Android now allows apps to block sideloading

I really wish there was a third competitor in the phone space. These are hand held computers but for some reason we've all fallen into having to accept restrictions that would have been unthinkable for a laptop or desktop not to long ago. Now similar restrictions are infiltrating the general computer space.

This seems historic. One of the core differentiators between iOS and Android that worked in Android's favor is now destroyed.

I hope it doesn't become a slippery slope where for "security" Google would start blocking undesirable or ethically/politically inconvenient apps, too.

For example, there are some medical apps that improve people's health outcomes (like custom blood glucose CGM apps and insulin pump closed loop apps for type 1 diabetics). Google does not seem to want them on the Play Store. They are undesirable apps from a business perspective – a liability with no upside.

The tech we speak about today provides the infrastructure to block these undesirable apps, as I understand. This lays the foundation of not allowing software to be installed on many consumer Android phones without Google's approval. I do hope it never comes to Google overstepping like that, but it could be optimism or naivety.

As a tool for app developers... where app developers make the decision... in this limited situation, it might be still somewhat okay. It's okay in the sense that the apps are their intellectual property and they might be entitled by law and common understanding to choose how it is distributed. But if Google ever decides to ban apps this way against the developers' wishes, it would be a massive overstep.

So often when traveling I find some app that is required to complete some menial task like recharging a public transport card, that is for some reason ONLY available in the app store of that country.

If this blocks me loading those apps via APKPure or similar, it's going to suck.

Is there anything like a thin virtualization/sandboxing tool for Android? As the user, I (not the Android OS), should have ultimate say in what information apps have access to. I should be able to feed any app fake GPS, contact, gallery, permissions, rooted state, and sideloaded state information as I choose.

Example of a legit reason to need sideloading: bypassing wrongful assumptions.

a US company I worked for at a non-US office (imagine it was e.g. Google Japan) gave most employees a corporate credit card. Citibank made it impossible to download their app through the Play Store from the country in question, even though it was required to use it. Only option was to sideload it.

This kind of thing has happened on other occasions as well.

I really hope FTC breaks android and chrome away from google.

> ...allow for installation on incompatible devices (and resulting bad reviews)...

I've had the opposite experience with my Retroid Pocket 3+ (think Nintendo Switch Lite, but running Android). A lot of apps/games that the Play Store marks as incompatible actually work fine when installed via the Aurora store. I try to always leave a review stating that the app actually works.

Isn't the possibility of side-loading one of the main things protecting Google Play Store from being hammered by the Digital Markets Act?

There's a portion of Apple fanbase that believes that Android is just a cheaper and shittier version of an iPhone, and nothing more. Google has been trying their hardest with every version to prove them right, by taking away more and more of the user choice and flexibility that Android had in its favour.

At this rate, I might just end up buying my first ever Apple device for my next phone.

To whom should I point my middle finger? Is Google the one to thank for this?

How will this affect those running MicroG? Is it as simple as implementing that API and returning "trustworthy", or is there some kind of signing going on that will make it harder?

The near future

- 1 cheapest possible phone to begrudgingly bend-the-knee to banking and other crybaby apps.

- 1 decent phone for everything else.

I wonder if Google will try to use this on the YouTube app to prevent revanced from working.

The end goal here is to force everyone to make a google account. Right now, we can get around it with Aurora Store etc, but with this, which WILL become the default, mark my words, google is attempting to close the lock.

They are using their monopolistic position to force everyone to do business with them. If that's not illegal, it should be.

Even Ars Technica now??

And in two hours no one on HackerNews pointed it out??

It's a feature that's existed for years!!!

They just changed the UI a little..!!

https://developer.android.com/google/play/integrity

That totally sucks!

I think that it is again a discrete anti competitive move by Google. Recent european regulations protected the right for publisher to distribute through any marketplace their apps for Apple and Android devices.

But it looks like that they have found the loophole of this with the fact that the regulation does not entitle the user to install apps through any mean that they would like.

My guess is that android was not really afraid of third party app store until then, but now that apple devices will have to be open to other store, there is the possibility that another store editor become major but being unique to Apple and Android devices. Let's imagine the "Microsoft app store for mobile devices" for example.

This came up in GrapheneOS; because Google Play Services runs as root with no sandbox on stock devices.

Almost anything is possible when you’re root…

You don't own your device. We need a third party OS where root is the norm.

I really wish customers would be insulted by these kinds of actions and hold grudges.

I'm curious how the check is implemented in Google Play Services. If it's based on the package manager's initiatingPackageName field, it should be trivial to bypass on rooted devices (or unrooted custom ROMs).

This is how software freedom dies. If bs like this and that "web environment integrity" crap Google tried to push into Chrome last year isn't an obvious sign that Google is a monopoly and needs to be broken up then I don't know what is. It's a disgrace what Google has done to Android as a formerly open and developer friendly platform.

That's actually quite clever in a devious way: by giving app developers the control over blocking sideloading, Google essentially sidesteps the requirement to be fully open.

They can now just point to the developers: it's them, not us!

Hot take: The word is "installing." There's no such thing as "sideloading."

I hope there's some way around this if you have it rooted

So now, to sideload an app that the developer for some reason doesn’t want to be sideloaded, the app will have to be patched. This makes the apk untrusted, as it loses its signing in the process.

This is one of the cancerous outgrowths of "know your customer". It becomes "know everything about your customer" which becomes "control everything your customer does." This obsession with omnipotence, with a handful of billionaire techbros getting high off the ecstasy of absolutely controlling the other eight billion people on the planet, is why we're all fucked.

So now, to sideload an app that the developer for some reason doesn’t want to be sideloaded, the app will have to be patched.

This makes the apk untrusted, as it won’t be signed by the original developer anymore.

Looks like a weakening of Android ecosystem security to me.

And this is why it is so shocking that even folks who should know better, who are technically savvy in the slightest, would ever consent to use such a brain-damaged computer system that runs nonfree software.

The author of an app wants their app only distribute through Play Store so they only offer it there. In addition they add a check that verifies that the app was indeed acquired through Play Store or else refuses to run. Am I missing something? What is the issue? Do we want to tell people how they have to distribute their apps? Nobody forced them to do this verification.