The "advanced flow" will be available before verification enforcement begins later this year.
See full article...
See full article...
Google details new 24-hour process to sideload unverified Android apps
- Thread starter JournalBot
- Start date
Avoid unauthorized malware on your phone while Google harvests everything you do and create to train their next shitty LLM.
Upvote
148
(174
/
-26)
Ah yes, there it is. The fee to verify apps. That's a terrible choice. Also, a 24 hour waiting period? Not only is it buried in the settings, but they force you to wait 24 hours? Give me a break.
Upvote
89
(115
/
-26)
But how can surveillance capitalism do surveillance capitalism--if they can't surveillance capitalism?
This message brought to you by the Home Shopping Network of the Internet, AKA Alphabet Inc.
Upvote
68
(80
/
-12)
trevor_darley
Wise, Aged Ars Veteran
Oh, yeah, sure. "Combating malware." That's the chief motivation, just like "saving the children" is the chief motivation in other contexts recently.
Upvote
113
(125
/
-12)
I kind of think this article should've included information about why they are actually doing this: the Epic lawsuit rulings. Where Apple got off lighter than Play Store because of the open garden.
It feels like relevant context when they state it is malware driven yet provide no statistics or metrics supporting it.
It feels like relevant context when they state it is malware driven yet provide no statistics or metrics supporting it.
Upvote
66
(72
/
-6)
Well, we've gone from "no sideloading" to "sideloading, but its a pain in the ass" before they even detailed the policy. Lets see if that 24 hour waiting period even makes it to release.
Upvote
69
(70
/
-1)
But they can't do that and mass layoff workers to keep pumping their stock price--if they do that.
Upvote
38
(40
/
-2)
Seems a lot easier than ADB. I was mentally preparing to working with it on a constant basis to get apps on my phone. This is more streamlined.
Still annoying though.
Dev opt -> Allow unverified -> etc -> wait 24hrs
Is a lot less work than ADB.
Still wish they didn't do this shit
Still annoying though.
Dev opt -> Allow unverified -> etc -> wait 24hrs
Is a lot less work than ADB.
Still wish they didn't do this shit
Last edited:
Upvote
13
(40
/
-27)
Pardon me, but this is just a fucking load of bullshit. I am especially disgusted by them requiring any random dev to provide their identification, signing keys and everything even when they don't want to put their stuff on the Play Store, that's just....malicious on Google's part.
Upvote
137
(148
/
-11)
Do I get this correct. Google will demand signing keys from the devs. Meaning that google can at any point create a modified app and sign it with those keys pretending to be devs?
Upvote
102
(108
/
-6)
No it isn't. It is designed to make the process onerous and difficult so that you stay within the Play Store.
Upvote
120
(131
/
-11)
I chose Android many years ago because I make my own apps. I'm not paying, and I'm not waiting 24 hours.
Upvote
46
(52
/
-6)
gourdcaptain
Seniorius Lurkius
when do we get the mandatory "educational" film you have to watch showing the mangled corpses of people who enabled unverified apps lol
Upvote
82
(87
/
-5)
I assume it would be in poor taste to mention all the 'legitimate' applications that fail that test?
Upvote
67
(68
/
-1)
Usually I have to install an app because I didn't know I needed it (because it is just some stupid wrapper for the internet but that's another whole thing)
What if it is used for some sort of event? And that event is happening TODAY.
That 24 hour wait time is gonna get some people real mad when it starts costing them $$$.
What if it is used for some sort of event? And that event is happening TODAY.
That 24 hour wait time is gonna get some people real mad when it starts costing them $$$.
Upvote
-19
(16
/
-35)
I've been running GrapheneOS on my Pixel for six months now with zero issues. Highly recommend to those with compatible devices.
Google can fuck right off with their enshittified bullshit disguised as "safety".
ETA: When I pay for a computer it needs to do what I tell it to do, when I tell it to. Nothing more, nothing less. For those of you who read this that work for these companies....for the love of fucking christ, stop being evil.
Google can fuck right off with their enshittified bullshit disguised as "safety".
ETA: When I pay for a computer it needs to do what I tell it to do, when I tell it to. Nothing more, nothing less. For those of you who read this that work for these companies....for the love of fucking christ, stop being evil.
Upvote
102
(112
/
-10)
24 hours seems a bit too much for a process that already presents many other barriers to the average user. At the very least they aren't removing the ability to side load apps altogether. This is basically the only reason that makes Android the better choice for me and many others.
Upvote
38
(41
/
-3)
- Add bookmark
- Featured
- #23
“But the plans were on display…”
“On display? I eventually had to go down to the cellar to find them.”
“That’s the display department.”
“With a flashlight.”
“Ah, well, the lights had probably gone.”
“So had the stairs.”
“But look, you found the notice, didn’t you?”
“Yes,” said Arthur, “yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.”
Upvote
154
(159
/
-5)
start
I see that I am in the minority with this opinion, but I think the 24-hour cooldown is a really good compromise to help prevent coercion and, more likely, someone with temporary unauthorized access. And for the power user who needs to sideload apps all the time, it doesn't seem too onerous to wait 24-hours once when you get the phone and set it to indefinitely allow.
The $25 fee and other hurdles for developers seems like the much bigger issue here.
The $25 fee and other hurdles for developers seems like the much bigger issue here.
Upvote
159
(180
/
-21)
It's obviously smarter than that.
You need to upload a photo of yourself holding up a copy of tomorrow's New York Times.
Upvote
68
(70
/
-2)
For the record, the Boomers don't give a shit about this. 99% of them see their phone as...
Wait for it...
A PHONE.
It also does text. And has a camera. And kind of surfs the Internet in a really shitty way.
That's about it. Side-loading is not a Boomer thing.
More to the point, side-loading is not MUCH of a thing in the first place. Yes, people do it. Yes it gets a lot of press. But I'd love to see some statistics on how many people actually know what the fuck it means, let alone actually do it.
It's most a straining at gnats/swallowing camels whole legal thing that Google has to allow, but no one told them they had to make it easy. It's at least doable, kinda, for those few who want to. For the rank and file, this isn't even a ripple in the ocean of shit out there today.
Upvote
43
(52
/
-9)
Upvote
23
(25
/
-2)
I assume this is your typical public/private key situation where Google gets the public key so they can verify the apps are signed by the dev private key. They can't sign something as the dev just verify the packages are from a particular dev who has been verified.
I don't think the $25 for verifying is that bad. It's a one time thing for an account as far as I can tell. That's pretty minimal and then you can presumably release as many apps as you want with any updates you want at any time. You don't want to make it completely free because people abuse the verified accounts and treat them as disposable. At least if you've got a minor fee there is some cost and you can do things like looking for someone verifying dozens or hundreds of accounts with the same payment info to try to prevent abuse.
I also think the 24 hours thing is fine. Your average user is never going to go into this in the first place. If you know you want to be able to side load things just go in and do this when you first setup the phone and set it to indefinite. You've now opened it up to side load as much as you want with out any delays. You've got your behavior that you want. I don't have a problem with the assumption that your typical person suddenly wanting to sideload something is probably being scammed and a 24 hour road block is probably a good thing.
Upvote
57
(72
/
-15)
One time fees never stay that way.
And this is yet another step Google is taking in the long road to coerce people into stopping modifying their phones from surveillance capitalism stock. It has been going this way for years. Arguably since Samsung debuted Knox and corporate America thought that Knox was a great idea.
Upvote
25
(32
/
-7)
How exactly is this going to stop any malware and scams? A malicious actor will just register as someone else. It can't be that hard and $25 is just ridiculous if you really pull a decent scam. When one developer identity gets blocked you just register another.
Upvote
29
(33
/
-4)
I don't think so, at least if I read this correctly: https://developer.android.com/developer-verification/guides/android-developer-console
Looks like a regular key exchange where you give them the public key and then sign with your private key, and they can then associate that key pair with your ID.
Edit: evan_s beat me to it.
Upvote
46
(46
/
0)
Next they'll be feeling pressure from regulators to not allow any apps which aren't approved by the government.
See also: ❝Age Verification,❞ which suddenly appeared simultaneously in every western country and is actually about social control by means of maintaining a database tying everyone's online identities to their physical identity.
Fuck every bit of that.
Upvote
50
(54
/
-4)
Upvote
22
(43
/
-21)
That’s on the event for not doing the trivial amount of work to get the app authorised on the App Store.
Upvote
23
(32
/
-9)
I am mostly in agreement with you on the method to allow full sideloading like that. I have stopped people mid scam as someone on the phone was walking them through installing some malicious app. There are just too many scammers out there and the average user truly has no idea how their phone works or what they are doing.
Now for power users and developers there should be a faster way to bypass that, maybe something through ADB which should prove that it isn't a scammer situation and also wouldn't require spending money.
Upvote
40
(42
/
-2)
Wait, aren't there detailed instructions in this article?Ryan Whitwam said:
So the next time I'm being coerced, that verification step will save me.Ryan Whitwam said:
Although if the only difference between the earlier system is a (possibly) one-time twenty-four hour wait, then there's no material difference at all...
...which leads one to believe this workaround is not intended to remain available for very long.
Upvote
2
(6
/
-4)
anguisette
Wise, Aged Ars Veteran
the article says you need a "device unlock code". what is one of those and how do you get one? is this the code that certain mobile providers are known for refusing to provide to people currently in contract with their device?
Upvote
8
(15
/
-7)