Android now allows apps to block sideloading

Original Article ↗ Hacker News Discussion ↗

Scope of the new feature

  • Apps can now detect if they were installed via Google Play and refuse to run if “sideloaded.”
  • Implemented through Google Play Integrity / remote attestation mechanisms in Play Services.
  • Some commenters say this capability has existed for years; this is largely a UI/API polish, not a brand‑new power.

Implications for sideloading and user control

  • Many see this as eroding a core Android differentiator vs iOS: practical freedom to install and modify apps outside the official store.
  • Concern that this will gradually become the default for major proprietary apps (YouTube, banking, social), making non‑Play installs and backups unusable.
  • On rooted or custom devices, users could theoretically patch out checks, but this breaks original signatures and weakens security guarantees.

Custom ROMs, F-Droid, and alternative app stores

  • FOSS apps distributed via F-Droid are unaffected as long as they don’t opt in to integrity checks.
  • Major worry is for users of custom ROMs / de‑Googled systems (GrapheneOS, microG): more apps may require Play integrity + Play Store install, effectively excluding such devices.
  • Some fear this will push users toward keeping a “sacrificial” stock/Google phone for banking and locked apps.

Security, DRM, and developer rights

  • Supporters frame it as DRM‑like protection against piracy and unauthorized redistribution, especially for paid or sensitive apps.
  • Critics argue it’s “DRM in different clothes,” bringing no real user benefit and mainly serving platform and publisher control.
  • Debate over whose rights prevail: developers’ desire to control distribution vs users’ claim to control devices and software they run.

Banking, mandatory apps, and social lock‑in

  • Banking and high‑risk apps already use attestation heavily; this feature strengthens their ability to refuse rooted or custom setups.
  • Examples where apps are required (banks, government, messaging like WhatsApp, region‑locked transport/banking apps) mean “just don’t use it” is not realistic for many.

Regulation, antitrust, and future trajectory

  • Some see this as Google’s “malicious compliance” with EU DMA: platform remains nominally open while delegating lock‑in to app developers.
  • Fears it will force more users into Google accounts and Play Services, strengthening Google’s ecosystem power.
  • Multiple calls for stronger regulation or structural breakups (Android/Chrome/Play separated) rather than hoping the market or a “third platform” will fix it.