Uncomfortable Questions About Android Developer Verification

Original Article ↗ Hacker News Discussion ↗

Control, Freedom, and “Stallman Was Right”

  • Many see Google’s developer verification and side‑loading restrictions as the culmination of what FSF warned about: users losing control over devices they own.
  • Commenters note Stallman’s long‑criticized “paranoia” about non‑free software now looks prescient as vendors move to lock users out of general‑purpose computing.
  • Some still reject FSF’s stance as impractical or ideologically rigid; others argue the harms of closed ecosystems (lock‑in, coercion, censorship risk) are now obvious.

Is It Fascism, Capitalism, or Government Overreach?

  • Strong language (“fascist control”, “techno‑fascism”) is common, but several argue this is really capitalism plus monopoly power, not fascism.
  • Others counter that when corporations effectively control critical infrastructure and are state‑protected, the distinction blurs.
  • One line of critique: this is “government overreach by proxy,” with private platforms enforcing identity and access controls states could not pass directly.

Sideloading, Attestation, and the Death of “Open” Android

  • Long‑time Android users feel a bait‑and‑switch: Android was sold as “you can just install an .apk”, unlike iOS. Now side‑loading is being fenced by verification, Play Integrity, and hardware attestation.
  • Debate over terminology: some object that “sideloading” pathologizes what should just be “running a program”.
  • Comparisons with macOS Gatekeeper show a similar tightening trajectory on PCs.

Impact on F‑Droid, Third‑Party Stores, and FOSS Ecosystem

  • There is confusion over whether projects like F‑Droid can practically be “verified” when they sign thousands of unrelated apps under one umbrella.
  • Even if they can, people fear arbitrary revocation, making alternative stores structurally fragile.
  • Many argue this is anti‑competitive: attestation and integrity APIs become tools to exclude alternative OSes (LineageOS, GrapheneOS, Waydroid, Linux phones) and non‑Google app stores.

Banks, Government Apps, and Forced App Dependence

  • A large subthread details how banks and governments already require official Android/iOS apps (often with attestation checks) for payments, identity, or 2FA, sometimes eliminating web and hardware token options.
  • Users on de‑Googled ROMs or Linux phones are increasingly locked out of essential services; some have to keep insecure, outdated stock devices solely for banking.
  • Several note that “security” justifications are often inconsistent: old, unpatched Android is accepted while hardened OSes like GrapheneOS are blocked.

Anonymity, Verification, and Offline Analogies

  • One camp supports mandatory developer identification: if you run or pay for code, you should know who is behind it, analogous to labeling on physical products.
  • Another camp insists anonymity is a core right: you can invite unknown guests into your home or share noncommercial creations without registering identity.
  • Some distinguish: strict verification might be acceptable for commercial apps in an app store, but not for arbitrary side‑loaded software between consenting users.

Ownership, Lock‑Down, and Subscription Hardware

  • Many argue that if you cannot choose what runs on your device, you don’t own it; you are effectively leasing functionality that can be revoked.
  • Parallels are drawn to cars with subscription‑locked horsepower and historical hardware “crippling” (features disabled until you pay).
  • There’s anxiety that the same model will spread to PCs and the broader web via TPM, DRM, and integrity checks, segregating “approved” and “unapproved” devices.

Why FOSS Mobile OSes Struggle

  • Commenters list numerous practical blockers: baseband patents and blobs, proprietary drivers for cameras/modems, fragmented hardware, and app ecosystems that rely on Google/Apple services and attestation.
  • Even existing FOSS phones (postmarketOS, Librem 5, PinePhone) remain niche due to missing apps (banking, payments, car control, government ID) and rough edges.
  • Several see antitrust and regulation (e.g., EU action against attestation lock‑in, runtime standardization, or mandated PWA support) as the only realistic path to restore competition and user freedom.