Android developer verification: Early access starts

Posted by erohead 11/13/2025

Android developer verification: Early access starts(android-developers.googleblog.com)

1362 points | 676 commentspage 2

BrenBarn 11/13/2025|

The key question for me is whether this "advanced flow" will allow the practical use of entirely separate app stores (like F-Droid) or if they're going to throw up tons of barriers for every individual app install.

tadfisher 11/13/2025||

There's a second path, whereby F-Droid registers as an "alternative app store", which is a new category of app created in the fallout of Epic Games v. Google [0]. This is interesting because it applies to all regions and will necessarily need more elevated permissions than the typical REQUEST_INSTALL_PACKAGES permission used today. No idea what requirements Google will impose on such apps.

[0]: https://en.wikipedia.org/wiki/Epic_Games_v._Google

kragen 11/13/2025|||

What would they have to offer Google in return for being granted this status? Would they have to ban NewPipe, for example?

gpm 11/13/2025||

Up to what a committee of 3 people (or in the alternate district court judge James Donato) believes this means, assuming the judge approves the proposed modification to the injunction in the first place

> Google may create reasonable requirements for certification as a Registered App Store, including but not limited to review of the app store by Google’s Android team and the payment of reasonable fees to cover the operational costs associated with the review and certification process. Such fees may not be revenue proportionate.

One appointed by Google, one by Epic, one appointed by the other two. All three will be barred from private communications about any of this with any parties.

Considering this is an anti-trust suit I suspect the judge would be extremely unamused if the committee members found that "must ban NewPipe" was a reasonable requirement.

kragen 11/13/2025||

That sounds reasonable, but I doubt F-Droid can cough up the required US$1 million to pay 12 Google L7 SWEs to spend a month reviewing F-Droid once they get enough free time. I wonder if they'd require F-Droid to comply with PCI-DSS? That seems to be the trendy thing in review and certification processes, and naturally it's important for an "App Store" to have secure payments, isn't it? (Never mind that F-Droid doesn't accept payment except donations via liberapay.)

BrenBarn 11/13/2025|||

Yes, that possibility has occurred to me as well, and is potentially a reasonable compromise (depending on those requirements).

sowbug 11/13/2025|||

If I were designing the advanced flow, I'd require the decision to be made at phone setup time. Changing your mind later requires a factory reset.

Real sideloaders (F-Droid users, etc.) know at setup time that that's how they'll be using their phone, so it works for them. But ordinary users who are targets for sideloading malware will become a lot less attractive if attackers must convince them to wipe their phone to complete the coercive instructions.

Aliexpress has a similar approach to protect their accounts from takeovers. If you change or forget your password, all your saved payment methods are erased. This makes the account less valuable to an attacker, at the cost of a little pain to authentic account holders.

201984 11/13/2025|||

No, that's ridiculous. If I want to send an app to someone, now they have to wipe their phone to install it? That would kill installing non-Play apps far more than Google's original proposal.

arcfour 11/13/2025||||

I hadn't installed a non-Play Store app for something like 5 years until this year. I don't see why I should have been forced to factory reset my phone then.

archon810 11/13/2025||||

Forgive my bluntness, but I hope you are never allowed on the Android team or near any significant UX decisions on any devices or apps I use or will use.

g-b-r 11/13/2025||||

Great, at phone setup when many people don't know anything about the implications of the choice.

And factory reset when it's impossible to backup and restore everything, or anything at all without a Google account

eviks 11/13/2025||||

But wiping your phone isn't "a little pain"

cesarb 11/13/2025|||

> Real sideloaders (F-Droid users, etc.)

When using F-Droid, I don't think of myself as a "sideloader". I'm using an app store (F-Droid), not installing some random APKs.

(Yes, the F-Droid store app had to be "sideloaded". Once. It updates itself. If or when Google allows alternate store apps in their store app, even that would no longer be necessary.)

NewJazz 11/13/2025|||

If F-Droid is no longer part of the android community, then neither will I.

I'm not too worried. My employer should be, though.

AndrewDavis 11/13/2025|||

It all depends on how the flow is implemented.

If it's a one time unlock, eg like developer mode then hopefully it'll just work.

If it's a big long flow per install... Yikes, that's not much better than adb install

andrepd 11/13/2025||

Correct me if I'm wrong but doesn't the EU digital markets act mandate this?

advisedwang 11/13/2025|||

EU digital markets mandates that you can install apps through f-droid... but doesn't mandate that those apps don't to comply with Google's signing policy.

gumby271 11/13/2025|||

Isn't Apple technically complying with this even while forcing notarization? Seems like Google could get away with the same scheme.

gpm 11/13/2025||

Apple says they are. The EU says they aren't. They're fighting over it.

bilsbie 11/13/2025||

I don’t like to see the word “allow” in the same sentence with a device I own.

edoceo 11/13/2025||

It's a device you own, sure. But you've licensed the software.

EMIRELADERO 11/13/2025|||

This is misleading though. There is simply no other choice if you want to use mainstream apps. It could be argued (successfully in my view) that any agreement is null and void due to its acceptance under duress.

Users have an inherent legal right to unconditionally access the full advertised functionality of devices they purchase. Any agreement after that is inherently suspect and I wouldn't be surprised to find out it was ruled unconscionable by some court if it came to that.

makeitdouble 11/13/2025|||

> This is misleading though.

This isn't misleading in any way. It's unfortunate and we should be pissed about it, but this is exactly the legal arrangement that Google and Apple came up with.

> I wouldn't be surprised to find out it was ruled unconscionable by some court

Last US court battle, Apple told the court it needed the money from the kids casino to keep its profits, and the court just nodded.

Apple had to be held in comptempt of a court order after 4 years and a deluge of evidence, for us to see any significant move.

edoceo 11/13/2025|||

I agree it's not awesome, or even good. Unfortunately, it's what we've got today. A fact HN seems to dislike.

devsda 11/13/2025||||

If there is an alternative software that can run on the device without going through extraordinary hoops, I may agree that it is licensed.

If there is no other alternative, buying hardware and licensing software are not two different steps. Its just buying a device.

makeitdouble 11/13/2025||||

Let's not shoot the messenger (edoceo)

Too many people are in denial about what they actually own, and seem to refuse to accept this battle isn't starting or coming up, we're already in the process of losing it.

Clinging to material ownership feels great on the moment, but that's absolutely not what we need to deal with right now. It's kinda like being so proud to be the registered owner of your car, while it's getting impounded and you'll be spending the next 10 years trying to get it back.

flagos10 11/13/2025||||

We need a free-as-in-freedom version of Android.

wmf 11/13/2025|||

GrapheneOS

tcfhgj 11/13/2025|||

Google is suppressing freedom.

"Go, give money to Google, to reclaim freedom"

rcMgD2BwE72F 11/13/2025||

What's Google profit/margin on Pixel phones nowadays (hardware only)?

a96 11/13/2025|||

GrapheneOS is also in danger.

jhasse 11/13/2025|||

Already exists. LineageOS, /e/OS, GrapheneOS, to name a few.

Ajedi32 11/13/2025||||

Which is an unacceptable loophole in our legal system that should be closed immediately as far as I'm concerned. If I buy a product, even if that product is software, then I own it, and I should have ultimate control my copy of it.

The idea that we allow companies to go "Yes, you paid for this product, but it's not really yours. We still control it and can do whatever we want with it regardless of what you want." is asinine.

huem0n 11/13/2025|||

Then let me put my own software on the hardware I own then.

jhasse 11/13/2025||

Well you can. But then it has to be completely your own software (i.e. OS).

gpm 11/13/2025||

8 days ago Google and Epic announced a proposed settlement and modification of a permanent injunction that Epic won, I believe this proposed settlement would likely have prohibited Google's plan to forbid installation of third party apps (excluding app stores from the definition of apps) unless those app developers had paid google a registration fee. The proposed settlement is here [1], the relevant portion is

> 13. For a period beginning on the Effective Date through June 30, 2032, Google will [...] and will continue to permit the direct downloading of apps from developer websites and third-party stores without any fees being imposed for those downloads unless the downloads originate from linkouts from apps installed/updated by Google Play (excluding web browsers).

6 days ago the court expressed skepticism as to the proposal and announced that they'd have a hearing, with testimony from expert witnesses, as to whether it would prevent the market harms that the original injunction was trying to cure [2].

Today Google announces this, effectively confirming that they're backing down from their requirement that third party app developers pay google prior to distributing their apps.

Nothing (yet) is explicitly tying these together, but I can't help but suspect that this move is in large part being made to convince the court that they're actually intending to honour this portion of the proposed injunction even though Epic would have little reason to enforce it.

[1] https://storage.courtlistener.com/recap/gov.uscourts.cand.36...

[2] https://storage.courtlistener.com/recap/gov.uscourts.cand.36...

dgoldstein0 11/13/2025|

Did we read the same thing? I think Google here said there would be a $25 fee per developer (for those who can't fit in their limited distribution category). I suppose it's much better than a fee per paid install but it's not nothing.

gpm 11/13/2025||

See the "Empowering experienced users" section.

They announced the $25 "verification" plan awhile ago. The new part in this article is that they're going to have it remain possible to install software that didn't do that "verification".

> Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified.

cubefox 11/13/2025||

That quote doesn't say anything about the hoops "experienced users" have to go through in order to install said software.

gpm 11/13/2025||

It says that there will exist a working set of hoops though. Which wasn't the plan before.

Sytten 11/13/2025||

In the end when supporting the non tech people in the family, what I would really like is to setup their device so they can install anything on Fdroid but nothing from the play store (unless approved by me) nor direct from an apk.

rpdillon 11/13/2025||

This is exactly what I do. Works pretty well. I've never needed to restrict the play store. I just tell them not to use it.

wmf 11/13/2025||

I wonder if MDM can do that.

aboringusername 11/13/2025||

We really need to banish the term "sideloading". Installing apps on a terminal is just that, and for as long as I remember on windows, Linux it has always been just that.

Google mentions about being on a call, and being tricked into handing over codes. So why not use signals and huristics to decide?

If user is on a call, block any ability to install a shady app. Implement a cool down before that functionality is restored (say 24 hours). It can also detect where the user is based to add additional protection (such as mandating the use of play protect to scan the app before it's activated and add another cool down regardless).

There's lots of ways to help protect the user but it's wrong to ultimately control them. The real world is full of scary dangers that technology is trying to solve but is actively making things worse (such as computerized safety systems in cars).

Ultimately, the user is responsible and whilst it's palpable Google would want to reduce harm in this specific way, we know authoritarian governments would also love to be able to dictate what software people can run. The harm to democracy is simply too great in favor of saving a few people's money.

sschueller 11/13/2025||

They will just add a flag in the SafetyNet service to let other apps know if non "verified" apps have been installed.

You will not be able to use any of your banking apps without first removing all of those...

We need alternatives, this will not work and is a risk to freedom/democracy for all of us.

Switzerland is implementing a digital ID[1]. It will be made available to the most common devices and is open source. However Google and Apple can just remove it, what then?

[1] https://github.com/swiyu-admin-ch

Llamamoe 11/13/2025||

Seriously though, can anyone tell me why the fuck banking apps try so hard to find any possible excuse to not run on customised devices?

I just can't see any good reason for it but my banking app has invested more work into detecting any possible hint of rooting than into its UX. It's absurd.

garyfirestorm 11/13/2025|||

> Seriously though, can anyone tell me why the fuck banking apps try so hard to find any possible excuse to not run on customised devices?

As an early cyanogen mod adopter I really don’t want to lose ability to side load etc. but to answer your question this is probably for the lowest common denominators safety. Anecdotal example - a scammer tricked my parents into sideloading an apk which automatically forwarded all sms messages to the said scammer. This lead to 2FA code from bank go through and allowed them to perform some transactions. There were many red flags during this ‘call from a bank’ and I’d say some blame lies on my parents here, I guess this is the only way to lock down bad actors? I am not entirely sure it is.

creichenbach 11/13/2025||||

Banks have stupid rules probably made by people who don't understand the matter. A relative recently got victim to phishing and gave away some of his banking details (fake e-banking login screen on a website). After locking the account, the bank said it would only unlock it after the phone got wiped, which obviously doesn't add anything in this situation.

Another pet peeve is that they prevent screenshots simply because they can, and it feels safer. I know, 3rd-party apps which can do screenshots etc., but this is fighting the threat the wrong way. And yes, it's partially the fault of the platform, which could just allow user-initiated screenshots. Or at least make it configurable.

monkpit 11/13/2025|||

> Banks have stupid rules probably made by people who don't understand the matter.

Their insurance policies, if I had to guess.

walletdrainer 11/13/2025||

Unlikely, banks do not reimburse this kind of fraud in most of the world.

This is most likely the bank just being genuinely nice and taking care of customers who range between very stupid and momentarily distracted.

walletdrainer 11/13/2025|||

>After locking the account, the bank said it would only unlock it after the phone got wiped, which obviously doesn't add anything in this situation.

How is that supposed to be a stupid rule? Do you have any idea how much fraud this stops?

Elfener 11/13/2025||||

It may not be banks themselves doing this.

For example, my bank here in Hungary, Erste Bank has announced that the central bank requested that they stop allowing their android app to run on "modified" devices.

They even have a workaround: switch to SMS-based 2FA and use their website (which works well on any screen and has all the features of the app except 2FA)

groestl 11/13/2025||

> the central bank requested

That's the answer, it's regulatory bodies causing this.

BoredPositron 11/13/2025||

In 90% it's insurance compliance.

bux93 11/13/2025||

Is this is something small regional banks in the US do? I'd actually be very interested to know about who is providing, and who is taking such coverage if this is being (re)insured. If you have any market data/news, I would love to know.

hanrelan 11/13/2025||||

If you run a pentest, allowing rooted devices will almost certainly show up as a vulnerability. It'll be marked "low risk", but you'll also be told that you don't want to "accept risk" for too many "low risk" vulnerabilities.

So somebody then needs to say that this is not something they worry about rather than doing the easy thing and remediating it.

znanz 11/13/2025||||

At most banks, the absolute control belongs to risk and regulation department. A bank must safeguard their license above all else, and it is very easy for them to loose it if the bank is found doing something it should not (though for the big ones, they sometimes operate in a gray zone, which means they manage to keep their licenses despite relatively steep fines). Even for the simplest ui/ux change, risk department has the final say. Source: I’ve been working 15+ years in the banking industry.

archon810 11/13/2025||||

Probably because it makes it easier to observe and/or intercept API calls and other data exchange between the client and the server. It's trivial to disable things like SSL cert pinning, etc. on rooted devices.

emsixteen 11/13/2025||

… and then the return argument is that those who actually want to do this nefariously are already going to be able to hide device modifications/rooting.

sschueller 11/13/2025||||

Insurance, they don't want to be on the hook if you get robbed.

verisimi 11/13/2025|||

How useful is it to have a unique global ID, that the target willingly carries and manages, but doesn't have any meaningful control over?

andyjohnson0 11/13/2025|||

> They will just add a flag in the SafetyNet service to let other apps know if non "verified" apps have been installed.

Sincere question: do you have any evidence for this?

I don't see anything in the article that backs it up, and your asserion seems to be at odds with the description of a side load capability for "risk tolerant" users. What you describe would certainly break much of the usefulness of side loading for me.

I certainly don't trust Google, or underestimate their capacity for duplicity. I'm just not sure about the outcome you describe.

hasperdi 11/13/2025||

It a projection of what they could do. ie. logical step

The whole SafetyNet and "secure chain" things are PITA, eg. ChatGPT app wouldn't work if the phone bootloader isn't signed by Google. Lots of banking app wouldn't work, HSBC banking app for instance wouldn't allow login if Android developer mode is enabled.

consp 11/13/2025||

Some apps do this because of some minor audit crap with relation to screenshots (the devmode part) afaik. Others just always blank the screen image and tell the auditor to [insert crude metaphor].

Same none sense with root enabled. You must have a check, doesn't specify which one and as long as you can show it works once you are fine.

phendrenad2 11/13/2025|||

Of course, it wouldn't be HN if the previous claim that "the sky is falling" wasn't followed up with "well, it's not falling, but I saw some heavy rainfall!"

sureglymop 11/13/2025|||

Is the digital ID just to identify yourself online? Because I've never had to do that. Kind of seems like a solution in search of a problem.

sschueller 11/13/2025||

The digital ID e.g. eID is for example if you want to order a government document online. At the current time you need to print out your request and send a copy of your ID in the mail or go to the counter and show it. Same if you get a bank account or new phone contract although those usually let you scan your ID with your phone. A eID would make that more secure although people are already being tricked into doing face validations[1]...

Offline it would make it possible to verify your age at the self-checkout registers without having someone have to check in person.

In the future (if the law allows it, which it currently does not) it should be possible for you to purchase an item online completely anonymously, at least to the vendor. There would no longer be a possibility of leaked address, etc. as the vendor would not have it. All the vendor has are signed tokens. When they send a package they send it with a token to the post office and only the post office knows your address.

[1] https://www.srf.ch/sendungen/kassensturz-espresso/espresso/m...

nake89 11/13/2025|||

They won’t remove it if its been installed from their app stores.

sschueller 11/13/2025||

They removed the "ICE" app and if the US government has an issue with other Apps they bend over and do it.

Switzerland is currently dealing with a 39% and Brazil with a 50% tariff because Trump has a personal problem with them. It would not be far fetched for an administration to have another states app removed.

nake89 11/13/2025||

I just want to preface that I am not in support of Apple or Google in their closed ecosystem.

I was specifically referring to you saying "Switzerland is implementing a digital ID[1]. It will be made available to the most common devices and is open source. However Google and Apple can just remove it, what then?"

It seemed like you were saying that because it is open source, it will be removed. I simply disagreed with that. Plenty of opensource software exists in the app store.

I'm not disagreeing that they have the ability to remove software from their app stores. They have done that before as you mention. That is a fact.

sschueller 11/13/2025||

> It seemed like you were saying that because it is open source, it will be removed. I simply disagreed with that. Plenty of opensource software exists in the app store.

Sorry if it came across that way. It is not what I meant, I just mentioned that it is open source. ESL...

rbits 11/13/2025||

Why do you think that will happen?

concinds 11/13/2025||

Paranoia.

sschueller 11/13/2025||

The current US administration is not acting with logic nor reason. Switzerland is currently dealing with a 39% tariff for no reason. We are the 7th largest investor[1] in the United States with thousands of jobs and we are the worlds 3rd largest holder of US dollars[2].

[1] https://globalbusiness.org/foreign-direct-investment-in-the-...

[2] https://en.wikipedia.org/wiki/List_of_countries_by_foreign_e...

WhoCaresAboutIt 11/13/2025||

It's not "sideloading". It is "installing". Just installing the software you want, on the device you own. I am not "sideloading" applications on Windows, either. I download and install them. And before the internet, you got your software on CDs or floppies and ... installed them. This is nothing new. The term "sideloading" somehow implies you are circumventing or side stepping some mechanisms or protections in a non-sanctioned / nefarious manner. I am not. I just install software on my phone.

sipofwater 11/13/2025||

* "Android Developer Verification Discourse" by agnostic-apollo (https://github.com/agnostic-apollo), Termux app (https://github.com/termux/termux-app) developer: https://gist.github.com/agnostic-apollo/b8d8daa24cbdd216687a... (gist.github.com/agnostic-apollo/b8d8daa24cbdd216687a6bef53d417a6) and https://old.reddit.com/r/termux/comments/1ourtxj/android_dev... (old.reddit.com/r/termux/comments/1ourtxj/android_developer_verification_discourse/)

* "Android Developer Verification Proposed Changes" by agnostic-apollo (https://github.com/agnostic-apollo), Termux app (https://github.com/termux/termux-app) developer: https://issuetracker.google.com/issues/459832198 via https://old.reddit.com/r/termux/comments/1ourtxj/android_dev... (old.reddit.com/r/termux/comments/1ourtxj/android_developer_verification_discourse/)

sipofwater 11/13/2025|

Android Debug Bridge (https://developer.android.com/tools/adb) using two Android smartphones and Termux (https://github.com/termux/termux-app):

* Search for "Smartphone-1 to Smartphone-2" "adb tcpip 5555" in "Motorola moto g play 2024 smartphone, Termux, termux-usb, usbredirect, QEMU running under Termux, and Alpine Linux: Disks with Globally Unique Identifier (GUID) Partition Table (GPT) partitioning": https://old.reddit.com/r/MotoG/comments/1j2g5gz/motorola_mot... (old.reddit.com/r/MotoG/comments/1j2g5gz/motorola_moto_g_play_2024_smartphone_termux/)

* Search for "termux-adb" in "Motorola moto g play 2024 Smartphone, Android 14 Operating System, Termux, And cryptsetup: Linux Unified Key Setup (LUKS) Encryption/Decryption And The ext4 Filesystem Without Using root Access, Without Using proot-distro, And Without Using QEMU": https://old.reddit.com/r/MotoG/comments/1jkl0f8/motorola_mot... (old.reddit.com/r/MotoG/comments/1jkl0f8/motorola_moto_g_play_2024_smartphone_android_14/)

nromiun 11/13/2025||

You don't need two phones to use ADB with Termux. Just put the ADB settings app on a split screen and it will work just fine. I used it several months ago.

qwertox 11/13/2025||

I'm already annoyed by the fact that when I upgrade my own apps, self-developed and only used by me, which are installed either from Android Studio or by letting the app itself download the update from my server (with the app installation permission) and me then installing it, that I must send the app to Google for them to make a security check.

It's not an option, even if they pretend it to be one: if I click the text "install without scanning", nothing happens. I must accept the big button that uploads the app for a scan. It's none of their business.

ADB is no alternative for me, because it's easier for me to send a websocket command to my 9 devices (mostly dashboards) so that they download the file and start the upgrade process, so that I then only need to press the "upgrade" button manually on each device. Remove the dashboards from the walls, just to plug an USB cable in them, to upgrade the apps?

crtasm 11/13/2025|

Is ADB over wifi also a non-starter?

qwertox 11/13/2025||

Yes

xg15 11/13/2025|

So there was the very concrete problem that F-Droid could not continue to function with the verification requirements, because they rebuild every app and so would have to know every key.

Do the changes here do anything for F-Droid?

rbits 11/13/2025|

What this probably means: to use F-Droid on your phone, you will have to first go through the new unverified app flow

xg15 11/13/2025||

That would at least be an improvement to the current situation, were they wouldn't be able to operate at all.

If the flow is designed such the you only have to do it once for F-Droid and then the unsigned apps would be installable from there without friction, it wouldn't even be that bad.

More comments...