Consumer Rights Wiki

Google Android restrict app sideloading: Difference between revisions

← Older edit
VisualWikitext
Bananabot (talk | contribs)
Bots, confirmed
1,114 edits
Added archive URLs for 12 citation(s) using CRWCitationBot
Rudxain (talk | contribs)
confirmed, superconfirmed
890 edits
m link GrapheneOS
 
(3 intermediate revisions by 2 users not shown)
Line 28: Line 28:
*'''2027:''' Targeted global rollout, eventually covering nearly all certified Android devices.<ref name=":0" /><ref name=":1" />
*'''2027:''' Targeted global rollout, eventually covering nearly all certified Android devices.<ref name=":0" /><ref name=":1" />


The new system applies to certified Android devices which are phones and tablets that ship with [[Google Mobile Services]] (e.g., Pixel, Samsung, Xiaomi). Devices running uncertified AOSP builds or custom ROMs (e.g., GrapheneOS, LineageOS) are not subject to this restriction.<ref name=":2" /> However, uncertified devices often face their own sideloading and app compatibility due to SafetyNet/Play Integrity checks.<ref name=":2" />
The new system applies to certified Android devices which are phones and tablets that ship with [[Google Mobile Services]] (e.g., Pixel, Samsung, Xiaomi). Devices running uncertified AOSP builds or custom ROMs (e.g., GrapheneOS, LineageOS) are not subject to this restriction.<ref name=":2" /> However, uncertified devices often face their own sideloading and app compatibility issues, due to SafetyNet/Play Integrity checks.<ref name=":2" />


==Google's response==
==Google's response==
Line 35: Line 35:
Google emphasized that it will not review or police apps distributed outside the Play Store for content, only verify developer identities.<ref name=":0" /><ref name=":1" /> Google's move gained support from some industry and institutions, including the Developers Alliance, Brazil's banking federation FEBRABAN, and Indonesia's Ministry of Communication and Informatics, all of which praised the move as protecting users from fraud.<ref name=":0" /><ref name=":1" />
Google emphasized that it will not review or police apps distributed outside the Play Store for content, only verify developer identities.<ref name=":0" /><ref name=":1" /> Google's move gained support from some industry and institutions, including the Developers Alliance, Brazil's banking federation FEBRABAN, and Indonesia's Ministry of Communication and Informatics, all of which praised the move as protecting users from fraud.<ref name=":0" /><ref name=":1" />


As backlash mounted, Google took steps to clarify the changes. In late September 2025, an Android Developers Blog Q&A by Android security director Matthew Forsythe reiterated that sideloading is "fundamental to Android" and "absolutely not" going away, stressing the policy's focus on verifying developer identities rather than limiting user choice.<ref name=":7">{{Cite web |date=2025-09-30 |title=Let's talk security: Answering your top questions about Android developer verification |url=https://android-developers.googleblog.com/2025/09/lets-talk-security-answering-your-top.html |url-status=live |access-date=2025-10-27 |website=Android Developers Blog |archive-url=http://web.archive.org/web/20260119211533/https://android-developers.googleblog.com/2025/09/lets-talk-security-answering-your-top.html |archive-date=19 Jan 2026}}</ref> Google assured developers that common workflows remain unaffected; for example, installing test apps via '''ADB''' (Android's debugging tool) will not require verification.<ref name=":7" /> The company also introduced a free "'''limited distribution'''" developer account as well as a new Android Developer Console for students, teachers, and hobbyists, allowing them to publish apps without paying a fee or providing government ID.<ref name=":7" /><ref name=":8">{{Cite web |last=Rahman |first=Mishaal |date=2025-10-02 |title=We finally know how Android's new app verification rules will actually work |url=https://www.androidauthority.com/how-android-app-verification-works-3603559/ |url-status=live |access-date=2025-10-28 |website=Android Authority |archive-url=http://web.archive.org/web/20251228133458/https://www.androidauthority.com/how-android-app-verification-works-3603559/ |archive-date=28 Dec 2025}}</ref> However, these accounts come with significant app distribution restrictions, namely a strict cap on the number of devices that can install their apps. To enforce this restriction, any user of a hobbyist app must retrieve a unique device identifier, and the developer must whitelist that device in the Android Developer Console before the app can be installed.<ref name=":8" /> This two-way device registration limits "free tier" apps to a small, known group of people, whereas anyone aiming to reach a broad audience will need to upgrade to a fully verified paid account.<ref name=":8" />
As backlash mounted, Google took steps to clarify the changes. In late September 2025, an Android Developers Blog Q&A by Android security director Matthew Forsythe reiterated that sideloading is "fundamental to Android" and "absolutely not" going away, stressing the policy's focus on verifying developer identities rather than limiting user choice.<ref name=":7">{{Cite web |date=2025-09-30 |title=Let's talk security: Answering your top questions about Android developer verification |url=https://android-developers.googleblog.com/2025/09/lets-talk-security-answering-your-top.html |url-status=live |access-date=2025-10-27 |website=Android Developers Blog |archive-url=http://web.archive.org/web/20260119211533/https://android-developers.googleblog.com/2025/09/lets-talk-security-answering-your-top.html |archive-date=19 Jan 2026}}</ref> Google assured developers that common workflows remain unaffected; for example, installing test apps via '''[[wikipedia:Android_Debug_Bridge|ADB]]''' will not require verification.<ref name=":7" /> The company also introduced a free "'''limited distribution'''" developer account as well as a new Android Developer Console for students, teachers, and hobbyists, allowing them to publish apps without paying a fee or providing government ID.<ref name=":7" /><ref name=":8">{{Cite web |last=Rahman |first=Mishaal |date=2025-10-02 |title=We finally know how Android's new app verification rules will actually work |url=https://www.androidauthority.com/how-android-app-verification-works-3603559/ |url-status=live |access-date=2025-10-28 |website=Android Authority |archive-url=http://web.archive.org/web/20251228133458/https://www.androidauthority.com/how-android-app-verification-works-3603559/ |archive-date=28 Dec 2025}}</ref> However, these accounts come with significant app distribution restrictions, namely a strict cap on the number of devices that can install their apps. To enforce this restriction, any user of a hobbyist app must retrieve a unique device identifier, and the developer must whitelist that device in the Android Developer Console before the app can be installed.<ref name=":8" /> This two-way device registration limits "free tier" apps to a small, known group of people, whereas anyone aiming to reach a broad audience will need to upgrade to a fully verified paid account.<ref name=":8" />


Google also detailed how the verification enforcement will work. A new system service called the '''Android Developer Verifier''' will check each app at installation to confirm its package name and signing certificate are registered with Google.<ref name=":8" /> Common apps from verified developers can be installed offline thanks to a cached on-device list, but an active internet connection will be required to verify less common apps that aren't in the cache.<ref name=":8" /> To accommodate third-party app stores, Google is developing a "'''pre-auth token'''", a cryptographically signed blob that an alternative app store can pass to the system to pre-verify apps without repeated network calls.<ref name=":8" /> Enforcement of these rules will debut in '''Android 16 QPR2''' (the second quarterly update of Android 16, expected in late 2026), and Google will also update Play Protect on older Android versions to implement similar checks via Google Play Services.<ref name=":8" /> Notably, Google is carving out exceptions for enterprise scenarios: apps deployed through enterprise mobile management on managed work devices will install without developer verification (the assumption being that an organization's IT admin is taking responsibility for those apps' safety).<ref name=":8" /> However, truly offline use cases may prove tricky. Google has noted that entities with devices kept entirely off the internet will need to "determine for themselves" how to handle verification requests (i.e. such devices must periodically connect online to update the trusted app list).<ref name=":8" />
Google also detailed how the verification enforcement will work. A new system service called the '''Android Developer Verifier''' will check each app at installation to confirm its package name and signing certificate are registered with Google.<ref name=":8" /> Common apps from verified developers can be installed offline thanks to a cached on-device list, but an active internet connection will be required to verify less common apps that aren't in the cache.<ref name=":8" /> To accommodate third-party app stores, Google is developing a "'''pre-auth token'''", a cryptographically signed blob that an alternative app store can pass to the system to pre-verify apps without repeated network calls.<ref name=":8" /> Enforcement of these rules will debut in '''Android 16 QPR2''' (the second quarterly update of Android 16, expected in late 2026), and Google will also update Play Protect on older Android versions to implement similar checks via Google Play Services.<ref name=":8" /> Notably, Google is carving out exceptions for enterprise scenarios: apps deployed through enterprise mobile management on managed work devices will install without developer verification (the assumption being that an organization's IT admin is taking responsibility for those apps' safety).<ref name=":8" /> However, truly offline use cases may prove tricky. Google has noted that entities with devices kept entirely off the internet will need to "determine for themselves" how to handle verification requests (i.e. such devices must periodically connect online to update the trusted app list).<ref name=":8" />
Line 42: Line 42:
The announcement sparked backlash in online communities. On [[Reddit]], users accused Google of gradually eroding Android's openness.<ref name=":5">{{Cite web |date=26 Aug 2025 |title=Google will block sideloading of unverified Android apps starting next year |url=https://www.reddit.com/r/Android/comments/1n0f5zt/google_will_block_sideloading_of_unverified/ |access-date=26 Aug 2025 |website=[[Reddit]] |archive-url=http://web.archive.org/web/20250826174618/https://old.reddit.com/r/Android/comments/1n0f5zt/google_will_block_sideloading_of_unverified/ |archive-date=26 Aug 2025}}</ref> Many argued that Android is becoming indistinguishable from iOS, with some stating that they may switch to operating systems from Apple or Linux since Android's openness was its key advantage.<ref name=":5" /><ref>{{Cite web |last=Schenck |first=Stephen |date=27 Aug 2025 |title=With developer verification, I'm struggling to think of Android as a proper smartphone platform |url=https://www.androidauthority.com/android-developer-registration-3591988/ |url-status=live |archive-url=https://web.archive.org/web/20250828113543/https://www.androidauthority.com/android-developer-registration-3591988/ |archive-date=28 Aug 2025 |access-date=28 Aug 2025 |website=Android Authority}}</ref>
The announcement sparked backlash in online communities. On [[Reddit]], users accused Google of gradually eroding Android's openness.<ref name=":5">{{Cite web |date=26 Aug 2025 |title=Google will block sideloading of unverified Android apps starting next year |url=https://www.reddit.com/r/Android/comments/1n0f5zt/google_will_block_sideloading_of_unverified/ |access-date=26 Aug 2025 |website=[[Reddit]] |archive-url=http://web.archive.org/web/20250826174618/https://old.reddit.com/r/Android/comments/1n0f5zt/google_will_block_sideloading_of_unverified/ |archive-date=26 Aug 2025}}</ref> Many argued that Android is becoming indistinguishable from iOS, with some stating that they may switch to operating systems from Apple or Linux since Android's openness was its key advantage.<ref name=":5" /><ref>{{Cite web |last=Schenck |first=Stephen |date=27 Aug 2025 |title=With developer verification, I'm struggling to think of Android as a proper smartphone platform |url=https://www.androidauthority.com/android-developer-registration-3591988/ |url-status=live |archive-url=https://web.archive.org/web/20250828113543/https://www.androidauthority.com/android-developer-registration-3591988/ |archive-date=28 Aug 2025 |access-date=28 Aug 2025 |website=Android Authority}}</ref>


Independent developers raised concerns that hobby projects or sensitive apps (e.g., protest tools, ad-blockers) would be stifled since not all creators are willing to submit government IDs to Google.<ref>{{Cite web |date=25 Aug 2025 |title=Google will allow only apps from verified developers to be installed on Android |url=https://news.ycombinator.com/item?id=45017028 |url-status=live |access-date=26 Aug 2025 |website=Hacker News |archive-url=http://web.archive.org/web/20251219175237/https://news.ycombinator.com/item?id=45017028 |archive-date=19 Dec 2025}}</ref><ref name=":6">{{Cite web |date=26 Aug 2025 |title=Google wants to verify all app developers' identities |url=https://discuss.grapheneos.org/d/25235-google-wants-to-verify-all-app-developers-identities |url-status=live |access-date=26 Aug 2025 |website=GrapheneOS Discussion Forum |archive-url=http://web.archive.org/web/20251219144142/https://discuss.grapheneos.org/d/25235-google-wants-to-verify-all-app-developers-identities |archive-date=19 Dec 2025}}</ref> Open-source communities, including GrapheneOS developers, argued this would discourage FOSS development and give Google exclusive control over Android's ecosystem.<ref name=":6" /><ref>{{Cite web |last=Sarang |first= |date=2025-08-26 |title=Finally Over: Google Blocks Sideloading of Android Apps |url=https://www.androidsage.com/2025/08/26/google-blocks-sideloading-of-android-apps/ |url-status=live |archive-url=https://web.archive.org/web/20250827201805/https://www.androidsage.com/2025/08/26/google-blocks-sideloading-of-android-apps/ |archive-date=2025-08-27 |access-date=2025-08-27 |website=Android Sage}}</ref>
Independent developers raised concerns that hobby projects or sensitive apps (e.g., protest tools, ad-blockers) would be stifled since not all creators are willing to (or can safely) submit government IDs to Google.<ref>{{Cite web |date=25 Aug 2025 |title=Google will allow only apps from verified developers to be installed on Android |url=https://news.ycombinator.com/item?id=45017028 |url-status=live |access-date=26 Aug 2025 |website=Hacker News |archive-url=http://web.archive.org/web/20251219175237/https://news.ycombinator.com/item?id=45017028 |archive-date=19 Dec 2025}}</ref><ref name=":6">{{Cite web |date=26 Aug 2025 |title=Google wants to verify all app developers' identities |url=https://discuss.grapheneos.org/d/25235-google-wants-to-verify-all-app-developers-identities |url-status=live |access-date=26 Aug 2025 |website=GrapheneOS Discussion Forum |archive-url=http://web.archive.org/web/20251219144142/https://discuss.grapheneos.org/d/25235-google-wants-to-verify-all-app-developers-identities |archive-date=19 Dec 2025}}</ref> Open-source communities, including [[GrapheneOS]] developers, argued this would discourage FOSS development and give Google exclusive control over Android's ecosystem.<ref name=":6" /><ref>{{Cite web |last=Sarang |first= |date=2025-08-26 |title=Finally Over: Google Blocks Sideloading of Android Apps |url=https://www.androidsage.com/2025/08/26/google-blocks-sideloading-of-android-apps/ |url-status=live |archive-url=https://web.archive.org/web/20250827201805/https://www.androidsage.com/2025/08/26/google-blocks-sideloading-of-android-apps/ |archive-date=2025-08-27 |access-date=2025-08-27 |website=Android Sage}}</ref>


Conversely, some security experts and industry groups welcomed the move, calling it a reasonable compromise that still allows third-party distribution while deterring anonymous malware authors.<ref name=":0" /><ref name=":2" /> Critics countered that determined attackers could still exploit stolen IDs, and that this introduces a "choke point," giving Google leverage over all app installs.<ref name=":3" />
Conversely, some security experts and industry groups welcomed the move, calling it a reasonable compromise that still allows third-party distribution while deterring anonymous malware authors.<ref name=":0" /><ref name=":2" /> Critics countered that determined attackers could still exploit stolen IDs, and that this introduces a "choke point," giving Google leverage over all app installs.<ref name=":3" />
Retrieved from "https://consumerrights.wiki/w/Google_Android_restrict_app_sideloading"