Google will allow only apps from verified developers to be installed on Android

Original Article ↗ Hacker News Discussion ↗

What Google is changing

  • Android will require all apps installed on certified Android devices (most commercial phones) to be registered to a verified developer identity, not just Play Store apps.
  • Verification involves legal name, address, contact info, and possibly government ID; organizations may need a D-U-N-S number and website verification.
  • A separate “hobbyist/student” account is promised but requirements and thresholds (e.g., user counts that trigger “full” KYC) are unclear.

Impact on sideloading and alternative ecosystems

  • Many commenters argue this effectively kills true sideloading on mainstream devices: APKs not tied to a verified developer will simply not install.
  • This threatens projects like F-Droid, Termux, alternative YouTube clients (ReVanced, NewPipe, SmartTube), and niche or personal apps shared outside stores.
  • Some speculate F-Droid could register and sign everything under its own identity; others think Google will eventually block such intermediaries.
  • Concern that open‑source and politically sensitive apps (censorship circumvention, ad‑skipping, government‑critical tools) will avoid doxxing themselves to Google.

Privacy, identity, and developer concerns

  • Strong resistance to sending government ID and personal details to Google just to build or share small private or experimental apps.
  • Worries about account bans becoming a de‑facto lifetime platform ban once identity is locked to a single verified persona.
  • Fear that this becomes an easy kill switch for governments and corporations to demand the removal of “undesirable” apps globally.

Security rationale vs power‑grab debate

  • Google and some commenters emphasize real malware and fraud from sideloaded apps, especially in countries like Singapore and Thailand, with large recorded losses.
  • Critics counter that Play Store itself is full of junk, adware, and scams, so identity checks haven’t meaningfully cleaned it up.
  • Many see “security” as a pretext to eliminate competition (e.g., ad‑blocking YouTube clients), expand data collection, and centralize control.

Alternatives, workarounds, and future lock‑in

  • Proposed escapes: custom ROMs (GrapheneOS, LineageOS), non‑certified/Chinese devices, Linux phones (PinePhone, Librem, Sailfish), or even “two‑phone” setups (one locked, one free).
  • But hardware attestation (Play Integrity), banking apps, and 2FA flows already refuse to run on many custom ROMs; commenters expect that pressure to increase.
  • Some mention disabling Play Protect via ADB as a potential bypass, but whether this will still work under the new regime is unknown.

Broader sentiment

  • Many see this as one more step in a “war on general‑purpose computing,” converging Android toward iOS‑style lockdown and foreshadowing similar moves on Windows and the web.
  • There is a mix of resignation, anger, calls for regulation/antitrust, and renewed interest in genuinely user‑controlled platforms—even at significant convenience cost.