Android's sideloading limits are its most anti-consumer move

Installing any app I want outside the Play Store was the primary reason I decided to go with Android, despite most of the people I know using iPhones. If I can't do this anymore, I may as well switch and be able to use iMessage and FaceTime with them.

> Installing any app I want outside the Play Store was the primary reason I decided to go with Android

You still can do that with PWAs in Android. Let's see for how long.

> PWAs

And I wonder when can we stop lying to ourselves pretending "web"-apps are real (native) apps?

You can still install apps outside the play store, but the developer does need to verify their signing information. Effectively this means that any app you install must have a paper trail to the originating developer, even if its not on the app store. On one hand, I can see the need for this to track down virus creators, but on the other, it provides Google transparency and control over side loaded app. It IS a concerning move, but currently this is far from 'killing' non-appstore apps for most of the market.

Same, I'm tempted to call android just a shittier iPhone now

From a quick glance at /r/GooglePlayDeveloper/ it looks like Google is just as interested in killing playstore apps! It seems that they only want to support the existing larger apps now. I think they are giving a clear message to developers that its not really worth developing for that platform anymore. I think we will all agree that the playstore needed a purge but they seem to be making it impossible for any new solo devs at this point.

Why?

And in the EU you can install apps outside of the AppStore on your iPhone!

But not outside of Apple's control, they have a very similar mechanism to this verification process with 3rd party app stores.

Yeah... no. This is normal with desktop computers. Let's stop handholding people. If I trust the source, I trust the domain... I want to be able to install app from its source.

Googles/Apples argument would have been much stronger if their stores managed to not allow scams/malware/bad apps to their store but this is not the case. They want to have the full control without having the full responsibility. It's just powergrab.

> need for this to track down virus creators

I think they’re just going to track down a random person in a random country who put their name down in exchange for a modest sum of money. That’s if there’s even a real person at the other end. Do you really think that malware creators will stumble on this?

This has to be about controlling apps that are inconvenient to Google. Those that are used to bypass Google’s control and hits their ad revenue or data collection efforts.

Then you'd be rewarding the company that pioneered and normalized taking away these rights. The next rights you'll lose will probably originate on Apple again years before Google takes them away too.

Pretty sure virus creators could just pick a real ID leaked by the "adult only logins" shenanigans, whereas legit app developers probably wouldn't want to commit identity fraud.

If it gets that bad; Google can do what they already do with business listings - send a letter to the physical address matching the ID, containing a code, which then must be entered into the online portal.

Do that + identity check = bans for virus makers are not easily evaded, regardless of where they live.

I have no idea what this means. How does this change "kill playstore apps"?

Not related to this particular news item, but several high-profile App developers are either killing their apps on Android entirely (like iA Writer) or removing features due to Google tightening submission requirements and increasing costs for apps that integrate with their services.

What part of cheaper, better, and open source is shittier exactly?

It also makes it easy for google to blacklist a developer, if for example the trump administration don’t like them (the same way apple removing apps documenting ICE).

And basically every corporation with any business in the US has proven _more_ than willing to instantly capitulate to any demand made by the administration.

> What part of cheaper

The iPhone 17 is the same price as the Pixel 10

> better

But the iPhone 17 has better hardware features, like UWB, better cameras, and a _far_ faster CPU.

> open source

Only if you install Graphene, and then never install anything that requires Google Play Services, which is basically every commercial app.

Can you imagine what you're suggesting for a Linux machine? It's absurd. My box my rules, I'll run any damn code I please.

So let's pick a random example app that might be popular on F-Droid today. Oh, I dunno...newpipe.

Given that Google both owns Android/Google Play Store and YouTube: what do you think they would do with the developer information of someone who makes an app that skirts their ad-model for YouTube?

GOS allows you to install and use apps from the Play Store and the vast majority of them works flawlessly.

And you are completely ignoring viruses, ransomware, keyloggers, the 50 toolbars etc that has been the staple of Windows and before that DOS for over 40 years.

Scam apps are rife in the iOS App Store. But what they can’t do easily install viruses that affect anything out of its sandbox, keyloggers, etc

1. Not cheaper.

2. I think it's better, I like the UX but that's subjective.

3. Not open source. AOSP is open source. Android is not open source.

I thought most devs didn’t want to develop on android because IOS devs made more income per user (0) and spent more on in app purchases. Android does well with ad supported apps. Paid apps have had issues with piracy also.

“In 2024, the App Store made $103.4 billion to Google Play’s $46.7 billion.”

0 https://www.businessofapps.com/data/app-data-report/

Sandboxing isn't feature dependent on Apple being a big curator is it? These are orthogonal but not the same issues. I've never said that PCs don't have viruses or that it isn't a problem, only that I should be able to install software from developer I trust if I want to.

I agree let's have sandboxed app instalations on platforms. Flatpak is already going this way. But it looks like big players Microsoft,Apple and Google are gatekeeping app sandboxing behind their stores instead of allowing people/devs to use sandboxing directly.

And then there will still be complaints about Google limiting what apps can do and take away “your freedom”. What happens when a third party app wants to be able to read in other apps internal storage to create a back up solution like iCloud? Should that be allowed? What about if they want to create an app that autocompletes what you type when working in another app requiring key logger like capabilities?

not the change mentioned in the news link. I was referring to what people are discussing over on the reddit play store sub. Google are terminating dev accounts without giving any reasons or warnings. I'm sure most, if not all terminations have have some element of justification but ultimately it means that Google seem pretty happy to terminate any dev account without letting the developer know why. And to make things worse, that developer is forever banned from ever publishing any content on the playstore for life. They cannot make a new account. Their career in android app development can be destroyed in an instant. Most terminations seem to be handled by bots... and to rub salt in the wound, Google only responds to appeals... using more bots. That is according to what the community has been saying at least. I'm sure they know what they are doing and one thing we all know is that Google actually IS big enough not to fail. But it does seem like the right thing to at least make new developers more aware of the risks. And it is obviously a very stressful time for anyone who is actually making a living off an android app.

It doesn't make any difference anyway, does it?

Then I might as well treat myself with better hardware & ecosystem.

I can't help but feel that this move is aimed specifically at ReVanced.

The "security" wording is the usual corpospeak - you can always trust "security" to mean "the security of our business model, of course, why are you asking?"

The toolbars don’t just magically appear there. They are the product of a technically illiterate user.

Cheaper for sure, better maybe but open source certainly not, AOSP doesn't run on a single device on earth, not even the emulators.

> The iPhone 17 is the same price as the Pixel 10

Too bad there aren’t any other Android phones…

Can you create and run a service that starts when phone is turned on, with a PWA app? Usecase is a backup daemon.

> currently this is far from 'killing' non-appstore apps for most of the market.

It means that Android is no longer suitable for my own private dev projects.

What part of "I should be able to install software from developer I trust if I want to" was hard to understand?

Will they send letters to sanctioned countries? What about a PO box, or a remailer service?

You can use GrapheneOS or LineageOS without the Google rootkit and continue installing any apps you want

Considering both Graphene and Lineage have been complaining about google making development harder and harder for how long will that be a possibility?

You can still side-load signed apps. It's a similar limitation to macOS which won't let you run apps that Apple hasn't signed without command line or control panel shenanigans. Compared to iOS, Android still has the advantage of installing your own full browser (like Firefox) with full-fat ad blocking (uBlock Origin, not Lite). iOS is Safari-only right now though, in theory, some alternative engines may be available in Europe later.

> and a _far_ faster CPU.

No longer true with the newest chip that Mediatek cooked up, ARM licensed cores like C1 are catching up rapidly with Apple CPUs (or maybe Apple has hit the limit of their current design philosophy)

It's normal for Windows and *nix, not for modern macOS which has big limitations on unsigned apps requiring command line and control panel shenanigans.

If they need to be signed by Google, that's not side loading by definition; it's using an alternate Google channel.

That physical address will be useless, and probably easily worked around, in many if not most countries. Expecting Google to be able to use that address together with the law is a pretty US-centric expectation. I don't think most virus creators would be impacted, especially not the ones that are part of professional (criminal or government) organizations.

It's certainly cheaper when you compare phones with like specs.

Google is following the same game plan we saw when they decided that the full version of uBlock Origin (the version that is still effective on YouTube) should no longer be allowed within their browser monopoly.

The fact that there was a temporary workaround didn't change the endgame.

It's just there to boil the frog more slowly and keep you from hopping out of the pot.

It's the same game plan Microsoft used to force users to use an online Microsoft account to log onto their local computer.

Temporary workarounds are not the same thing as publicly abandoning the policy.

>I may as well switch and be able to use iMessage and FaceTime with them

I, too, love vendor lockin.

Another road that leads to BBM it seems.

It’s utterly bizarre how BBM could have been the iMessage and WhatsApp and who knows what else. But rich out-of-touch people thinking exclusivity is a perk in a commodities market just shows how business savvy and wealth are in reality disconnected from eachother.

Then you don’t want sandboxing if you want all of those permissions.

My devices are not supported by either of those, sadly.

Yes because technically literate users shouldn’t have trusted mainstream companies to not install bundle ware back in the Day? They shouldn’t have trusted Zoom not to install a web server on Macs surreptitiously that caused a vulnerability? They shouldn’t have searched Google for printer drivers not knowing that it was a fake printer driver? They shouldn’t have trusted Facebook when they installed VPN software that tracked all of their traffic from any app?

Is that really your answer? To make the phone ecosystem as fraught as Windows PCs for the average user? How is they worked out for PC users since the 80s?

Not by much these days. The Pixel 10 actually gives you half the storage as the iPhone 17 at the same price.

The only Android phones that are significantly cheaper than equivalent iPhone tend to come with some kind of compromise (and don’t forget that Apple’s phones start at $600 - the iPhone 16e exists).

I think this isn’t true at all, before the iPhone existed cellular carriers controlled software on consumer phones.

Remember when GPS navigation was a $5/month app that was a cellular plan addon?

What your describing isn't "side-loading". Doing that means the apps go through Google's chain of control. Please don't let them redefine the word.

There is a big difference between Websites and Applications. Websites are a smaller subset of capabilities.

If it's for your own projects, for yourself only, ADB still works without this verification.

You can have sandboxing and run whatever you want. I do it every day on PCs where I, the user, can define the terms of sandboxing any appliclation I want, and not a trillion dollar corporation using sandboxes to enforce their chosen revenue streams upon users.

I'm out of the loop on this. What is Graphene doing?

https://grapheneos.org/features

>GrapheneOS is a private and secure mobile operating system with great functionality and usability. It starts from the strong baseline of the Android Open Source Project (AOSP) and takes great care to avoid increasing attack surface or hurting the strong security model.

Over the last years Android has gotten increasingly worse, which is something you just have to expect from a Google product.

It is still unbelievable to me that Google is shipping a product which takes 10 seconds to show anything when I search through my phones settings. What are they doing?

>open source

Sure. If you buy the right phone you get some open source components. Of course half the Android companies are trying to funnel you into their proprietary ecosystem as well. The rest just wants you to use Google's proprietary ecosystem.

You are missing the part where the OS provider is the virus and keylogger. Unless of course you feel it reasonable that google and apple datamine everything you type via their software keyboard[0] or reading the contents of your notifications via play services[1].

0 - https://discuss.grapheneos.org/d/16046-google-keyboard-w-net... 1 - https://discuss.privacyguides.net/t/sandboxed-google-play-pr...

With macOS you run "sudo spctl --master disable", and then you can run whatever you want without sending PII to Apple. Is that the case with the new Android stuff?

Agreed. While I do not like this move, ti is weird to me how far people are going in their criticism.

The perfect should not be the enemy of the good.

Exactly. I don't think Google is doing this so that people don't install some random FOSS alternatives through F-Droid.

Things like Newpipe seems much more of a target, especially if you want to take legal action. More so than stopping users, this gives Google fat more leverage about what Apps can exist. If they ever want to stop Newpipe a serious lawsuit against whoever signed the APK seems like an effective way to shut down the whole project. Certainly more effective then a constant battle between constraining them and them finding ways to circumvent the constraints.

BBM could have been great lock in IF OS and Hardware experience was not so bad.

For vast majority, Android vs iPhone is not massively different so iMessage availability is a draw for some people.

Try Xiaomi.

You can install full uBlock Origin in the Orion browser, on iOS. It also has decent built-in ad blocking (though uBlock Origin is still better).

I had been thinking for a long time to switch to Android (GrapheneOS, probably) when my current iPhone 13 dies, but this whole thing with "sideloading" on Android is making me reconsider. If I can't have the freedom I want either way, might as well get longer support, polished animation and better default privacy (though I still need to opt-out of a bunch of stuff).

BBM itself should not have been a lock-in. It would have taken incredibly little effort to open it as a desktop messenger that can seamlessly interact with people who have BBM numbers for example.

I doubt they learned their lessons. Apple walked all over them in so many ways and, if memory serves me right, they even mocked Steve Jobs over the iPhone.

Edit: just so I’m clear I’m discussing it from the perspective of early to mid 2000s. iPhone hadn’t yet come out, but iPods were popular. Trillian and Pidgin were dominating the online landscape of software that could support multiple chat protocols - seamless ICQ, AIM, IRC, Yahoo, MSN Messenger, all in one program. If there was a time for RIM to corner the market here it was right then and there because BBM was the real deal, being available on phones and they could have signed agreements with others to bring it to, for example, Nokia and Motorola and whoever else.

But no. They’d rather be arrogant and stupid.

True, although using adb requires the use of the usb port, which for some of my projects is highly impractical.

Also, with this move, Google has made it very clear that they don't want people to have any real control over their machines -- so I'm not inclined to think that using adb to work around the problem will always be possible.

It's fine, though. My hobby projects will continue into the future, just probably without using Android.

> It's a similar limitation to macOS which won't let you run apps that Apple hasn't signed without command line or control panel shenanigans

Can you do something similar to load unsigned apps on Android?

How did Orion sidestep the safari WebKit requirements?

Well GrapheneOS is not Google-certified, so it is not impacted by this :-).

Sure I do. I sandbox what I want when I want.

Everything in settings loads near instantly for me including search. What exactly has gotten worse with Android recently?

Better hardware, yes.

But you'll be reminded quickly how comparatively shit Apple's software is.

Aka the litany of "Oh, yeah, everyone knows that's broken but just deals with it, because there's no way to fix issues on a closed platform other than {wait for Apple}."

"The perfect should not be the enemy of the good" is the wrong analogy here. It's more like "death by a thousand cuts". Limitations on free computer usage are like a ratcheting mechanism: they mostly go in one direction.

Only phones sold by carriers were controlled by carriers. You could easily (in Europe at least) buy an unlocked phone and put in a SIM from any carrier of your choice. You could then easily install (i.e. "sideload") Java apps from anywhere you wanted, e.g. from a storage card or over Bluetooth, although some permissions were restricted unless you bought an expensive code-signing certificate.

In terms of cameras, my pixel takes way better pictures than any iphone, and people I know with iphones (which is basically everyone) admit it.

Thats a recent addition; hope consumer protection laws around the world become better.

Mine was better until Google kept forcing AI sharpening and making things look worse.

So now you are expecting users to navigate hundreds of permissions and know the consequences of each one? How did that work out for Vista?

I didn't think a usb port was required since the introduction of wifi adb?

https://www.androidpolice.com/use-wireless-adb-android-phone...

I did. I cannot recommend it. There is no real way to unlock bootloaders on these. They've locked it down so much that you can't really do anything but run what they give you.

You mean if you run an OS made by a company whose whole profit model is based on tracking users so they can advertise to you is invading your privacy?

Yes and for you to think that is a valid argument for a consumer product is why most open source products suck for consumers and end up being about as bad as the “homermobile”.

Does every app need to do this?

I make lots of "real" healthcare apps that are PWAs.

Much better installation and user experience, no dev cert nonsense, brain dead simple updates, no app store, etc...