HN Reader

Sideloading is a neologism to scare users and lawmakers, it just means "Installing software" and should be a basic right.

Also software installation in Android has been high friction for a while. Installing an APK on my phone is at least 10 clicks.

I take the opportunity to let people know that there are alternatives to Google/Apple duopoly on mobile. Link: https://www.ubuntu-touch.io/

Sure, GrapheneOS is often suggested but Ubuntu Touch is a really interesting alternative, their own store and ecosystem.

The community is amazing and welcoming. If there are Android apps which you can't do without, they can be emulated and used anyway. Imagine switching to Linux and then using Wine for the apps you really still need.

Yes, it's not perfect but Linux isn't either. If you think you're sufficiently tech savvy and want to make a change, give Ubuntu Touch a try. Find a cheap second hand supported device and play around, make some fun apps. (devices currently supported: https://devices.ubuntu-touch.io/ )

To me it's like being back when there was only Windows and Macs as viable home computer OS, and people were getting their feet wet with Linux and all its flavours. Now, it's the same but for mobile.

I would like to see a high friction flow for installing all the crap from the Play Store to "protect and educate users". "Are you sure you want to install this app? It's only got a score of 2.8 and only 7 reviews, and will ask for all of these permissions?"

I'm with Google on this one. Idiots and old people (the public) use these devices daily. These are the very same people that send money to Nigerian royalty and expect to hear back about a great reward. This is mostly a CYA move with hard data behind it. If they completely removed side load, that would be a different story.

Google's long term strategy with Android is baffling to me. Apple has had better mobile hardware for years. Apple has higher consumer trust. Apple has better app selection (for most people). Apple has been increasingly implementing the core features that differentiate Android devices, like USB-C and RCS. Every Android user lost to the increasing iOS market share is another customer Google has to pay exorbitant fees to a competitor to access.

And Google's strategy is to continue removing differentiating features from Android that also help them mitigate the threat of antitrust? Surely the marginal revenue from the inconsequential number of sideloading users isn't attractive enough to justify that kind of strategic blunder.

If the make sideloading high-friction, either via account-bound or apk upload or permissions from MNO/ISP, I will leave android. I have a bunch of my own apps that only I use, not released to the public, if I cannot use them, I have zero reason to stay on android.

I think one of the reasons they want to lockdown the system is to prevent guys like me from locking THEM out of my home/ecosystems, as and example, I build my own launchers, specifically for TCL TV's, which runs Android TV and has Developer Mode + adb. Which means I remove all the bloat & ad garbage, which they want to prevent.

We will get to the point where google will remove your ability to set custom dns servers and only use theirs.. just wait & see friends.

Anywhoo, when this side loading fence materializes, I will jump ship to apple.

> Matthew Forsyth, Director of Product Management, Google Play Developer Experience & Chief Product Explainer, said the system isn’t a sideloading restriction, but an “Accountability Layer.”

And... What about accountability for hosting distributing spyware, malware loaded apps from Google Playstore and hundreds of copy cat, misleading apps?

Why can't they pose a question when the phone is setup?

- Yes, I want to sideload

- No I dont want

If the user says NO then to later enable it to allow sideload Yes, the user needs to factory reset phone. Done.

When this whole thing got announced, I purchased a new Pixel 9 and flashed it with GrapheneOS.

I am hoping that in about 6-8 years (when I realistically need to update) the landscape might be a bit better. Or who knows, maybe I'll just continue using GrapheneOS.

So far I have not had a single issues with it. Apps the rely on attestation do not work, but honestly it's only two applications out of hundreds so I can live with it.

I also financially support GrapheneOS on a monthly basis (15$). This is just too important of an project not to.

Semi-related question: how invasive is the Temu App on Google Play Store nowadays. Last time I read about it, it posed a bigger threat to users than the average side-loaded app.

I heard that the frog boiling is a myth. You can't boil frog alive, it will jump out. As opposed to humans

The image at the top of the article is actually what already happens in Android and has done for years. At first, I thought that this meant that the article was very outdated, but no, this is from January 2026.

I imagine the text of the article is fine, but I'm a little bit disappointed that Android Authority chose to lead with that image and caption and make it seem that this is what the future flow would look like. You'd think they'd know better.

So I was actually planning on upgrading from a Pixel 7 Pro to a Pixel 10 around the time this announcement came out last year, but have put it on hold as I wait to see what form these changes take.

Like if it was "you need to do the developer 7-tap of the version label in settings", it'd be like "whatever". But given how long this process has taken, I suspect that is not what they've planned - it wouldn't take this long to develop, it certainly wouldn't take this long to explain.

So I suspect that we're actually in the "Maybe Later" phase of "Google wants to control which apps you install: [ ] Yes [ ] Maybe Later". And I mean, if their proposed solution turns out to be "Me and 25 of my closest friends can install apps I make by phoning home to Google servers", then like, I can do that on iOS too. And if I'm not going to have meaningfully more control of my Android device, I may as well just go to iOS where Apple at least have a better privacy record and don't seem to have have an all-encompassing goal of "where can we put AI features to drive AI usage metrics up the most?"

The Apple app store was ruled to not be monopoly.

When Google inquired in court how that could be if Apple doesn't even allow any form of side-loading, including other app stores (which Google does allow)

The judge said, I shit you not, Apple doesn't have any competitors on their platform, therefore they can't be anti-competitive.

Probably one of the worst most off the rails rulings ever. Google took notes and is now following Apple. You can thank the courts

As TFA does not mention it, and I don't see any top-level comments discussing it, this is a continued rollout of a "feature" first piloted in Brazil, Indonesia, Singapore, and Thailand. See:

https://android-developers.googleblog.com/2025/08/elevating-...

https://android-developers.googleblog.com/2025/11/android-de...

https://www.channelnewsasia.com/singapore/google-android-dev...

Of course, HN reaction has always been skeptical about this including in earlier news. But the reporting on it, and the countries in which it is piloted in, seems to me to involve government/banking industry cooperation with or pressure on Google to combat cyber fraud. These polities are prime targets for Android cyber fraud of this sort due to Android penetration, and seemingly (to me) also cultural proximity to scam operators, and tech-illiteracy among the vulnerable demographic. (And anticipating a reply I got from a previous article on my comment on this feature---no, it's just not feasible to comprehensively educate retirees against evolving tactics by scam operators and expect that to be a sufficient sole countermeasure.)

The highest risk is the play store itself. Gambling and addiction. So, when does Google add "high friction" there, instead of encouraging it? Ah, well, it's the money! Than stop bending the truth.

The current system is already high friction. Enabling "advanced protection" in your google account additionally requires installing apps through adb.

I was never an iOS user, or developer - exactly because Android was more "open", exerted less control over a user of the device.

The same reason I use Linux for 25 years (not ideological, but it just makes most sense by far). In time where this view (win11 vs. Linux) is starting to make sense to more and more people, few rare config nuances are getting easier to solve due to LLM-s, going into the opposite direction with a mobile OS calls for users to also start seriously considering more open alternatives and making a path for users of our app to do the same.

Some manufacturers like Xiaomi already have a very annoying flow for enabling developer options and using ADB. You need to have a SIM card inserted, need to create a Xiaomi account and there's several popups with timers you have to wait through.

So, which 3rd mobile vendor and/or OS are you moving to?

In the technofeudal new world order, your smartphone is not just a device, it is your gov issued digital ID/wallet

The Apple/Google OS duopoly exists by design, they view bootloader unlocking and sideloading as threats because they break that control

They want to be able to define and/or revoke your existence in the system

No escape, because no alternative

Can we please stop calling it "sideloading"? It's simply "installing" software on hardware that I own, and that I should have full control over.

The real question is if you can still sideload:

1) a .apk that was not developer-verified

2) without informing Google of this

Those of us who use Android phones now - and install FOSS apps form F-Droid or just any apps from elsewhere other than the church of Google - might be thinking: "Oh, I need to work out how I'll have decent app access after this happens."

But what we should really be thinking is: "Oh, I need to _donate_ to projects which aim to patch Android-based phones to remove these restrictions; or to projects which aim to replace (most/all of) Android completely".

We need to speak with our wallets in addition to just ranting about Google.

Don't be evil

Steam phone incoming in 3... 2... 1...

I am not very well educated when it comes to alternative stores landscape. But I do know that in Russia there's now Rustore: https://www.rustore.ru/en which functions by automatically downloading and updating APKs for you.

During the APK install, however, you do see the ugly Android prompt about how this app may be dangerous.

Rustore has its own app payment system, which obviously circumvents Google Play fees.

This works on regular Android phones.

Are there other examples of such stores? Perhaps it's Google's answer to that.

How does this relate to the announcement from a while back about introducing signatures that tie back to Google? (IE trusted developer program or whatever they're calling that horse shit.)

Funny way to say 'dark patterns'

The year of linux desktop unironically may be close. What is the situation with mobile?

Add high friction to scammy ads on your platform, Google

If auto-updating apps stops working on fdroid, I'll be installing Graphene, Lineage or taking a shot at something like postmarket/ubuntu touch/plasma mobile. I've used Lineage as a daily driver before for a while, so I'll probably just go back to that and tell developers to support the platform I'm using. It doesn't rent seek on developers or users.

Ah yes, such enormous friction, to install F-Droid and install an app via it, instead of Playstore. Argh, sooo much friction, really unbearable. /s

Google is getting more ridiculous by the day.

Part of me thinks they wouldn't be doing this if their own ad team wasn't knowingly accepting money from fraudsters.

I'm sure I'm missing something but wasn't this already the case where the first time you try to install an APK, you had to go into Settings and mark the relevant application as a trusted source for installing APKs from?

I think i have an idea that would better protect normal users while not getting in the way for power users and developers:

1. All applications must be signed with a valid store key.

2. Anyone can import a store key after rebooting into the bootloader (similar flow as custom roms)

3. Google can maintain a list of malicious keys and reject them

Why is this better? Because it makes it much harder to trick grandma into installing an APK some site just dropped.

I agree with high friction sideloading. it is the best of both worlds. no friction sideloading is too easily exploited by scammers. having a member of my family exposed to this kind of thing in the past taught me some things.

TBH this doesn't seem a particularly high friction change. It seems very like what we have to do already, or like what we do on OSX.