Google details new 24-hour process to sideload unverified Android apps

The part in the flow where you select between allowing app installs for 7 days or forever is a glimpse into the future. That toggle shows the thought process that's going on at Google.

I can bet that a few versions down the line, the "Not recommended" option of allowing installs indefinitely will become so not recommended that they'll remove it outright. Then shrink the 7 day window to 3 days or less. Or only give users one allowed attempt at installing an app, after which it's another 24 hour waiting period for you. Then ask the user to verify themselves as a developer if they want to install whatever they want. Whatever helps them turn people away from alternatives and shrink the odds of someone dislodging their monopoly, they will do. Anything to drive people to Google Play only.

At this point I'm convinced that there's something deeply wrong with how our society treats technology.

Ruining Android for everyone to try to maybe help some rather technologically-hopeless groups of people is the wrong solution. It's unsustainable in the long run. Also, the last thing this world needs right now is even more centralization of power. Especially around yet another US company.

People who are unwilling to figure out the risks just should not use smartphones and the internet. They should not use internet banking. They should probably not have a bank account at all and just stick to cash. And the society should be able to accommodate such people — which is not that hard, really. Just roll back some of the so-called innovations that happened over the last 15 years. Whether someone uses technology, and how much they do, should be a choice, not a burden.

This is going to hurt legitimate sideloading way more than actually necessary to reduce scams:

- Must enable developer mode -- some apps (e.g., banking apps) will refuse to operate and such when developer mode is on, and so if you depend on such apps, I guess you just can't sideload?

- One-day (day!!!) waiting period to activate (one-time) -- the vast majority of people who need to sideload something will probably not be willing to wait a day, and will thus just not sideload unless they really have no choice for what they need. This kills the pathway for new users to sideload apps that have similar functionality to those on the Play Store.

The rest -- restarting, confirming you aren't being coached, and per-install warnings -- would be just as effective alone to "protect users," but with those prior two points, it's clear that this is just simply intended to make sideloading so inconvenient that many won't bother or can't (dev mode req.).

It is way past time to build a 'people's phone', funding it through a platform like LiberaPay [1][2] or Open Collective [3][4], with a requirement for the device to be completely open-source.

[1] https://liberapay.com/ [2] https://en.wikipedia.org/wiki/Liberapay [3] https://opencollective.com/ [4] https://en.wikipedia.org/wiki/Open_Collective

If we start today, we could have a new phone in 2-3 years. Future generations will thank us.

It's not just phones. There is a concerted movement by massively-moneyed folks to destroy the fabric of open society, so there are a number of different areas that need attention. A coordinated effort across the breadth of society to restore, maintain or improve the foundations of open society.

Welp, I guess my current Android phone will be my last one.

At least half of the apps I use on a daily basis come from f-droid. This enforced 24-hour wait is simply not acceptable. Android has always been a far inferior overall user experience compared to iPhone. Android's _only_ saving grace was that I could put my own third-party open-source apps on it. There is nothing left keeping me on Android now.

I'll probably get an iPhone next, but I do sincerely hope this hastens progress on a real "Linux phone" for the rest of us. Plasma Mobile (https://plasma-mobile.org) looks very nice indeed. I'll be more than happy to contribute to development and funding.

The forced ID for developers outside the Play store is already killing open source projects you could get on F-Droid. The EU really needs to identify this platform gatekeeping as a threat. As an EU citizen I should not be forced to give government ID to a US company, which can blacklist me without recourse, in order to share apps with other EU citizens on devices we own.

Death, taxes and escalating safety are the only certainities in this tech dominated world. So, be ready for more safety in the next round few months/years down the line. Eventually Android will become as secure as ios. We need a third alternative before that day comes.

It's not a win by any means. I hope that we don't stop making noise.

The "protective waiting period" of 24h is what kills it. For people like me, who rely more and more every day on OSS apps not necessarily in the Play Store, installing a new phone will mean waiting a full day for almighty Google to allow me to do so. It reminds me of the same annoyance of carrier phone unlocks.

I wonder how this will play out in the phones coming out of the Motorola+GrapheneOS partnership.

I'm generally OK with this, but the 24 hour hang time does seem a bit onerous.

Most of the apps on my phone are installed from F-Droid. I guess the next time I get a new phone I'll have to wait at least 24 hours for it to become useful.

I'm seriously considering Graphene for a next personal device and whatever the cheapest iOS device is for work.

There will no any benefit from using Android instead of iPhone if there's no sideloading.

As for the IDs, I think what happens is that Google sees no need to have hobbyists anymore in the ecosystem. Companies are easier to deal with, easier to change ecosystem to what's needed for Google. While for app development companies, there will be a single enterprise account with some ID used for many developers. And companies just shut up and follow almost any non-financial requirements Google wants to add.

In contrast, opensource developers frequently go public advocating for user privacy and data prorection, while companies tend to be on the same side as Google squeezing any bit of personal user data to sell it for any margin possible.

Is any open mobile device and OS ecosystem possible at this point of time, other than the hobbyist one? With closed gates of LTE/5G ecosystem it seems there's no such possible at all.

This 24-hour wait time nonsense is a humiliation ritual designed to invalidate any expectation of Android being an open platform. The messaging is very clear and the writing's on the wall now, there's nowhere to go from here but down.

Anytime I open the Play store it feels like I am getting hustled to install Scam Software I don't want. With Scam I mean either it is overblown with Ads or wants a subscription.

I really extremely rarely open the Play Store.

F-Droid is my place to. Even if the tools are simple, they are reliable.

Maybe Google is also scared, that with coding agents some OSS Tools improve that much that commercial alternatives don't matter.

Although I'm slightly relieved there is a way out of Googles verification system, it's still pretty wild if you compare this to installing software on a Windows pc. I'm sure Microsoft is heading in the same direction with Windows, but today its still "only" a few confirmations to install anything.

This will sadly still put a major damper on adoption of open source apps, while giving a false sense of security that apps from the Play store are safe.

Years down the road, the low usage of apps installed from outside the Play store will be used as an argument for removing the functionality completely.

> Restart your phone and reauthenticate: This cuts off any remote access or active phone calls a scammer might be using to watch what you’re doing.

This is smart.

But putting my design hat on here: couldn't this be the whole approach? When enabling the "unverified apps" setting, the phone could terminate all running apps and calls before walking the user through the process.

Why do you even need the rest of the complexity -- if the fear is that non-savvy users are being coached into installing malware,then preventing comms while fiddling with the settings seems pretty OK?

You could even combine this with randomised UI, labels etc. so it's not possible to coach someone in advance about what to press.

In addition to a enabling it in this onerous way, this should be a thing you can set when you first set up the phone after factory default: "I am technologically literate and I accept the risks of side loading indefinitely." If it's set once during set up then none of the vulnerable people will have it set for the lifetime of their phone. A scammer would have to factory reset their phone which would defeat the purpose of gaining access.

That's a lot of words to explain how to install things on the device I supposedly own.

Wondering how long the blogpost would be if it explained what the flow for corpoloading applications approved by Google's shareholders would be?

This news confirms my thoughts to abandon Google's line of Android upgrades at the first opportunity.

Even before Google's edict I disabled enforced Android updates in case that at Google's demand manufacturers slipstreamed some restrictive code that cannot be later removed. One only has to look at the disastrous precedent with Windows 11 to see how insidious and ever-increasing lock-in works.

Fact is Big Tech cannot be trusted and there's a long lineage to prove it—MS Windows, Sun/OpenOffice and many others—and now Android. To avoid future calamities like this and to ensure survival of F-Droid, et al we urgently need to break Big Tech's nexus with open source independent of Big Tech's control.

I can only hope more manufacturers are prepared to fork Android to cater for the upcoming demand.

As an idea, what about allowing the 24 hours to be bypassed using adb (edit: bypass to allow indefinitely, not just install a single app)?

I understand there is some problem trying to be solved here, but honestly this is still quite frustrating for legitimate uses. If this is the direction that computing is moving, I'd really rather there were separate products available for power users/devs that reflected our different usage.

It's getting harder and harder to be an Android enthusiast. Especially given the hypocrisy of Google Play containing an awful lot of malware.

24 hour mandatory wait time to side load!? All apps I want to use on my phone are not in the Play Store. So I buy a new phone (or wipe a used phone) and then I can’t even use it for 24 hours?

Whoever worked on this: Thank you for your killing open computing. I hope you are proud and don't spend all the money at once.

"Android is one of the most open systems I've ever seen. What makes Android great is it's literally designed from the ground up to be customised in a very powerful way." -- Sundar Pichai

Oh, how times have changed. And so many believed this and repeated it.

Could the title say "process to install non-curated Android apps"? "Sideload" and "unverified" imply that the collection of centrally approved apps is the default way to install software.

Or maybe it is and android's promises about openness are dead.

Even alternatives like GrapheneOS relies on AOSP. I wonder if it's possible for regulators in certain countries to pressure Google to kill it in the future.

Even if that's not the case, I'd imagine attestation apps like banking apps would require some kind of identity verification in exchange for trusting Graphene's keys.

In principle it doesn't make sense to leave any escape hatch, but I guess as always, it boils down to economy.

I'm not sure if I've heard this discussion from somewhere else and took it as my owm thought. Anyways, I consider this era the beginning of tech feudalism. I honestly don't think we'll be able to escape it. Please note I use Linux and GapheneOS as my two main daily drivers. Most normal people do not care and they think it's crazy I'd make my life so inconvenient. It's my perspective, but I believe users in general don't care, understand, and prefer convenience over choice. Which gives a lot of power to this push for max control. Wether we like it or not I think we won't be able to stop it. I'm not being negative about it or trying to demoralize anyone. We already have at least four basic tech-feudal states, Microsoft, Android, Apple, and Freedom-Software. Each one somewhat has a used base that reflects it's ideology.

> “In that 24-hour period, we think it becomes much harder for attackers to persist their attack,” said Samat. “In that time, you can probably find out that your loved one isn’t really being held in jail or that your bank account isn’t really under attack.”

I wanted to be negative about the whole idea, as due to my age I'm resentful of not being allowed to use my own computer as I see fit.

On the other hand, in principle I see what they're going for here. The only decent argument for these user-hostile lockdowns is the malware issue.

Calling "installing something without Google's or Apple's consent" "sideloading" is stupid.

I will die on this hill.

Am I going to have to wait 24hrs to have Google's malware and spyware forceloaded onto my phone, or is this a different category of malware?

taps the sign: https://medhir.com/blog/right-to-root-access

They should let you skip the wait if you're setting up a device for the first time.

> In addition to the advanced flow we’re building free, limited distribution accounts for students and hobbyists. This allows you to share apps with a small group (up to 20 devices) without needing to provide a government-issued ID or pay a registration fee.

I don't quite understand how those installs would be tracked. If I create a "hobbyist" account and share the apk, are the devices that install that app all reporting it to Google? To my knowledge, Google only does this through the optional Play Protect system, is that now no longer optional? I'd like to know if my computer is reporting every app I install up to Google.

24H forced wait time?!? WTF

When I side-load open-source apps for other people, I want to do it right in the moment, not activate the feature, and the next time I see them (like half a year later), install the app.

When Google announced there would be an alternative installation method, I did not expect such a mess...

> In addition to the advanced flow we’re building free, limited distribution accounts for students and hobbyists. This allows you to share apps with a small group (up to 20 devices) without needing to provide a government-issued ID or pay a registration fee.

What stops scammers from simply creating a new hobbyist account for every 20 people they scam?

> Flip the toggle and tap to confirm you are not being coerced

This is just spreading fear. If you're being coerced to do this, then you're in a much bigger danger than what a rogue application sideloaded to your phone represents.

To their credit, the 24hr hold would actually serve an important, legitimate purpose if the same malware weren't going to be on the PlayStore anyway. I was expecting to disagree with their public statements more than I actually did on this topic.

This still isn't a good idea. It's not going to materially improve security for anyone, so all the negatives (beaten to death here and elsewhere) are still top-of-mind.

Find the email address of the CEO/board members. When you get this on your device. Let your thoughts be known to them with a screenshot. Feel free to use language that will make them feel dumb and sad. Don't expect them to understand logical arguments or pleas.

Companies get away from this because they distance themselves from their customers and they have systems to hide feedback.

How exactly is this going to stop scammers from simply modifying their scam runbook to say "Turn this thing on, and get back to me in 24 hours.", and then continue on from the next step?

We know from Nigerian email scams that these things can stretch out days, weeks, months, all to get the victim to do the thing.

> Balancing openness and choice with safety

No, I'm afraid this is tipping the scale of control in Google's favor.

'Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.' - Benjamin Franklin

So this means one can't just copy over unsigned apps from previous phone when transferring.

As others have suggested, there should be an option skip the 24hr wait when activating at setup time. Or, alternatively, when the previous phone one is transferring from has it enabled it should be without wait time on the new one.

The goal seems to be breaking the real-time guidance scammers rely on. 24h probably works, but it feels like a heavy tradeoff for legit users.

This is getting a ton of hate here, but I think it feels like a pretty reasonably balanced response to competing concerns: protecting literally billions of non-tech-savvy users from potentially malicious social-engineering attacks while allowing devs and tech-savvy a path to bypass that protection if they’re sure they want to.

What concrete change to the policy would be a strict Pareto improvement keeping just those two concerns in mind?

If this becomes widely successful and side-loaded crapware apps and Android phone scammers drop off a cliff, we will still be upset because we want a perfect world where everyone is above average in their digital security. Time boxing is a great compromise and you've lost none of your previous freedoms. Guaranteed convenience of side-loaded software was never in the Android terms of use.

It probably sounds like a nitty gritty detail here but who is enforcing the 24 hours and how are they enforcing it?

Because if that "enforcement" is Google then they are still engineering a situation where they hold the keys to the kingdom. They may benevolently let you install what you want, but the sword of damacles will hang over everyone forever, with the darth vader contract in full force ("pray we don't change the deal any further"). If nothing else, it will have a chilling effect. But more than likely, it will attract regulators like moths to a flame to coerce Google into banning their favorite open source apps that they don't like. In other words: it won't solve anything at all, really.

They're treating users like toddlers. Having to wait 24 hours to use my phone how I want to?

Could this be worked around by installing a single shell app which then loads other apps internally? I think it's possible to dynamically load Dalvik byte code in ART these days, right?

Obviously permissions would be a problem, as you can't update the app manifest, so there would either have to be one shell app per publisher (which would at least solve the problem of installing updates for their apps) or the shell would need its own internal system for managing permissions (like a browser does). Maybe it could also sandbox different apps from each other in different subprocesses, unless that needs root privileges, but maybe it's possible with Landlock?

Or we can always fall back to the "sweet solution" Steve Jobs offered us with the original iPhone, and just let the web browser be the shell.

Or implement everything as WeChat mini programs.

The timing is interesting. With the measurable shift in quality of models and the agentic workflow becoming more popular (exacerbated by SaaS companies trying to democratise app building), there will probably an explosion of even more apps (as if there aren't enough already). The programmer in me likes that because I can easily build an app that is specific to my needs. But so can a person who doesn't have the technical background which combined with poor security track record of LLM generated code, is a risky combination security-wise. Not sure if that was actually the motivation or whether it was preserving the revenue from the developer ecosystem by creating another walled garden.

Hmm, as long as the waiting period is not per-app then maybe this is OK. Especially now that there is a well supported way to distribute alternative app stores without going through the sideloading process.

Honestly, if coerced sideloading is a real attack vector, then this seems to be a pretty fair compromise.

I just remain skeptical that this tactic is successful on modern Android, with all the settings and scare screens you need to go through in order to sideload an app and grant dangerous permissions.

I expect scammers will move to pre-packaged software with a bundled ADB client for Windows/Mac, then the flow is "enable developer options" -> "enable usb debugging" -> "install malware and grant permissions with one click over ADB". People with laptops are more lucrative targets anyway.

The measures seem a lot less restrictive than I expected. 24h wait time is nothing if you suppress your ego, developer options is already the first thing I enable, an open adb channel is and will be a constant choice and the one-time-forever option a neat convenience. They could kill user experience for all but it's more a friction and not a restriction.