Android Developer Verification

The Android verification is such a broken experience. Recently I decided to purchase a dev account for my company, so far:

1) Provided my company DUNS number etc. once to create the payment profile. I did this some times ago, don’t remember the details but it was an involved verification process and it is marked as verified business payment profile.

2) Later on the payment step verified myself with a passport and bank statement to be able to actually pay with a proper HSBC bank card. Not shady pre-paid card or something, those are not accepted anyway.

3) After I paid I was told that now I need to verify my identity once more but this time with the passport and the incorporation certificate or some other company document.

fingers crossed that in few days it will be verified. While waiting, it tells me that there are still website and email verification to do once the previous step is done. I already verified my e-mail a few times before paying.

It’s painful, slow and annoying because if you fail at a step(i.e. needs verification that takes days and you are told about it at the payment step) you have to start again with the forms.

I just remembered why I never use Android. It seems like no one owns the process and as a result you get unpolished shitty experience that fulfills the requirements of god knows how many people who work in the same company but don’t talk to each other.

> However, our recent analysis found over 90 times more malware from sideloaded sources than on Google Play

Google has seemingly never seen an elderly person's phone, where it is completely infected with crap including literal popup ads (that somehow overlay other apps), yet all of it was downloaded from GPlay.

What % of Android users actually want this? Do they know or care?

I've been using Android since 2010 because it was open in ways that the Apple ecosystem wasn't. I do not want this and imagine hardly any other power users (for lack of a better term) do. I'm already using a mostly deGoogled device but this really seals the deal. I have been longing for a true Linux phone for years and now seems like a good time to get serious about the search and migration plan.

> Android is for everyone. It’s built on a commitment to an open and safe platform. Users should feel confident installing apps, no matter where they get them from.

This intro immediately tells me that whatever comes after will be horrible for users and developers. Surprise surprise, I was right. Software to "verify" side loaded apps is a bad, anti user idea.

Maybe it's just me but what happened to "don't send your government id to anyone". I am from the EU but this is what was indoctrinated to me. Just seems very strange to all off a sudden send all this information to any company you require a service from.

Also the person is not the company, why is Google making the developer identify oneself while many apps are released under a company? My understanding is that Google has been mishandling this for a while but with the verification linked to a government id that just seems like another can of worms.

A few scenarios to consider:

- The developer is fired/resigns and the company does not want to be associated with the developer, for example if the developer is convicted for something.

- The developer is fired/resigns and the developer does not want to be associated with the company, developer found out about certain practices of the company they don't condone.

- The developer and the company part in good faith, however one of them is being exploited/pressured by a third party to abuse the relationship to the app.

- The developer or the company is on legal hold due to legal issues, arrests, malpractice etc.

- The developer passes away or the company ceases to exist.

- How does this work if you are making an app as a developer for hire, when entering into a contract with a publisher for example. Who will verify and how will that work (especially on small scale apps).

Hey boss: “40M users are running a cracked version of YouTube premium on mobile, what can we do ?”

If they're taking on verification, are they also taking on liability? Do we get to sue them if grandma gets scammed through an app they allow onto their phone?

from https://9to5google.com/2026/03/30/android-developer-verifier... -

> Starting in April, Android Developer Verifier will be installed on devices.

so they're rolling out a system app that will call home to check whether any sideloaded apps have been "verified" with the developer's government ID? and this process will happen regardless of whether the user has enabled the "advanced flow" in Developer settings?

The latest shift to lock down Google's android pushed me recently to install /e/OS. On paper it makes those kind of projects a lot harder, but its prompted me to be a bit more considered about what software projects I want to use/support.

Really glad I have done that - I've been a 'boiled frog' of sorts on Android for a while now. Not happy with being continually more and more locked down, but not quite unhappy enough to shift. Feels like a breath of fresh air to have software that's built to serve me, rather than just to serve me ads.

That's seriously horrible. There are 5+ open source android apps that I use and want to continue using that are not available on Play Store, but rather through alternative stores (like Zapstore, Obtainium).

If I get a phone with preinstalled Graphene OS (like the upcoming Motorola phone), then does it avoid this stupidity? Or even with Graphene it prevents me from installing apks?

A 'safe' app store would promote and prioritize open source apps compiled on public auditable runners.

My experience was worse than just frustrating verification - it cost me money twice.

I submitted my government-issued ID and bank statements multiple times. Each time rejected, no specific explanation why. After several rounds I gave up, assuming my developer account would at least stay dormant until I felt like trying again.

It didn't. Google deleted the account entirely. No warning, no refund of the €25 registration fee or whatever it costed. When I eventually wanted to publish again, I had to create a new account and pay again. The second time around they accepted my driving license - the same type of document category they had rejected before.

So the real cost of a bad verification experience isn't just time. If you give up and walk away, you lose your fee and start from zero. That's the part that stung, at least for me.

I am part of the team running keepandroidopen.org and corralling the signatures for the open letter opposing this program. We've been trying to get Google to reverse course on this program ever since it was announced.

As it stands, Android Developer Verification (ADV) is a death sentence for F-Droid, Obtainium, and other competitors to the Google Play Store, both commercial and non-commercial. We are disappointed that they are still trying to steamroll this through in the face of overwhelming public opposition.

There are numerous reasons to object to the program, but a few of the top ones are:

1. You own your computer, and you should be the sole decision-maker for what software you can install on it.

2. "Malware" means whatever Google says it means, and their terms and conditions change daily; today malware is banking scams, tomorrow it is … ad-blocking? VPNs? Their decisions are un-reviewable and opaque, and they have obvious commercial incentives to block certain kinds of (otherwise-legal) software.

3. Centralizing global developer registrations through a US corporation makes it subject to the rules (and whims) of the current regime. Citizens of sanctioned countries or members of sanctioned entities (like the International Criminal Court) will be legally barred from registering, blocking them from creating and distributing software _anywhere_ in the world (not just the US).

4. Scenarios that Google claims ADV will protect against — such as high-pressure phone calls manipulating vulnerable users into installing scam apps — have _already_ been addressed by incremental improvements to Android security over the years, such as "Enhanced Fraud Protection" introduced in Android 13 (and expanded in Android 15). Android has incrementally improved its security features over its near 20 years of existence. There is no evidence that anything has suddenly changed to justify such a disproportionate and extreme lockdown.

5. Being required to pay Google for the privilege of uploading your government identification so that you might be permitted to contribute to the Android software ecosystem is such an abominable insult to the developers that helped build the platform. It deserves all the utter contempt that has been heaped upon it thus far, and begs regulatory scrutiny from those few countries that still have the courage to stand up to these bullies.

We emphatically recommend against developers signing up for this program or endorsing it in any way.

Is there any information about how the "advanced flow" will be implemented? According to keepandroidopen.org, this is going to be handled by Google Play Services. Does it mean it will be automatically installed via the silent, always-on GMS update mechanism and I should root my devices and remove GMS altogether if I don't want this?

Should we protest by graying out app icons and assets.

https://news.ycombinator.com/item?id=47354917

> our recent analysis found over 90 times more malware from sideloaded sources than on Google Play.

So, what I'm being told is; there's lots of malware on Google Play? Thank goodness for f droid (for now).

Even once you've managed to verify, Google love throwing more challenges at you if you want to keep your apps in the store. "You need to declare your blood type or we will remove your apps in 30 days". I removed my apps myself as it was turning from a hobby to an unpaid job just to keep the apps in the store.

> It’s only when a user tries to install an unregistered app that they’ll require ADB or advanced flow, helping us keep the broader community safe while preserving the flexibility for our power users.

So, we have a sideloaded app now. Which has been increasingly tricky for our users to install. The warning they get is hard to understand. Does this mean essentially the end of sideloading?

"However, our recent analysis found over 90 times more malware from sideloaded sources than on Google Play."

Has anyone seen the report for that analysis. I bet most people here would love to read it too.

tl;dr how to install an app from unverified developer ("advanced flow")

  1. enable developer mode
  2. confirm you aren't being coached
  3. restart your phone and reauthenticate
  4. come back after 24 hours and unlock device
  5. install app from unverified developer, option of enabling for 7 days or indefinitely

Personally I am hopeful that people work toward a completely new, non-Android OS. 15 GB of space on my phone, and 1.5 GB of RAM, is dedicated to Android OS alone. This design, and the control this company (and the mobile providers, and device manufacturers) have over the mobile world, is ridiculous. Let's start over.

Older Androids which are fully rootable and unbrickable are cheap (maybe even monetarily free) and will let you continue to have freedom despite what Google wants.

"Those who give up freedom for security deserve neither."

Does anyone know if Chinese developers will be forced into paying for a Google Dev account too?

Great. This will make web apps popular again. Let's take back the web. HTML, JavaScript, CSS!

At this point, I think I would prefer to carry a dumb flip phone for SMS and phone calls, and a smartphone-shaped generic touchscreen linux computer for everything else. It's becoming disturbingly impossible to find the former, and practically impossible (IME) to find the former.

Does anyone here have experience using Ubuntu Touch? That's the closest thing I've seen to "generic touchscreen linux" for mobile phone hardware. I'd love a device that works for multimedia, navigation, web browsing, and a handful of APKs like various chat apps (and really anything can can arbitrarily use the hardware), but it seems like tying a cellular modem to this ends up fucking up the whole dream because of carrier and manufacturer motivations/compensations.

Good job google. You just convinced our entire business to abandon our app (utilities company) and only target web. We are done with this shit. All our resources the next two weeks will be to fill in the gaps in our web clientzone so our thousands of customers can still buy electricity and pay water bill and have a similar experience than the app (it's 90% the same anyway).

Oh and my three personal apps that I installed via adb (not released on playstore) - the moment they stop working on my phone or hassle me about verification, I will get in my car and go buy an iPhone.

Next will be to degoogle the rest of my life, which is luckily only gmail. Guess how long it will take me to port out? Less than two days.

I only let companies violate me once. Then I'm out.

Play store is the biggest piece of trash malware system that exists today, but us normal businesses have to pull teeth and spend days jumping through hoops to get an app out, but the playstore is filled with infinite garbage that rot childrens brains.

Wake up.

Does anyone know how this will work vis a vis China, where Android is everywhere, but Google is not?

Will bypassing this bureaucracy be just a matter of buying a Chinese Android phone?

I'd say Hackernews knows enough people at Google to raise a stink about this, but it's not going to do any good. Sometime at the last WEF or Bilderberg meeting it was decided that KYC level identity verification should be required to use a computer or the internet, with more stringent requirements to program one. This, and much worse, is going to happen whether we like it or not.

Yeah, no, going back to web native. Keep your verification and your 20%.

Let everyone who wants it be safe using the Google App Store. But please let me do stupid/experimental things with my phone.

The sad thing is only a tiny minority of android users side load apps. The rest will feel their phone is one step more secure.

What Android versions is this applicable to?

The only malware I've had to clean off peoples devices has come from the Google Play Store.

> Android is for everyone. It’s built on a commitment to a... safe platform.

These two statements contradict. When something is public, it is not entirely safe; and to make something safe, there is exclusion of practices, behaviors, and often people.

> So as an extra layer of security, we are rolling out Android developer verification to help prevent malicious actors from hiding behind anonymity to repeatedly spread harm.

1. Well, then, surely Google can't be in charge of this process, because they are a malicious actor, known to manipulate social media search results and engage in mass surveillance of its users. And that's in addition to analyzing their personal data to try to manipulate them into buying things; which is called "targeted advertizing", but I would also characterize as harm.

2. To be slightly less tongue-in-cheek: Imagine that a two would prevent entry of unverified people - you know, to prevent malicious anonymous actors from bringing harm. That would be ridiculous - nobody should be able to restrict public space. Well, the space of computation and communications via our handheld phones/computers is enough of a public space to merit the same principle. Which means that it is not acceptable for it to be under Google/Alphabet's control. Government regulation could mitigate this problem, but then, governments collude with large corporations and often approve of such restrictions.

So, anyway, how do we make sure that our phones don't turn into a pumpkin on a set date? I suppose it's all shit long term, but at the very least I don't want to be forced to look for a solution before I need a new phone. So, what do you do? Can you just disable android updates somehow and it will solve the issue? Or it is already a ticking bomb that will be activated on the set date no matter what?

> our recent analysis found over 90 times more malware from sideloaded sources than on Google Play

So what's the solution then? At the same time, I'm curious how this ends up happening to end users. Enabling unknown sources is trivial in a way (it's just one check box and if you try to install an APK from, say, Firefox, it'll take you right there), but how are people even getting to that point??

I would genuinely like to know more about these supposed users who are side loading things and getting hoodwinked. It seems high enough friction that you have to have something of an idea of what you're doing to begin with. Everyone I've known who is side loaded anything has been reasonably technical.

My dad on the other hand, who worked for Control Data in the 1980s regularly installs some of the scummiest apps imaginable, and they're all from the Play Store proper.

Launchers that don't actually launch things and serve ads. Apps that launch full screen ads while you're doing things saying your device is infected. Absolute trash.

Like maybe just maybe put some energy into going after the stuff in the Play Store first. As the Play Store exists now, it is unsafe.

oh so I'm not the only one, always believed Apple was the hard ass but I've been having a better experience with them.

If I do software for Windows, Linux or FreeBSD I don't need verification. And potential users aren't required to get software only from a certain app store.

This is a case of companies forcing things on us "for our own good" and them knowing better than us what is good for us or not.

Sounds like age verification exp in EU....

Maybe not expose potential internet users to such as high obstacle if your goal is to get their eyeballs to buy your advertised product???

Sorry, but absolutely not.

I stuck with Android for years as a dev as I once did Android apps and occasionally do tinker.

This is my last Android phone and Jolla is my next phone.

I'll probably ship PWAs but hope those are not killed by Google.

It's kinda funny. I used to run custom roms all Android phones came with a shit OS.

I stopped because Pixel AOSP phones were actually decent.

Now I guess i'll be buying phones based on which I can flash with custom roms again.

I don't see a way out of this except government regulation. The EU has the most motivation to do it, as a huge economic bloc with a lot of motivation right now to become as independent from the US as possible.

I guess I can sort of manage to keep my head above water and keep buying secondhand phones which I unlock and install a supported version of LineageOS. But it's cumbersome, it gets more difficult and more restrictive every time. And I literally have a doctorate in computers for crying out loud! Is there any hope for Granny? For a kid? For >99% of people? Of course not.

This is so clearly a matter for government oversight: prevent abuse, monopolies, protect the citizen's safety, rights, welfare, etc. It's not reasonable to expect consumers to figure out if the meat they buy is tainted, just as it's not to figure out if their phone spies on them, manipulates information, or sells their data (especially when there's a duopoly). That's why we have laws and food inspectors, paid for by the public, working for the public. Same thing with digital rights.

Google freaked out that Apple had a better reputation and went all in on fucking their Android store up. Everything about it is worse now than it was before. So tiring.

Yeah, no. No one needs your spyware.

In the last few years all apps I install in a phone come outside of Play Store, because either they are full of ads, throttle their usage or simply similar ones don't exist. Without them the phone loses half of it's functionality, which is pretty much. So, I am willing to wait a day in the "advanced flow" to keep a multi-year experience.

[dead]

[dead]

Don't love it but (1) it's addressing a serious problem and I'm not sure what the alternative is and (2) if you all remember the starting place, it was staggeringly, dramatically worse, practically a death sentence for F-Droid and seemingly testing the waters for if they could simply power through and do it despite objection.

This is a major course correction that doesn't kill F-Droid. A one time 24 hour hoop to jump through and then never again is monumentally better than losing F-Droid forever.