>- Must enable developer mode -- some apps (e.g., banking apps) will refuse to operate and such when developer mode is on, and so if you depend on such apps, I guess you just can't sideload?

Hi, I'm the community engagement manager @ Android. It's my understanding that you don't have to keep developer options enabled after you enable the advanced flow. Once you make the change on your device, it's enabled.

If you turn off developer options, then to turn off the advanced flow, you would first have to turn developer options back on.

>- One-day (day!!!) waiting period to activate (one-time) -- the vast majority of people who need to sideload something will probably not be willing to wait a day, and will thus just not sideload unless they really have no choice for what they need.

ADB installs are not impacted by the waiting period, so that is an option if you need to install certain unregistered applications immediately.

> - Must enable developer mode -- some apps (e.g., banking apps) will refuse to operate and such when developer mode is on, and so if you depend on such apps, I guess you just can't sideload?

What apps are those? I've yet to run into any of my banking apps that refuse to run with developer mode enabled. I've seen a few that do that for rooted phones but that's a different story. I've been running android for a decade and a half now with developer mode turned on basically the whole time and never had an app refuse to load because of it.

The one-day waiting period is so arbitrary. Have they demonstrated any supporting data? We know google loves to flaunt data.

Something like Github's approach of forcing users to type the name of the repo they wish to delete would seem to be more than sufficient to protect technically disinclined users while still allowing technically aware users to do what they please with their own device.

This is clearly anticompetitive. Hope regulators will figure out, then we won't have it eg not in the EU. However, Google is also abusing their power to e.g. deinstall apps without any option to decide using 'play protect' and blocks whole alternative stores through 'safe browsing' flags. I posted this play protect incident about IzzyOnDroid a few days ago, because I was so outraged: https://news.ycombinator.com/item?id=47409344

> This is going to hurt legitimate sideloading way more than actually necessary to reduce scams

Isn't that the objective? "Reducing scams" is the same kind of argument as "what about the children"; it's supposed to make you stop thinking about what it means, because the intentions are so good.

You have to wait one day only once, when enabling the feature. I agree that enabling developer mode could be a problem but mostly because it's buried below screens and multiple touches. As a data point, I enabled developer mode on all my devices since 2011 and no banking app complained about it. But it could depend by the different banking systems of our countries.

That is working as intended. Google wants to kill side loading.

their goal is to make software installation as painful as possible without being outright impossible : ‘sideloading’ is only ever a euphemism for ‘illegitimate’.

Medical apps (such as those that talk to insulin pumps) also refuse to run when developer mode is turned on.

We'll see when this rolls out, but I don't foresee the package manager checking for developer mode when launching "unverified" apps, just when installing them. AFAICT the verification service is only queried on install currently.

> some apps (e.g., banking apps) will refuse to operate and such when developer mode is on

JFC. Why would an app be allowed to know this? Just another datapoint for fingerprinting.

As described developer mode is only required at install time. Remains to be seen in the actual implementation, but as described in the post developer mode can be switched off after apps have been side loaded.

> some apps (e.g., banking apps) will refuse to operate and such when developer mode is on

And you blame Google for this? First of all, banks chose to make apps work this way, not Google. Moreover, they chose this likely due to scams. That proves scamming on android IS an issue that needs some technical solution.

Another take: People are not getting scammed because of side-loading (or not knowing your demographics/biometrics). People are getting scammed because of ignorance & stupidity & lack of common sense. In a way, its just nature running its course. If I'm able to scam you successfully, don't you deserve it at that point? Doesn't matter what we do, if you are scammable, you will get scammed.

Have these companies sent out their people to old age homes to teach old people how to use their tech and how avoid scams? If you lock the system down at max level, scams will just move offline again or find another way. Same if they build backdoors into encryption or make chats data available to gov agents: all illicit comms will just move off the network or find another smarter way. Its just how nature works, we are seeing tech-evolution in realtime.

I wouldn’t be fully optimistic about the one-day waiting period. Almost certain there will be a pop up showing up with: Process failed try again in 23:59:59.

I don't know. I've been silently outraged and disappointed by this whole forbidding of unverified apps, but also hopeful it wouldn't affect me much as a user of grapheneos.

But this process seems pretty reasonable to me.

I'd like to think it is due in part to the efforts of F-Droid and others.

Waiting a day, once, to disable this protection doesn't seem like a big deal to me. I'd probably do it once when I got a phone and then forget about it.

I happen to have developer mode enabled right now, for no good reason other than I never disabled last time I needed it. Haven't had any issues with any apps.

I actually think these protections could help mitigate scammers.

>the vast majority of people who need to sideload something will probably not be willing to wait a day

I disagree with this. Won't somebody who need to sideload something will just try again the next day...

> some apps (e.g., banking apps) will refuse to operate and such when developer mode is on

Enable dev mode, sideload the apk, then disable dev mode. I'd argue that it is poor security practice to keep developer mode enabled long-term on a phone that is used for everyday activities, such as banking.

One of the first things I do when I buy a new Android phone, like day one, is to enable developer mode. I usually use that simply for the ability to speed up animations so the phone feels a bit more snappy. In all the years I've engaged in this behavior, I've never had an application refuse to work. A rooted phone? Yes. Definitely. But just having developer mode enabled, no.

That said, it may be that I've simply been lucky and have an encountered that yet. So I'll be keeping an eye out for it.

Didn't Google already lose a case over making it hard to install alternative app stores? How is this not going to get them hit again? This is way worse than what Epic sued over.