All change for Android
NurPhoto via Getty Images
Updated Oct. 31, with further information on the response to Google’s changes.
“Google does not own your phone,” Android users are warned, as a controversial new update suddenly becomes real. “You own your phone. You have the right to decide who to trust.” That may be true. But not for much longer.
The warning comes courtesy of F-Droid, “an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform.” In other words, a third-party app store from which Android’s billions of users can sideload apps.
Google has been cracking down on high-risk apps in Play Store, shoring up Play Protect security on phones and warning users that sideloading is dangerous and to beware what they install and from where. Now it’s taking that to whole a new level.
Starting in 2026, Google will require any developer who wants to install apps on certified Android devices to register with Google and prove their identity. That catches the major players but also solo amateurs and students. Arguably, the massive developer community that has grown with Android, benefiting from its free spirit.
This affects all certified Android devices, basically all Android devices outside China. More than 3 billion of them. Every Samsung, every Pixel, every other OEM.
Having announced the change, Google also assured that “sideloading is fundamental to Android, and it’s not going anywhere.” This in response to a user backlash complaining the change was turning Android into a less pretty version of iPhone.
F-Droid says Google’s statement “is untrue,” and that developer verification “ends the ability for individuals to choose what software they run on the devices they own.”
Central to this argument is user choice — the choice to install software from anywhere and to take risks. The choice, one might say, not to buy a locked down iPhone.
“You, the consumer,” F-Droid says, “purchased your Android device believing in Google’s promise that it was an open computing platform and that you could run whatever software you choose on it.” But soon, “they will be non-consensually pushing an update to your operating system that irrevocably blocks this right and leaves you at the mercy of their judgement over what software you are permitted to trust.”
The independent app store also argues there’s a darker side to this — Google’s “track record of complying with the extrajudicial demands of authoritarian regimes to remove perfectly legal apps that they happen to dislike.” For this, read China and Russia, but also maybe the recent U.S restrictions on apps made available in official stores.
As for Android’s free spirt and the sanctity of user choice: “Google clearly feels that they have enough of a lock on the Android ecosystem, along with sufficient regulatory capture, that they can now jettison this principle with prejudice and impunity.”
This argument will not go away. It’s too fundamental to the core of Android. Next year will see a soft launch in some secondary markets. The real change come beyond that. And so 2027 looks like being the watershed for Android and its user base.
In response to F–Droid’s claim that Google’s statements on sideloading are “untrue,” the Android-maker pointed me to its post on the changes, which it says “answer your top questions about Android developer verification” when it comes to security.
In short, Google says the changes “are designed to protect users and developers from bad actors, not to limit choice. We want to make sure that if you download an app, it’s truly from the developer it claims to be published from, regardless of where you get the app. Verified developers will have the same freedom to distribute their apps directly to users through sideloading or through any app store they prefer.”
But some within the developer community are now organizing against the changes. As The Register reports, “many Android developers see the move as a power grab and have started a movement to ‘Keep Android Open’. This new petition, ”seeks to rally support to challenge Google’s plan and to rouse regulators to the antitrust implications of allowing Google to oversee the verification of all Android developers.”
The Register says “Google’s bid to bless compliant Android developers with the power of app distribution comes with no guarantee – the company offers no warranty for its security oversight and doesn’t compensate Android users when it distributes malware via Google Play. Google’s plan also comes with a cost – it restricts Android device owners’ freedom to choose the software they want to install on their own hardware.”
Meanwhile and with perfect timing, Zimperium has just released its latest warning into malicious Android apps, this time misusing NFC “to illegally obtain payment data and conduct fraudulent transactions.” The team says “what began as just a few isolated samples has now expanded to more than 760 malicious apps observed in the wild.”
The researchers warn that “with the rapid growth of ‘Tap-to-Pay’ transactions, NFC has become an increasingly attractive target for cybercriminals. These malicious applications exploit Android’s NFC permission to steal payment data directly from victims’ devices — illustrating why this attack technique has gained significant traction in recent months.” Zimperium says “organizations must recognize this is not a niche phenomenon but a scalable, global fraud technique.”
And so maybe Google has a point.
Source link
