Open Letter to Google on Mandatory Developer Registration for App Distribution

Original Article ↗ Hacker News Discussion ↗

Security Argument vs. Freedom to Install Software

  • Many commenters see Google’s move as a power grab disguised as safety, closing an ecosystem users chose precisely for its openness.
  • Others accept scams are a real, large–scale problem (especially in Southeast Asia) and argue “everything’s fine” is not a credible answer.
  • There’s concern that once both Android and iOS are walled gardens, users lose meaningful choice in mobile computing models.

Effectiveness of Mandatory Developer Registration

  • Skeptics argue registration won’t stop professional scammers:
    • Fake or stolen IDs and shell companies are cheap and already used.
    • Organized crime can handle mail-based verification or paid “identity mules.”
  • Supporters say raising friction and cost for attackers still matters; forcing real-world identities and physical addresses makes mass abuse harder.
  • Several note Google already fails to keep obvious scams and malware out of Play; questioning why off-store installs are singled out.

Alternative Approaches Proposed

  • Restrict registration or extra checks only for “dangerous” permissions (SMS, notification access, remote control, etc.).
  • Stronger and more annoying sideload warnings, quizzes, delays (e.g., 24h wait), or requiring ADB/PC to unlock advanced mode.
  • “Noob mode” / “I am responsible for my own actions” profiles that fully unlock devices but clearly void certain protections.
  • Move away from SMS 2FA toward hardware-bound, phishing-resistant methods (passkeys, tokens), and better bank-side controls (delays, liability rules).

Role of Banks, Governments, and User Education

  • Some say the root problem is banks relying on insecure channels (SMS, vulnerable apps) and offloading risk onto users and OS vendors.
  • Others counter that legal and political expectations push banks to reimburse victims, so banks must insist on “trusted” device environments.
  • Education and literacy are seen as insufficient at scale, especially in developing countries; opponents reply that paternalistic controls are worse than the risk.

Impact on Open Source, Indie Devs, and Alternative Stores

  • Strong fear that registration harms:
    • Anonymous or politically sensitive projects (VPNs, anti-censorship tools).
    • Small FOSS apps and F-Droid–style curated repos that already build from source.
  • Concern that “high-friction flows” for unverified installs (akin to HSTS/SSL error UX) would effectively kill alternative stores for non-technical users.
  • Non-Google AOSP forks (LineageOS, GrapheneOS, /e/OS) are mentioned, but many essential apps (especially banking/government) already refuse to run on them.

Broader Trends and Antitrust / Governance Concerns

  • Several see this as part of a ratchet toward locked-down, remotely attested devices where services can deny access to “non-compliant” systems.
  • Comparisons are drawn to PCs: some argue a similar lockdown is inevitable; others insist that must be actively resisted to preserve general-purpose computing.
  • Debate around “safety vs. freedom” uses analogies (knives, seatbelts, food safety) with sharp disagreement on where to draw the line.