Consumer Rights Wiki

Android Developer Verification: Difference between revisions

← Older editNewer edit →
VisualWikitext
fix capitalisation
better matching the style guide, replaced dupe ref
Line 1: Line 1:
==Take Action, Make Our Voice Heard==
==Take action, make our voice heard==
Direct link to the useful resources provided by the [https://www.youtube.com/@techlore Techlore]  https://keepandroidopen.org/
Direct link to the useful resources provided by the [https://www.youtube.com/@techlore Techlore]  https://keepandroidopen.org/


Line 25: Line 25:
Android has historically allowed users to freely install applications from any source (sometimes called [[sideloading]]). This openness differentiated Android from competitors like iOS. It enabled alternative app stores, open-source repositories like [[F-Droid]], & direct developer-to-user distribution. The only technical requirements were that applications follow Android's technical guidelines for functionality & be signed with any certificate to maintain a chain of trust during updates.
Android has historically allowed users to freely install applications from any source (sometimes called [[sideloading]]). This openness differentiated Android from competitors like iOS. It enabled alternative app stores, open-source repositories like [[F-Droid]], & direct developer-to-user distribution. The only technical requirements were that applications follow Android's technical guidelines for functionality & be signed with any certificate to maintain a chain of trust during updates.


This openness has been a defining characteristic of Android since its inception, supporting many different use cases from enterprise deployments to privacy-focused distributions. Google has defended this approach in antitrust proceedings, with Google's lawyers arguing in the [[Epic Games]] case that "Android and Google Play provide more choice and openness than any other major mobile platform"<ref>{{Cite web |date=2023-12-11 |title=Fortnite maker Epic Games wins its antitrust fight against Google |url=https://techcrunch.com/2023/12/11/epic-games-google-antitrust-win/ |access-date=2025-08-29 |website=TechCrunch}}</ref> & that the company's app store practices were "part of its fierce competition with Apple"<ref>{{Cite web |date=2023-12-12 |title=Epic Games wins antitrust lawsuit against Google |url=https://www.washingtonpost.com/technology/2023/12/11/epic-google-trial-verdict/ |access-date=2025-08-29 |website=The Washington Post}}</ref>.
This openness has been a defining characteristic of Android since its inception, supporting many different use cases from enterprise deployments to privacy-focused distributions. Google has defended this approach in antitrust proceedings, with Google's lawyers arguing in the [[Epic Games]] case that "Android and Google Play provide more choice and openness than any other major mobile platform"<ref>{{Cite web |date=2023-12-11 |title=Fortnite maker Epic Games wins its antitrust fight against Google |url=https://techcrunch.com/2023/12/11/epic-games-google-antitrust-win/ |access-date=2025-08-29 |website=TechCrunch}}</ref> & that the company's app store practices were "part of its fierce competition with Apple".<ref>{{Cite web |date=2023-12-12 |title=Epic Games wins antitrust lawsuit against Google |url=https://www.washingtonpost.com/technology/2023/12/11/epic-google-trial-verdict/ |access-date=2025-08-29 |website=The Washington Post}}</ref>


==Announcement and rationale==
==Announcement and rationale==
Google announced the Developer Verification requirements on August 25th, 2025, through the Android Developers Blog<ref>{{Cite web |date=2025-08-25 |title=Android Developers Blog: A new layer of security for certified Android devices |url=https://android-developers.googleblog.com/2025/08/elevating-android-security.html |url-status=live |archive-url=https://web.archive.org/web/20250825180832/https://android-developers.googleblog.com/2025/08/elevating-android-security.html |archive-date=2025-08-25 |access-date=2025-08-25}}</ref>. According to Suzanne Frey, VP of Product, Trust & Growth for Android, the system is designed to combat malicious actors who "''hide behind anonymity to harm users by impersonating developers and using their brand image to create convincing fake apps."''
Google announced the Developer Verification requirements on August 25th, 2025, through the Android Developers Blog.<ref>{{Cite web |date=2025-08-25 |title=Android Developers Blog: A new layer of security for certified Android devices |url=https://android-developers.googleblog.com/2025/08/elevating-android-security.html |url-status=live |archive-url=https://web.archive.org/web/20250825180832/https://android-developers.googleblog.com/2025/08/elevating-android-security.html |archive-date=2025-08-25 |access-date=2025-08-25}}</ref> According to Suzanne Frey, VP of Product, Trust & Growth for Android, the system is designed to combat malicious actors who "''hide behind anonymity to harm users by impersonating developers and using their brand image to create convincing fake apps."''


Google cited security statistics showing ''"over 50 times more malware from internet-sideloaded sources than on apps available through Google Play"''<ref>{{Cite web |date=2025-08-25 |title=Google will require developer verification to install Android apps, including sideloading |url=https://9to5google.com/2025/08/25/android-apps-developer-verification/ |website=9to5Google |access-date=2025-08-29}}</ref>. The company framed the verification as ''"an ID check at the airport, which confirms a traveler's identity but is separate from the security screening of their bags."''
Google cited security statistics showing ''"over 50 times more malware from internet-sideloaded sources than on apps available through Google Play".''<ref>{{Cite web |date=2025-08-25 |title=Google will require developer verification to install Android apps, including sideloading |url=https://9to5google.com/2025/08/25/android-apps-developer-verification/ |website=9to5Google |access-date=2025-08-29}}</ref> The company framed the verification as ''"an ID check at the airport, which confirms a traveler's identity but is separate from the security screening of their bags".''


===Implementation timeline===
===Implementation timeline===
The implementation will be conducted in global rollout phases<ref>{{Cite web |date=2025-08-25 |title=Android developer verification {{!}} Android Developers |url=https://developer.android.com/developer-verification |url-status=live |access-date=2025-08-29}}</ref>:
The implementation will be conducted in global rollout phases:<ref name=":0">{{Cite web |date=2025-08-25 |title=Android developer verification {{!}} Android Developers |url=https://developer.android.com/developer-verification/guides/android-developer-console |url-status=live |archive-url=https://web.archive.org/web/20250825204008/https://developer.android.com/developer-verification/guides/android-developer-console |archive-date=2025-08-25 |access-date=2025-08-25}}</ref>


*'''October 2025''': Early access opens for invited developers
*'''October 2025''': Early access opens for invited developers
Line 51: Line 51:


===Distribution types===
===Distribution types===
The Developer Verification system creates two tiers of developer accounts<ref>{{Cite web |date=2025-08-25 |title=Android developer verification {{!}} Android Developers |url=https://developer.android.com/developer-verification/guides/android-developer-console |url-status=live |archive-url=https://web.archive.org/web/20250825204008/https://developer.android.com/developer-verification/guides/android-developer-console |archive-date=2025-08-25 |access-date=2025-08-25}}</ref>:
The Developer Verification system creates two tiers of developer accounts:<ref name=":0" />


====Full distribution====
====Full distribution====
Line 69: Line 69:


===Package name registration===
===Package name registration===
Developers must register package names before apps can be installed. The system creates a cryptographic link between developer identity & app signing keys. Ownership priority is determined by installation statistics - developers whose signing keys account for over 50% of known installs receive registration priority<ref>{{Cite web |date=2025-08-25 |title=Updates to Play Console for Android developer verification: A first look |url=https://developer.android.com/developer-verification/assets/pdfs/updates-to-play-console-for-android-developer-verification.pdf |website=Android Developers |access-date=2025-09-01}}</ref><ref>{{Cite web |date=2025-08-25 |title=Resources {{!}} Android developer verification {{!}} Android Developers |url=https://developer.android.com/developer-verification/guides/resources |website=Android Developers |access-date=2025-08-25}}</ref>.
Developers must register package names before apps can be installed. The system creates a cryptographic link between developer identity & app signing keys. Ownership priority is determined by installation statistics - developers whose signing keys account for over 50% of known installs receive registration priority.<ref>{{Cite web |date=2025-08-25 |title=Updates to Play Console for Android developer verification: A first look |url=https://developer.android.com/developer-verification/assets/pdfs/updates-to-play-console-for-android-developer-verification.pdf |website=Android Developers |access-date=2025-09-01}}</ref><ref>{{Cite web |date=2025-08-25 |title=Resources {{!}} Android developer verification {{!}} Android Developers |url=https://developer.android.com/developer-verification/guides/resources |website=Android Developers |access-date=2025-08-25}}</ref>


===Affected devices===
===Affected devices===
Line 83: Line 83:


===Technical concerns===
===Technical concerns===
Prominent Android developer Mark Murphy (CommonsWare) raised several technical concerns<ref>{{Cite web |date=2025-08-26 |title=Uncomfortable Questions About Android Developer Verification |url=https://commonsware.com/blog/2025/08/26/uncomfortable-questions-android-developer-verification.html |website=CommonsWare |access-date=2025-08-29}}</ref>:
Prominent Android developer Mark Murphy (CommonsWare) raised several technical concerns:<ref>{{Cite web |date=2025-08-26 |title=Uncomfortable Questions About Android Developer Verification |url=https://commonsware.com/blog/2025/08/26/uncomfortable-questions-android-developer-verification.html |website=CommonsWare |access-date=2025-08-29}}</ref>
*Debug keystore handling for development workflows remains unaddressed
*Debug keystore handling for development workflows remains unaddressed
*Sample code from Android development books would become unusable as "at most one person on the entire planet" could register each package name
*Sample code from Android development books would become unusable as "at most one person on the entire planet" could register each package name
Line 96: Line 96:


===Open source community impact===
===Open source community impact===
The F-Droid community reacted strongly, with one forum member stating: "F*** Google. Use GrapheneOS to drop Android... I find this development downright alarming"<ref>{{Cite web |title=FAQ - App Developers {{!}} F-Droid - Free and Open Source Android App Repository |url=https://f-droid.org/en/docs/FAQ_-_App_Developers/ |website=F-Droid |access-date=2025-08-29}}</ref>. Specific challenges include:
The F-Droid community reacted strongly, with one forum member stating: "F*** Google. Use GrapheneOS to drop Android... I find this development downright alarming".<ref>{{Cite web |title=FAQ - App Developers {{!}} F-Droid - Free and Open Source Android App Repository |url=https://f-droid.org/en/docs/FAQ_-_App_Developers/ |website=F-Droid |access-date=2025-08-29}}</ref> Specific challenges include:
*F-Droid builds apps from source with its own signing keys, creating coordination requirements with upstream developers
*F-Droid builds apps from source with its own signing keys, creating coordination requirements with upstream developers
*Community estimates suggest 85% of F-Droid apps could be "stuck in limbo" due to package ID conflicts
*Community estimates suggest 85% of F-Droid apps could be "stuck in limbo" due to package ID conflicts
Line 102: Line 102:


==Consumer and user response==
==Consumer and user response==
Google's Q&A page for the announcement received lots of feedback<ref>{{Cite web |date=2025-08-25 |title=Q&A: New Android developer verification requirements |url=https://support.google.com/googleplay/android-developer/thread/361325854 |archive-url=https://web.archive.org/web/20250829100055/https://support.google.com/googleplay/android-developer/thread/361325854/%F0%9F%92%AC-q-a-new-android-developer-verification-requirements |archive-date=2025-08-29 |access-date=2025-08-29 |website=Play Console Help}}</ref>, including:
Google's Q&A page for the announcement received lots of feedback, including:<ref>{{Cite web |date=2025-08-25 |title=Q&A: New Android developer verification requirements |url=https://support.google.com/googleplay/android-developer/thread/361325854 |archive-url=https://web.archive.org/web/20250829100055/https://support.google.com/googleplay/android-developer/thread/361325854/%F0%9F%92%AC-q-a-new-android-developer-verification-requirements |archive-date=2025-08-29 |access-date=2025-08-29 |website=Play Console Help}}</ref>


*Users highlighting the hypocrisy of enforcing security on sideloaded apps while Google Play distributes apps classified as scamware, malware, and adware
*Users highlighting the hypocrisy of enforcing security on sideloaded apps while Google Play distributes apps classified as scamware, malware, and adware
Line 109: Line 109:
*Comparisons to Windows, where users noted: "I can install an app onto a Windows computer from any source without verification by Microsoft"<ref>{{Cite web |date=2025-08-26 |title=Google to restrict Android app sideloading to verified devs |url=https://www.theregister.com/2025/08/26/android_developer_verification_sideloading |website=The Register |access-date=2025-08-29}}</ref>
*Comparisons to Windows, where users noted: "I can install an app onto a Windows computer from any source without verification by Microsoft"<ref>{{Cite web |date=2025-08-26 |title=Google to restrict Android app sideloading to verified devs |url=https://www.theregister.com/2025/08/26/android_developer_verification_sideloading |website=The Register |access-date=2025-08-29}}</ref>


The Android community produced numerous critical videos<ref>{{Cite web |last=Mental Outlaw |date=2025-08-29 |title=Google is Locking Down Android |url=https://www.youtube.com/watch?v=L1S0SiBuJN8 |access-date=2025-08-29 |website=YouTube}}</ref><ref>{{Cite web |last=BrenTech |date=2025-08-26 |title=Google Will Soon Block Apps from Unverified Developers! Is This The End of Sideloading on Android? |url=https://www.youtube.com/watch?v=-nCgnXByGrY |access-date=2025-08-29 |website=YouTube}}</ref><ref>{{Cite web |last=TechLore |date=2025-08-27 |title=Android Is Becoming iOS: The End of Sideloading? |url=https://www.youtube.com/watch?v=PxGjwtiI8uM |access-date=2025-08-29 |website=YouTube}}</ref>, with titles like "Google is Locking Down Android" and "Android Is Becoming iOS: The End of Sideloading?"
The Android community produced numerous critical videos,<ref>{{Cite web |last=Mental Outlaw |date=2025-08-29 |title=Google is Locking Down Android |url=https://www.youtube.com/watch?v=L1S0SiBuJN8 |access-date=2025-08-29 |website=YouTube}}</ref><ref>{{Cite web |last=BrenTech |date=2025-08-26 |title=Google Will Soon Block Apps from Unverified Developers! Is This The End of Sideloading on Android? |url=https://www.youtube.com/watch?v=-nCgnXByGrY |access-date=2025-08-29 |website=YouTube}}</ref><ref>{{Cite web |last=TechLore |date=2025-08-27 |title=Android Is Becoming iOS: The End of Sideloading? |url=https://www.youtube.com/watch?v=PxGjwtiI8uM |access-date=2025-08-29 |website=YouTube}}</ref> with titles like "Google is Locking Down Android" and "Android Is Becoming iOS: The End of Sideloading?"


==Industry and organizational response==
==Industry and organizational response==


===Support===
===Support===
The Developers Alliance stood as the sole organizational voice supporting the change, with co-founder Jake Ward stating it was "a critical step to ensure trust, accountability, and security across the Android ecosystem"<ref>{{Cite web |date=2025-08-25 |title=Developers Alliance Applauds Google's New Android Developer Verification |url=https://news.devalliance.org/developers-alliance-applauds-googles-new-android-developer-verification/ |archive-url=https://web.archive.org/web/20251029120724/https://news.devalliance.org/developers-alliance-applauds-googles-new-android-developer-verification/ |archive-date=2025-10-29 |access-date=2025-10-29 |website=Developers Alliance}}</ref>.
The Developers Alliance stood as the sole organizational voice supporting the change, with co-founder Jake Ward stating it was "a critical step to ensure trust, accountability, and security across the Android ecosystem".<ref>{{Cite web |date=2025-08-25 |title=Developers Alliance Applauds Google's New Android Developer Verification |url=https://news.devalliance.org/developers-alliance-applauds-googles-new-android-developer-verification/ |archive-url=https://web.archive.org/web/20251029120724/https://news.devalliance.org/developers-alliance-applauds-googles-new-android-developer-verification/ |archive-date=2025-10-29 |access-date=2025-10-29 |website=Developers Alliance}}</ref>


Government support emerged from initial rollout regions:
Government support emerged from initial rollout regions:
Line 128: Line 128:
*Hackaday noted the timing "coincides with Google's court-mandated opening of Android following Epic Games' antitrust victory"<ref>{{Cite web |date=2025-08-26 |title=Google Will Require Developer Verification Even For Sideloading |url=https://hackaday.com/2025/08/26/google-will-require-developer-verification-even-for-sideloading/ |website=Hackaday |access-date=2025-08-29}}</ref>
*Hackaday noted the timing "coincides with Google's court-mandated opening of Android following Epic Games' antitrust victory"<ref>{{Cite web |date=2025-08-26 |title=Google Will Require Developer Verification Even For Sideloading |url=https://hackaday.com/2025/08/26/google-will-require-developer-verification-even-for-sideloading/ |website=Hackaday |access-date=2025-08-29}}</ref>


==Impact on Specific Use Cases==
==Impact on specific use cases==


===Enterprise and MDM Deployments===
===Enterprise and MDM deployments===
NomidMDM advised IT managers to "audit application inventory today" & make sure all line-of-business app developers complete verification before deadlines<ref>{{Cite web |title=The Core Change: Mandatory Verification for All Android Apps |url=https://www.nomidmdm.com/en/blog/the-core-change-mandatory-verification-for-all-android-apps |website=NomidMDM |access-date=2025-08-29}}</ref>. Affected deployments include:
NomidMDM advised IT managers to "audit application inventory today" & make sure all line-of-business app developers complete verification before deadlines.<ref>{{Cite web |title=The Core Change: Mandatory Verification for All Android Apps |url=https://www.nomidmdm.com/en/blog/the-core-change-mandatory-verification-for-all-android-apps |website=NomidMDM |access-date=2025-08-29}}</ref> Affected deployments include:
*Wall-mounted displays
*Wall-mounted displays
*Classroom broadcasting systems
*Classroom broadcasting systems
Line 152: Line 152:


===European Union===
===European Union===
The EU [[Digital Markets Act]] investigation issued preliminary findings against Google on March 19, 2025, for self-preferencing and payment system restrictions<ref>{{Cite web |date=2025-03-19 |title=Google Search, Play Store falling foul of Digital Markets Act rules, says EU |url=https://techcrunch.com/2025/03/19/google-search-play-store-falling-foul-of-digital-markets-act-rules-says-eu/ |website=TechCrunch |access-date=2025-08-29}}</ref>. Legal experts note potential conflicts with DMA provisions requiring gatekeepers to permit third-party software installation without the gatekeeper's identification services.
The EU [[Digital Markets Act]] investigation issued preliminary findings against Google on March 19, 2025, for self-preferencing and payment system restrictions.<ref>{{Cite web |date=2025-03-19 |title=Google Search, Play Store falling foul of Digital Markets Act rules, says EU |url=https://techcrunch.com/2025/03/19/google-search-play-store-falling-foul-of-digital-markets-act-rules-says-eu/ |website=TechCrunch |access-date=2025-08-29}}</ref> Legal experts note potential conflicts with DMA provisions requiring gatekeepers to permit third-party software installation without the gatekeeper's identification services.


===United States===
===United States===
The timing coincides with court-mandated changes following Epic Games' antitrust victory. The FTC outlined remedy concerns in an August 2024 amicus brief after the jury found Google illegally monopolized app distribution<ref>{{Cite web |date=2024-08-29 |title=FTC Outlines Remedy Concerns in Amicus Brief After Jury Finds Google Illegally Monopolized App Store |url=https://www.ftc.gov/news-events/news/press-releases/2024/08/ftc-outlines-remedy-concerns-amicus-brief-after-jury-finds-google-illegally-monopolized-app-store |website=Federal Trade Commission |access-date=2025-08-29}}</ref>.
The timing coincides with court-mandated changes following Epic Games' antitrust victory. The FTC outlined remedy concerns in an August 2024 amicus brief after the jury found Google illegally monopolized app distribution.<ref>{{Cite web |date=2024-08-29 |title=FTC Outlines Remedy Concerns in Amicus Brief After Jury Finds Google Illegally Monopolized App Store |url=https://www.ftc.gov/news-events/news/press-releases/2024/08/ftc-outlines-remedy-concerns-amicus-brief-after-jury-finds-google-illegally-monopolized-app-store |website=Federal Trade Commission |access-date=2025-08-29}}</ref>


===United Kingdom===
===United Kingdom===
The UK Competition and Markets Authority continues its Strategic Market Status investigation with consultation closing August 20, 2025<ref>{{Cite web |title=SMS investigation into Google's mobile platform |url=https://www.gov.uk/cma-cases/sms-investigation-into-googles-mobile-ecosystem |website=GOV.UK |access-date=2025-08-29}}</ref>, though no specific response to the verification requirements has been issued.
The UK Competition and Markets Authority continues its Strategic Market Status investigation, with consultation closing on August 20, 2025.<ref>{{Cite web |title=SMS investigation into Google's mobile platform |url=https://www.gov.uk/cma-cases/sms-investigation-into-googles-mobile-ecosystem |website=GOV.UK |access-date=2025-08-29}}</ref> No specific response to the verification requirements has been issued.


==See also==
==See also==
Retrieved from "https://mirror.consumerrights.wiki/w/Android_Developer_Verification"