Business Google will block sideloading of unverified Android apps starting next year - Google says it's no different than checking IDs at the airport.

Suggested I&T threads to sperg:
https://kiwifarms.st/threads/sideloading-general.209934/
https://kiwifarms.st/threads/android-hate-thread.175965/
https://kiwifarms.st/threads/your-current-and-next-phone.103205/

https://arstechnica.com/gadgets/2025/08/google-will-block-sideloading-of-unverified-android-apps-starting-next-year/

https://archive.ph/9bzZd

Google says it's no different than checking IDs at the airport.

Ryan Whitwam – Aug 25, 2025

Android's open nature set it apart from the iPhone as the era of touchscreen smartphones began nearly two decades ago. Little by little, Google has traded some of that openness for security, and its next security initiative could make the biggest concessions yet in the name of blocking bad apps. Google has announced plans to begin verifying the identities of all Android app developers, and not just those publishing on the Play Store. Google intends to verify developer identities no matter where they offer their content, and apps without verification won't work on most Android devices in the coming years.

Google used to do very little curation of the Play Store (or Android Market, if you go back far enough), but it has long sought to improve the platform's reputation as being less secure than the Apple App Store. Years ago, you could publish actual exploits in the official store to gain root access on phones, but now there are multiple reviews and detection mechanisms to reduce the prevalence of malware and banned content. While the Play Store is still not perfect, Google claims apps sideloaded from outside its store are 50 times more likely to contain malware.

This, we are led to believe, is the impetus for Google's new developer verification system. The company describes it like an "ID check at the airport." Since requiring all Google Play app developers to verify their identities in 2023, it has seen a precipitous drop in malware and fraud. Bad actors in Google Play leveraged anonymity to distribute malicious apps, so it stands to reason that verifying app developers outside of Google Play could also enhance security.

However, making that happen outside of its app store will require Google to take a page from Apple's playbook and flex its muscle in a way many Android users and developers could find intrusive. Google plans to create a streamlined Android Developer Console, which devs will use if they plan to distribute apps outside of the Play Store. After verifying their identities, developers will have to register the package name and signing keys of their apps. Google won't check the content or functionality of the apps, though.


An early look at the streamlined Android Developer Console for sideloaded apps.

Google says that only apps with verified identities will be installable on certified Android devices, which is virtually every Android-based device—if it has Google services on it, it's a certified device. If you have a non-Google build of Android on your phone, none of this applies. However, that's a vanishingly small fraction of the Android ecosystem outside of China.

Google plans to begin testing this system with early access in October of this year. In March 2026, all developers will have access to the new console to get verified. In September 2026, Google plans to launch this feature in Brazil, Indonesia, Singapore, and Thailand. The next step is still hazy, but Google is targeting 2027 to expand the verification requirements globally.

A seismic shift​

This plan comes at a major crossroads for Android. The ongoing Google Play antitrust case brought by Epic Games may finally force changes to Google Play in the coming months. Google lost its appeal of the verdict several weeks ago, and while it plans to appeal the case to the US Supreme Court, the company will have to begin altering its app distribution scheme, barring further legal maneuvering.



Among other things, the court has ordered that Google must distribute third-party app stores and allow Play Store content to be rehosted in other storefronts. Giving people more ways to get apps could increase choice, which is what Epic and other developers wanted. However, third-party sources won't have the deep system integration of the Play Store, which means users will be sideloading these apps without Google's layers of security.

It's hard to say how much of a genuine security problem this is. On one hand, it makes sense Google would be concerned—most of the major malware threats to Android devices spread via third-party app repositories. However, enforcing an installation whitelist across almost all Android devices is heavy handed. This requires everyone making Android apps to satisfy Google's requirements before virtually anyone will be able to install their apps, which could help Google retain control as the app market opens up. While the requirements may be minimal right now, there's no guarantee they will stay that way.

The documentation currently available doesn't explain what will happen if you try to install a non-verified app, nor how phones will check for verification status. Presumably, Google will implement this whitelist in Play Services as the implementation date approaches. We've reached out for details on that front and will report if we hear anything.

 

[Autistic Integrity]

View attachment 7846955

https://x.com/ssamat/status/1961089905842598190

Reading googles statement

https://android-developers.googleblog.com/2025/08/elevating-android-security.html?m=1

So basically "you can still install apks but the developer has to be registered with us"

 

[Unarmed Gunman]

the US government is trying to break up google and has been for some time.

Google is an integral part of the US intelligence community, it's not going anywhere.

 

[Autistic Integrity]

Google is an integral part of the US intelligence community, it's not going anywhere.

I think they were talking about splitting off or selling chrome and splitting off their adsense/advertising business. Probably YouTube too.

 

[Celebrate Nite]

Having to buy a Pixel for it sucks

That's my issue as well. You have to buy a Google product in order to de-google it. The entire thing is an oxymoron

That, and you're kinda limited on what models to use as of right now. Their support list says Pixel 6 being the lower end, but their "recommended" is Pixel 8 regarding the lowest. Their reasoning is because of better hardware that will have longer support than the 6-7 phones which only have 5 year support with the other models in their end-of-life phase.

It's basically an issue if you're trying to save money and not spend an arm and a leg on a new(ish) phone.

 

[von Hapasbourg]

I think they were talking about splitting off or selling chrome and splitting off their adsense/advertising business. Probably YouTube too.

The US government is trying to split apart and take Google away from the hands of bioweapons named Singh, Pradman, and Manjeet.

 

[NoIdeaWhatImDoing]

the dude responsible for this shit is a pajeet. I didn't see that coming.

 

[The Mass Shooter Ron Soye]

The oblig based Rossmann video

https://preservetube.com/watch?v=QBEKlIV_70E

 

[Unarmed Gunman]

I think they were talking about splitting off or selling chrome and splitting off their adsense/advertising business. Probably YouTube too.

All the shrieking about Chrome is a red herring. Chrome is not a standalone business, it's revenue neutral at best but as a standalone it's a huge money loser. Its value is only in the data it provides to Google. Then of course, there is Chromium which would obviously add to the complexity of trying to argue for Chrome to be a functioning separate business. Here is this browser which has a bunch of open source forks and no longer has the unlimited resources of Google to support it. Good luck in your new ventures. Basically the only buyer that could make it work is Microsoft, which then opens up more antitrust issues.

You can't go after Adwords since that is where most of their revenue comes from. You could potentially go after Local Service Ads, since Google uses it to sell leads to businesses based on the data that they get from Adwords (ie what is a lead worth to each business, in each geographic area?) But I doubt the government even understands that side of the business, and Google would just argue that although it's not part of Adwords, it's part of Search (same for Google Maps).

You could go after Adsense, but it doesn't generate that much money, although if you bundle it with their display network you could call that a separate business on it's own (running ads on 3rd party sites unrelated to search). It's a big enough revenue generator to be a standalone business, while not crippling Google.

Youtube can be a standalone media company, like Disney basically. At this point it is definitely profitable enough to stand on its own. There probably aren't national security implications if Youtube is spun out. But I haven't heard that mentioned as a target.

Android? There is no way the US Government let's that fall into the wrong hands. There are absolutely national security implications there, but that will not be sold off. Same goes for Google Cloud, there is a national security argument to be made against that ever being split off. Oh yeah, and throw Gmail in here too.

So when you look at these business units there are basically 5 categories in this context:

1. The one that generates the most revenue and would absolutely cripple Google (Adwords). Splitting this off would destroy the company, so that won't happen.
2. The national security threats - Android, Google Cloud & Gmail mainly. Splitting these off would raise too many risks for US Intelligence agencies and won't be allowed to happen.
3. Then there are the ones that generate enough revenue to be a standalone company, and which would put a big dent in Google's revenue, and which probably don't scare the US Government (Adsense/Display, Local Service Ads, and maybe Youtube?). If the government splits these off it means they are fucking serious, which means it probably won't happen.
4. Next up is the basically irrelevant business units like Nest, Fiber, Pixel etc. If the government forces these to be split off it means this was all a charade to appease the antitrust crowd.
5. Finally there are things which can't really exist as a business unit, but which has value to Google as part of their integrated strategy between content and advertising. For our purposes this is basically Chrome. This one is tricky but I don't think it's as valuable as people think, because we're headed towards AI browsers (such as Perplexity) and Google can just make Gemini a browser which is probably their plan regardless.

This isn't as neat and tidy as I'd like, mainly as it relates to Youtube. Youtube is going to continue to grow as a bigger revenue generator as time goes on, so although it wouldn't cripple Google, it would be a huge blow to their future revenue projections. So I wouldn't put it in Category 1 yet but it's headed that way as time goes on.

So if I had to bet, I'd say Google wouldn't really care about anything from category 4 & 5 as much as people think. If they're forced to split off anything from category 3, that could hurt Google's pockets, without compromising the parts that the government cares about. And then Category 1 & 2 are off the table so, not worth discussing. Which means if/when there is a conclusion to the antitrust thing, you can tell how serious the government was based on whether or not anything from category 3 is split off. Anything else is just noise.

 

[The Mass Shooter Ron Soye]

All the shrieking about Chrome is a red herring. Chrome is not a standalone business, it's revenue neutral at best but as a standalone it's a huge money loser. Its value is only in the data it provides to Google. Then of course, there is Chromium which would obviously add to the complexity of trying to argue for Chrome to be a functioning separate business. Here is this browser which has a bunch of open source forks and no longer has the unlimited resources of Google to support it. Good luck in your new ventures. Basically the only buyer that could make it work is Microsoft, which then opens up more antitrust issues.

I think Brave and some other smaller players expressed interest and could do a good job taking over Chrome/Chromium. It's a moot point though:

Ars Technica: Google won’t have to sell Chrome, judge rules (archive)

 

[Lord of the Large Pants]

So Google will still allow sideloading, but won't they just refuse to bless F-Droid/New Pipe/etc with the holy signing keys? How is this any different in practice?

 

[Punished Magician]

So Google will still allow sideloading, but won't they just refuse to bless F-Droid/New Pipe/etc with the holy signing keys? How is this any different in practice?

Because of the technicalities of how they chose to go about this, now the response to accusations of locking down the platform can be:

MOSTLY FALSE​

Google still allows sideloading on Android through running .apk files, just as they always have. A select few app developers have stalwartly refused to allow their apps to be installed on Android by choosing to obfuscate their true identities, putting users at risk of running unverified software potentially developed by bad actors. This lack of transparency behind the development of their apps runs contrary to everything the open source community stands for.

The above paragraph, or anything like it, will with a 100% success rate convince the only people who matter (senile boomer judges and legislators) that this decision was a nothingburger, and it technically isn't perjury either (but when's the last time the courts even cared?)

 

[Unarmed Gunman]

It's a moot point though

And this is how we knew this antitrust case was all a sham from day 1.

 

[OrangeManeXTinyHatGVNG]

another thinly veiled attempt at total surveillance using security as excuse. Threadly reminder that cybercriminals have no problem verifying anything in fact it is often much easier for them than honest users. some very prolific malware in recent past was being spread directly over the google play store lul.

Im kind of an accelerationist on this much like with visa, maybe they should be encouraged to make shitty decisions that will lose them market share

 

[The Mass Shooter Ron Soye]

Ars Technica: F-Droid says Google’s new sideloading restrictions will kill the project (archive)

F-Droid sees Google's plans as a threat to FOSS apps.

Ryan Whitwam – Sep 29, 2025

Google plans to begin testing its recently announced verification scheme for Android developers in the coming weeks, but there's still precious little information on how the process will work. F-Droid, the free and open source app repository, isn't waiting for the full rollout to take a position. In a blog post, F-Droid staff say that Google's plan to force devs outside Google Play to register with the company threatens to kill alternative app stores like F-Droid.

F-Droid has been around for about 15 years and is the largest source of free and open source software (FOSS) for Android. Because the apps in F-Droid are not installed via the Play Store, you have to sideload each APK manually, and Google is targeting that process in the name of security.

Several weeks ago, Google announced plans to force all Android app developers to register their apps and identity with Google. Apps that have not been validated by the Big G will not be installable on any certified Android devices in the future. Since virtually every Android device outside of China runs Google services, that means Google is in control of the software we get to install on Android.

According to F-Droid, Google's verification program threatens to break free app distribution. Google claims that attaching real identities to apps reduces the incidence of malware, which it has seen in action in Google Play. Still, the Play Store is not free of bad apps, which F-Droid points to as evidence that Google's moves won't actually eliminate the risks of sideloading.

Google's approach to verification would be a real problem for F-Droid's operation. F-Droid doesn't allow tracking or invasive advertising in the apps it distributes. Each app is provided to the platform in the form of source code, which is verified and then compiled by F-Droid. The site operators say they cannot require devs to register with Google, nor can they "take over" the app identifiers to register for them. Doing so would effectively take over distribution rights from the authors.

F-Droid warns that the project will end if Google is allowed to seize control of the entire Android software ecosystem by way of its developer verification program. In addition to gathering personal information from devs, F-Droid says Google will be demanding registration fees from independent developers, many of whom give their apps away for free and would be uninterested in paying Google for the privilege.


Google's application to test verification does ask if you can pay in USD, suggesting it will charge devs for the privilege of creating Android apps.

Google has been slow to provide details of the verification system. However, you can sign up for the early access program. During that process, Google does ask if you are able to pay registration fees in US dollars, which suggests there will be a cost for developers in the program. We've reached out to Google for more information.

A plea for regulation​

F-Droid's position is clear: If you own a device, you should be allowed to decide what software to run on it. To force everyone to register with a central authority is an affront to the ideas of free speech and thought, says F-Droid.

So what's the solution? In the blog post, Google is accused of using security as a mask for what is really an attempt to consolidate monopoly power over app distribution at a time when its power is being suppressed by antitrust actions. F-Droid is calling on regulators from the US and EU to take a close look at Google's plans before it's too late.

Google is currently on the verge of massive court-mandated changes to the Play Store. After losing the antitrust case brought by Epic Games, Google also lost the appeal. As it explores further legal maneuvering, the firm may have to begin opening up its app distribution system by promoting third-party stores on Google Play and mirroring Google Play content in other storefronts. This will reduce Google's monopoly power in Android apps, which is the court's intention. However, the company's new goal of locking down sideloading could maintain its central role in Android software.

F-Droid calls on concerned developers and users to contact their government representatives to demand action. Specifically, the site suggests invoking the European Commission’s Digital Markets Act (DMA) to keep FOSS apps free from Google's gatekeeping.

While the pilot verification program is set to launch next month, it will be almost a year before unverified apps will be blocked. That will start with a handful of markets, including Brazil, Indonesia, Singapore, and Thailand. The restrictions are expected to expand globally in 2027.

 

[CansOfCant]

Lose weight?

Late, but I'm DM1. It's an autoimmune disease from early age.

ETA: Think Joe Winko. Same build, if I remember right.

 

[Butter]

I used Android devices since 1.0.

Might actually buy an Apple phone next time. They do seem well-built and their flagship will do just fine.

I was going to just go with the Google 10 XL Pro as usual, but this is very concerning. Especially since they are also fucking graphene OS over. I wonder for how long they will let you unlock the bootloader(?).

I hope the EU will just go "lol no" and either slap them with billions of dollars fines or just force them to cut that shit out.

It's my fucking device, if I want to fall for a scammy .apk let me fuck up, you absolute faggots.

 

[Unarmed Gunman]

Yeah I think if forced to choose between Apple and a locked down Google, I'll be forced to switch to the corny ass Apple ecosystem. Google is the least trustworthy company in the world already, so I wouldn't be able to justify it. Maybe some Chinese knockoff will be available..

 

[Lapsus of the bepsus]

So Google will still allow sideloading, but won't they just refuse to bless F-Droid/New Pipe/etc with the holy signing keys? How is this any different in practice?

"sideloading" as a concept and a word is complete made up bullshit in the first place. you dont call it "sideloading" when a desktop linux user installs a package from outside the distro repo or builds and installs software from source, thats just called installing software like it fucking should be, because thats what it is. the whole idea of "sideloading" is a carefully crafted deception by corporate niggers at apple and google to cuck users out of basic freedoms like choosing what software will run on the device you paid for.

from the very moment this gay term "sideloading" was first adopted it was completely obvious and predictable that one day they would slam down the hammer and try to ban it under some bullshit pretense like "muh security", because installing some ad ridden ai vibe coded pajeetware from the play store is obviously so much safer than installing a small open source application which just does the job and is freely available for download and full source code inspection on github. only one of these generates revenue for jewgle sadly, so the other has to go. were so very sorry for the inconvenience android users its for your own safety

i hope this shit generates a lot of traction in the alternative android os world. im not thrilled about shit like grapheneos being a project run by an insane person, but very soon these things are going to be absolutely necessary if you want to avoid being raped in the asshole at your cellphone manufacturers whim

 

[Florid Icewater]

Google won't check the content or functionality of the apps, though.

uh huh.

 

[HildegardOrgonAkkumulator]

they are also fucking graphene OS over.

Summarizing what GrapheneOS is saying on Twitter reading it in Chris Chan's voice: Google made porting to the newest model harder by delaying source code releases and such, BUT they're working on it. It will come via some workarounds.

just go with the Google 10 XL Pro

There are mentions, by GrapheneOS, partnering with a hardware manufacturer to produce phones with Graphene preinstalled. Via this yet unnamed manufacturer, they get earlier access to AOSP source (not Pixel-specific but still).
Depending on how long you can wait for a new phone (there seems to be no ETA), you can buy a new phone without directly giving money to Google (or Apple which pioneered all horrible trends).

im not thrilled about shit like grapheneos being a project run by an insane person

Yet that insane person runs a project that (still) has access to insider-knowledge while better maintaining the interests of those outside. GrapheneOS is the first one to warn about AOSP closing source. They create privacy features, that Apple copies a few years later.