alt Hacker NewsGoogle confirms 'high-friction' sideloading flow is coming to Android
Comments
I take the opportunity to let people know that there are alternatives to Google/Apple duopoly on mobile. Link: https://www.ubuntu-touch.io/
Sure, GrapheneOS is often suggested but Ubuntu Touch is a really interesting alternative, their own store and ecosystem.
The community is amazing and welcoming. If there are Android apps which you can't do without, they can be emulated and used anyway. Imagine switching to Linux and then using Wine for the apps you really still need.
Yes, it's not perfect but Linux isn't either. If you think you're sufficiently tech savvy and want to make a change, give Ubuntu Touch a try. Find a cheap second hand supported device and play around, make some fun apps. (devices currently supported: https://devices.ubuntu-touch.io/ )
To me it's like being back when there was only Windows and Macs as viable home computer OS, and people were getting their feet wet with Linux and all its flavours. Now, it's the same but for mobile.
If the make sideloading high-friction, either via account-bound or apk upload or permissions from MNO/ISP, I will leave android. I have a bunch of my own apps that only I use, not released to the public, if I cannot use them, I have zero reason to stay on android.
I think one of the reasons they want to lockdown the system is to prevent guys like me from locking THEM out of my home/ecosystems, as and example, I build my own launchers, specifically for TCL TV's, which runs Android TV and has Developer Mode + adb. Which means I remove all the bloat & ad garbage, which they want to prevent.
We will get to the point where google will remove your ability to set custom dns servers and only use theirs.. just wait & see friends.
Anywhoo, when this side loading fence materializes, I will jump ship to apple.
I would like to see a high friction flow for installing all the crap from the Play Store to "protect and educate users". "Are you sure you want to install this app? It's only got a score of 2.8 and only 7 reviews, and will ask for all of these permissions?"
> Matthew Forsyth, Director of Product Management, Google Play Developer Experience & Chief Product Explainer, said the system isn’t a sideloading restriction, but an “Accountability Layer.”
And... What about accountability for hosting distributing spyware, malware loaded apps from Google Playstore and hundreds of copy cat, misleading apps?
Why can't they pose a question when the phone is setup?
- Yes, I want to sideload
- No I dont want
If the user says NO then to later enable it to allow sideload Yes, the user needs to factory reset phone. Done.
When this whole thing got announced, I purchased a new Pixel 9 and flashed it with GrapheneOS.
I am hoping that in about 6-8 years (when I realistically need to update) the landscape might be a bit better. Or who knows, maybe I'll just continue using GrapheneOS.
So far I have not had a single issues with it. Apps the rely on attestation do not work, but honestly it's only two applications out of hundreds so I can live with it.
I also financially support GrapheneOS on a monthly basis (15$). This is just too important of an project not to.
The image at the top of the article is actually what already happens in Android and has done for years. At first, I thought that this meant that the article was very outdated, but no, this is from January 2026.
I imagine the text of the article is fine, but I'm a little bit disappointed that Android Authority chose to lead with that image and caption and make it seem that this is what the future flow would look like. You'd think they'd know better.
I heard that the frog boiling is a myth. You can't boil frog alive, it will jump out. As opposed to humans
Some manufacturers like Xiaomi already have a very annoying flow for enabling developer options and using ADB. You need to have a SIM card inserted, need to create a Xiaomi account and there's several popups with timers you have to wait through.
The highest risk is the play store itself. Gambling and addiction. So, when does Google add "high friction" there, instead of encouraging it? Ah, well, it's the money! Than stop bending the truth.
I'm sure I'm missing something but wasn't this already the case where the first time you try to install an APK, you had to go into Settings and mark the relevant application as a trusted source for installing APKs from?
The current system is already high friction. Enabling "advanced protection" in your google account additionally requires installing apps through adb.
So, which 3rd mobile vendor and/or OS are you moving to?
As TFA does not mention it, and I don't see any top-level comments discussing it, this is a continued rollout of a "feature" first piloted in Brazil, Indonesia, Singapore, and Thailand. See:
https://android-developers.googleblog.com/2025/08/elevating-...
https://android-developers.googleblog.com/2025/11/android-de...
https://www.channelnewsasia.com/singapore/google-android-dev...
Of course, HN reaction has always been skeptical about this including in earlier news. But the reporting on it, and the countries in which it is piloted in, seems to me to involve government/banking industry cooperation with or pressure on Google to combat cyber fraud. These polities are prime targets for Android cyber fraud of this sort due to Android penetration, and seemingly (to me) also cultural proximity to scam operators, and tech-illiteracy among the vulnerable demographic. (And anticipating a reply I got from a previous article on my comment on this feature---no, it's just not feasible to comprehensively educate retirees against evolving tactics by scam operators and expect that to be a sufficient sole countermeasure.)
I am not very well educated when it comes to alternative stores landscape. But I do know that in Russia there's now Rustore: https://www.rustore.ru/en which functions by automatically downloading and updating APKs for you.
During the APK install, however, you do see the ugly Android prompt about how this app may be dangerous.
Rustore has its own app payment system, which obviously circumvents Google Play fees.
This works on regular Android phones.
Are there other examples of such stores? Perhaps it's Google's answer to that.
Can we please stop calling it "sideloading"? It's simply "installing" software on hardware that I own, and that I should have full control over.
Don't be evil
The real question is if you can still sideload:
1) a .apk that was not developer-verified
2) without informing Google of this
The year of linux desktop unironically may be close. What is the situation with mobile?
Add high friction to scammy ads on your platform, Google
How does this relate to the announcement from a while back about introducing signatures that tie back to Google? (IE trusted developer program or whatever they're calling that horse shit.)
In the technofeudal new world order, your smartphone is not just a device, it is your gov issued digital ID/wallet
The Apple/Google OS duopoly exists by design, they view bootloader unlocking and sideloading as threats because they break that control
They want to be able to define and/or revoke your existence in the system
No escape, because no alternative
Part of me thinks they wouldn't be doing this if their own ad team wasn't knowingly accepting money from fraudsters.
[dead]
[dead]
I agree with high friction sideloading. it is the best of both worlds. no friction sideloading is too easily exploited by scammers. having a member of my family exposed to this kind of thing in the past taught me some things.
TBH this doesn't seem a particularly high friction change. It seems very like what we have to do already, or like what we do on OSX.
I think i have an idea that would better protect normal users while not getting in the way for power users and developers:
1. All applications must be signed with a valid store key.
2. Anyone can import a store key after rebooting into the bootloader (similar flow as custom roms)
3. Google can maintain a list of malicious keys and reject them
Why is this better? Because it makes it much harder to trick grandma into installing an APK some site just dropped.
Google's long term strategy with Android is baffling to me. Apple has had better mobile hardware for years. Apple has higher consumer trust. Apple has better app selection (for most people). Apple has been increasingly implementing the core features that differentiate Android devices, like USB-C and RCS. Every Android user lost to the increasing iOS market share is another customer Google has to pay exorbitant fees to a competitor to access.
And Google's strategy is to continue removing differentiating features from Android that also help them mitigate the threat of antitrust? Surely the marginal revenue from the inconsequential number of sideloading users isn't attractive enough to justify that kind of strategic blunder.