| Sysop: | Amessyroom |
|---|---|
| Location: | Fayetteville, NC |
| Users: | 27 |
| Nodes: | 6 (0 / 6) |
| Uptime: | 38:13:18 |
| Calls: | 631 |
| Calls today: | 2 |
| Files: | 1,187 |
| D/L today: |
22 files (29,767K bytes) |
| Messages: | 173,683 |
Google's new developer verification requirements starting September
2026 will force ALL Android app developers to register with Google -
even those avoiding the Play Store entirely. F-Droid, the trusted >open-source app store used by millions, just published a damning
response calling it a "death sentence" that creates an impossible
catch-22 designed to kill alternative app distribution.
Starting in September 2026, all apps installed on certified Android devices will[end quoted "search assist"]
need to be registered by verified developers, enhancing security and >accountability in the app ecosystem. This change aims to prevent malicious apps
from being easily distributed and will affect both apps from the Google Play >Store and those sideloaded from other sources. android-developers.googleblog.com
thehackernews.com
New Android App Requirements for 2026
Starting in September 2026, Google will implement a new requirement for all apps
installed on certified Android devices. Only apps from verified developers will
be allowed, enhancing security and accountability within the Android ecosystem.
Key Changes
Developer Verification: All developers must undergo identity verification to
register their apps. This aims to prevent malicious actors from impersonating
legitimate developers.
Impact on App Distribution: Apps distributed outside the Google Play Store
will also need to comply with this verification process. This could
significantly affect alternative app stores and sideloading practices.
Timeline
October 2025: Early access for developers begins.
March 2026: Full rollout of the verification process for all developers.
September 2026: Enforcement of the new requirements in select countries,
including Brazil, Indonesia, Singapore, and Thailand.
Implications for Users and Developers
Increased Security: The new measures are designed to protect users from
malware and scams by ensuring that only verified developers can distribute
apps.
Challenges for Alternative Platforms: Platforms like F-Droid may face
restrictions, as many of their apps may not meet the new verification
standards.
This initiative reflects Google's ongoing efforts to balance security with the >open nature of the Android platform.
forum.f-droid.org developer.android.com
F-Droid has some security risks, including slower updates and potential >vulnerabilities due to its unique app signing process, which differs from more >controlled environments like the Google Play Store. While it offers access to >free and open-source software, users should be cautious and consider these >factors when using the platform. Wikipedia privsec.dev[end quoted "search assist"]
Overview of F-Droid Security Risks
F-Droid is an alternative app store for Android that focuses on free and open- >source software (FOSS). While it offers benefits like privacy and customization,
there are notable security risks associated with its use.
Key Security Concerns
Trusted Party Problem
F-Droid signs all apps with its own keys, which means users must trust F-Droid
as a third party.
This differs from traditional app stores where developers sign their own apps,
allowing for a trust-on-first-use model.
Slow and Irregular Updates
Updates for apps on F-Droid can be slow, which may leave users vulnerable to
known security issues.
Some apps may not receive timely patches for vulnerabilities.
API Level and Compatibility
F-Droid apps often target lower API levels, which can bypass newer Android
security features.
This increases the attack surface for potential exploits.
Lack of TLS Certificate Pinning
F-Droid does not consistently implement TLS certificate pinning, making it
susceptible to man-in-the-middle attacks.
This could allow attackers to intercept communications between the app and its
servers.
Additional Considerations
Quality Control
F-Droid's inclusion policy is less strict than that of the Google Play Store,
leading to a higher chance of hosting outdated or unmaintained apps.
While F-Droid aims for transparency, the quality of apps can vary significantly.
Reproducible Builds
Some apps on F-Droid are reproducible, meaning their binaries can be verified
against the source code.
However, not all apps meet this standard, which can lead to trust issues.
Conclusion
While F-Droid provides a valuable resource for FOSS applications, users should >be aware of its security risks. It is advisable to stay informed about the apps
being installed and consider additional security measures when using this platform.
discuss.techlore.tech privsec.dev
Google's new developer verification requirements starting September
2026 will force ALL Android app developers to register with Google -
even those avoiding the Play Store entirely. F-Droid, the trusted open-source app store used by millions, just published a damning
response calling it a "death sentence" that creates an impossible
catch-22 designed to kill alternative app distribution.
https://www.youtube.com/watch?v=wRvqdLsnsKY
On 09 Oct 2025, Anonymous User <noreply@dirge.harmsk.com> posted some >news:20251009.183617.f2b37c80@dirge.harmsk.com:
Google's new developer verification requirements starting September
2026 will force ALL Android app developers to register with Google -
even those avoiding the Play Store entirely. F-Droid, the trusted
open-source app store used by millions, just published a damning
response calling it a "death sentence" that creates an impossible
catch-22 designed to kill alternative app distribution.
https://www.youtube.com/watch?v=wRvqdLsnsKY
Good. It will stop some of the malware. All those .apk sharing sites
will go tits up.