Android verification is coming: Google confirms timeline and supported app stores
arstechnica.com
A new system service will roll out this month ahead of big changes starting in September.

[…]

In the new blog post, Google’s Matthew Forsythe confirms that the developer verification system is slated to come online on September 30 of this year. The initial deployment will be limited to countries with a high level of app scams: Brazil, Indonesia, Singapore, and Thailand.

[…]

Google released its new developer console back in March, inviting external developers the opportunity to pay $25 and verify their identities early. Developers who don’t register will find that their apps cannot be sideloaded on Google-certified Android devices once verification has rolled out. Google says that almost every app in the Play Store is now ready for the change, and a “large majority” of apps outside Google Play have completed verification.

[…]

Google says it will verify the apps in the following stores when it begins enforcing the new restrictions.

Google (Google Play)
Honor (HONOR App Market)
OPlus (OPPO App Market)
Samsung (Galaxy Store)
Transsion (Palm Store)
vivo (V-Appstore)
Xiaomi (GetApps)

[…]

The next step toward verifying apps will come this month as Google deploys a new system service on most certified devices. The package (com.google.android.verifier) will appear on phones and tablets running Android 8 or higher, allowing Google to block the installation of unverified apps. It will remain dormant until verification is activated in your specific region.

In July, Google plans to roll out the new developer APIs and begin testing for “limited distribution” accounts. This is Google’s solution for hobbyists who want to make their own apps and share them with a small group. Limited accounts won’t require a fee or government ID verification, but you can install these apps on up to 20 devices.

In August, the advanced flow will become available globally ahead of verification becoming mandatory in the first markets. As detailed a few months ago, the advanced flow will allow users to bypass verification, but the process isn’t easy. You’ll have to navigate to a buried menu, confirm you understand the risks multiple times, and wait a whole day before completing the process.

And that brings us to September, when Android devices in Brazil, Indonesia, Singapore, and Thailand will begin checking verification status before installing apps. However, things get murky after that. Google will undoubtedly monitor how verification works as millions of users are suddenly limited to verified apps, which could affect how it moves forward. Google says it intends to expand developer verification in 2027, eventually making it a global device policy.

  • WhyJiffie@sh.itjust.worksEnglish
    4·
    3 days ago

    It prevents devices from running software from unverified developers. Now the malware developer can’t just use a third party store to bypass the verification requirements.

    they didn’t need to use a third party store to begin with. the play store is filled with malware.

    End users can disable it if they’re willing to go without play services or can do their own sideloading and support with a “limited” developer account.

    that is wrong on multiple counts, fortunately they did not lock it down that much (yet). that wouldn’t just be very complicated but that would also disable a couple of unrelated features of the phone.

    The end result is not a panacea that fixes every problem with Android but a move to bring the various official android marketplaces in line with the ios app store.

    as if that’s a good thing.

    • whatiswrongwithyou@lemmy.ml
      21·
      3 days ago

      Part of what made badbox/superbox so successful (along with the marketing, mlm stuff, glut of cheap arm/risc decoders, environment of 69 fucking subscriptions a month your average person has to maintain just to watch terminator when they get home from a shift) was the presentation of malware payload apps from third party marketplaces alongside “legit” apps from the first party ones.

      It’s the gas station effect. Of course you can trust the Tamriel rebuilt branded rhino pill, it’s on the same rack as the goodys powder and tums!

      That same mixing made it very difficult for everyone trying to figure out what was happening to actually get something taken down. Apps on the play store would be barely legal or skirting the law but interacting with or funneling data around apps from third party stores that were definitely doing something “wrong”.

      When takedown notices were sent for the play store apps they didn’t have any effect on the third party hosted ones.

      So for the whole thing to run how it did, yeah, they needed third party repositories.

      You might not see this as a good thing, but Google does. And tbh they’re right. It’s bad for the minuscule number of users who actually load stuff from third party sources, but its incredibly good for them as a company and a brand.

      • WhyJiffie@sh.itjust.worksEnglish
        1·
        3 days ago

        You might not see this as a good thing, but Google does. And tbh they’re right. It’s bad for the minuscule number of users who actually load stuff from third party sources, but its incredibly good for them as a company and a brand.

        oh, sure they are right. it was almost harming their profits! they were on the brink of the current quarter performing worse than the last one! oh, no, the shareholders… we couldn’t want them be starving!