I don't think Google should be changing Android this way at all, and fear that it will later be used for evil. That said, I thought of an improvement:

Allow a toggle with no waiting period during initial device setup. The user is almost certainly not being guided by a scammer when they're first setting up their device, so this addresses the concern Google claims is driving the verification requirement. I'll be pretty angry if I have to wait a day to install F-Droid and finish setting up a new phone.

Evil, for the record would mean blocking developers of things that do not act against the user's wishes, but might offend governments or interfere with Google's business model, like the article's example of an alternative YouTube client that bypasses Google’s ads. Youtube is within its rights to try to block such clients, but preventing my device from installing them when that's what I want to do is itself a malicious act.

> It's my understanding that you don't have to keep developer options enabled after you enable the advanced flow. Once you make the change on your device, it's enabled.

Ok, but why is this advertised to applications in the first place? It's quite literally none of their business that developer options are enabled and it's a constant source of pain when some government / banking apps think they're being more "secure" by disallowing this.

> ADB installs are not impacted by the waiting period, so that is an option if you need to install certain unregistered applications immediately.

Someone is just going to make a nice GUI application for sideloading apks with a single drag-and-drop, so if your idea is that ADB is a way to ensure only "users who know what they're doing" are gonna sideload, you've done nothing. This is all security theatre.

Why do you keep harping on about ADB installs. That's not helpful. It doesn't help me install open source apps from FDroid. It's ridiculous that you think booting up a computer and using ADB is a reasonable workaround. It isn't.

The only reason I run android over iOS is the freedom to install things I want on it. A waiting period is unacceptable as Android has proven that it can't be trusted not to tighten the grip further.

Reconsider.

The only reason I use an Android instead of an Apple phone is that I can install two apps off of github. I am actively making a certain number of very quantifiable sacrifices already at this very moment by not stepping into the orchard.

If you go forward with this, I am not coming back. I will never again in my life trust you. And believe me - I still have boycotts on-going 20 years later. Including microsoft. It is surprisingly easy to avoid you "Ubiquitous" companies once you get your mind into it.

Why don’t you create an option to bypass this whole thing permanently on adb then? You can even add your 24h delay.

I’m not convinced this is really to protect users from being hurt by scammers, it is really about protecting the users from doing what hurts your company interests.

I don't want to install via ADB at all. This is MY phone.

Thank you so much for clarifying! That is most definitely not as bad as I had feared.

I still feel, though, that having to go ahead and proclaim “I am a developer!” just to enable sideloading is a bit much, as almost certainly the vast majority of sideloaders aren’t developers. Nonetheless, it does keep sideloading as an option, and I do see why, from Google’s perspective, using the already-existing developer mode to gate the feature would be convenient in the short term. Perhaps the announcement should specify this -- I suspect a number of people who read it also noticed the lack of that clarification.

And yes, good point on ADB. That does make this less inconvenient for developers or power users, though doesn’t help non-developers very much.

May I use ADB or Developer mode to disable the one-day period?

So give me a way to completely disable this nonsense via ADB.

This is hot garbage. Eliminating third party app stores like F-Droid defeats the whole purpose many of us even bother running Android instead of locked down Apple stuff.

Will third party apps like bank apps be able to detect whether advanced mode is enabled or not, like how they currently detect if developer options is enabled?

Do I need to be signed in to Google play to get the sideloading exception turned on? I don't sign in to it because I don't want to have my phone associated with a Google account. But I can't uninstall play completely on the devices I have.

It says something about 'restart your phone and reauthenticate' that's why I'm asking. What do you autenticate?

> ADB installs are not impacted by the waiting period, so that is an option if you need to install certain unregistered applications immediately.

Um yeah but then do I have to install every update via adb? I want to just use F-Droid.

Every single one of these steps are blatantly an attack on user freedom. The steps to unlocking the bootloader and install a different rom are not nearly as onerous. The only thing I will accept as reasonable, is a complete abandonment of this policy. Google has destroyed all trust I could have in it, and these weaselly worded concessions are based on a bullshit premise.

> I'm the community engagement manager

On a scale from "not worried" to "let them eat shit", how is the product team thinking about the breakage you'll get from people moving off platform?

So... we're just going to move the scam into convincing the end user to run an application on their PC to ADB sideload the Scam App. Got it, simple enough. It's not hard to coach a user into clicking the "no, I'm not being coached" button, too, to guide them towards the ADB enable flow.

I see the chosen language of "certain unregistered applications" (I suppose company mandated) already hints on the goal of control aspect. I want to deploy apps on my device. They are my apps, it’s my device, and I should not be required to ask for permission to do so.

Wero in Europe. It's really insane. They make wero to make us less dependent on US tech and then hamstring it in this way.

I enable developer mode on every android phone to at least change the animation durations to twice the speed. I also have never run into an issue fwiw

RBC in Canada for instance, just having developer mode enabled blocks it here

Philippines' most popular e-wallet app GCash outright closes when the developer mode is enabled with the popup saying that the device has "settings [enabled] that are not secure".

All the banking and payment apps in India refuse to open if you have developer mode on

One of my banking apps didn't even run if I had accessibility settings turned on. I've since closed my account with them, just because of that.

The amount of control we've given corporations over our computers is incredibly disappointing.

SumUp won't let you use your phone to accept contactless payments while developer mode is enabled. You can still use an external card reader though.

Brazil government app refuses to operate with developer mode on

> The one-day waiting period is so arbitrary.

Scammers aren't going to wait on the phone for a day with your elderly parent.

To paste code into the chrome dev console you just need to type “allow pasting”

You don't use the HSBC or Citibank app then I assume?

Google wants to kill installing apps outside of playstore.

Installing apps manually or through another store app is not "sideloading".

Sideloading is the new jaywalking, a newish word to pretend that a pretty normal action would be in any way illegal, dangerous or harmful.

>And you blame Google for this

Why does google allow apps to access this info?

Googler here (community engagement for Android) - I looked into the developer options question, and it's my understanding that you don't have to keep developer options enabled after you enable the advanced flow. Once you make the change on your device, it's enabled.

If you turn off developer options, then to turn off the advanced flow, you would first have to turn developer options back on.

Yes, it is really dumb that some of these settings are exposed to all apps with no permission gating [0]. But it will likely always be possible to fingerprint based on enabled developer options because there are preferences which can only be enabled via the developer options UI and (arguably) need to be visible to apps.

0: https://developer.android.com/reference/android/provider/Set...

It's always boggled my mind what native apps are allowed to know versus the same thing running in a browser on the same device.

Because estimates suggest Americans lose about $119 billion annually to financial scams, which is a not insignificant fraction of our entire military budget, or more than 5% of annual social security expenditures.

It's not directly a big issue for us technical people and our own individual usage. Telling people about F-Droid, NewPipe (& forks) or secuso apps will be a pain. People will find free software / software not approved by Google complicated or suspicious. It is a huge issue, and even for us in the end because it hurts the software we love.