Comment by jjgreen
21 hours ago
From TFA:
Delve into System Settings, find Developer Options
Tap the build number seven times to enable Developer Mode
Dismiss scare screens about coercion
Enter your PIN
Restart the device
Wait 24 hours
Come back, dismiss more scare screens
Pick "allow temporarily" (7 days) or "allow indefinitely"
Confirm, again, that you understand "the risks"
Nine steps. A mandatory 24-hour cooling-off period. For installing
software on a device you own.
You left out the crucial bit:
that seems better, not worse, that they don't implement this on OS level, so no gapps users are not affected at all
Sounds a bit like trying to transfer my own money to myself at the bank. I.e. it seems designed to prevent old people getting scammed.
That's exactly what this is: Google is trying to prevent tech illiterate users from installing malware.
(Or at least, that's their take on this. You can choose to read between the lines, or not, as to whether they have other motivations also.)
Define malware.
2 replies →
Of course they have other motivations
But for 1 person wanting to run their own software there are hundreds of people with the potential to install malware/crapware/etc
2 replies →
Yes! That is because banking malware is specifically what is being targeted here: https://android-developers.googleblog.com/2026/03/android-de...
To be fair, that's a one time process. You do not need to do that for every app you want to sideload.
The malware issue that the flow is designed to mitigate is a very real problem. Perhaps there is a better way, but it's not immediately clear what that is.
I see zero trouble as long as it requires no additional identification, no additional payment, and no mandatory time limit for the sideloaded apps.
That is, fine by me. I can wait for 24 hours once in a few years when I acquire a new mobile phone.
You are thinking about it from the point of view of an enthusiast/hacker who wants to put their homebrew stuff on it. But this is also tightening around developers who may want to distribute their applications to lay users.
Lay users use Play Store.
Users who use F-Droid are already not as lay. If you distribute stuff that Play Store would ban, your users are likely not as lay, too.
Yes, it's inconvenient, but I see it as a good-faith attempt to limit exposure of lay users to scams, not some power grab.
Those developers will pay $25 for identity verification and have no issues.
8 replies →
There are exactly two groups of people who sideload APKs:
* people who know what they're doing
* people who are being victimized
Why would you do all that to install an app in a device that you own? It's bollocks.
Because grandmas all over the world are getting swindled by scam apps.
Look, I can't locally install a web extension I wrote on an open-source Firefox browser, because security. I have to install a Developer Edition, or get the extension reviewed and signed by Mozilla, for the very same reasons of thwarting scammers. Is this stifling, or is it making my browser not mine? Is anybody making a big deal out of that?
The world we inhabit is not always friendly. It has a ton of determined and sophisticated bad actors, and a lot of people with less technical savvy than you and me. We have to deal with that, instead of being cantankerous.
10 replies →
>Wait 24 hours
Somehow bank vaults and heroin storage boxes don’t take this long.
The 24 hour wait period is so the scammer can't use the element of urgency to keep the victim on the phone where they don't have the opportunity to speak with trusted friends/family who would stop the scam.
See also https://en.wikipedia.org/wiki/Cooling-off_period_(consumer_r.... It's an old solution to an old problem: give the potential victim a chance to think clearly while the damage can still be undone.