We recently announced new developer verification requirements, which serve as an additional layer of defense in our ongoing effort to keep Android users safe. We know that security works best when it accounts for the diverse ways people use our tools. This is why we announced this change early: to gather input and ensure our solutions are balanced. We appreciate the community’s engagement and have heard the early feedback – specifically from students and hobbyists who need an accessible path to learn, and from power users who are more comfortable with security risks. We are making changes to address the needs of both groups.
Supporting students and hobbyists
We heard from developers who were concerned about the barrier to entry when building apps intended only for a small group, like family or friends. We are using your input to shape a dedicated account type for students and hobbyists. This will allow you to distribute your creations to a limited number of devices without going through the full verification requirements.
Empowering experienced users
While security is crucial, we’ve also heard from developers and power users who have a higher risk tolerance and want the ability to download unverified apps. Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn’t verified.
Google can go fuck itself
So they’re addressing students and private hobbyists, but not open source and hobbyists willing to publish.
Sounds like it will be a kind of sideloading onto your own devices.
that allows experienced users to accept the risks of installing software that isn’t verified
So for F-Droid, a vetting and curating publisher, users will have to go through this expert process. The announcement that activation under pressure will be prevented makes me thing of a time cooldown, like activate now, and it becomes active by tomorrow, 24 hours later.
Scamming is a real problem, and to a degree, it may end up being a good thing. As long as Google does not take this opportunity to push hidden agenda of increasing accessibility and choice, to seize more control not for security but as market and platform strategy.
F-Droid says they don’t want to impersonate other projects in order to be able to publish their projects, arguably decreasing security, which is a valid concern. As long as there’s a setting to allow this kind of sideloading and the use of F-Droid like before, I guess it is what it is, and may be acceptable.
If only they had started from where they are now. It’s plainly obvious there’s these kinds of users and use-cases. Did they really need “the community feedback” to learn about everything outside of their primary “linear” users?
We are building a new advanced flow that allows experienced users to accept the risks of installing software that isn’t verified.
Isn’t this what we wanted?
Impossible to say until we see it, but if they’re willing to do this then why bother doing any of it? Scammers will easily walk the clueless through whatever steps Google sets up.
In my interpretation, the gains will be
- Google Store apps will have identities linked, making it harder to mass-produce and mass-publish scam apps
- Enabling app installs outside of the Google store will have an additional barrier to combat scammers interactive pressure, maybe a cooldown of 24 hours or something like that
