Google cracks down! APKs, ROMs, and Emulators banned — is Android freedom over?
m.economictimes.com
Google is implementing a significant policy shift, banning unverified APKs, ROMs, and certain emulators on certified Android devices starting in 2026. This move, aimed at enhancing security and combating malware, will restrict app distribution to verified developers. Critics argue this move curtails Android's famed openness, potentially impacting custom ROMs and retro gaming enthusiasts.

If I am already using a rooted but proprietary smartphone (Samsung Galaxy S23), downloading my apps from other sources than Google Play, how would Google be able to control what I do with it? If necessary, I could just stay on my current OS build as well. All in all, while politically and philosophically, Google’s new policy is bad, I don’t feel threatened by it with my current understand of the situation and technology…

  • circuscritic@lemmy.ca
    182·
    7 hours ago

    They reversed course, so it’s not an immediate issue.

    But to answer your question, they would have provided an OS update to only allows app installations from verified developers, no matter the source.

    To get verified developers have to submit identification to Google and go through a Google process.

    So it wouldn’t matter if the install source was a third-party repo, or Google Play, the system would not have installed any applications not signed by a Google authorized certificate.

    That becomes very problematic because it gives Google the ability to restrict applications outside of the Google Play Store ecosystem.

    They were copying Apple’s playbook from the EU wherein Apple was legally mandated to allow third-party app stores, and in response Apple required all apps to be signed by an Apple verified developer certificate, no matter the repo.

    And wouldn’t you know it, Apple either revoked or would not provide certificates to developers of apps Apple didn’t like, such as BitTorrent clients.

    • INeedMana@piefed.zipEnglish
      12·
      7 hours ago

      They reversed course, so it’s not an immediate issue.

      I’m not convinced yet

      Some article as I can’t find my Xitter password to see the source

      designed an “advanced flow” for installing unverified apps. This new system is specifically intended for developers and power users who have a higher risk tolerance and want the ability to download unverified apps.

      It is not a casual toggle. The advanced flow is built to resist exploitation. The company emphasizes that the flow is designed to resist coercion, ensuring users aren’t tricked into bypassing safety checks under pressure from scammers. Social engineering often walks victims through dismissing every warning on screen, so Google is adding friction that fights back.

      That can very well mean we’ll be compiling everything by hand and sending it via USB app by app

      • circuscritic@lemmy.ca
        3·
        7 hours ago

        I don’t necessarily disagree, but the fact they walked back the original policy because it was so unpopular leads me to believe they are trying to save face by implementing a PITA way of enabling unknown sources, such as through ADB.

        The reason why I suspect that is because even with the original policy change, they were still going to allow unsigned apps to be installed via ADB.

        But I guess we’ll just have to wait and find out.

        • INeedMana@piefed.zipEnglish
          3·
          7 hours ago

          I think they got afraid such strict policy would put wind in the sails of Linux Phone initiatives

          But I might be jaded

    • emotional_soup_88@programming.devOPEnglish
      2·
      7 hours ago

      Right, then I’ll just stay on my current build, being careful not to flash an OS update 😈

      But in all seriousness, couldn’t one manage without OS updates - relying on only proper cyber hygiene and opsec - until a more viable solution comes up? 🤔

      • Sir_Kevin@lemmy.dbzer0.comEnglish
        4·
        6 hours ago

        couldn’t one manage without OS updates - relying on only proper cyber hygiene and opsec - until a more viable solution comes up?

        That’s been my plan. I just replaced all my android devices with new (to me) devices which are all unlocked, flashed/degoogled and rooted.

        I should be good for 5+ years. Hopefully by then the community has come up with a solution to whatever bullshit google has done.