Android Developer Verification: Difference between revisions

(9 intermediate revisions by 7 users not shown)

Line 2:

|Company=Google

|StartDate=2025-08-25

|EndDate=

|EndDate=d89e2e8dc28a93bcdc3984265466242a4493fbaf

|Status=Active

|ProductLine=Google-certified Android devices

Line 68:

On 4 March 2026, as part of changes following Google vs. Epic store Lawsuit, Google announced that it is allowing registered app stores to be published on google play platform if they "meet certain quality and safety benchmarks", which would otherwise be subject to same restrictions as those for other 'sideloaded' app.<ref>{{Cite web |last=Samat |first=Sameer |date=4 Mar 2026 |title=A new era for choice and openness |url=https://android-developers.googleblog.com/2026/03/a-new-era-for-choice-and-openness.html |url-status=live |archive-url=https://web.archive.org/web/20260305062940/android-developers.googleblog.com/2026/03/a-new-era-for-choice-and-openness.html |archive-date=5 Mar 2026}}</ref> Notably as part of the settlement, Epic games signed away its rights to sue Google over anything related as covered in the term sheet, until September 2032.<ref>{{Cite news |last=Hollister |first=Sean |date=5 Mar 2026 |title=Tim Sweeney signed away his right to criticize Google’s app store until 2032 |url=https://www.theverge.com/news/889595/tim-sweeney-signed-away-his-right-to-criticize-google-until-2032 |url-status=live |archive-url=https://web.archive.org/web/20260305000517/www.theverge.com/news/889595/tim-sweeney-signed-away-his-right-to-criticize-google-until-2032 |archive-date=5 Mar 2026}}</ref>

===Advanced flow===

On 19 March 2026, Google finally revealed how its advanced flow program for installing unverified apps is being implemented. Google mentions that this is a one-time process for power users, but was crafted to prevent coerced install of unverified apps.<ref>{{Cite web |last=Forsythe |first=Matthew |date=19 Mar 2026 |title=Android developer verification: Balancing openness and choice with safety |url=https://android-developers.googleblog.com/2026/03/android-developer-verification.html |url-status=live |archive-url=https://web.archive.org/web/20260319202706/android-developers.googleblog.com/2026/03/android-developer-verification.html |archive-date=19 March 2026}}</ref>

*'''Enable developer mode in system settings'''

*'''Confirm you aren't being coached'''

*'''Restart your phone and reauthenticate'''

*'''Come back after the protective waiting period and verify''' '''-''' One-time, one-day wait

*'''Install apps''' '''-''' option of enabling for 7 days or indefinitely

Since advanced flow is delivered through Google Play Services and not through Android OS, Google can modify, restrict, or remove it at any time without an OS update and without any user consent. Organizations such as keep android open movement continue to hold the position against the program because of this aspect. Since the implementation has not appeared in dev, beta or canary builds of android yet, Google is prompting the community to accept a product announcement as a functional safeguard five months before the mandate takes effect.

Preventing critical banking apps from functioning due to enabled state of developer mode also makes installing unverified applications unfeasible to many users which majorly affects the rapidly growing FOSS android community and forces developer verification as well as payment of verification fee to Google, only to operate under limitations Google grants.

==Technical implementation==

Line 102:

Line 115:

*Devices with Play Protect

*All mainstream Android devices from manufacturers including Samsung, Xiaomi, Motorola, OnePlus, and Google Pixel

*The vast majority of Android devices sold outside of China

Custom ROMs without Google services & uncertified devices are not affected by these restrictions.

Line 121:

Line 135:

*Open source developers fear harassment and doxxing after forced identity disclosure

*F-Droid mentions that play store verification is proven to be ineffective at combating malware due to repeated instances of malware distributed through play store<ref>{{Cite web |last=Arntz |first=Pieter |date=2025-09-17 |title=224 malicious apps removed from the Google Play Store after ad fraud campaign discovered |url=https://www.malwarebytes.com/blog/news/2025/09/224-malicious-apps-removed-from-the-google-play-store-after-ad-fraud-campaign-discovered |url-status=live |archive-url=https://web.archive.org/web/20251005173848/www.malwarebytes.com/blog/news/2025/09/224-malicious-apps-removed-from-the-google-play-store-after-ad-fraud-campaign-discovered |archive-date=2025-10-05 |website=malwarebytes}}</ref><ref>{{Cite web |last=Thompson |first=Lain |date=2025-08-26 |title=Malware-ridden apps made it into Google's Play Store, scored 19 million downloads |url=https://www.theregister.com/2025/08/26/apps_android_malware/ |url-status=live |archive-url=https://web.archive.org/web/20251005173850/www.theregister.com/2025/08/26/apps_android_malware/ |archive-date=2025-10-05 |website=The Register}}</ref>

*Jean-Héon points out that mandatory developer registration puts users at risk by pushing them to use dangerous workarounds to install unverified APKs of their choice and also puts developers at risk by exposing them to data leaks and identity theft. Jean-Héon advocates for a solution based on the device's antivirus software. <ref>{{Cite web |title=Google restricts the installation of third-party APKs on Android: what this means for Jean-Héon™. (Updated March 21, 2026). |url=https://sites.google.com/view/jean-honmctm/communiqu%C3%A9press-releases/keep-android-open-english}}</ref>

===Open source community impact===

Line 162:

Line 177:

*OSnews criticized it as "the death of our digital freedoms"

*Hackaday noted the timing "coincides with Google's court-mandated opening of Android following Epic Games' antitrust victory"<ref>{{Cite web |date=2025-08-26 |title=Google Will Require Developer Verification Even For Sideloading |url=https://hackaday.com/2025/08/26/google-will-require-developer-verification-even-for-sideloading/ |website=Hackaday |access-date=2025-08-29 |url-status=live |archive-url=http://web.archive.org/web/20260203082923/https://hackaday.com/2025/08/26/google-will-require-developer-verification-even-for-sideloading/ |archive-date=3 Feb 2026}}</ref>

*According to Jean-Héon “Android Developer Verification is an absurdity for the free mobile ecosystem.”<ref>{{Cite web |title= |url=https://sites.google.com/view/jean-honmctm/communiqu%C3%A9press-releases/keep-android-open-english}}</ref>

==Impact on specific use cases==

Line 196:

Line 212:

==See also==

*[[Forced account]]

*[[Digital Markets Act]]

*[[Sideloading]]

@@ Line 2: / Line 2: @@
 |Company=Google
 |StartDate=2025-08-25
-|EndDate=
+|EndDate=d89e2e8dc28a93bcdc3984265466242a4493fbaf
 |Status=Active
 |ProductLine=Google-certified Android devices
@@ Line 68: / Line 68: @@
 On 4 March 2026, as part of changes following Google vs. Epic store Lawsuit, Google announced that it is allowing registered app stores to be published on google play platform if they "meet certain quality and safety benchmarks", which would otherwise be subject to same restrictions as those for other 'sideloaded' app.<ref>{{Cite web |last=Samat |first=Sameer |date=4 Mar 2026 |title=A new era for choice and openness |url=https://android-developers.googleblog.com/2026/03/a-new-era-for-choice-and-openness.html |url-status=live |archive-url=https://web.archive.org/web/20260305062940/android-developers.googleblog.com/2026/03/a-new-era-for-choice-and-openness.html |archive-date=5 Mar 2026}}</ref> Notably as part of the settlement, Epic games signed away its rights to sue Google over anything related as covered in the term sheet, until September 2032.<ref>{{Cite news |last=Hollister |first=Sean |date=5 Mar 2026 |title=Tim Sweeney signed away his right to criticize Google’s app store until 2032 |url=https://www.theverge.com/news/889595/tim-sweeney-signed-away-his-right-to-criticize-google-until-2032 |url-status=live |archive-url=https://web.archive.org/web/20260305000517/www.theverge.com/news/889595/tim-sweeney-signed-away-his-right-to-criticize-google-until-2032 |archive-date=5 Mar 2026}}</ref>
+===Advanced flow===
+On 19 March 2026, Google finally revealed how its advanced flow program for installing unverified apps is being implemented. Google mentions that this is a one-time process for power users, but was crafted to prevent coerced install of unverified apps.<ref>{{Cite web |last=Forsythe |first=Matthew |date=19 Mar 2026 |title=Android developer verification: Balancing openness and choice with safety |url=https://android-developers.googleblog.com/2026/03/android-developer-verification.html |url-status=live |archive-url=https://web.archive.org/web/20260319202706/android-developers.googleblog.com/2026/03/android-developer-verification.html |archive-date=19 March 2026}}</ref>
+*'''Enable developer mode in system settings'''
+*'''Confirm you aren't being coached'''
+*'''Restart your phone and reauthenticate'''
+*'''Come back after the protective waiting period and verify''' '''-''' One-time, one-day wait
+*'''Install apps''' '''-''' option of enabling for 7 days or indefinitely
+Since advanced flow is delivered through Google Play Services and not through Android OS, Google can modify, restrict, or remove it at any time without an OS update and without any user consent. Organizations such as keep android open movement continue to hold the position against the program because of this aspect. Since the implementation has not appeared in dev, beta or canary builds of android yet, Google is prompting the community to accept a product announcement as a functional safeguard five months before the mandate takes effect.
+Preventing critical banking apps from functioning due to enabled state of developer mode also makes installing unverified applications unfeasible to many users which majorly affects the rapidly growing FOSS android community and forces developer verification as well as payment of verification fee to Google, only to operate under limitations Google grants.
 ==Technical implementation==
@@ Line 102: / Line 115: @@
 *Devices with Play Protect
 *All mainstream Android devices from manufacturers including Samsung, Xiaomi, Motorola, OnePlus, and Google Pixel
+*The vast majority of Android devices sold outside of China
 Custom ROMs without Google services & uncertified devices are not affected by these restrictions.
@@ Line 121: / Line 135: @@
 *Open source developers fear harassment and doxxing after forced identity disclosure
 *F-Droid mentions that play store verification is proven to be ineffective at combating malware due to repeated instances of malware distributed through play store<ref>{{Cite web |last=Arntz |first=Pieter |date=2025-09-17 |title=224 malicious apps removed from the Google Play Store after ad fraud campaign discovered |url=https://www.malwarebytes.com/blog/news/2025/09/224-malicious-apps-removed-from-the-google-play-store-after-ad-fraud-campaign-discovered |url-status=live |archive-url=https://web.archive.org/web/20251005173848/www.malwarebytes.com/blog/news/2025/09/224-malicious-apps-removed-from-the-google-play-store-after-ad-fraud-campaign-discovered |archive-date=2025-10-05 |website=malwarebytes}}</ref><ref>{{Cite web |last=Thompson |first=Lain |date=2025-08-26 |title=Malware-ridden apps made it into Google's Play Store, scored 19 million downloads |url=https://www.theregister.com/2025/08/26/apps_android_malware/ |url-status=live |archive-url=https://web.archive.org/web/20251005173850/www.theregister.com/2025/08/26/apps_android_malware/ |archive-date=2025-10-05 |website=The Register}}</ref>
+*Jean-Héon points out that mandatory developer registration puts users at risk by pushing them to use dangerous workarounds to install unverified APKs of their choice and also puts developers at risk by exposing them to data leaks and identity theft. Jean-Héon advocates for a solution based on the device's antivirus software. <ref>{{Cite web |title=Google restricts the installation of third-party APKs on Android: what this means for Jean-Héon™. (Updated March 21, 2026). |url=https://sites.google.com/view/jean-honmctm/communiqu%C3%A9press-releases/keep-android-open-english}}</ref>
 ===Open source community impact===
@@ Line 162: / Line 177: @@
 *OSnews criticized it as "the death of our digital freedoms"
 *Hackaday noted the timing "coincides with Google's court-mandated opening of Android following Epic Games' antitrust victory"<ref>{{Cite web |date=2025-08-26 |title=Google Will Require Developer Verification Even For Sideloading |url=https://hackaday.com/2025/08/26/google-will-require-developer-verification-even-for-sideloading/ |website=Hackaday |access-date=2025-08-29 |url-status=live |archive-url=http://web.archive.org/web/20260203082923/https://hackaday.com/2025/08/26/google-will-require-developer-verification-even-for-sideloading/ |archive-date=3 Feb 2026}}</ref>
+*According to Jean-Héon “Android Developer Verification is an absurdity for the free mobile ecosystem.”<ref>{{Cite web |title= |url=https://sites.google.com/view/jean-honmctm/communiqu%C3%A9press-releases/keep-android-open-english}}</ref>
 ==Impact on specific use cases==
@@ Line 196: / Line 212: @@
 ==See also==
+*[[Forced account]]
 *[[Digital Markets Act]]
 *[[Sideloading]]