam (which includes a DRM framework).
It doesn’t matter if the OS developer adds the DRM framework (Android) or if someone takes a clean OS (Arch Linux), adds their DRM framework on top (Steam), and calls the new OS DRMedOS (SteamOS).
In both cases, the result is the same: If enough important (or “important”) apps have a dependency on the DRM Framework in question, it becomes an implicit part of the OS, to the point users start demanding it even comes pre-installed (I mean, who buys Huawei phones these days?). Then the DRM Framework can help itself into more and more sensitive parts of the OS with each new version (up to and including blocking installation of other apps), since users need it.
So, what does shield a person from DRM and the general enshittification of the OS experience? Especially considering that some apps that have a dependency on some DRM Framework (Play Services) are mandated by governments for identification or immigration purposes?
kurkosdr,
I agree. The tivoization of FOSS operating systems has become normalized in the consumer space. Tech giants are happy to embrace FOSS operating systems but there’s little stopping them from locking them down and depriving owners of the keys.
The world might be quite a bit different if GNU anticipated DRM early during the formative years for GPL/etc. But now, for better or worse, GPL doesn’t mandate owners be handed the keys to unlock the OS, and these restrictions have crept into the majority of consumer devices.
A lot of steam games don’t actually use steam DRM, sometimes it’s just used for payment and distribution. But I agree if you are anti-DRM steam are a dual edged sword….They have done a lot of legwork to support windows games on linux, finally making linux a viable platform for gaming, but they have implemented their own DRM and permit publishers to use it.
Sticking with open source does shield us from that, but obviously your point is that a lot of software isn’t available as open source. IMHO the best solution is really to keep all the DRM software sandboxed running under a hypervisor., There might actually be some viable options for implementing this in the short term, meaning the DRM itself is restricted (ironic eh!). But long term, hardware attestation can foil this as software publishers shift to DRM that uses hardware attestation.
Exactly, and to clarify, the big problem is governmental software that has a dependency on Play Services (which is proprietary software). For example, I had to use the following app to check my National Insurance record:
https://play.google.com/store/apps/details?id=uk.gov.documentchecking
If you are not a UK citizen, the only way to check your National Insurance record is to use this app, there is no way to do it via paperwork.
Keep in mind, this is something you have to do if you want to see gap years in your National Insurance record and be given the option to fill them, so I couldn’t go the Richard Stallman way of “just not using this software”.
Note: My specific problem was that my phone (HTC U11+) is too old (Android 9) for this app, and flashing a newer Android ROM could mess with “platform integrity” or whatever. Eventually, I borrowed a Samsung phone with Android 10 to run the app.
And what happens when Play Services “platform integrity” is updated to detect hypervisors (something other DRM like Denuvo already does)? In fact, does “platform integrity” already fail when Android runs virtualized? No idea.
So, my question remains: What does shield a person from DRM and the general enshittification of the OS experience?
This question is especially pressing on phones, since it’s not practical to carry two phones.
kurkosdr,
In principal, any test that is performed inside a hypervisor can be skipped/faked. It may not be easy, but always technically possible. No DRM can prevent a hypervisor from changing it’s state to bypass DRM.
Hardware attestation doesn’t really change the hack-ability fate of software running inside the hypervisor since these tests can be faked too. Instead, the cryptographic strength of hardware attestation is in convincing remote services outside a sandbox/hypervisor whether or not that the user system is running an allowed configuration. The hypervisor can’t fake these signatures for the remote server, therefor the server can refuse to let you log into your accounts, refuse to stream movies, etc.
The other reality is that even when DRM is cryptographically weak, it doesn’t necessarily offer a helpful way for normal users to avoid its restrictions because normal people aren’t hackers. If someone’s bank/employer/streaming provider/etc use DRM then most users have little choice but to live with owner restrictions on their own hardware.
Personally I voted with my feet and installed lineageos with micro-g to replace proprietary google services (knowing that there would be DRM issues). I had to loose access to various services and mobile banking. And despite my best efforts I failed. One of the companies I contract for forced us to have an unmodded google/apple personal phone to log into the corporate VPN. I told them directly it’s my choice what OS I want to run on my personal phone, but they wouldn’t budge. Nor did they purchase a phone to satisfy their requirement when I asked them to. At least I could morally rationalize that, but no…they forced me to buy it at my personal expense.
Whether it’s governments, employers, whoever, the pressure is just enormous. I hate being forced into the duopoly.
Bootloader unlocking is a thing on Pixel phones and tablets, since Pixel phones and tablets are developer devices that developers should be able to flash AOSP builds on.
The problem is not the Android build you run, the problem is that some banking and government apps require Play Services to function, and Play Services is the thing that imposes with the sideloading restrictions mentioned in the article on your Android build.
In plain English, too many important apps require Play Services to function, so unsurprisingly, Play Services is what Google uses to implement this new restriction.
The only solution I can think of is to enable “Developer” mode only when you need to update unsigned apps (and then disable it again immediately so your banking and governent apps work) and “batch” your updates of usigned apps so you only do it once a month (for example), which may make the 24-hour waiting period less onerous. But yeah, it sucks.
It’s safe to assume Epic will sign their apps, they already do for Windows and MacOS. This is not about Epic, it’s about apps that violate the TOS of some Google property (for example, YouTube apps that bypass ads) and that may or may not have trouble getting signed (we still don’t know).
This is why I have mixed feelings about app signing/notarization (with a certificate blessed by the OS vendor). On one hand, if the OS allows users to run unsigned apps without too much friction, you get Windows XP, which theoreticlaly has an app signing/notarization mechanism but even big firms like Nvidia didn’t bother. If the OS puts too much friction on running unsigned apps, you get… well, you get what the article is about.
kurkosdr,,
IMHO application signing isn’t the problem, it’s actually a good thing and if it weren’t for google’s monopolization of it I actually like that the OS does it. The real problem stems from centralized control and coercion, and unfortunately google’s solution embodies both of these problems while depriving owners of rights over their own devices. This is ethically wrong but Google are going this route because harming user rights fits their own business agenda.
Consider if web browser certificates worked the same way:
1) google would control everything the browser can open, anything not google approved gets blocked.
2) all websites would have to register through google, they alone decide whether to approve or disapprove websites.
3) users who don’t like google having this control have to go through a “high friction” process to access arbitrary websites with the benefit of certificates and wait 24 hours to do so.
I think we all agree that google’s artificial difficulties suck, but leaving it there lets google off the hook for engineering such a shitty outcome: crypto signatures must be all or nothing, application certificates only work by submitting to google’s control over everything. This outcome isn’t prescribed by crypto and but android didn’t have to be engineered like this. Cryptographic signatures don’t mandate these kinds of monopolistic bullshit policies, that’s a google thing.
The good thing about web browsers is that, if a web browser gives you too many “invalid certificate” errors on legitimate websites, you can always download and install another browser that accepts more CAs (or more accurately, their root certificates) and use that one instead (or even both, if some websites require the other browser).
People are much less likely to dual-boot OSes (especially on phones and tablets), so the OS vendor has much more control. In plain English, even if Google accepts a list of CAs, they’d still have complete control by only accepting CAs that play ball with their terms (aka their commercial interests). Keep in mind that Play Services is proprietary software, so if Google accepts a list of “blessed” CAs, the list of CAs will be hardcoded in Play Services, encrypted, tamper-proof etc
And this is why I said in my previous comment that I have mixed feelings about app signing/notarization (with a certificate blessed by the OS vendor).
kurkosdr,
Yes, the nice thing about web certs is that we have some choices and we’re not stuck with an absolute monopoly. I wouldn’t mind android enforcing signed apps IF google didn’t monopolize the feature around their own app store. That’s a big part of the problem. If google weren’t monopolizing it for themselves, then the app signing would be a far less onerous requirement – something that FOSS devs and alt-stores like F-Droid could legitimately get behind.
Users of F-Droid have a reasonable expectation to have their device trust software signed by f-droid and Google has no business interfering with that. Yet google’s proposal actually leaves android users less secure by requiring users to full disable application signing, making the security feature exclusive to google. It’s a shameful move by google. This is not a shortcoming of the crypto, google’s could have designed android to be more secure while also making the technology impartial.
I think you are still viewing the app signing solution as though it’s all or nothing, or that it requires google to monopolize it. But cryptographically this need not be the case. Just like web certificates are not monopolized, software certificates don’t need to be either.
The root of the problem has to do with google’s motivations. They don’t want to be impartial, they want to be monopoly. I suppose this describes all of our tech giants though 🙁
If google started using their coercive signing powers too much they would be slapped with antitrust case.
Apparently you’ll be able to disable developer mode and not jump through the hoops again
I suppose they have no choice, they have a problem of their own making coming. AI is quickly becoming capable of authoring greatly improved drivers and libraries to not extend the life of old hardware but also greatly improve it’s performance and reliability. Hardware the likes of Google, Apple and MS want made redundant. So they have a corporate model that has no choice but to block the monster they have created. Did they see this coming and just ignore it, or are they victims of their own hubris? Should they change their brand name to Frankenstein?
I don’t know why power users are punished just because stupid users are still installing scamware. Most of which comes from Google’s own Play Store, I suspect.
Clearly Android will be no longer reasonably usable as a general-purpose OS.