In a significant shift for Android users and developers alike, Google has announced that starting next year, the installation of apps from unverified developers will be blocked. This policy will impact both applications available on the Play Store and those sideloaded from other sources, raising concerns among enthusiasts and privacy advocates about the future of sideloading. However, Google has reassured users that sideloading will remain a fundamental aspect of the Android ecosystem.
As part of this new verification system, Android will require an active internet connection during the installation process in certain scenarios. This means that when users attempt to install an app, the operating system will conduct a verification check to confirm the developer’s credentials. The Android Developer Verifier, a new service integrated into the OS, will play a crucial role in this process, ensuring that only verified developers can distribute their apps.
How Android will verify apps
Currently, Android performs several checks before allowing an app installation, such as ensuring that the app is not already installed and that it has not been flagged as malware. The addition of the Developer Verifier will introduce another layer of scrutiny, requiring the app to be verified against a trusted entity on the device. This service will check whether the developer has been verified and will determine the appropriate installation policy based on the verification outcome.
To facilitate this verification, the Developer Verifier will need to confirm that the app’s package and signing key have been submitted to Google. Given the vast number of new apps released weekly, maintaining a comprehensive on-device database is impractical. Therefore, while a network connection may be required in some cases, Google plans to cache the most popular verified apps to allow for installation without internet access.
How Android’s verification requirements will affect students and hobbyists
In an effort to accommodate student and hobbyist developers, Google will introduce a specialized Android Developer Console account type with fewer verification requirements and a waiver for the standard registration fee. However, this comes with significant limitations. Developers using these accounts will face strict distribution caps, requiring them to manually authorize each device that wishes to install their app. This two-step process is designed to restrict the reach of apps distributed by less established developers, thereby reducing the risk of malicious activity.
How Google will prevent bad actors from evading verification
To combat potential abuse of the verification system, Google has implemented measures to ensure that developers cannot easily claim ownership of existing app packages. Developers must demonstrate their ability to sign apps with the same key as the package they are claiming, without sharing private keys with Google. This approach aims to deter malicious developers from distributing harmful applications while maintaining a level playing field for legitimate developers.
Developers found distributing malware will face restrictions on their accounts, with all associated apps being blocked from installation for a specified period. Additionally, Google has developed techniques to identify fraudulent identity claims, bolstered by the requirement for developers to obtain a DUNS number for organizational accounts, which serves as a deterrent for bad actors.
What about privacy, F-Droid, and enterprise use cases?
Google has acknowledged concerns regarding privacy, particularly for developers who may wish to remain anonymous for legitimate reasons. While the company has stated that it will not publicly disclose developer information, it has not committed to withholding this information from government entities. Google insists that the need for transparency outweighs the risks associated with developer anonymity.
Regarding independent app stores like F-Droid, Google has indicated that it may allow package name duplication in specific cases, but this is unlikely to alleviate the challenges faced by F-Droid developers. The platform’s method of compiling and signing apps often results in conflicting versions, complicating the distribution landscape.
For enterprise use cases, Google will allow apps installed via management tools on managed devices to bypass the verification requirement. However, organizations distributing apps to offline devices will need to establish their own verification processes, potentially requiring periodic internet connectivity.
As the rollout of these new policies approaches, many questions remain about the implications for developers and users alike. While some methods of installation, such as ADB, are confirmed to work, the full extent of the verification system’s impact will become clearer as Google finalizes its implementation. The Android community is encouraged to stay informed as developments unfold.
