If you haven’t seen this yet, Google is planning to require mandatory developer
identity verification for all Android apps, including apps distributed outside
the Play Store, taking effect September 2026. This affects every independent
and open source Android developer directly.
This is not just about the Play Store. After September 2026, on any certified
Android device, applications from unverified developers will be blocked by
default. The only proposed bypass, the “advanced flow”, exists only as a
blog post and has not appeared in any beta, dev preview, or canary release.
No one outside Google has seen it.
Once per device you will need to wait 24 hours before installing unauthorized apps. That’s all the new restrictions do. It will basically not affect power users at all.
For scammers, the 24 hour waiting period completely breaks their scams. They won’t be able to trick people into installing malware if they have to call back to resume the scam the next day. Google said that was their goal and their new solution actually does this without impeding power users.
Google found the balance that we were asking them for, yet people won’t stop complaining and even lying about it in posts like this. Maybe that energy is why the users won this time, but either way, take that energy and fight any of the thousands of real fights.
“Will not affect power users at all” is just not true. I will now have to wait an entire day before I can start using my next phone. Well, either that or android-translation-layer advances enough for me to switch to a Linux phone full-time.
Sideloading APKs is an easy vector but so is the Google Play Store. It’ll take scammers like 5 minutes to just perma move to GPlay shenanigans, and its already well known to have poor quality control and tons of malware available to download with the useless play protect logo.
This is just Google’s public justification for creating their walled garden. They already pulled this exact scam with Chinese OEMs which is how Huawei got banned, and others stopped selling in the US. They huffed up some story about CCP spyware and then mandated that GPlay be installed in full, otherwise face consequences from congress.
Even Samsung got pulled in and they essentially agreed to use GApps as the de facto communication suite for their phones in exchange for allowing Samsung to continue to use their Galaxy store.
They see stuff like AOSP as a threat because anyone can just fork the OS and make their own non google Android, and they don’t want any OEM to replace GPlay like what Motorola is attempting right now (hence the increased urgency to lock down Android).
Google’s monopoly in the mobile space revolves around every phone using GPlay, so they’ll do anything to maintain their control.
That is all true, however it seems like a slippery slope to me.
To stop scams, it would instead be a good idea to block app installation (of ANY apps including in the Play Store) when the screen is being monitored or a call is active.
Then when sideloading apps, grey out the install button for 3 seconds to hopefully pull the user out of any mindless flow state a scammer has put them in.
For a start, there’s no reliable way to detect when the screen is “being monitored”. You’re presumably thinking of remote control apps but they use the accessibility API which is something many users with visual impairment have enabled all the time, for things like screen readers.
Or we stop babyproofing the world for fools. Imagine a car that only ran gas from approved gas stations because someone was caught inhaling unapproved gas when someone else told them it would heal their sickness.
Maybe we could just have a switch for normal/expert user, with a warning that expert user mode should never be enabled if you’re not an expert. That’s it.
Google made some noises in a blog post, but beyond that there is no evidence that they have changed direction. I guess you can take them at their word if you want, but that seems rather naive given the context.
This entire flow is delivered through Google Play Services, not the Android OS, meaning Google can modify, restrict, or remove it at any time without an OS update and without any user consent. The advanced flow has still not appeared in any Android beta, dev preview, or canary release. As of the date of this update, it exists only as a blog post and UI mockups. The community is being asked to accept a product announcement as a functional safeguard five months before the mandate takes effect.
Until Google provides a shipping implementation that can be independently verified, our position remains unchanged: all apps from non-registered developers will be blocked once their lockdown goes into effect in September 2026.
For a while they were completely removing the ability to install unsigned apps altogether. So continuing to allow it albeit with more steps is indeed stepping back somewhat from what their plans were.
The advanced flow (which includes a 24hr wait time) is not rolling back and I wouldn’t call it stepping back either. It’s obviously designed to kedp friction high so thst no one even bothers with freedom and privacy protecting apps that dont want to or can’t go through googles verification process.
This isn’t what you think it is… it’s barely conceding when the friction remains this high.
You’re being overly pedantic about my word choice instead of actually just discussing this without trying to be condescending and one up people. Online discussions are conversations, not competitions.
I’m not being overly pedantic and I am discussing it, sorry if my reply sounded a bit blunt though.
My main point is that my reply to your original comment was made with a different understanding to what you actually meant, which is not “rolled back.”
(And that I disagree that their slight change to the plan, which has yet to be seen by the public as far as i’m aware, is anywhere near a move in the right direction, maybe the tiniest nudge ever, but not meaningful).
p.s. my thoughts on your word choice was only a tiny part of my message :/
There is more information on the website. This was Google’s “solution”:
Update: Google has revealed the “advanced flow” — it is not a solution
On March 19, 2026, Google published details ↗ of the “advanced flow” mechanism intended for “power users” to allow installation of applications from unverified developers after the lockdown takes effect. It goes like this:
Enable Developer Mode ↗ by tapping the software build number in About Phone seven times
In Settings > System, open Developer Options and scroll down to “Allow Unverified Packages.”
Flip the toggle and answer a scare screen confirming that you are not being coerced
Enter your device unlock pin/password
Restart your device
Wait 24 hours
Return to the unverified packages menu at the end of the security delay
Scroll past additional scare screen warnings and select either “Allow temporarily” (seven days) or “Allow indefinitely.”
On the next scare screen, confirm that you understand the risks.
You can now install unverified packages on the device by tapping the “Install anyway” option in the package manager.
This entire flow is delivered through Google Play Services, not the Android OS, meaning Google can modify, restrict, or remove it at any time without an OS update and without any user consent. The advanced flow has still not appeared in any Android beta, dev preview, or canary release. As of the date of this update, it exists only as a blog post and UI mockups. The community is being asked to accept a product announcement as a functional safeguard five months before the mandate takes effect.
Until Google provides a shipping implementation that can be independently verified, our position remains unchanged: all apps from non-registered developers will be blocked once their lockdown goes into effect in September 2026.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
DROID DOES
Welcome to the Android community on Lemmy. Here you can participate in amazing discussions and events relating to all things Android.
5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.
6. Memes are not allowed to be posts, but are allowed in the comments.
7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.
8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.
I thought they just rolled this back?
Once per device you will need to wait 24 hours before installing unauthorized apps. That’s all the new restrictions do. It will basically not affect power users at all.
For scammers, the 24 hour waiting period completely breaks their scams. They won’t be able to trick people into installing malware if they have to call back to resume the scam the next day. Google said that was their goal and their new solution actually does this without impeding power users.
Google found the balance that we were asking them for, yet people won’t stop complaining and even lying about it in posts like this. Maybe that energy is why the users won this time, but either way, take that energy and fight any of the thousands of real fights.
“Will not affect power users at all” is just not true. I will now have to wait an entire day before I can start using my next phone. Well, either that or android-translation-layer advances enough for me to switch to a Linux phone full-time.
Sideloading APKs is an easy vector but so is the Google Play Store. It’ll take scammers like 5 minutes to just perma move to GPlay shenanigans, and its already well known to have poor quality control and tons of malware available to download with the useless play protect logo.
This is just Google’s public justification for creating their walled garden. They already pulled this exact scam with Chinese OEMs which is how Huawei got banned, and others stopped selling in the US. They huffed up some story about CCP spyware and then mandated that GPlay be installed in full, otherwise face consequences from congress.
Even Samsung got pulled in and they essentially agreed to use GApps as the de facto communication suite for their phones in exchange for allowing Samsung to continue to use their Galaxy store.
They see stuff like AOSP as a threat because anyone can just fork the OS and make their own non google Android, and they don’t want any OEM to replace GPlay like what Motorola is attempting right now (hence the increased urgency to lock down Android).
Google’s monopoly in the mobile space revolves around every phone using GPlay, so they’ll do anything to maintain their control.
Got a link boss? You’ll excuse me if I don’t take your word for it and all that
https://android-developers.googleblog.com/2026/03/android-developer-verification.html
The website linked above lays out the change https://keepandroidopen.org/
That is all true, however it seems like a slippery slope to me.
To stop scams, it would instead be a good idea to block app installation (of ANY apps including in the Play Store) when the screen is being monitored or a call is active.
Then when sideloading apps, grey out the install button for 3 seconds to hopefully pull the user out of any mindless flow state a scammer has put them in.
For a start, there’s no reliable way to detect when the screen is “being monitored”. You’re presumably thinking of remote control apps but they use the accessibility API which is something many users with visual impairment have enabled all the time, for things like screen readers.
Basically all of them use the “Cast” feature, so you just need to detect that.
Or we stop babyproofing the world for fools. Imagine a car that only ran gas from approved gas stations because someone was caught inhaling unapproved gas when someone else told them it would heal their sickness.
Maybe we could just have a switch for normal/expert user, with a warning that expert user mode should never be enabled if you’re not an expert. That’s it.
Google made some noises in a blog post, but beyond that there is no evidence that they have changed direction. I guess you can take them at their word if you want, but that seems rather naive given the context.
They came out with more information on what their walk back looks like. More information is on the website https://keepandroidopen.org/
As far as I’m aware, there’s only the advanced flow thing that is mentioned in this post?
If that’s the only solution, I wouldn’t call that “rolling back.”
For a while they were completely removing the ability to install unsigned apps altogether. So continuing to allow it albeit with more steps is indeed stepping back somewhat from what their plans were.
Rolling back usually means to revert it fully.
The advanced flow (which includes a 24hr wait time) is not rolling back and I wouldn’t call it stepping back either. It’s obviously designed to kedp friction high so thst no one even bothers with freedom and privacy protecting apps that dont want to or can’t go through googles verification process.
This isn’t what you think it is… it’s barely conceding when the friction remains this high.
You’re being overly pedantic about my word choice instead of actually just discussing this without trying to be condescending and one up people. Online discussions are conversations, not competitions.
I’m not being overly pedantic and I am discussing it, sorry if my reply sounded a bit blunt though.
My main point is that my reply to your original comment was made with a different understanding to what you actually meant, which is not “rolled back.”
(And that I disagree that their slight change to the plan, which has yet to be seen by the public as far as i’m aware, is anywhere near a move in the right direction, maybe the tiniest nudge ever, but not meaningful).
p.s. my thoughts on your word choice was only a tiny part of my message :/
They did, but why talk about that when we can just fearmonger about things that aren’t happening?
There is more information on the website. This was Google’s “solution”: