So now 3rd party app stores need an ADB loopback to work around that.
Not hard to do, but uselessly annoying.
this post was submitted on 07 Oct 2025
558 points (98.9% liked)
Technology
75792 readers
2482 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
Installing the third party stores would be way harder than it is right now if they do that though. No way the devs of e.g. f-droid are getting a verification on an app that bypasses Google's new 'safety measures'
I could imagine something like Sidequest happening on Android.
We really need some money poured into the Linux mobile space because this is a terrible direction to go.
dug my pinephone out of a drawer yesterday and gave it a whirl. still pretty rough unfortunately even after updating postmarket os.
Cool being able to SSH into my phone though
I'm still hoping they can get to a state for more general users. I really want one still. I need a Linux phone doing the old sidekick designs.
We need better Mobile Linux / Android distros
ThIs ApPLicAtIoN iS DaNgErOuS
Free market and openness my ass.
Is this even legal in the EU? The majority of phones in the EU are Android phones so this effectively gives Google control over what apps can be installed to the majority of phones. I thought the Digital Markets Act was designed to prevent exactly this.
Google will become the exact same as apple, third party stores are technically "allowed", but requires Google's official stamp (digital signature), it's same with Apple. Its probably legal since Apple is already like this.
A corporation like Epic Games will be left alone since they can afford lawyers. An open source volunteer dev making a Youtube alternative client will get their certificates revoked under dubious "ToS Violation" claims and they won't have money to sue.
It'll be a battle and then they'll get knocked and so on and so forth until we get these lazy cunts out of politics and break up the fuckin tech companies.
I think some recent EU proposals that make Google responsible for ensuring users can't install malicious apps is what have caused this to happen though. I could be wrong but I think I remember hearing about that.
Man, I miss my jailbroken iPhone 5.
It was like having your cake and eating it, and somehow its stock (much less tweaked) UI is less clunky than whatever TF Apple has done to my discount 16. Maybe it’s because I was using Android in between, but still…
The UI in iOS 26 looks like Windows Aero on Crack, and not in a good way...
Can someone "redpilled by corporate" explain me how this policy actually increase security?
It's trivial for a malware developer to pay $25 with a stolen card and a stolen id
Look at the "verified" bots on xitter, they didn't solve the bots problem, rather just monetized it
The vast majority of malware isn't delivered via play store because of the existing measures and protections they have. Same reason you see very little app-store-based malware on iOS. DISCLAIMER: YES MALWARE EXISTS ON APPLE HARDWARE PLEASE DON'T SHOUT AT ME. Talking specifically about anything installed via first party stores on both platforms.
Their main issue is this: dumb people install apks from spurious website and infect their phones. The least controllable and most pervasive factor here is the intelligence and knowledge of the user which cannot be controlled for by Google. So by eliminating the ability to exploit this entirely, it will eliminate that specific vector.
It's a sledgehammer solution that naturally comes with many downsides like disrupting intelligent and knowledgeable users that just want to hack around with FOSS and such.
Google is relying on It being too expensive for malware creators to have to guide each individual user through adb installation and usage process just to get access to their phone. Most scammers only do that level of interaction to extract actual cash/gift cards from the target.
I am personally and directly affected by their decision in many negative ways, but I'm not so dense as to not understand why they're doing it.
/corpodronespeak
EDIT: bots help Xitter maintain inflated usage figures which justify people's jobs, share prices, etc. Bots are a feature, not a bug.
Their main issue is this: dumb people install apks from spurious website
No they don't. Most people don't even know what an apk even is.
Most people don't know what a bootloader is. They still turn their devices on and off every day.
This whole conversation is about adding obstacles to prevent non technical users from doing things they don't fully understand.
The overwhelming majority of Android users don't even know where to start to install software outside of the Play Store. If they're even aware that it's possible.
Yes you're right. If they knew, it would likely come with the knowledge that, if someone asks you to do this, you're probably being scammed.
That's what makes them most vulnerable to these kinds of scams.
yes, of course malware is distributed via apk.
But what's the difference between:
- malware that is signed anonymously and then, when its signature is identified, it's removed via play protect
- malware that is signed with a stolen identity and then, when its signature is identified, it's removed via play protect
?
Isn't exactly the same stuff? Or there's someone that is actually thinking that criminals will use their real ID card for the verification?
Does not change anything for malware distribution, except bother them for a dozen minutes meanwhile they "verify" their stolen ID
Because it can be invalidated. That's the difference.
It's absolutely not foolproof, but nothing is. Most actions corps take for this stuff only slows down the spread. Hackers and bad actors innovate way faster than companies can keep up with. So companies cast a wide net with their solutions. And the cycle continues.
Apks can be invalidated after installation?
No, the certificate can be invalidated preventing future installations for other users. If you already have it you're SOOL
It's a lie. Google just wants control.
load more comments
(6 replies)
view more: next ›