Android Developer Verification: Difference between revisions

Line 52:

===Distribution types===

The Developer Verification system creates two tiers of developer accounts:<ref name=":0" />

====Limited distribution====

*Has ''"capped number of apps and installs"'' (specific limits not disclosed)

*Intended for ''"students, hobbyists, and other personal use"''

*Free registration

*Identity verification requirements unclear

====Full distribution====

*No limits on app numbers or installations

*Intended for ''"organizations and professional developers with wide distribution"''

*Requires a one-time $25 fee

Line 59:

Line 66:

**Government-issued photo ID

**Proof of address

**For organizations: D-U-N-S number (can take up to 28 days to obtain)

**Private email

*No limits on app numbers or installations

**Phone number

**For organizations:

~~====Limited distribution====~~

***Website

*Intended for ''"students, hobbyists, and other personal use"''

***D-U-N-S number (can take up to 28 days to obtain)

*Free registration

*Has ''"capped number of apps and installs"'' (specific limits not disclosed)

*Identity verification requirements unclear

===Package name registration===

Line 92:

Line 96:

Developers expressed significant privacy concerns:

*Murphy cited the ICEBlock app developer who faced federal prosecution threats after identity disclosure, with his wife being fired from a DOJ job

*EFF, Electronic Frontier Foundation, criticized risks of centralization in censorship as well as surveillance capability retained by Google<ref>{{Cite web |last=McSherry |first=Corynne |date=2025-11-03 |title=Application Gatekeeping: An Ever-Expanding Pathway to Internet Censorship |url=https://www.eff.org/deeplinks/2025/11/application-gatekeeping-ever-expanding-pathway-internet-censorship |url-status=live |archive-url=https://web.archive.org/web/20251111101548/https://www.eff.org/deeplinks/2025/11/application-gatekeeping-ever-expanding-pathway-internet-censorship |archive-date=2025-11-11}}</ref>

*Google's privacy policy allows sharing developer information with ''"trusted businesses or persons"'' without clear restrictions<ref>{{Cite web |date=2025-08-29 |title=Android Security or Vendor Lock-In? Google's New Sideloading Rules Smell Fishy |url=https://news.itsfoss.com/new-android-sideloading-rules/ |website=It's FOSS |access-date=2025-08-29}}</ref>

*Open source developers fear harassment and doxxing after forced identity disclosure

*F-Droid mentions that play store verification is proven to be ineffective at combating malware due to repeated instances of malware distributed through play store<ref>{{Cite web |last=Arntz |first=Pieter |date=2025-09-17 |title=224 malicious apps removed from the Google Play Store after ad fraud campaign discovered |url=https://www.malwarebytes.com/blog/news/2025/09/224-malicious-apps-removed-from-the-google-play-store-after-ad-fraud-campaign-discovered |url-status=live |archive-url=https://web.archive.org/web/20251005173848/www.malwarebytes.com/blog/news/2025/09/224-malicious-apps-removed-from-the-google-play-store-after-ad-fraud-campaign-discovered |archive-date=2025-10-05 |website=malwarebytes}}</ref><ref>{{Cite web |last=Thompson |first=Lain |date=2025-08-26 |title=Malware-ridden apps made it into Google's Play Store, scored 19 million downloads |url=https://www.theregister.com/2025/08/26/apps_android_malware/ |url-status=live |archive-url=https://web.archive.org/web/20251005173850/www.theregister.com/2025/08/26/apps_android_malware/ |archive-date=2025-10-05 |website=The Register}}</ref>

===Open source community impact===

The F-Droid community reacted strongly, with one forum member stating: "F*** Google. Use GrapheneOS to drop Android... I find this development downright alarming".<ref>{{Cite web |title=FAQ - App Developers {{!}} F-Droid - Free and Open Source Android App Repository |url=https://f-droid.org/en/docs/FAQ_-_App_Developers/ |website=F-Droid |access-date=2025-08-29}}</ref> Specific challenges include:

*F-Droid builds apps from source with its own signing keys, creating coordination requirements with upstream developers

*F-Droid builds apps from source with its own signing keys, creating coordination requirements with upstream developers to ensure that the applications distributed are reproducible

*Community estimates suggest 85% of F-Droid apps could be "stuck in limbo" due to package ID conflicts

*Some developers announced via FreeDroidWarn that their apps "will no longer work on certified Android devices after that time"

*Some developers announced via [https://github.com/woheller69/FreeDroidWarn FreeDroidWarn] that their apps "will no longer work on certified Android devices after that time"

==Consumer and user response==

Line 108:

Line 114:

*Concerns about offline device functionality (barcode scanners, kiosks) requiring internet connections for app signing verification

*Comparisons to Windows, where users noted: "I can install an app onto a Windows computer from any source without verification by Microsoft"<ref>{{Cite web |date=2025-08-26 |title=Google to restrict Android app sideloading to verified devs |url=https://www.theregister.com/2025/08/26/android_developer_verification_sideloading |website=The Register |access-date=2025-08-29}}</ref>

*Users voiced their opinions through community wiki, [https://keepandroidopen.org/ keepandroidopen.org] criticizing it as an anti-consumer move since a software update irrevocably blocks right to install any software and requires developers to seek permission from Google to develop apps. The users also noted that it harms digital sovereignty of nations as well as raising questions on placing critical infrastructure "at the mercy of distant and unaccountable organization"<ref>{{Cite web |title=(Archive) Keep Android Open |url=https://web.archive.org/web/20251109112509/keepandroidopen.org |url-status=live}}</ref>

The Android community produced numerous critical videos,<ref>{{Cite web |last=Mental Outlaw |date=2025-08-29 |title=Google is Locking Down Android |url=https://www.youtube.com/watch?v=L1S0SiBuJN8 |access-date=2025-08-29 |website=YouTube}}</ref><ref>{{Cite web |last=BrenTech |date=2025-08-26 |title=Google Will Soon Block Apps from Unverified Developers! Is This The End of Sideloading on Android? |url=https://www.youtube.com/watch?v=-nCgnXByGrY |access-date=2025-08-29 |website=YouTube}}</ref><ref>{{Cite web |last=TechLore |date=2025-08-27 |title=Android Is Becoming iOS: The End of Sideloading? |url=https://www.youtube.com/watch?v=PxGjwtiI8uM |access-date=2025-08-29 |website=YouTube}}</ref> with titles like "Google is Locking Down Android" and "Android Is Becoming iOS: The End of Sideloading?"

Line 124:

Line 131:

Technology publications characterized the change as fundamental to Android's nature:

*The Daily Security Review called it "a significant philosophical shift for Android, mirroring Apple's tightly curated ecosystem"

*Cory Doctorow writes that Google is abusing it's duopoly position in mobile ecosystem to lock-in users for monetary profit<ref>{{Cite web |last=Doctorow |first=Cory |date=2025-09-01 |title=Darth Android |url=https://pluralistic.net/2025/09/01/fulu/ |url-status=live |archive-url=https://web.archive.org/web/20251012004854/pluralistic.net/2025/09/01/fulu/ |archive-date=2025-10-12}}</ref>

*Many news outlets warn that the ID requirements could end alternative app stores and affirm play store's position as an effective monopoly<ref>{{Cite web |last=Debasish |date=30 Sep 2025 |title=Google’s new developer rules could threaten sideloading and F-Droid’s future |url=https://www.gizmochina.com/2025/09/30/googles-new-developer-rules-could-threaten-sideloading-and-f-droids-future/ |url-status=live |archive-url=https://web.archive.org/web/20251102075559/www.gizmochina.com/2025/09/30/googles-new-developer-rules-could-threaten-sideloading-and-f-droids-future/ |archive-date=2 Nov 2025}}</ref><ref>{{Cite web |last=Mous |first=Anton |date=30 Sep 2025 |title=Google’s developer registration ‘decree’ means the end for alternative app stores |url=https://cybernews.com/tech/googles-developer-registration-decree-end-alternative-app-stores/ |url-status=live |archive-url=https://web.archive.org/web/20251111111050/https://cybernews.com/tech/googles-developer-registration-decree-end-alternative-app-stores/ |archive-date=11 Nov 2025}}</ref>

*Afam Onyimadu writes for makeuseof, that the move is an overreach of google's position when programs such as Play Protect already exist, calling it "security theatre"<ref>{{Cite web |last=Onyimadu |first=Afam |date=11 Oct 2025 |title=Android’s sideloading limits are its most anti-consumer move yet |url=https://www.makeuseof.com/androids-sideloading-limits-are-anti-consumer-move-yet/ |url-status=live |archive-url=https://web.archive.org/web/20251012005122/www.makeuseof.com/androids-sideloading-limits-are-anti-consumer-move-yet/ |archive-date=12 Oct 2025}}</ref>

*It's FOSS warned "this could turn Google into the effective gatekeeper for all apps on 'certified' Android devices"<ref>{{Cite web |date=2025-08-29 |title=Android Security or Vendor Lock-In? Google's New Sideloading Rules Smell Fishy |url=https://news.itsfoss.com/new-android-sideloading-rules/ |website=It's FOSS |access-date=2025-08-29}}</ref>

*OSnews criticized it as "the death of our digital freedoms"

@@ Line 52: / Line 52: @@
 ===Distribution types===
 The Developer Verification system creates two tiers of developer accounts:<ref name=":0" />
+====Limited distribution====
+*Has ''"capped number of apps and installs"'' (specific limits not disclosed)
+*Intended for ''"students, hobbyists, and other personal use"''
+*Free registration
+*Identity verification requirements unclear
 ====Full distribution====
+*No limits on app numbers or installations
 *Intended for ''"organizations and professional developers with wide distribution"''
 *Requires a one-time $25 fee
@@ Line 59: / Line 66: @@
 **Government-issued photo ID
 **Proof of address
-**For organizations: D-U-N-S number (can take up to 28 days to obtain)
+**Private email
-*No limits on app numbers or installations
+**Phone number
+**For organizations:
-====Limited distribution====
+***Website
-*Intended for ''"students, hobbyists, and other personal use"''
+***D-U-N-S number (can take up to 28 days to obtain)
-*Free registration
-*Has ''"capped number of apps and installs"'' (specific limits not disclosed)
-*Identity verification requirements unclear
 ===Package name registration===
@@ Line 92: / Line 96: @@
 Developers expressed significant privacy concerns:
 *Murphy cited the ICEBlock app developer who faced federal prosecution threats after identity disclosure, with his wife being fired from a DOJ job
+*EFF, Electronic Frontier Foundation, criticized risks of centralization in censorship as well as surveillance capability retained by Google<ref>{{Cite web |last=McSherry |first=Corynne |date=2025-11-03 |title=Application Gatekeeping: An Ever-Expanding Pathway to Internet Censorship |url=https://www.eff.org/deeplinks/2025/11/application-gatekeeping-ever-expanding-pathway-internet-censorship |url-status=live |archive-url=https://web.archive.org/web/20251111101548/https://www.eff.org/deeplinks/2025/11/application-gatekeeping-ever-expanding-pathway-internet-censorship |archive-date=2025-11-11}}</ref>
 *Google's privacy policy allows sharing developer information with ''"trusted businesses or persons"'' without clear restrictions<ref>{{Cite web |date=2025-08-29 |title=Android Security or Vendor Lock-In? Google's New Sideloading Rules Smell Fishy |url=https://news.itsfoss.com/new-android-sideloading-rules/ |website=It's FOSS |access-date=2025-08-29}}</ref>
 *Open source developers fear harassment and doxxing after forced identity disclosure
+*F-Droid mentions that play store verification is proven to be ineffective at combating malware due to repeated instances of malware distributed through play store<ref>{{Cite web |last=Arntz |first=Pieter |date=2025-09-17 |title=224 malicious apps removed from the Google Play Store after ad fraud campaign discovered |url=https://www.malwarebytes.com/blog/news/2025/09/224-malicious-apps-removed-from-the-google-play-store-after-ad-fraud-campaign-discovered |url-status=live |archive-url=https://web.archive.org/web/20251005173848/www.malwarebytes.com/blog/news/2025/09/224-malicious-apps-removed-from-the-google-play-store-after-ad-fraud-campaign-discovered |archive-date=2025-10-05 |website=malwarebytes}}</ref><ref>{{Cite web |last=Thompson |first=Lain |date=2025-08-26 |title=Malware-ridden apps made it into Google's Play Store, scored 19 million downloads |url=https://www.theregister.com/2025/08/26/apps_android_malware/ |url-status=live |archive-url=https://web.archive.org/web/20251005173850/www.theregister.com/2025/08/26/apps_android_malware/ |archive-date=2025-10-05 |website=The Register}}</ref>
 ===Open source community impact===
 The F-Droid community reacted strongly, with one forum member stating: "F*** Google. Use GrapheneOS to drop Android... I find this development downright alarming".<ref>{{Cite web |title=FAQ - App Developers {{!}} F-Droid - Free and Open Source Android App Repository |url=https://f-droid.org/en/docs/FAQ_-_App_Developers/ |website=F-Droid |access-date=2025-08-29}}</ref> Specific challenges include:
-*F-Droid builds apps from source with its own signing keys, creating coordination requirements with upstream developers
+*F-Droid builds apps from source with its own signing keys, creating coordination requirements with upstream developers to ensure that the applications distributed are reproducible
 *Community estimates suggest 85% of F-Droid apps could be "stuck in limbo" due to package ID conflicts
-*Some developers announced via FreeDroidWarn that their apps "will no longer work on certified Android devices after that time"
+*Some developers announced via [https://github.com/woheller69/FreeDroidWarn FreeDroidWarn] that their apps "will no longer work on certified Android devices after that time"
 ==Consumer and user response==
@@ Line 108: / Line 114: @@
 *Concerns about offline device functionality (barcode scanners, kiosks) requiring internet connections for app signing verification
 *Comparisons to Windows, where users noted: "I can install an app onto a Windows computer from any source without verification by Microsoft"<ref>{{Cite web |date=2025-08-26 |title=Google to restrict Android app sideloading to verified devs |url=https://www.theregister.com/2025/08/26/android_developer_verification_sideloading |website=The Register |access-date=2025-08-29}}</ref>
+*Users voiced their opinions through community wiki, [https://keepandroidopen.org/ keepandroidopen.org] criticizing it as an anti-consumer move since a software update irrevocably blocks right to install any software and requires developers to seek permission from Google to develop apps. The users also noted that it harms digital sovereignty of nations as well as raising questions on placing critical infrastructure "at the mercy of distant and unaccountable organization"<ref>{{Cite web |title=(Archive) Keep Android Open |url=https://web.archive.org/web/20251109112509/keepandroidopen.org |url-status=live}}</ref>
 The Android community produced numerous critical videos,<ref>{{Cite web |last=Mental Outlaw |date=2025-08-29 |title=Google is Locking Down Android |url=https://www.youtube.com/watch?v=L1S0SiBuJN8 |access-date=2025-08-29 |website=YouTube}}</ref><ref>{{Cite web |last=BrenTech |date=2025-08-26 |title=Google Will Soon Block Apps from Unverified Developers! Is This The End of Sideloading on Android? |url=https://www.youtube.com/watch?v=-nCgnXByGrY |access-date=2025-08-29 |website=YouTube}}</ref><ref>{{Cite web |last=TechLore |date=2025-08-27 |title=Android Is Becoming iOS: The End of Sideloading? |url=https://www.youtube.com/watch?v=PxGjwtiI8uM |access-date=2025-08-29 |website=YouTube}}</ref> with titles like "Google is Locking Down Android" and "Android Is Becoming iOS: The End of Sideloading?"
@@ Line 124: / Line 131: @@
 Technology publications characterized the change as fundamental to Android's nature:
 *The Daily Security Review called it "a significant philosophical shift for Android, mirroring Apple's tightly curated ecosystem"
+*Cory Doctorow writes that Google is abusing it's duopoly position in mobile ecosystem to lock-in users for monetary profit<ref>{{Cite web |last=Doctorow |first=Cory |date=2025-09-01 |title=Darth Android |url=https://pluralistic.net/2025/09/01/fulu/ |url-status=live |archive-url=https://web.archive.org/web/20251012004854/pluralistic.net/2025/09/01/fulu/ |archive-date=2025-10-12}}</ref>
+*Many news outlets warn that the ID requirements could end alternative app stores and affirm play store's position as an effective monopoly<ref>{{Cite web |last=Debasish |date=30 Sep 2025 |title=Google’s new developer rules could threaten sideloading and F-Droid’s future |url=https://www.gizmochina.com/2025/09/30/googles-new-developer-rules-could-threaten-sideloading-and-f-droids-future/ |url-status=live |archive-url=https://web.archive.org/web/20251102075559/www.gizmochina.com/2025/09/30/googles-new-developer-rules-could-threaten-sideloading-and-f-droids-future/ |archive-date=2 Nov 2025}}</ref><ref>{{Cite web |last=Mous |first=Anton |date=30 Sep 2025 |title=Google’s developer registration ‘decree’ means the end for alternative app stores |url=https://cybernews.com/tech/googles-developer-registration-decree-end-alternative-app-stores/ |url-status=live |archive-url=https://web.archive.org/web/20251111111050/https://cybernews.com/tech/googles-developer-registration-decree-end-alternative-app-stores/ |archive-date=11 Nov 2025}}</ref>
+*Afam Onyimadu writes for makeuseof, that the move is an overreach of google's position when programs such as Play Protect already exist, calling it "security theatre"<ref>{{Cite web |last=Onyimadu |first=Afam |date=11 Oct 2025 |title=Android’s sideloading limits are its most anti-consumer move yet |url=https://www.makeuseof.com/androids-sideloading-limits-are-anti-consumer-move-yet/ |url-status=live |archive-url=https://web.archive.org/web/20251012005122/www.makeuseof.com/androids-sideloading-limits-are-anti-consumer-move-yet/ |archive-date=12 Oct 2025}}</ref>
 *It's FOSS warned "this could turn Google into the effective gatekeeper for all apps on 'certified' Android devices"<ref>{{Cite web |date=2025-08-29 |title=Android Security or Vendor Lock-In? Google's New Sideloading Rules Smell Fishy |url=https://news.itsfoss.com/new-android-sideloading-rules/ |website=It's FOSS |access-date=2025-08-29}}</ref>
 *OSnews criticized it as "the death of our digital freedoms"