From Newsgroup: comp.mobile.android

From Windows, I went to F-Droid today, to look up an app, and this was in
pink at the top warning us. Anyone want to discuss what's going on?
<https://f-droid.org/>

F-Droid is under threat.
Google is changing the way you install apps on your device.
We need your help. https://keepandroidopen.org/
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Maria Sophia <mariasophia@comprehension.com> writes:

From Windows, I went to F-Droid today, to look up an app, and this was in pink at the top warning us. Anyone want to discuss what's going on? <https://f-droid.org/>

F-Droid is under threat. Google is changing the way you install apps
on your device. We need your help. https://keepandroidopen.org/

"Does this mean sideloading is going away on Android? Absolutely
not. Sideloading is fundamental to Android and it is not going away. Our
new developer identity requirements are designed to protect users and developers from bad actors, not to limit choice. We want to make sure
that if you download an app, itrCOs truly from the developer it claims to
be published from, regardless of where you get the app. Verified
developers will have the same freedom to distribute their apps directly
to users through sideloading or through any app store they prefer. "

That's OK then.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-24 07:01, Maria Sophia wrote:

From Windows, I went to F-Droid today, to look up an app, and this was in pink at the top warning us. Anyone want to discuss what's going on? <https://f-droid.org/>

F-Droid is under threat. Google is changing the way you install apps on
your device. We need your help. https://keepandroidopen.org/

What's this?

Your perfect system isn't going to change in a way you don't like, is it?
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Richmond, 2026-02-24 17:17:

Maria Sophia <mariasophia@comprehension.com> writes:

From Windows, I went to F-Droid today, to look up an app, and this was in
pink at the top warning us. Anyone want to discuss what's going on?
<https://f-droid.org/>

F-Droid is under threat. Google is changing the way you install apps
on your device. We need your help. https://keepandroidopen.org/

"Does this mean sideloading is going away on Android? Absolutely

Even with sideloading, apps *must* be signed with a key by a developer
which registered at Google first and also uploaded his signing key
there. Otherwise, Android will refuse to install the app.

This means: apps on F-Droid can *not* be used any longer, if the
developers of these apps refuse to register at Google first.

And yes, even if you want to create and sideload an app just for your
own use without ever publishing it - this will not be possible any
longer without registering at Google!

not. Sideloading is fundamental to Android and it is not going away. Our
new developer identity requirements are designed to protect users and developers from bad actors, not to limit choice. We want to make sure
that if you download an app, itrCOs truly from the developer it claims to
be published from, regardless of where you get the app. Verified
developers will have the same freedom to distribute their apps directly
to users through sideloading or through any app store they prefer. "

Until now you can create an app, host the source code on a service like Codeberg or any other free service like this and publish it on F-Droid.
You never have to register at Google at all.

Forcing developers to be verified does not solve anything but will take
away the freedom to publish open source projects for many people.

Even a verified developer can include harmful actions to an app, if they
are not discovered by the automated checks of Google Play protect - but
on the other hand those checks will run regardless who created an app.
So there is no need for a developer verification, since this will not
change anything when it comes to actual protection against harmful
behaviour.

If a user decides to turn off Google Play protect, even a developer verification will not protect him since sideloading allows to distribute
apps as APK files which are not verified by Google. Google will not
check the apps, just the identifiy of the developers.

On the other hand F-Droid only accepts apps which are open source - so
everyone can check the source code and see, if there is any malicous
code included. The risk of getting malware from F-Droid is very low,
since malware creators would need to publish the code for it as well and
not just the binary app archive.

But in the end Google will have the ultimate power to suppress any app
they don't want. At the moment they can't do this, since they don't
control F-Droid and can not block apps from being installed.

For a better understanding, read the open letter which was signed by
many institutions and open source projects:

<https://keepandroidopen.org/open-letter/>
--
Arno Welzel
https://arnowelzel.de
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Maria Sophia, 2026-02-24 16:01:

From Windows, I went to F-Droid today, to look up an app, and this was in pink at the top warning us. Anyone want to discuss what's going on?
<https://f-droid.org/>

F-Droid is under threat.
Google is changing the way you install apps on your device.
We need your help. https://keepandroidopen.org/

It's not just F-Droid - ANDROID ITSELF is under threat!

Not only F-Droid would not work anymore - *every* alternative way to
install apps without registering as developer first at Google will be
taken away.
--
Arno Welzel
https://arnowelzel.de
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 25/02/2026 07:43, Arno Welzel wrote:

Maria Sophia, 2026-02-24 16:01:

From Windows, I went to F-Droid today, to look up an app, and this was in >> pink at the top warning us. Anyone want to discuss what's going on?
<https://f-droid.org/>

F-Droid is under threat.
Google is changing the way you install apps on your device.
We need your help. https://keepandroidopen.org/

It's not just F-Droid - ANDROID ITSELF is under threat!

Not only F-Droid would not work anymore - *every* alternative way to
install apps without registering as developer first at Google will be
taken away.

What about GrapheneOS and similar? It doesn't look good. <https://news.ycombinator.com/item?id=45059771>

I guess it will also stop use of "unapproved" apps in the Android
sandbox in Furiphones.

Perhaps this will increase interest in non-Android OSs for phones.
--
Jeff
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Arno Welzel <usenet@arnowelzel.de> writes:

Richmond, 2026-02-24 17:17:

Maria Sophia <mariasophia@comprehension.com> writes:

From Windows, I went to F-Droid today, to look up an app, and this
was in pink at the top warning us. Anyone want to discuss what's
going on? <https://f-droid.org/>

F-Droid is under threat. Google is changing the way you install
apps on your device. We need your
help. https://keepandroidopen.org/

"Does this mean sideloading is going away on Android? Absolutely

Even with sideloading, apps *must* be signed with a key by a developer
which registered at Google first and also uploaded his signing key
there. Otherwise, Android will refuse to install the app.

This means: apps on F-Droid can *not* be used any longer, if the
developers of these apps refuse to register at Google first.

And yes, even if you want to create and sideload an app just for your
own use without ever publishing it - this will not be possible any
longer without registering at Google!

not. Sideloading is fundamental to Android and it is not going
away. Our new developer identity requirements are designed to protect
users and developers from bad actors, not to limit choice. We want to
make sure that if you download an app, itrCOs truly from the developer
it claims to be published from, regardless of where you get the
app. Verified developers will have the same freedom to distribute
their apps directly to users through sideloading or through any app
store they prefer. "

Until now you can create an app, host the source code on a service
like Codeberg or any other free service like this and publish it on
F-Droid. You never have to register at Google at all.

Forcing developers to be verified does not solve anything but will
take away the freedom to publish open source projects for many people.

Even a verified developer can include harmful actions to an app, if
they are not discovered by the automated checks of Google Play protect
- but on the other hand those checks will run regardless who created
an app. So there is no need for a developer verification, since this
will not change anything when it comes to actual protection against
harmful behaviour.

If a user decides to turn off Google Play protect, even a developer verification will not protect him since sideloading allows to
distribute apps as APK files which are not verified by Google. Google
will not check the apps, just the identifiy of the developers.

On the other hand F-Droid only accepts apps which are open source - so everyone can check the source code and see, if there is any malicous
code included. The risk of getting malware from F-Droid is very low,
since malware creators would need to publish the code for it as well
and not just the binary app archive.

But in the end Google will have the ultimate power to suppress any app
they don't want. At the moment they can't do this, since they don't
control F-Droid and can not block apps from being installed.

For a better understanding, read the open letter which was signed by
many institutions and open source projects:

<https://keepandroidopen.org/open-letter/>

This article suggests that it will be possible for end users to install
even though the signature is not valid:

https://www.androidauthority.com/install-without-verifying-3633199/
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Jeff Layman <Jeff@invalid.invalid> wrote:

On 25/02/2026 07:43, Arno Welzel wrote:

Maria Sophia, 2026-02-24 16:01:

From Windows, I went to F-Droid today, to look up an app, and this was in >> pink at the top warning us. Anyone want to discuss what's going on?
<https://f-droid.org/>

F-Droid is under threat.
Google is changing the way you install apps on your device.
We need your help. https://keepandroidopen.org/

It's not just F-Droid - ANDROID ITSELF is under threat!

Not only F-Droid would not work anymore - *every* alternative way to install apps without registering as developer first at Google will be
taken away.

What about GrapheneOS and similar? It doesn't look good. <https://news.ycombinator.com/item?id=45059771>

GrapheneOS won't be affected - the check will be in the Google Play
middleware and GOS installs apps without going through it.

However what it will do is reduce the ecosystem of free/open source apps,
for whom a large part of the user space is standard Android phones running Google services. Unless those users move en masse to GOS or other 'open' Android versions, the developers may give up if their market is taken away.

I guess it will also stop use of "unapproved" apps in the Android
sandbox in Furiphones.

It seems[1] they're using Android 12, which is ancient. I assume they will
not implement the check if they ever move to a more modern version of
Android. They don't appear to run Google services so I doubt they would be affected even then.

Theo

[1] https://www.theregister.com/2025/02/03/furiphone_flx1/
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Arno Welzel wrote:

For a better understanding, read the open letter which was signed by
many institutions and open source projects:

<https://keepandroidopen.org/open-letter/>

For posterity...
... regarding Android becoming like the existing Apple prison ecosystem.

Date: February 24, 2026
To: Sundar Pichai, Chief Executive Officer, Google
To: Sergey Brin, Founder and Board Member, Google
To: Larry Page, Founder and Board Member, Google
To: Vijaya Kaza, General Manager for App & Ecosystem Trust, Google
CC: Regulatory authorities, policymakers, and the Android developer
community
Re: Mandatory Developer Registration for Android App Distribution

We, the undersigned organizations representing civil society, nonprofit institutions, and technology companies, write to express our strong
opposition to Google's announced policy requiring all Android app
developers to register centrally with Google themselves in order to
distribute applications outside of the Google Play Store, set to take
effect worldwide in the coming months.

While we do recognize the importance of platform security and user safety,
the Android platform already includes multiple security mechanisms that do
not require central registration. Forcibly injecting an alien security
model that runs counter to Android's historic open nature threatens
innovation, competition, privacy, and user freedom. We urge Google to
withdraw this policy and work with the open-source and security communities
on less restrictive alternatives.

Our Concerns
1. Gatekeeping Beyond Google's Own Store

Android has historically been characterized as an open platform where
users and developers can operate independently of Google's services. The proposed developer registration policy fundamentally alters that
relationship by requiring developers who wish to distribute apps through alternative channels - their own websites, third-party app stores,
enterprise distribution systems, or direct transfers - to first seek
permission from Google through a mandatory verification process, which
involves the agreement to Google's terms and conditions, the payment of a
fee, and the uploading of government-issued identification.

This extends Google's gatekeeping authority beyond its own marketplace
into distribution channels where it has no legitimate operational role. Developers who choose not to use Google's services should not be forced to register with, and submit to the judgement of, Google. Centralizing the registration of all applications worldwide also gives Google newfound
powers to completely disable any app it wants to, for any reason, for the entire Android ecosystem.

2. Barriers to Entry and Innovation

Mandatory registration creates friction and barriers to entry,
particularly for:

Individual developers and small teams with limited resources
Open-source projects that rely on volunteer contributors
Developers in regions with limited access to Google's registration infrastructure
Privacy-focused developers who avoid surveillance ecosystems
Emergency response and humanitarian organizations requiring rapid
deployment
Activists working on internet freedom in countries that unjustly
criminalize that work
Developers in countries or regions where Google cannot allow them to sign
up due to sanctions
Researchers and academics developing experimental applications
Internal enterprise and government applications never intended for broad public distribution
Every additional bureaucratic hurdle reduces diversity in the software ecosystem and concentrates power in the hands of large established players
who can more easily absorb such compliance costs.

3. Privacy and Surveillance Concerns

Requiring registration with Google creates a comprehensive database of all Android developers, regardless of whether or not they use Google's
services. This raises serious questions about:

What personal information developers must provide
How this information will be stored, secured, and used
Whether this data could be subject to government requests or legal
processes
To what extent developer activity is tracked across the ecosystem
What this means for developers working on privacy-preserving or
politically sensitive applications
Developers should have the right to create and distribute software without submitting to unnecessary surveillance or scrutiny.

4. Arbitrary Enforcement and Account Termination Risks

Google's existing app review processes have been criticized for opaque decision-making, inconsistent enforcement, and limited appeal mechanisms. Extending this system to all Android certified devices creates risks of:

Arbitrary rejection or suspension without clear justification
Automated systems making consequential decisions with insufficient human oversight
Developers losing their ability to distribute apps across all channels due
to a single un-reviewable corporate decision
Political or competitive considerations influencing registration approvals
Disproportionate impact on marginalized communities and controversial but legal applications
A single point of failure controlled by one corporation is antithetical to
a healthy, competitive software ecosystem.

5. Anticompetitive Implications

This requirement allows Google to collect intelligence on all Android development activity, including:

Which apps are being developed and by whom
Alternative distribution strategies and business models
Competitive threats to Google's own services
Market trends and user preferences outside of Google's ecosystem
This information asymmetry provides Google with significant competitive advantages, allows it to preempt, copy, and undermine competing products
and services, and may open many questions about antitrust.

6. Regulatory concerns

Regulatory authorities worldwide, including the European Commission, the
U.S. Department of Justice, and competition authorities in multiple jurisdictions, have increasingly scrutinized dominant platforms' ability to preference their own services and restrict competition, demanding more
openness and interoperability. We additionally note growing concerns around regulatory intervention increasing mass surveillance, impeding software freedom, open internet and device neutrality.

We urge Google to find alternative ways to comply with regulatory
obligations by promoting models that respect Android's open nature without increasing gatekeeper control over the platform.

Existing Measures Are Sufficient
The Android platform already includes multiple security mechanisms that do
not require central registration:

Operating system-level security features, application sandboxing, and permission systems
User warnings for applications that are directly installed (or
"sideloaded")
Google Play Protect (which users can choose to enable or disable)
Developer signing certificates that establish software provenance
No evidence has been presented that these safeguards are insufficient to continue to protect Android users as they have for the entire seventeen
years of Android's existence. If Google's concern is genuinely about
security rather than control, it should invest in improving these existing mechanisms rather than creating new bottlenecks and centralizing control.

Our Petition
We call upon Google to:

Immediately rescind the mandatory developer registration requirement for third-party distribution.
Engage in transparent dialogue with civil society, developers, and
regulators about Android security improvements that respect openness and competition.
Commit to platform neutrality by ensuring that Android remains a genuinely open platform where Google's role as platform provider does not conflict
with its commercial interests.
Over the years, Android has evolved into a critical piece of technological infrastructure that serves hundreds of governments, millions of businesses,
and billions of citizens around the world. Unilaterally consolidating and centralizing the power to approve software into the hands of a single unaccountable corporation is antithetical to the principles of free speech,
an affront to free software, an insurmountable barrier to competition, and
a threat to digital sovereignty everywhere.

We implore Google to reverse course, end the developer verification
program, and to begin working collaboratively with the broader community to advance security objectives without sacrificing the open principles upon
which Android was built. The strength of the Android ecosystem has
historically been its openness, and Google must work towards restoring its
role as a faithful steward of that trust.

Signatories

AdGuard
adguard.com
The App Fair Project
ARTICLE 19
Aurora Store
auroraoss.com
The Center for Digital Progress (D64)
The Chaos Computer Club (CCC)
Codeberg e.V.
Cryptee
Data Rights
Digitale Gesellschaft
The Digital Rights Foundation
Digital Rights Watch
epicenter.works - for digital rights
e Foundation
European Digital Rights (EDRi)
The Electronic Frontier Foundation (EFF)
Fastmail
FUTO
Ghostery
F-Droid
The Free Software Foundation (FSF)
The Free Software Foundation Europe (FSFE)
The Guardian Project
izzyondroid.org
JMP.chat
Obtainium
The OpenStreetMap Foundation (OSMF)
Osservatorio Nessuno OdV
Molly
Nextcloud
Open Rights Group (ORG)
Proton AG
Rossman Group
Software Freedom Conservancy
Techlore
The Tor Project
Tuta Mail
Vivaldi Technologies AS
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Richmond wrote:

This article suggests that it will be possible for end users to install
even though the signature is not valid:

https://www.androidauthority.com/install-without-verifying-3633199/

How it works, with respect to this distinction probably is important:
a. Users (like you and me)
b. Repositories (e.g., F-Droid, Github/Gitlab, SourceForge, etc.)
c. Developer sites (e.g., newpipe.net, auroraoss.com, faircode.eu, etc.)


For posterity... since this could make Android like the Apple prison...

Here's how Google's getting ready for Android's upcoming sideloading restrictions (Updated)

Last year, Google announced that developers would have to register even
when users are only sideloading their apps.

Eventually, Google backed down and offered to give advanced users an option
for manual installs from unknown sources.

Ahead of that rolling out, we're seeing Google Play begin to prepare for
this system's arrival.

Update: January 18, 2026 (11:18 PM ET): After publication, we heard from
Marc Prud'hommeaux, the founder of the App Fair Project and an F-Droid
board member, who pointed out that the warning strings we referenced are
not entirely new to Android. Versions of this language have existed in Android's system-level Package Installer since at least July 2025. This suggests that Google has been preparing the developer verification flow mentioned below for quite some time.

That said, our reporting focused on the fact that this language has now appeared inside the Google Play app itself, which is a new development. The move from system-level code to Google Play could signal that the company is actively preparing to surface this flow to users. Still, Google has yet to clearly explain how its promised "advanced" sideloading path will work in practice. Until the company offers more clarity, concerns raised by groups
like F-Droid about the future of alternative app stores remain unresolved. However, replying to our original story, a Google exec confirmed that the
new sideloading process will have a high-friction flow.

Original article: January 16, 2026 (1:53 PM ET): Changes are coming to how Android users install apps outside the safety and protection of the Play
Store. Google sounded the alarm last summer, warning the Android community
that starting in 2026, even developers releasing apps for sideloading would have to register with Google. Following some immediate pushback, Google softened its stance a bit, ultimately agreeing to give informed users the option for an "advanced" installation flow that would support even
unverified apps. And as we wait to see exactly how that's going to work,
we're starting to spot some early pieces of it.

At least, we're definitely identifying text strings recently added to
Google Play (here we're looking at version 49.7.20-29) that make reference
to verified installs - and the ability to proceed even without
verification. But we have questions about whether or not this represents
that new "advanced flow" Google teased. Take a look:

Install without verifying
If you install without verifying, keep in mind apps from unverified
developers may put your device and data at risk.

Can't verify app developer
No internet, can't verify app developer
The app can't be verified at the moment

Even with us still uncertain exactly how these messages will appear to
users, their content alone offers a bit of insight into what to expect. Clearly, there's an active component to the process that requires a data connection, and without one available, users will be presented with a
warning that developer status can't be verified.

We also see what looks like an option for moving forward with installation despite the lack of developer verification. Now, without being able to go through this new install workflow just yet, we may be getting ahead of ourselves, but at least based on these few strings, we have to say - this doesn't feel particularly robust? Sure, there's that explicit warning about
the risk involved, but it doesn't feel that much different from the sort of message we already see when enabling the installation of unknown apps.

That said, keep in mind that we've still got a long way to go before Google
is expected to flip the switch on this new system, so there is still more
than ample time to dial-in the experience and make sure that users won't be able to breeze through installation of possibly sketchy apps without
clearly communicating that they know what they're doing. Google's timeline involves first introducing the program to users in Brazil, Indonesia, Singapore, and Thailand, and even then, not until September of this year.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Maria Sophia <mariasophia@comprehension.com> writes:

Richmond wrote:

This article suggests that it will be possible for end users to install
even though the signature is not valid:
https://www.androidauthority.com/install-without-verifying-3633199/

How it works, with respect to this distinction probably is important:
a. Users (like you and me)
b. Repositories (e.g., F-Droid, Github/Gitlab, SourceForge, etc.)
c. Developer sites (e.g., newpipe.net, auroraoss.com, faircode.eu, etc.)

Samsung has its own app store. I don't thing Samsung would like to have
all its apps register with Google.

Amazon also has its own app store and doesn't have Google Play, but
Amazon FireOS is based on Android 11, and I think their latest has moved
away from Android.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Richmond, 2026-02-25 10:53:

Arno Welzel <usenet@arnowelzel.de> writes:

[...]

For a better understanding, read the open letter which was signed by
many institutions and open source projects:

<https://keepandroidopen.org/open-letter/>

This article suggests that it will be possible for end users to install
even though the signature is not valid:

https://www.androidauthority.com/install-without-verifying-3633199/

There is no official confirmation for this by Google so far. Also see here:

<https://keepandroidopen.org>

Quote:

Update: Google has not "backed down" from developer verification

Contrary to a vague mention of a possible "advanced flow" that may
eventually allow "experienced users to accept the risks of installing
software that isn't verified", GooglerCOs description of the program
continues to state plainly that:

"Starting in September 2026, Android will require all apps to be
registered by verified developers in order to be installed on certified
Android devices"

(End of quote)

And the linked page at <https://developer.android.com/developer-verification?hl=en> does not
contain *any* hint, that experienced users may turn off the verification.

If you have any official statement by Google, please let us know, where
to find it.
--
Arno Welzel
https://arnowelzel.de
--- Synchronet 3.21b-Linux NewsLink 1.2