43 Top Artificial Intelligence (AI) Apps



android application development :: Article Creator

As Android Developer Verification Gets Ready To Go, Here's A New Reason To Be Worried

google pixel sideload apps obtanium 2

Andy Walker / Android Authority

TL;DR

  • Google is putting together its framework for Android developer verification, connecting dev names to even sideloaded apps.
  • Recent additions to the Android SDK offer a little insight into how the system may ultimately operate.
  • One variable suggests that users may not be able to sideload even verified apps without an active network connection.

    • Android's approach to software openness is changing in some fundamental ways right now, and the shift has not been happening without a fair amount of controversy. While Google has always let you install Android apps from outside its managed app ecosystem, sideloading their APK files, the company will now start mandating that developers register their identity, and block the installation of apps from unverified sources.

    For fans of open platforms, that's resulted in some spicy takes (my own included), but in the weeks since the news first broke we've learned a little more about Google's plans for implementing this program — and hearing about some critical workarounds, like maintaining the ability to sideload unverified apps over a connection to another device running ADB (the Android Debug Bridge).

    Don't want to miss the best from Android Authority?

    While we're breathing a little easier now that we know about that option, there are still plenty of headaches that this move could cause, and today we're thinking about one that's been brought up by Android fans on Reddit like user WesternImpression394. There, they've spotted some of the groundwork Google's been laying in the Android SDK (not the AOSP, as claimed in that thread) to support developer verification.

    One of the variables defined there is labeled in a way that immediately gets our attention: DEVELOPER_VERIFICATION_FAILED_REASON_NETWORK_UNAVAILABLE.

    When you stop and think about it for a moment, that makes all the sense in the world — Google isn't just interested in attaching someone's name to all those anonymous APKs floating around out there, but presumably doing so in a way that allows the company to take action based on the name, like blacklisting devs who spread malware. And indeed, there's a similar DEVELOPER_VERIFICATION_FAILED_REASON_DEVELOPER_BLOCKED variable. While it's easy enough to verify something like a cryptographic signature locally, Android might want to prevent you from installing an app if it can't get online and check if the name is on just such a no-no list.

    Admittedly, this probably won't cause a problem for most users ever, and we are looking at some kind of extreme corner case situation where you've already downloaded an APK, but no longer have network connectivity, nor access to a device running ADB (or an app already installed to run ADB commands locally). There could even be a cached copy of the ban list that would let you install offline up to a point. That said, Android has literally billions of users, and even rare situations will probably happen for someone eventually.

    We've still got a year to go  before developer verification starts actually impacting any Android end-users, although devs will start signing up in the months to come. That leaves plenty of time for us to learn more about the all-too-important details behind how the system will ultimately work — and hopefully, plan ahead for how to work around it for users who genuinely need to.

    Thank you for being part of our community. Read our Comment Policy before posting.


    Google Wants To Make Sideloading Android Apps Safer By Verifying Developers' Identities

    A photo of a Pixel 7 Pro with the restricted settings dialog showing

    Mishaal Rahman / Android Authority

    TL;DR

  • Google will soon verify the identities of developers who distribute Android apps outside the Play Store.
  • Developers must submit their information to a new Android Developer Console, increasing their accountability for their apps.
  • Rolling out in phases from September 2026, these new verification requirements are aimed at protecting users from malware by making it harder for malicious developers to remain anonymous.

    • Most Android users acquire apps from the Google Play Store, but a small number of users download apps from outside of it, a process known as sideloading. There are some nifty tools that aren't available on the Play Store because their developers don't want to deal with Google's approval or verification requirements. This is understandable for hobbyist developers who simply want to share something cool or useful without the burden of shedding their anonymity or committing to user support. Unfortunately, malicious developers take advantage of this openness and hide behind a curtain of anonymity when distributing malware. To combat this, Google is introducing a major change that pulls back that curtain, making it harder for malicious actors to distribute harmful apps.

    Don't want to miss the best from Android Authority?

    What's changing for apps distributed outside the Play Store?

    Today, Google announced it is introducing a new "developer verification requirement" for all apps installed on Android devices, regardless of source. The company wants to verify the identity of all developers who distribute apps on Android, even if those apps aren't on the Play Store. According to Google, this adds a "crucial layer of accountability to the ecosystem" and is designed to "protect users from malware and financial fraud." Only users with "certified" Android devices — meaning those that ship with the Play Store, Play Services, and other Google Mobile Services (GMS) apps — will block apps from unverified developers from being installed.

    Google says it will only verify the identity of developers, not check the contents of their apps or their origin. However, it's worth noting that Google Play Protect, the malware scanning service integrated into the Play Store, already scans all installed apps regardless of where they came from. Thus, the new requirement doesn't prevent malicious apps from reaching users, but it does make it harder for their developers to remain anonymous. Google likens this new requirement to ID checks at the airport, which verify the identity of travelers but not whether they're carrying anything dangerous.

    Google Play Protect Apps scanned

    Aamir Siddiqui / Android Authority

    What information will developers need to submit to Google, and how?

    Developers who distribute apps outside the Play Store will need to verify their identity through the new Android Developer Console that Google is currently building. This is equivalent to the Google Play Console that Play Store developers currently use, but Google says it will provide a simpler, more streamlined verification process.

    Android Developer Console

    Google

    A screenshot of the Android Developer Console

    Like the Google Play Console, the Android Developer Console will ask developers to provide their legal name, address, email, and phone number. (Organizations will additionally need to provide their website and a D-U-N-S number.) On Google Play, this information is shown to users on Play Store listings, but Google told Android Authority that the information developers provide to Google through the Android Developer Console "will not be surfaced to users."

    Google Play Store listing showing developer information

    Mishaal Rahman / Android Authority

    A Google Play Store listing showing the developer's information.

    Many hobbyist and student developers already complain about this requirement on Google Play, as it essentially forces them to reveal their personal information unless they set up a business address, so it's good to see that Android won't dox them. Google says it understands the needs of hobbyist and student developers are "different from commercial developers" and is therefore creating a "separate type of Android Developer Console account" for them. This separate account type will have "fewer verification requirements" and won't require the $25 USD registration fee that is otherwise required.

    Speaking of which, developers only need to create a separate Android Developer Console account if they don't plan on distributing any of their apps on Google Play. Developers with existing Google Play Console accounts can use them to register their non-Play apps and signing keys.

    When will Google's new developer verification requirements go into effect?

    This new requirement won't go into effect immediately but will be implemented in phases. An early access program will open in October 2025, allowing developers to participate in discussions, receive priority support, and offer feedback. The program will then open to all developers in March 2026, a full six months before the requirements begin.

    The requirements will first go into effect in September 2026 for users in Brazil, Indonesia, Singapore, and Thailand. At that point, any app a user in those countries installs must come from a verified developer. Google is targeting these regions for the initial rollout as they're "specifically impacted" by fraudulent app scams often committed by "repeat perpetrators." A global rollout is planned to continue through 2027.

    Android Developer Console rollout timeline

    Google

    Once the requirement is active, developers can still distribute their apps outside the Google Play Store, but they'll be held more accountable. This will certainly upset some privacy-conscious developers who don't want to submit their personal information to Google, and it will also alarm some users who worry that Google is locking down Android too much. Still, with Google's own analysis finding 50 times more malware from internet-sideloaded sources than from the Play Store, it's hard to argue this change won't do some good. However, the true effectiveness of the new requirements won't be known until they are fully implemented.

    Google's new requirement is similar to Apple's Developer ID and Gatekeeper model on macOS, which has successfully stopped less sophisticated attacks. Even a small reduction in malware on Android would be a positive outcome, but whether it's worth the loss of developer anonymity is up for debate.

    This article was updated at 1:35 PM ET with more information from Google and screenshots of the Android Developer Console.

    Thank you for being part of our community. Read our Comment Policy before posting.


    Google Forces Android Developers To Support Custom Icons

    For Android app developers that have been slow to adopt Google's push for themed app icons, there's no longer a choice. Google updated its Play Store policy today, now requiring developers to legally grant users the right to modify an app's icon colors. For users, this is a win. On the other hand, brands lose the ability to stand out on a user's home screen.

    Introduced in Android 16 QPR2 Beta 1, users can apply a tint to all app icons, which helps provide a more complete home screen appearance. Before this, when some apps wouldn't support a custom icon, it could make a home screen look quite terrible. With the change to Google Play's legalese, if a developer wants to distribute their application, they'll need to grant this right to users.

    You grant to the user a nonexclusive, worldwide, and perpetual license to perform, modify color of, or add themes to, your Product icons, display (including with the color and theme modifications), and use the Product.

    This change takes effect today for new accounts and all existing accounts on October 15. There are a few apps I have my eye on, so as a user, this is great news.

    // Android Authority





    Comments

    Post a Comment

    Popular posts from this blog

    ZLUDA v2 Released For Drop-In CUDA On Intel Graphics - Phoronix

    Image
    One of many interesting and original open-source projects to be started in 2020 was ZLUDA, an open-spurce drop-in CUDA implementation for Intel graphics. ZLUDA - developed independent of Intel and NVIDIA - is built atop Intel's oneAPI Level Zero interface (hence the name, ZLUDA) and allows for unmodified CUDA applications to run on Intel UHD/Xe Graphics hardware with near-native performance. Well, that's the goal at least but with the initial ZLUDA release were a number of support limitations. Out today is ZLUDA Version 2 that has been focused on ensuring it works well with the Geekbench CUDA test cases as an interesting stressor for CUDA on Intel graphics. Additionally, the Microsoft Windows support for ZLUDA has been improved while continuing to provide first-rate Linux support. ZLUDA Version 2 implements more host-side functions, a number of bugs have been fixed, I/O performance improvements, support for creating traces of CUDA kernel executions, and other enhancements for...
    Read more

    7 Ways to Remove an External USB Drive in Windows 11 - MUO - MakeUseOf

    Image
    Many users utilize USB flash drives (sticks) to store files and transfer them between PCs. Of course, you can always remove such drives from USB ports without ejecting them first. However, you might corrupt data on your USB stick if you don't safely remove it. To forestall potential file corruption, you should eject USB sticks and external hard drives. There are numerous ways you can select to eject a USB flash drive before removing it. Here are several alternative methods for safely removing USB drives on Windows 11 PCs. 1. How to Eject an External USB Drive via the System Tray Windows 11's system tray displays a Safely Remove Hardware and Eject Media icon whenever you've inserted a USB stick or other external hard drive. Right-click that icon to open a context menu for it, which includes an Eject option. Select the Eject option there, and proceed to remove the drive when the Safely Remove Hardware icon has disappeared. ...
    Read more

    Google chrome crashed and now laptop is running very slowly. Malware? - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

    Image
    Hello, My Huawei laptop is not very old and has been working perfectly until yesterday. Google Chrome crashed and now it takes longer to start up, and neither chrome or Microsoft edge work properly (very slow and keep buffering). My avast anti virus has not found anything when I scanned, but I can't think what else the problem can be. I tried some of the steps in the post about a slow computer not being a malware problem but nothing changed, and since I don't have very much installed on my laptop I don't think it can be a problem with memory. Any help in fixing this would be very much appreciated. I have attached my log here; Rachel Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-04-2022 Ran by Rachel (administrator) on LAPTOP-AJP0U36V (HUAWEI BOHB-WAX9) (17-04-2022 16:11:18) Running from C:\Users\Rachel\Downloads Loaded Profiles: Rachel Platform: Microsoft Windows 10 Home Single Language Version 21H2 19044.1645 (X64) Language: ...
    Read more