Hacker News

> I agree that mandatory developer registration feels too heavy handed, but I think the community needs a better response to this problem than "nuh uh, everything's fine as it is."

Why would the community give a different response? Everything is fine as it is. Life is not safe, nor can it be made safe without taking away freedom. That is a fundamental truth of the world. At some point you need to treat people as adults, which includes letting them make very bad decisions if they insist on doing so.

Someone being gullible and willing to do things that a scammer tells them to do over the phone is not an "attack vector". It is people making a bad decision with their freedom. And that is not sufficient reason to disallow installing applications on the devices they own, any more than it would be acceptable for a bank to tell an alcoholic "we aren't going to let you withdraw your money because we know you're just spending it at the liquor store".

I am the author of the letter and the coordinator of the signatories. We aren't saying "nuh uh, everything's fine as it is." Rather, we are pointing out that Android has progressively been enhanced over the years to make it more secure and to address emerging new threat models.

For example, the "Restricted Settings"¹ feature (introduced in Android 13 and expanded in Android 14) addresses the specific scam technique of coaching someone over the phone to allow the installation of a downloaded APK. "Enhanced Confirmation Mode"², introduced in Android 15, adds furthers protection against potentially malicious apps modifying system settings. These were all designed and rolled out with specified threat models in mind, and all evidence points to them working fairly well.

For Google to suddenly abandon these iterative security improvements and unilaterally decide to lock-down Android wholesale is a jarring disconnect from their work to date. Malware has always been with us, and always will be: both inside the Play Store and outside it. Google has presented no evidence to indicate that something has suddenly changed to justify this extreme measure. That's what we mean by "Existing Measures Are Sufficient".

[^1]: https://support.google.com/android/answer/12623953

[^2]: https://android.googlesource.com/platform/prebuilts/fullsdk/...

Developer registration doesn't prevent this problem. Stolen ID can be found for a lot less money than what a day in a scam farm's operation will bring in. A criminal with access to Google can sign and deploy a new version of their scam app every hour of the day if they wish.

The problem lies in (technical) literacy, to some extent people's natural tendency to trust what others are telling them, the incompetence of investigative powers, and the unwillingness of certain countries to shut down scam farms and human trafficking.

My bank's app refuses to operate when I'm on the phone. It also refuses to operate when anything is remotely controlling the phone. There's nothing a banking app can do against vulnerable phones rooted by malware (other than force to operate when phones are too vulnerable according to whatever threshold you decide on so there's nothing to root) but I feel like the countries where banks and police are putting the blame on Google are taking the easy way out.

Scammers will find a way around these restrictions in days and everyone else is left worse off.

If you can "coach someone to ignore standard security warnings", you can coach them to give you the two-factor authentication codes, or any number of other approaches to phishing.

Does your logic extend to PCs? If not, why?

Because I hope you realize that clamping down on “sideloading” (read: installing unsigned software) on PCs is the next logical step. TPMs are already present on a large chunk of consumer PCs - they just need to be used.

>I agree that mandatory developer registration feels too heavy handed, but I think the community needs a better response to this problem than "nuh uh, everything's fine as it is."

OK, so instead of educating stupid (or overly naive) people, we implement "protections" to limit any and all people to do useful things with their devices? And as a "side effect" force them to use "our" app store only? Something doesn't smell that good here …

How about a less drastic measure, like imposing a serious delay for "side loading" … let's say I'd to tell my phone that I want to install F-Droid and then would have to wait for some hours before the installation is possible? While using the device as usual, of course.

The count down could be combined with optional tutorials to teach people to contact their bank by phone meanwhile. Or whatever small printed tips might appear suitable.

There simply isn't a known solution to this problem. If you give users the ability to install unverified apps, then bad actors can trick them into installing bad ones that steal their auth codes and whatnot. If you want to disallow certain apps then you have to make decisions about what apps (stores) are "blessed" and what criteria are used to make those distinctions, necessarily restricting what users can do with their own devices.

You can go a softer route of requiring some complicated mechanism of "unlocking" your phone before you can install unverified apps - but by definition that mechanism needs to be more complicated then even a guided (by a scammer) normal non-technical user can manage. So you've essentially made it impossible for normies to install non-playstore apps and thus also made all other app stores irrelevant for the most part.

The scamming issue is real, but the proposed solutions seem worse then the disease, at least to me.

I like the idea of requiring extra work to get notification access. But really what all these scams pray on are time sensitivity, take that away and you solve the problem in many ways. For example, your bank shouldn't let you drain your account without either being in person or having a mandatory 24hr waiting period. Same could be done with side loaded apps getting notifications, if it's side loaded and wants to read notifications, then it needs to wait 24 hrs. Mostly it won't ever matter.

Alternatively reading notifications could be opt in per app, so the reading app needs to have permission to read your SMS message app notifications, or your bank notifications, that would not be as full proof as that requires some tech literacy to understand.

>A related approach might be mandatory developer registration for certain extremely sensitive permissions, like intercepting notifications/SMSes...? Or requiring an expensive "extended validation" certificate for developers who choose not to register...?

I think my overriding concern is not nuking F-Droid. I actually think that's a great solution and, interestingly, F-Droid apps already don't use significant permissions (or often use any permissions!) so that might work. Also it would be good if perhaps F-Droid itself could earn a trusted distributor status if there's a way to do that.

Or a marriage of the two, F-Droid can jump through some hoops to be a trusted distributor of apps that don't use certain critical permissions.

I think there have to be ways of creatively addressing the issue that don't involve nuking a non-evil app distribution option.

> community needs a better response to this problem than "nuh uh, everything's fine as it is."

You can also cut yourself with a kitchen knife but nobody proposes banning kitchen knives. Google and the state are not your nannies.

> In Google's announcement in Nov 2025, they articulated a pretty clear attack vector. https://android-developers.googleblog.com/2025/11/android-de...

This reeks of "think of the children^Wscammed". I mean, following this principle the only solution is to completely remove any form of sideloading and have just one single Google approved store because security.

> A related approach might be mandatory developer registration for certain extremely sensitive permissions, like intercepting notifications/SMSes...? O

It doesn't work like that. What they mean with "mandatory developer registration" is what Google already does if you want to start as a developer in Play Store. Pay 25$ one-time fee with a credit card and upload your passport copy to some (3rd-party?) ID verification service. [1] In contrast with F-Droid where you just need a GitLab user to open a merge request in the fdroid-data repository and submit your app, which they scan for malware and compile from source in their build server.

[1] but I guess there are plenty of ways to fool Google anyway even with that, if you are a real scammer.

That attack vector is just a symptom. It’s unfathomably foolish to use two-factor authentication via something as easy to intercept as SMS. Two-factor authentication should be done using a separate hardware token that generates time-based one-time codes. Anything else is basically security theater.

the whack-a-mole problem is real but mandatory registration doesn't actually fix it for sophisticated actors -- they'll just use burner entities or buy aged developer accounts. it mostly raises costs for hobbyists and side projects. the permission-gating approach dfabulich mentions (require registration only for notification/SMS interception APIs) seems more targeted.

There will _always_ be a need to balance between safety and the cost of adding more safety. There is no point at which safety is complete; there is always more that can be done, but the cost gets higher and higher.

So yes, "its fine the way it is" _is_ valid; but the meaning it "we're at a good point in the balance, any more cost is too much given the gains it generates"

> I think the community needs a better response to this problem than "nuh uh, everything's fine as it is."

People choosing between the smartphone ecosystems already have a choice between the safety of a walled garden and the freedom to do anything you like, including shooting yourself in the foot.

You don't spend a decade driving other "user freedom" focused ecosystems out of the marketplace, only to yank those supposed freedoms away from the userbase that intentionally chose freedom over safety.

How about.

"I am responsible for my own actions" mode.

You click that, the phone switches into a separate user space. Securenet is disabled, which is what most financial apps rely on.

Then you can install all the fun stuff you want.

This is really a matter of Google not sandboxing stuff right. Why the hell does App A need access to data or notifications from App B.

> the malware captures their two-factor authentication codes

Aren't we supposed to have sandboxing to prevent this kind of thing? If the malware relies on exploiting n-days on unpatched OSes, they could bypass the sideloading restrictions too.

The main problem here is the banks relying on an untrusted device as second factor.

Only immutable devices should be allowed as second factor.

Maybe we should take away peoples' phone calls, ability to use knives, walking on the street, swimming in water, drinking liquids of any kinds, alcohol, trains, while we are at it.

I think there's room to raise the bar of required tech competency without registration.

Manually installing an app might be close to the limit of what grandma can be coached through by an impatient scammer.

Multiple steps over adb, challenges that can't be copy and pasted in a script, etc. It can be done but it won't provide as much control over end user devices.

> In Google's announcement in Nov 2025, they articulated a pretty clear attack vector.

If you can be convinced by this, you can be convinced by anything. What if the scammer uses "fear and urgency" to make the person log onto their bank account and transfer the funds to the scammer?

If you can convince people to install new apps through "fear and urgency," especially with how annoying it often is to do outside of the blessed google-owned flow (and they're free to make it more annoying without taking this step), that person can be convinced of anything.

> I agree that mandatory developer registration feels too heavy handed, but I think the community needs a better response to this problem than "nuh uh, everything's fine as it is."

There's no other "solution" other than control by an authority that you totally trust if your "threat" is that a user will be able to install arbitrary apps.

The manufacturer, service provider, and google, of course, won't be held to any standard or regulations; they just get trusted because they own your device and its OS and you're already getting covertly screwed and surveilled by them. Google is a scammer constantly trying to exfiltrate information from my phone and my life in order to make money. The funny thing is that they are only pretending to defend me from their competition - they're not threatened by those small-timers - they're actually "defending" me from apps that I can use to replace their own backdoors. Their threat is that they might not know my location at all times, or all of my contacts, or be able to tax anyone who wants access to me.

I don’t want to be too flippant, but I think there is a real trade off across many aspects of life between “freedom” and “safety”.

There is a point at which people have to think critically about what they are doing. We, as a society, should do our best to protect the vulnerable (elderly, mentally disabled, etc) but we must draw the line somewhere.

It’s the same thing in the outside world too - otherwise we could make compelling arguments about removing the right to drive cars, for example, due to all the traffic accidents (instead we add measures like seatbelts as a compromise, knowing it will never totally solve the issue).

Google's announcement is just trolling, there's an order of magnitude more scams on the Play store and they don't call for its closure.

Right now when I search for "ChatGPT", the top app is a counterfeit app with a fake logo, is it really this store which is supposed to help us fight scams?

Agree with this middle path you point out. On one hand, I do not want some apps to be distributed anonymously, I need to know who is behind it in order to trust the app. On the other hand, many apps are benign.

Permissions are a great way to distinguish.

> standard security warnings

Make the warning a full screen overlay with a button to call local police then.

(Seriously)

"but local police won't treat that seriously..." "the victim will be coached to ignore even that..." well no shit then you have a bigger problem which isn't for google to fix.

> but I think the community needs a better response

The community does not need to do that. Installing software on my device should not require identification to be uploaded to a third party beforehand.

We're getting into dystopian levels of compliance here because grandma and grandpa are incapable of detecting a scam. I sympathize, not everyone is in their peak mental state at all times, but this seems like a problem for the bank to solve, not Android.

You can’t even win with adding more scare screens because as soon as Epic isn’t allowed to bypass the scare screens, they’ll sue you.

Just like they went after Samsung for adding friction to the sideload workflow to warn people against scams.

https://www.macrumors.com/2024/09/30/epic-games-sues-samsung...

Like many things in the US, this should be settled by congress not judges.

Things that everyone relies on for life are generally regulated by law. Telecom platforms for instance. I’d say the mandatory software platform I need for my bank, drivers license, daily communication, etc should be in this bucket.

The EU declaring both Apple and Google gateway platforms is a much better approach. Congress is abdicating its responsibility to craft the legal frameworks for equal access in the modern age.

Sorry, which exact ruling are you referring to? How did the court arrived at this finding (that seems irrelevant, false)?

> The problem with mandatory developer registration, is that it gives Google and Governments the ability to veto apps.

Don't they already have that power?

It's worse than that. Google will be able to track who's using a particular app because it has to be installed the official way. This means for example that anyone who has installed an ICE Tracking app will be reported to the government and perhaps added to a terrorist list.

The thing that everyone here ignores is that the friction isn't just for safety. It's by design. For some reason, everyone is giving Google as much benefit of the doubt as possible. But no, they want to drive out small developers in general, and this is just one piece of the puzzle. Google has already put up unrelated barriers to publishing apps on Google Play, required every app developer to dox themselves to every user (meanwhile Apple is far more permissive and allows an opt-out for non-commercial apps), they downrank apps by small developers, use alternate UX that disincentivizes installing lesser known apps, put up big scary warnings like "This app isn't installed often" or "Fewer people engage with this app" on the pages of those apps. The only explanation is that they want more money and less upkeep and moderation with the pesky small developers, and the real money-makers are the big corporate apps. They're recreating "the rich get richer" in their microcosm.

Friction does matter. Yes, criminals will create fake accounts with stolen IDs and stolen credit cards. But creating 1,000s of these is hard. Creating polymorphic banking trojans is simple.

I don't know if this trade off is worth it, but the idea that it won't affect this abuse at all is false.

Yeah, Google is terrible at validating developers are non-malicious on google play. plenty of fake/malicious/garbage apps make it through the filter.

You're welcome to it I suppose. As someone forced to use iOS for the past year I'm still waiting to find any smooth UX or strong ecosystem...

Precisely! Google doesn't care one bit about civil society; it cares about power to itself even if this means punching freedom and liberty in the face. Personally I think it'll be a good thing if this restriction finally wakes up people to seek alternatives to Google.

Elon's vision for the X "everything" app. It's great for them, now every single thing you do has the full gamut of privacy permissions. Playing a "mini-game"? Full accurate GPS coordinates available to it because you also have the ride-hailing "mini-app".

Google are also destroying that path by delaying the releases more and more.

No bank in my country has an app that works with those, so it's not an option for me anymore.

No, because many apps refuse to run on third-party distros due to misguided notions of them being insecure. It's easy to say "just don't use those apps" but in reality, people are rightly unwilling to put up with any friction and so will simply continue to use Google's version of the OS.

It matters to me because I'm reading it now and feel more informed about this problem. Throwing the towel in and saying it's all pointless isn't helpful.

Because the company either has to address it, or stop pretending it's "listening to concerns" or whatever. Even if it doesn't change the outcome, it makes it clearer that the company is engaging in bad faith.

It's something apps that will soon break can point their users to so they know to blame Google and a bunch of incompetent governments.

Google will not change their minds, they're too busy buying goodwill from governments by playing along. There aren't any real alternatives to Android that are less closed off and they know it.

Something like 7 iOS phones are sold every second of the day and there are even more Android phones sold. The number of people who care about this issue is far too few for any kind of boycott to be noticed by the handset makers. The only option is to appeal to Google's sense of what's right.

In the time it took you to read this comment, 200 phones were sold.

It's emphatically not "the wrong approach," and it's exceedingly weird when everyone makes things like this an "either/or."

Do BOTH, when possible.

I would if there was a viable mobile phone OS I could switch to. iOS isn't any better. Linux phones, sadly, aren't very practical for daily use. AOSP based projects also have many limitations, and are still dependent on Google.

What phone are you considering? Sailfish still doesn't seem very successful and mobile Linux barely boots on anything that performs better than a fifteen year old budget device.

I'm kind of hoping Qualcomm's open sourcing work will also affect the ability to run mainline Linux on Android devices, but it's looking like a Linux OS that covers the bare basics seems to be a decade away.

Oh yes, let me an individual out vote a trillion dollar corporation. That will surely work this time!

I'm sorry but people that think this way tend to also think having money is some morality signal and not one of a massive personality defect (greed).

Good luck with that.

As far as I know, it's implemented in the proprietary part of Android (Google Mobile Services, GMS), so it won't affect LineageOS users as long as they don't install the GMS.

I personally see an unmoderated app store as more detrimental to the end users. The harm happens at scale.

The permission problem also affects normal apps. Things like KDE Connect quickly become useless without advanced permissions, for instance.

No permission system can work as well as a proper solution (such as banks and governments getting their shit together and investing in basic digital skills for their citizens).

If I want to run a piece of software on my phone, I shouldn't need to go ask google whether they're cool with it

Nice strawman. People want the ability to decide for themselves whether or not to install some APK, they are not saying every APK under the sun is trustworthy.

sure, point me to the fdroid page for it

No.

Who says that Google is the one to decide what open source software I can install on my mobile Android computing device?

Ideological is carrying a lot of weight there. Perhaps you can be more specific about the ideological arguments you are hearing that are not worth it?

Citation please; and remember your answer is incomplete without a comparison to the safety of NON sideloaded apps.

Okay, then every book, every email, every text message, every comment, and every letter should be signed by a third party that's verified your ID. After all, there's speech which can cause material harm and free speech is just an ideological thing. It'd be dangerous if we allowed unsigned messages to be sent between people.