From Newsgroup: alt.comp.os.windows-11

On Sat, 23 Aug 2025 09:23:09 -0000 (UTC), Marion wrote :

Tutorial:
Build your first Android APK on Windows from Github WhisperIME src code

Yikes!
*Google will block sideloading of unverified Android apps*
*starting next year*

<https://arstechnica.com/gadgets/2025/08/google-will-block-sideloading-of-unverified-android-apps-starting-next-year/>
"Google says it's no different than checking IDs at the airport."

Apparently Google will require that all APKs installed on certified
Android devices (whether from the Play Store or sideloaded)
be signed by a verified developer identity.

This means APKs signed with a debug key (as in the process
described in this thread) may be blocked from installing or running.

Even if we build the APK ourselves from trusted source code,
Android will likely check whether the signing key is linked
to a verified developer.

What changes in my tutorial?

Step 8: Build APK with debug key will likely be blocked!
Debug keys are not linked to verified identities.
We may need to sign with a registered key.

Step 9: Install via adb install may fail on certified devices!
ADB install won't bypass the identity check
unless the APK is signed by a verified developer.

Step 10: Launch WhisperIME may not run
Android may prevent execution of unverified apps, even if installed.

What options do you think we'll have to build from source?
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Tue, 26 Aug 2025 05:55:59 -0000 (UTC), AJL wrote :

Google is tightening Android app security by requiring all developers >>(whether they publish on the Play Store or sideload apps) to verify their >>identities.

Starting in 2026, only apps from verified developers will be installable on >>most certified Android devices

I wonder if this Amazon Fire HD10 tablet I'm posting with is a certified
Android device in Google's opinion? Because I side loaded and signed into
the Google Play Store on it and thus get apps from both stores (Google and
the tablet's installed Amazon Appstore). Most of Google's store stuff runs
just fine on Amazon's forked Android version. Also much side loaded stuff.
Anyway it would be ironic if Google stopped me side loading unauthorized
apps because on this tablet Google IS an unauthorized side loaded app...

Hi AJL,

This bothers me a lot as now we can't compile our own APKs without signing
up for a Google verified developer, which destroys our privacy just like
iOS destroys our privacy in an instant by requiring those matrix logins.

I'm glad you responded as you did, as it didn't occur to me that some
"Android" devices might not be considered a "certified Android device".

Looking it up, apparently the Amazon Fire HD 10 runs Fire OS, which is a heavily customized fork of Android. While it's technically Android-based,
it's apparently not certified by Google under the Android Compatibility Program.

I think that means it doesn't come with Google Mobile Services (GMS) pre installed, and from what I read just now, it may very well be that Amazon doesn't submit Fire tablets for Google's certification process.

So when Google says "most certified Android devices," they're perhaps
referring to devices that have passed compatibility testing and are
officially recognized by Google, such as the ubiquitous Samsung Galaxy
tablets or Pixel devices.

I don't have a crystal ball, but I do see very clearly how Apple locked up control of iOS such that it can't do half of what Android can do.

The problem is that if Google enforces this identity verification rule strictly, it's possible that apps from unverified developers might not
install or run properly, even on sideload-friendly devices like yours.

Whether that enforcement will extend to uncertified devices like Fire
tablets is unclear to me, but it's definitely something to watch over.

The only solution I can see for typical devices is each and every one of us
has to become an official Google developer - which seems crazy to me as
that's the Apple model which caused iOS to have half the functionality of Android. Sigh.

It's a bad direction, IMHO, for Google to take just because they want to
wrest control and claim it's being done for reasons that are said to be
safety (as that's clearly a lie).

It's all about control.

The question now is what happens to 3rd-party repos and src code compiles?
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Arlen,

Yikes!
*Google will block sideloading of unverified Android apps*
*starting next year*

Than its good I'm not running Googles Android. :-)

"Google says it's no different than checking IDs at the airport."

They're missing that its *my* airport, not theirs. They are just the hired help.

Funny though that they have no problem giving such ID's to "criminals" (malware), and allow them to hop onto your planes - allowing them to be hijacked and worse.

What options do you think we'll have to build from source?

Exactly what Google gives you. "We've altered the deal, pray we will not
alter it any further". But they will.

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Marion, 2025-08-26 05:54:

On Sat, 23 Aug 2025 09:23:09 -0000 (UTC), Marion wrote :

Tutorial:
Build your first Android APK on Windows from Github WhisperIME src code

Yikes!
*Google will block sideloading of unverified Android apps*
*starting next year*

<https://arstechnica.com/gadgets/2025/08/google-will-block-sideloading-of-unverified-android-apps-starting-next-year/>
"Google says it's no different than checking IDs at the airport."

Well - it's not very hard to register as developer and the one-time registration fee is just 25 USD:

<https://support.google.com/googleplay/android-developer/answer/6112435?hl=en>

As soon as you have a developer account you can create "verified" apps
for your own. In the past when "feature phones" were still a thing,
getting a certificate was *much* *more* expensive and you needed to have
every soingle app build signed which was around 400 USD for every release.

At the moment attackers can you just build their own malware APKs for
Android free and and lure people into downloading them. That's one of
the reasons why Android is often considered very insecure.

If you don't like this - create or use your own Android-Custom-ROM which
does not include this check.
--
Arno Welzel
https://arnowelzel.de
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Arno,

At the moment attackers can you just build their own malware APKs for
Android free and and lure people into downloading them. That's one of
the reasons why Android is often considered very insecure.

Bullshit. You can download anything you want on Windows as well as Linux,
and neither has been called insecure for it.

The reason Android is quite insecure is that you have no methods to check
what a certain app is doing, meaning that if an app misbehaves you have no way to detect it. Also, the current permissions are crude, only giving all-or-nothing choices. :-(

If you don't like this - create or use your own Android-Custom-ROM
which does not include this check.

Or find yourself a custom version of Android which, besides leaving it upto the user to choose where he gets his apps from, also contains better protections against mal-behaving apps in general. Like the signed apps from its app-store which, for one reason or another, still contain malware.

The custom ROM I'm running gives me the option to disallow an apps acces to the internet, as well as restricting the apps access to storage to its own folders - and, if wanted by the user, *read-only* access to (some) others.

Its not everything, but its much more than Googles Android offers me.

I think that Googles Android needs to be carefull: a move like this one, forcing users to only use its ecosystem (hardware, OS, apps), might easily
be considered an attempt to create a monopoly. And even under the current administration of the US of A that won't end well..

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Tue, 26 Aug 2025 14:35:42 +0200, R.Wieser wrote :

At the moment attackers can you just build their own malware APKs for
Android free and and lure people into downloading them. That's one of
the reasons why Android is often considered very insecure.

Bullshit. You can download anything you want on Windows as well as Linux, and neither has been called insecure for it.

I will agree with anyone who makes a sensible comparison, where I have to agree that the fact you can download any app on most operating systems, doesn't inherently make them so insecure that it has to be locked up so
that only Google or Microsoft or Canonical or RedHat can allow installs.

Google is doing this, rather obviously, to copy the Apple model of CONTROL.
As Rudy showed, it's a brazen lie that this is being done for "security".

It has nothing to do with security.
It's about control.

The reason Android is quite insecure is that you have no methods to check what a certain app is doing, meaning that if an app misbehaves you have no way to detect it. Also, the current permissions are crude, only giving all-or-nothing choices. :-(

We could argue Android has "more malware" than does iOS, but we already
know iOS is vastly more exploited than Android so other metrics apply.
<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>

We know that Apple has never tested much of their iOS code, so, again,
other metrics apply when we look, at Apple's lies about their control.
<https://cyberscoop.com/iphone-hack-google-project-zero/>

The fact Apple controls iOS so rigidly doesn't gain anyone any more
security since iOS is far less secure than Android - but it does gain Apple profits. Big profits. The biggest in the world kind of profits.

It's about control.
Not security.

It's bad news that Google is following Apple's lead, as not only does it
make it harder to compile an APK from source, but it makes Android closer
to the locked-down iOS model which is the main reason iOS can't do half of what Android does.

Conversely, there is only one thing iOS can do that Android can't do.

That functionality curve crossover at exact 1 item is that lopsided simply because Apple has locked down control over iOS such that it is basically a dumb terminal that can't do anything useful w/o logging into Apple servers.

Let's hope Google stops following Apple's control lead which causes a loss
of functionality without even a single uptick in security as iOS is far
more insecure than Android on almost all metrics (other than on malware).

If you don't like this - create or use your own Android-Custom-ROM
which does not include this check.

Or find yourself a custom version of Android which, besides leaving it upto the user to choose where he gets his apps from, also contains better protections against mal-behaving apps in general. Like the signed apps from its app-store which, for one reason or another, still contain malware.

The problem is that many of us have Android phones which can't be rooted.
Up until now, we could choose where to get our apps from.

But with this new change, we can't.

I can already see how compiling an APK will require a Google verification.
Does anyone have any idea what this will do to third-party repos?

The custom ROM I'm running gives me the option to disallow an apps acces to the internet, as well as restricting the apps access to storage to its own folders - and, if wanted by the user, *read-only* access to (some) others.

Its not everything, but its much more than Googles Android offers me.

It's good that you have a custom ROM, and I'm envious that you do.
Some of us have USA Samsung's whose boot loader is not known to be
unlockable, so we're stuck on simply debloating Android as best we can.

One option for us in the regard of what you just noted is "NetGuard",
which, again, is functionality never found on iOS because Apple has locked
up iOS so badly that it can't do half of what Android does as a direct
result.

I'm not sure why anyone buys an iPhone as it's a toy that can't do much,
but my worry here is that Android is following Apple's lead in removing all the functionality we loved about Android (& still love in Windows & Linux).

I think that Googles Android needs to be carefull: a move like this one, forcing users to only use its ecosystem (hardware, OS, apps), might easily be considered an attempt to create a monopoly. And even under the current administration of the US of A that won't end well..

I agree with any sensible viewpoint, where this seems to be Google
following Apple's model of control for the sake of control. Not for
security.

Note that Apple's iOS is far more insecure than Android is, but the reasons are complex (e.g., Apple hasn't tested much of its own code for one!), so
the fact both Google & Apple "say" it's for security, is a brazen lie.
<https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html>

It's not about security.
It's about control.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Tue, 26 Aug 2025 14:35:42 +0200, R.Wieser wrote :

At the moment attackers can you just build their own malware APKs for
Android free and and lure people into downloading them. That's one of
the reasons why Android is often considered very insecure.

Bullshit. You can download anything you want on Windows as well as Linux, and neither has been called insecure for it.

I will agree with anyone who makes a sensible comparison, where I have to agree that the fact you can download any app on most operating systems, doesn't inherently make them so insecure that it has to be locked up so
that only Google or Microsoft or Canonical or RedHat can allow installs.

Google is doing this, rather obviously, to copy the Apple model of CONTROL.
As Rudy showed, it's a brazen lie that this is being done for "security".

It has nothing to do with security.
It's about control.

The reason Android is quite insecure is that you have no methods to check what a certain app is doing, meaning that if an app misbehaves you have no way to detect it. Also, the current permissions are crude, only giving all-or-nothing choices. :-(

We could argue Android has "more malware" than does iOS, but we already
know iOS is vastly more exploited than Android so other metrics apply.
<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>

We know that Apple has never tested much of their iOS code, so, again,
other metrics apply when we look, at Apple's lies about their control.
<https://cyberscoop.com/iphone-hack-google-project-zero/>

The fact Apple controls iOS so rigidly doesn't gain anyone any more
security since iOS is far less secure than Android - but it does gain Apple profits. Big profits. The biggest in the world kind of profits.

It's about control.
Not security.

It's bad news that Google is following Apple's lead, as not only does it
make it harder to compile an APK from source, but it makes Android closer
to the locked-down iOS model which is the main reason iOS can't do half of what Android does.

Conversely, there is only one thing iOS can do that Android can't do.

That functionality curve crossover at exact 1 item is that lopsided simply because Apple has locked down control over iOS such that it is basically a dumb terminal that can't do anything useful w/o logging into Apple servers.

Let's hope Google stops following Apple's control lead which causes a loss
of functionality without even a single uptick in security as iOS is far
more insecure than Android on almost all metrics (other than on malware).

If you don't like this - create or use your own Android-Custom-ROM
which does not include this check.

Or find yourself a custom version of Android which, besides leaving it upto the user to choose where he gets his apps from, also contains better protections against mal-behaving apps in general. Like the signed apps from its app-store which, for one reason or another, still contain malware.

The problem is that many of us have Android phones which can't be rooted.
Up until now, we could choose where to get our apps from.

But with this new change, we can't.

I can already see how compiling an APK will require a Google verification.
Does anyone have any idea what this will do to third-party repos?

The custom ROM I'm running gives me the option to disallow an apps acces to the internet, as well as restricting the apps access to storage to its own folders - and, if wanted by the user, *read-only* access to (some) others.

Its not everything, but its much more than Googles Android offers me.

It's good that you have a custom ROM, and I'm envious that you do.
Some of us have USA Samsung's whose boot loader is not known to be
unlockable, so we're stuck on simply debloating Android as best we can.

One option for us in the regard of what you just noted is "NetGuard",
which, again, is functionality never found on iOS because Apple has locked
up iOS so badly that it can't do half of what Android does as a direct
result.

I'm not sure why anyone buys an iPhone as it's a toy that can't do much,
but my worry here is that Android is following Apple's lead in removing all the functionality we loved about Android (& still love in Windows & Linux).

I think that Googles Android needs to be carefull: a move like this one, forcing users to only use its ecosystem (hardware, OS, apps), might easily be considered an attempt to create a monopoly. And even under the current administration of the US of A that won't end well..

I agree with any sensible viewpoint, where this seems to be Google
following Apple's model of control for the sake of control. Not for
security.

Note that Apple's iOS is far more insecure than Android is, but the reasons are complex (e.g., Apple hasn't tested much of its own code for one!), so
the fact both Google & Apple "say" it's for security, is a brazen lie.
<https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html>

It's not about security.
It's about control.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

R.Wieser, 2025-08-26 14:35:

Arno,

At the moment attackers can you just build their own malware APKs for
Android free and and lure people into downloading them. That's one of
the reasons why Android is often considered very insecure.

Bullshit. You can download anything you want on Windows as well as Linux, and neither has been called insecure for it.

It is. Windows is considered less secure - because of that!

And even you *can* download any kind of software for Linux, most Linux
newbies only use the repositories provided by the distributor. And the
more experienced Linux users won't just download software from some
unknown source and run it.

The reason Android is quite insecure is that you have no methods to check what a certain app is doing, meaning that if an app misbehaves you have no way to detect it. Also, the current permissions are crude, only giving all-or-nothing choices. :-(

Every single API call which reads user data or sends data of the network
*must* be authorized. Also many API calls which interact with other applications. However many users just allow everything when asked, not
thinking one second if the requested permission is OK for the specific
use case or not.
--
Arno Welzel
https://arnowelzel.de
--- Synchronet 3.21a-Linux NewsLink 1.2