Android's sideloading limits are its most anti-consumer move

We need to stop calling it "sideloading", we should call it freely installing software. The term "sideloading" makes it sound shady and hacky when in reality it is what we have been able to do on our computers since forever. These are not phones, they are computers shaped like phones, computer which we fully bought with our money, and I we shall install what we want on our own computers.

I like the term "direct install" which someone suggested in one of the previous threads.

indeed, but they're not talking about your phone, they're talking about android, which is something you don't buy nor own, you buy a license to use it on the provider's terms.

linux phones can't come soon enough ...

your point about the termn "sideloading" is spot on, though. perverting the language is the first step of manipulation: installing software is "sideloading", sharing files is "piracy", legitimate resistance is "terrorism", genocide is "right to defend oneself" ...

I wonder where the term started?

Android itself calls it "install" when you open an APK file, there's not mention of "sideload" in Android at all as far as I can tell.

I call "running unsigned binaries"

There is, actually, but in a different context. The `adb sideload` command allows you to boot a device from an image without flashing it.

>The term "sideloading" makes it sound shady and hacky

"side" refers to the fact that it's not going through the first party app store, and doesn't have any negative connotations beyond that. Maybe if it was called "backloading" you'd have a point, but this whole language thing feels like a kerfuffle over nothing.

> when in reality it is what we have been able to do on our computers since forever

You do realise that's been changing right? Slowly of course, there's no single villain that James Bond could take down, or that a charistmatic leader could get elected could change. The oil tanker has been moving in that direction for decades. There are legions defending the right to run your own software, but it's a continual war of attrition.

The vast majority of people on this site (especially those who entered the industry post dot-com crash) ridicule Stallman.

"Dan would eventually find out about the free kernels, even entire free operating systems, that had existed around the turn of the century. But not only were they illegal, like debuggers—you could not install one if you had one, without knowing your computer's root password. And neither the FBI nor Microsoft Support would tell you that."

https://www.gnu.org/philosophy/right-to-read.en.html

If you want a real blackpill (I think this is the right word), consider the famous Cathedral and the Bazaar.

I recently had a realization: I can name Cathedrals, that are 800 years old, and still standing. I can't name a single Bazaar stall more than 50 years old around any Cathedral that's still standing. The Cathedral's builders no doubt bought countless stone and food from the Bazaar, making the Bazaar very useful for building Cathedrals with, but the Bazaar was historically ephemeral.

The very title of the essay predicts failure. The very metaphor for the philosophy was broken from the start. Or, in a twisted accidentally correct way, it was the perfect metaphor for how open-source ends up as Cathedral supplies.

> "your point about the termn "sideloading" is spot on, though. perverting the language is the first step of manipulation [...]."

Precisely.

They are signed, though. Just not by Google.

If Google provides a permanent mechanism to disable this in developer settings, then this devolves to an inconvenience.

The setting to allow unsigned apps could be per appstore tracked by an on-device sqlite database, so a badly-behaving app will be known by its installer.

This command is also used to install 3rd-party ROMs.

There is an option in the TWRP recovery tool to sideload any capable .ZIP file.

Mandatory googleloading.

Have you read anything about this? What you are proposing is exactly what is being disabled.

I fail to see the link, businesses come and go. Their software dies with them.

Businesses die. Cathedrals don't. IBM is 114 years old. Microsoft is 50. Google is 27. Disney is 101. Nintendo is 136 (they'll outlive Steam and the next nuclear war at this rate). The COBOL running banks is 65 years old. Windows NT architecture is 32. The platforms become infrastructure, too embedded to replace.

How many bazaar projects from even 10 years ago are still maintained? Go through GitHub's trending repos from 2015. Most are abandoned. The successes transform - GitLab, Linux, Kubernetes, more Cathedral than Bazaar.

Let's say that Google implements this restriction, but allows F-Droid a permanent permission to disable it for apps installed through their store.

Then there is both increased protection and accountability.

There are definitely bazaars which have a very old history. Being that the word "bazaar" has middle-eastern origins it feels appropriate to highlight middle eastern bazaars. Al-Madina Souq in Aleppo is one such bazaar with quite a few shops/stalls/"souqs" dating back to the 1300's or 1400's, such as Khan al-Qadi (est. 1450). Khan el-Khalili in Cairo has its economic marketplace origins rooted in the 1100's-1300's.

Name a single bazaar vendor that's still going more than 50 years in any of them. The bazaar as an institution remains, as it does today, but there's no permanence with a bazaar, just as open-source will never have a permanent victory without becoming a cathedral. Bazaars persist through constant replacement, churn, not victory.

Windows NT will be with us longer than systemd and flatpak.

I get where you are coming from. However, language like this matters when it comes to legislation. People outside there space will be guided by the sideload language to think it's just "something extra on the side so why should I care?"

Agreed. "Sideloading" has been marketed as a boogeyman opening doors to malware, when in fact malware exists on the play store anyway.

Why would google implement a restriction then allow someone to disable it? That's literally how it works today. By default your Android phone with Googled-OS installs only from Play store, where all apps are verified. When you want to install non verified apps you need to explicitly allow it first.

Sounds like "sidestepping" i.e. doing something illegitimately or at least outside the normal path.

Any of the BSDs (well 2BSD is the oldest on a quick search), the linux project, the GNU C lib and GCC, etc. Just because you can't think of it, it does not mean it doesn't exist.

I always found this term utterly bizarre. It first showed up in the early days of the mobile "revolution" and felt astroturfed, since no developer would think we need a fundamentally new term for downloading software. It felt like something some dark patterns team came up with to discourage free installation of software on your own device.

Of course maybe I'm overthinking it. It's common for people deep in the bowels of an industry to invent pointless jargon, like "deplane" for getting off an airplane. Anyone know where the term "sideload" was coined or by whom?

The title also correctly describes the relationship between FOSS and cloud SaaS. FOSS is the bone yard and parts catalog that devs go to when building closed platforms to lock in users. It largely exists today to be free labor for SaaS and training data for AI.

I'm not there yet, but I am perilously close to tipping over into believing that making open source software today is actually doing harm by giving more free labor to an exploitative ecosystem. Instead you should charge for your software and try to build an ecosystem where the customer is the customer and not the product.

I stress today because this was not true pre-SaaS or pre-mobile. FOSS was indeed liberating in the PC and early web eras.

> How many bazaar projects from even 10 years ago are still maintained?

Uhh, all the big ones in common use? GNU’s massive portfolio of software, Linux, multiple BSDs, Apache, Firefox, BusyBox, PHP, Perl, the many lineages of StarOffice, LaTeX, Debian, vim, fish, tmux, I mean this barely scratches the surface. Are you kidding me?

How many startups have failed over the last decade? I would argue that the norm is for any project to eventually cease. Only useful things with an active community (whether that community is for-profit or not) tend to last, until they are no longer valued enough to maintain. This goes for things in the physical world just as it does for software.

Windows NT is younger than Unix. I'd say the smart money is on the Unix-derived line of operating systems outliving Windows NT by a considerable amount.

However ... the domain of operating systems is subject to weird constraints, and so it's not really appropriate to make some of the observations one might make in other domains. Nevertheless, I thought the point was that we want things to improve via replacement (a "bazaar" model), rather than stand for all time. We don't actually want technology "cathedrals" at all, even if we do appreciate architectural ones.

> Any of the BSDs (well 2BSD is the oldest on a quick search), the linux project, the GNU C lib, etc. Just because you can't think of it, it does not mean it doesn't exist.

Did BSD defeat Linux? No. Which BSD is even the right one? BSD's biggest success is living on as the foundation of Apple's Cathedral in XNU, and PlayStation's Cathedral in the PS4 and PS5.

Did Linux stay a bazaar vendor? No - 90% of code has been corporate contributed since 2004. Less than 3% of the Linux Foundation budget goes towards kernel development. Linux is a Cathedral, by every definition, and only exists today because Cathedrals invest in it for collective benefit. It's a Cathedral, run as a Cathedral joint venture, to be abandoned if a better thing for the investing Cathedrals ever came along.

GCC? Being clobbered by Clang. Less relevant every year. Same with GNU coreutils, slowly getting killed by uutils.

Firefox? Firefox only still exists because a Cathedral called Google funds it.

LibreOffice, Apache, PHP, Blender? Professional foundations that get very picky about who is allowed to contribute what. They aren't amateurs and they all depend on Cathedral funding. Blender only got good when it started collecting checks from Qualcomm, NVIDIA, AMD, Intel, and Adobe. Blender is a Cathedral funded by Cathedrals.

“Running binaries signed either by yourself or by whoever wants to spy on you.”

That last part there is the problem.

Cathedrals change organizations too. You can't compare the longevity of a physical edifice (a cathedral) to an individual or organization (a bazaar vendor). They are different classes of things.

Time to figure out how to live without a phone - gotta find some sort of ultramobile pocket pc with 5G and run your own FreePBX for text and calling, etc. I've been wanting to do this forever, anyway. Using Starlink 5G would make it palatable, or maybe even preferable, assuming the performance is solid.

No I meant there are individual shops inside the bazaars that are still going under the same brand name for hundreds of years. The El-Fishawy Cafe inside Cairo's Khan el-Khalili bazaar has been operating under the same name since the 1700's[0]. Bakdash ice cream parlor inside Damacus' Al-Hamidiyah Souq was established in 1895.

For me, walking through an old Souq gives me a similar feeling of awe / mortality / insignificance as viewing a cathedral or looking from the Colorado ranch land up to the Rocky Mountains.

Also some cathedrals have remained "Catholic" since their raising, but there are a lot that have changed from Christian to Islamic to Protestant ... both the cathedral and the bazaar's physical buildings are still present from the same era and both are used for their original purpose (marketplace or worship). And both have delibly shaped their regions by being engines of culture, innovation, and power.

0: https://en.wikipedia.org/wiki/El-Fishawy_Café

1: https://en.wikipedia.org/wiki/Bakdash_(ice_cream_parlor)

> The vast majority of people on this site (especially those who entered the industry post dot-com crash) ridicule Stallman.

I've been in tech and startup culture for over a thousand programmer-years (25-30 normal years). It wasn't dot-com or the crash. It was mobile. The mobile ecosystem has always been user-hostile and built around the exploitation of the customer rather than serving the customer. When the huge mobile wave hit (remember "mobile is the future" being repeated the way political pundits repeat talking points?) the entire industry was bent in that direction.

I'm not sure why this is. It could have been designed and planned, or it could have evolved out of the fact that mobile devices were initially forced to be locked down by cell carriers. I remember how hard it was for Blackberry and Apple to get cell carriers to allow any kind of custom software on a user device. They were desperately terrified of being commoditized the way the Internet has commoditized telcos and cable companies. Maybe the ecosystem, by being forced to start out in a locked-down way, evolved to embrace it. This is known as path-dependence in evolution.

Edit: another factor, I think, is that the Internet had no built in payment system. As a result there was a real scramble to find a way to make it work as a business. I've come to believe that if a business doesn't bake in a viable and honest business model from day zero, it will eventually be forced to adopt a sketchy one. All the companies that have most aggressively followed the "build a giant user base, then monetize" formula have turned to total shit.

I like your point. Never thought of it that way. Totally agree

Or just "install". This word was sufficient my entire life until the Apple App Store came along and hijacked it.

"Why should I change my name? He's the one who sucks"

https://youtube.com/watch?v=ADgS_vMGgzY&t=3s

Yeah in the name of "security".

Unfortunately it also means giving the key to the Kingdom to a company like Microsoft or Google which are definitely adversaries in my book. Keeping them in check was still possible with full system access.

Even Apple I don't trust. They're always shouting about privacy but they define it purely as privacy from third parties, not themselves.

And they were the first to come up with a plan where your phone would spy on you 24/7.

I feel like you're moving the goal posts and using the greed caliper for measuring open-source success. Open-source doesn't need "to win", because as long as they have developers, projects go on, and as long as they have any users they are still relevant.

Wtf is a bazaar vendor? A bazaar-style project is a project with a variety of contributors who aren’t necessarily affiliated with a central org, where decisions are made at least partially through consensus. Linux still fits this description although it’s more of a hybrid model at the moment, as decision-making is highly centralized. But as a free/open source project, that centralization exists with implicit community consensus. If a substantial portion of the community decided that Linus and his team were making poor decisions, a fork would emerge. This process of periodic de-/re-centralization is a common attribute of many long-term FOSS projects and is usually not possible with proprietary software, absent generosity or neglect from IP “owners”.

How about "unlocked install"?

Consumers are already familiar with what a "locked phone" is.

Because F-Droid is going to regulators.

"We urge regulators to safeguard the ability of alternative app stores and open-source projects to operate freely, and to protect developers who cannot or will not comply with exclusionary registration schemes and demands for personal information."

https://f-droid.org/2025/09/29/google-developer-registration...

Not to mention the large number of ancient marketplaces that still exist (in active use) all over the world, some of which are UNESCO world heritage sites.

This type of informal market likely outnumbers cathedrals, especially if you count the ones that evolved into tourist markets, high streets, malls, and central business districts.

No I don't know.

But: "side talking" Is a worthwhile distraction to Google and look at Nokia N-gage memes.

I prefer the term "unlocked install". Consumers are already familiar with the terms: locked phones and unlocked phones.

Yes, in that world everything works out. But as TFA notes, Google is pushing "developer verification" as a non optional change at the app level. To get around it in the future it appears you'll need a degoogled phone.

Language strongly influences how people perceive things. For example, people shown videos of a car crash estimated higher speeds and falsely remembered seeing broken glass if the crash was described as "smashed" or "collided" rather than "hit" or "contacted"[0].

"Direct installation" sounds neutral to me, but "sideloading" sounds advanced or maybe even sneaky.

[0] https://www.simplypsychology.org/loftus-palmer.html

That's such an American take. Something doesn't have to be a "winner" to be useful. I enjoy using FreeBSD on my desktop and I don't care about the 0.01% marketshare.

I really dislike all the corporate involvement in Linux. I don't believe in win-win with commercial. That was the main reason for my choice though there's other things I like too such as full ZFS support and great documentation.

It's an excuse. Give me the option to install the software I see fit. Period.

> linux phones can't come soon enough ...

That would require a lot tighter and broader (but not corp-controlled) organization than what open source is accustomed to - making cheap and capable phones that aren't tied to a big corp is big challenge.

Unfortunately not. They are calling it "phone" and ("rooted phone" or "unlocked phone").

Is this not a meaningless differentiation if Google does no assume any responsibility for apps on the Play Store?

No, I like F-Droid, but I don't want them to need an official Google status to operate, or for anyone who wants to compete with F-Droid to have to obtain that special status.

edit: because the next step would be Google paying F-Droid a half-billion dollars for default search engine placement, or something else stupid. It becomes a captured organization, an excuse subsidiary.

Would it be possible to exclude app store install from "Install", eg swapping positions with sideloading? The idea would be that "app store sideloads" are more like enabling features than installing something novel, and installs allow something unplanned to be enabled.

How badly screwed are we that the term "installing" doesn't work because it doesn't exclude the now default assumption that someone else controls everything you are allowed to install.

Ironically, to take it full circle, I think that the thing that led to mobile being so user-hostile was the lack of sideloading of apps.

I remember sites on the early web like Hampster Dance, where monetization happened as an afterthought. But if you have to pay $99 annually and jump through hoops just to get your software even testable on the devices of a large number of consenting users, the vast majority of software is going to be developed by people who seek an ROI on that $99 investment - which wasn't cheap then and isn't cheap now. Hampster Dance doesn't and wouldn't exist as an app, because Hampster Dance isn't made as a business opportunity.

Similarly, outside of a few bright lights like CocoaPods, you don't get an open-source ecosystem for iOS that celebrates people making applications for fun. And Apple doesn't want hobbyist apps on its store, because Apple makes more money when every tap has a chance of being monetized. Killing Flash, too, was part of this strategy.

Apple certainly could have said "developers developers developers" and made its SDK free. But it realized it had an opportunity to change the culture of software in a way where it could profit from having the culture self-select for user-hostility, and it absolutely took that opportunity.

It's not a bad place, the environment we live in. But IMO, if Apple had just made a principled decision years ago to democratize development on its platforms, and embraced this utopian vision of "anyone can become a programmer"... it could have been a much brighter world.

I have been thinking of secondary machine that would just use my phones wifi and encrypted vpn tunnels. Basically, the phone is only used for the banking app and whatever future government ID app will be required.

The secondary device would basically be built on a open platform etc. Once we can't use the phone for sharing the connection, then we are basically stuck using other wireless connections, LoRa for short to medium connections, direct wifi links and offline home cloud environments. It gets a bit grim when you think about it, but there are always options. Now, would you travel with a home made tablet phone in an airport for example? What a about a train station with xray scanners. Cyberpunk always comes to mind as well when thinking of these possible futures.

> which is something you don't buy nor own, you buy a license to use it on the provider's terms

The distinction between "own" and "license" is purely a legal one. If I buy a kitchen table I own it, I can chop it up and use the pieces to make my own furniture and sell it. When I buy a copy of a Super Mario game I cannot rip the sprites and make my own Super Mario game because I don't own the copyright nor trademark of Super Mario. But I do own the copy, and Nintendo does not get to march into my home and smash my games because they want me to buy the new one instead of playing my old ones.

> linux phones can't come soon enough GNU/Linux. I used to think Stallman was being petty for insisting on the "GNU" part, but nowadays I understand why he insists on calling it GNU/Linux. There is nothing less "Linux" about Android than Debian, Arch or any other GNU/Linux distro, but GNU/Linux is fundamentally different in terms of user freedom from Android.

> I'm not sure why this is

I think a big reason was customers' ignorance. The manufacturers can come up with whatever they want, if no one buys it it does not matter. People accepted locked-down smartphones because they saw them a phones first and foremost. If I recall correctly the iPhone released without any app store, so it was really not that different from a dumb cell phone. If you had offered those same people a desktop PC or laptop that you could not install your own programs on, that had no file explorer, that could barely connect to anything else no one would have bought it. But because they say smart phones as telephones first it flew over their head. How many of the people who are upgrading to Windows 11 now because of lack of security support are still running an outdated smartphone? The phone probably has more sensitive data on it than the PC by now.

People are willing to accept restrictions when they come with newer technology. Why is that? I don't know, I'm just reporting on what I see.

Let's ignore all of the preinstalled programs, which are signed by Google and do a great deal of spying.

Do you think the 100 most popular F-Droid apps do more spying than the 100 most popular Play store apps?

I we're doing bad analogies my mom's open source duck recipe has been around for hundreds of years.

I suspect the average computer user is significantly smarter than the average phone user. The reason is that I've never seen a really dumb person using a computer, but I've seen plenty using phones. That might (or might not) be related to why the phone ecosystem evolved the way it did and computers didn't end up like that.

You could certainly say that. But if you go up to a normal person on the street and say "Google has prevented you from installing apps on your phone", while they're still able to install from Google Play just fine, they're going to look at you like a crackhead.

Language is for conveying information to other people. If your audience doesn't understand what you're saying, you're effectively screaming into the void.