1) Provided my company DUNS number etc. once to create the payment profile. I did this some times ago, don’t remember the details but it was an involved verification process and it is marked as verified business payment profile.
2) Later on the payment step verified myself with a passport and bank statement to be able to actually pay with a proper HSBC bank card. Not shady pre-paid card or something, those are not accepted anyway.
3) After I paid I was told that now I need to verify my identity once more but this time with the passport and the incorporation certificate or some other company document.
fingers crossed that in few days it will be verified. While waiting, it tells me that there are still website and email verification to do once the previous step is done. I already verified my e-mail a few times before paying.
It’s painful, slow and annoying because if you fail at a step(i.e. needs verification that takes days and you are told about it at the payment step) you have to start again with the forms.
I just remembered why I never use Android. It seems like no one owns the process and as a result you get unpolished shitty experience that fulfills the requirements of god knows how many people who work in the same company but don’t talk to each other.
Is there a way around this shitocracy?
Recent things I've had to do:
1) Re-submit an app after it was rejected and labelled a gambling app (it wasn't even close - a 15 second look by a real human would have seen that. This one was even appealed and the support was utterly useless. I ended up changing one word and re-submitting the app, approved no problem.
2) An existing app, in the Play store for years but a nice app - only about 500 installs. I had to submit a new version for no reason whatsoever... Except to keep the customers developer account active.
Those are just issues I've dealt with in the last month or two.
Every single time, Google Support is completely useless - including the appeals process, which is an absolute joke.
So bad actors would just target lower SDK versions and ignore the privacy improvements
Of course, they don't like this because then apps can't easily refuse to work if not allowed to spy.
The correct approach here (AFAIK) is to punt the trust decision to the bank by requiring payment with a method that you can confidently trace to the company.
However that invites those bad scenarios where someone gets blacklisted by BigTech in some manner, later gets hired by a small business, the new employer adds an association to the blacklisted account, and suddenly the company app is banned from the app store seemingly without reason. At least a few such stories have appeared on HN over the years.
I feel like pay to play ought to be sufficient because in addition to being a barrier to entry it also provides funds for moderation efforts.
That is you, for tax and legal purposes in the jurisdictions within which you reside, an individual, operating a business by yourself as yourself.
My experience with getting a verified "business" developer account from Google mirrors the experience as getting one from Apple, except it's a one-time fee and much less than Apple.
Yes there are hoops to jump through, identification usually requires some hoops, but pretty it's straightforward. I am not commenting on the requirements of these hoops, yes, it's BS that they exist but it's their platform so it's their rules.
What type of "experience" are you expecting to have anyway?
How does that mirror uploading my passport many times, entering company details many times, typing my e-mail and phone numbers many times both because I had to start over and because I was asked many times even if I provided these some steps back? Now I paid and waiting, hopefully I will later be verifying my e-mail address or something that I verified a few times prior.
> What type of "experience" are you expecting to have anyway?
The Apple experience. An experience that is well thought and streamlined, that doesn’t keep me entering the same information over and over again. I don’t mind paying a little more for well designed products. The $75 difference is nothing to justify this charade, I don’t think that that Google was short of $75 and designed this low quality experience, I think it’s engraver in their DNA.
Being told upfront what is required to complete the process so you don't have to start over again multiple times?
Google has seemingly never seen an elderly person's phone, where it is completely infected with crap including literal popup ads (that somehow overlay other apps), yet all of it was downloaded from GPlay.
https://en.wikipedia.org/wiki/Malware
https://www.ibm.com/think/topics/malware
https://www.cloudflare.com/learning/ddos/glossary/malware/
https://www.cisco.com/site/us/en/products/security/what-is-m...
https://www.britannica.com/technology/malware
https://www.fortinet.com/resources/cyberglossary/malware
https://www.kaspersky.com/resource-center/threats/what-is-ma...
https://www.mcafee.com/learn/malware/
https://www.trendmicro.com/en_us/what-is/malware.html
https://www.t-mobile.com/home-internet/the-signal/internet-h...
I've been using Android since 2010 because it was open in ways that the Apple ecosystem wasn't. I do not want this and imagine hardly any other power users (for lack of a better term) do. I'm already using a mostly deGoogled device but this really seals the deal. I have been longing for a true Linux phone for years and now seems like a good time to get serious about the search and migration plan.
I.N.S.T.A.L.L.I.N.G S.O.F.T.W.A.R.E
Every non-stock app on my phone was installed from an APK directly downloaded from the manufacturer or open source developer's site / Github releases. I've never had a Google Play account and have never used any Android "app store".
The biggest pain was having to manually logon the couple of sites I allow to keep persistent cookies since device owners aren't allowed to just import/export cookies from mobile Chrome.
It has been a very nice experience. I appreciate the feeling of sovereignty and ownership of my device (even though it does have a locked bootloader and I don't actually have root).
Of course Google would take this away. >sigh<
After all that was done, the phone felt like mine in a way that my iPhone doesn't. Was a good feeling. With luck, the Motorola + Graphene partnership will produce phones with screens better than the Pixel and I can keep doing this.
I'm hopeful, too, re: Motorola + Graphene. I wanted to use Graphene last fall wehn I got the new phone but I was committed to not giving Google any money.
Tie in the app to a verified identity/individual and it makes the audit process easier as well as engagement with authorities from the user's country if required (e.g. app facilitating child abuse).
If Apple announced that they were going to allow installing apps like how you can install APKs you will have a whole group of people on here arguing against it because they want Apple to have control over everything. You could have seen those people in action on the Epic v. Apple and Digital Markets Act discussions.
Android isn't open source for a while. They started by pushing device certification which crippled any abilities of OEMs to make a better framework. Then they took many of the opensource packages out of android and redistributed as applications that they controlled via play services.
Then they made it harder to publish packages and created tons of rules that they can arbitrarily decide to cut ties with you or remove your remuneration.
What they are effectively doing now is to remove any ability of individual developers to push applications. Some will say the costs ain't that high, but (1) maybe not in USD dollars for Americans and (2) both Google and Apple will push those numbers way up high soon.
Even if that is not the case, if you don't agree with anything and you decide to have your own version of your family wiki, messenger or anything, they will be able to tell the authorities about it.
This is insane....
Just to drive the point home. Not that you would do this but you _could_ even implement such a system fully anonymously - with uploads via tor and payments via XMR - and it should still work just as well.
Add in a third even more expensive tier for those providing source code to the auditor where google verifies a signed deterministic build the same way fdroid does. Now clearly mark the three different tiers in the app store.
And if they went this route the next logical step for highly sensitive stuff like banking and password management would be a fourth licensed and bonded tier where a verified individual located in a friendly country took on liability for any fraud or other malpractice. That tier would be the equivalent to the situation for civil engineers.
Instead we're stuck in a reality where I don't trust sourcing password managers (among other things) from the play store. Those only ever come from fdroid for me - you know, an actually secure model for how to do app distribution and verify builds.
2%, according to the keepandroidopen.org poll[^1]
[^1] https://techhub.social/@keepandroidopen/116251892296272830
Bold of you assuming they're doing for users. It's fear-mongering at its finest - using the threat of security to install more control that has little to no protection against the said threats.
Now you might say it's going to raise the bar for the scammers, but nobody is going to be spending time on writing scam or malware for a few bucks. When the reward is high, they can just pay out already verified developers to distribute their builds under their accounts, or just find a workaround (fake ids?) which could be still way cheaper than the potential revenue potential of a successful attack. It's just an inconvenience that didn't existed before.
This is just a policy directly targeting the legit developers distributing apps to work around some of the platform's limitations (ie. uncrappifying youtube). They were previously free to share the workarounds they've developed for themselves since it was just as easy as sharing your APK. Now with added threat of losing your developer account and probably being perma-banned from google, those devs are less likely to continue distributing their workarounds.
Different judge you say? You're right. But when Google in their appeal asked the judge why the app store isn't a monopoly, the judge told Google with a straight face
"You can't be anti-competitive if you have no competitors."
Google took note.
Anyway in this case it's nothing more than a thinly veiled excuse to justify making ecosystem changes that are in their favor. They aren't acting in good faith.
They do. They absolutely do. Where have you been in the last 20 years? Windows has had a reputation as an unsafe ecosystem for decades. Even amongst non-tech people. And even with the various exploits the biggest source of viruses on windows was always that, lacking a proper channel to distribute applications, they had trained their users to double click any .exe on the internet and the next>next>next in whatever installer. I don't agree with the tightening of developer account requirements, but this argument doesn't hold at all.
Companies shouldn't wait to solve issues like this - they should be proactively helping their most vulnerable users. That is the "do no evil" motto.
I don't know enough to say whether this method is the right approach however.
Unless you built your house yourself, you should expect the construction company to be responsible for verifying the identities of anyone entering your house. Asking for a passport and a one time payment, just in case the person who rings the bell may not be a friend.
That should be proactively helping you in case you're a vulnerable homeowner. Not checking in on every visitor would be evil, no?
I can't think of a better approach.
But we, owners, collectively choose that. We choose the security company, we pay then, we can vote them out. Most importantly: the construction company has zero say in this.
Also, no one actually check the IDs of my friends, and they don't have to pay the construction company when they first come.
I give the codes, they ring, I open. I hire a company to monitor the building but I can kick then out any day.
I own the place, you see?
That doesn't necessarily preclude helping the user to notice when they're doing something dangerous, but a waiting period before the computer becomes general-purpose seems pretty extreme.
(in Gilbert Huph (Wallace Shawn) voice) Yes, precisely!
The idea isn't to protect the power users or average users. It's to protect the most vulnerable. Android is for everyone. Us power users will have a minor speed bump, but we can deal.
This intro immediately tells me that whatever comes after will be horrible for users and developers. Surprise surprise, I was right. Software to "verify" side loaded apps is a bad, anti user idea.
And that launch country list is most likely the countries where cracked YouTube Premium is most common.
App piracy is huge by copying around modded APK's, and everyone's grandma is doing it.
It all worked perfectly fine back on my iPod touch, pre-premium bs. Tech is regressing.
I'm on a family plan (cheap) and I use it for the music player for the inevitable question of why I'm doing this.
> Starting in April, Android Developer Verifier will be installed on devices.
so they're rolling out a system app that will call home to check whether any sideloaded apps have been "verified" with the developer's government ID? and this process will happen regardless of whether the user has enabled the "advanced flow" in Developer settings?
I wonder how that sys app will be handled in GrapheneOS's google play sandbox?
GOS have already said users won't be impacted by this clampdown.
If I get a phone with preinstalled Graphene OS (like the upcoming Motorola phone), then does it avoid this stupidity? Or even with Graphene it prevents me from installing apks?
F-Droid has not meaningfully improved since that piece was written, either. No one should use F-Droid.
The F-Droid model of having multiple repositories in one app is absolutely perfect because it gives me control (rather than the operating system) over what repositories I decide to add. There is no scenario in which I wish Android to question me on whether I want to install an app from a particular F-Droid repository.
This is a major course correction that doesn't kill F-Droid. A one time 24 hour hoop to jump through and then never again is monumentally better than losing F-Droid forever.
I recommend Cory Doctorow's talk on why this is a serious problem for society:
https://en.wikisource.org/wiki/The_Coming_War_on_General_Com...
Every application use for such people should be supervised by a government official trained to ensure you are not hurting yourself.
This way people who want to use AI, smartphones, or the Internet can do so if they’re healthy and the mentally disabled can be protected. We know that this need exists because even on this “Hacker” News forum everyone gets very upset when a mentally disabled person gets injured after AI use.
Google says they don't intend to do that, but even if I believe that's their current intention, they have a strong incentive to do otherwise in the future. Incentives predict outcomes more reliably than intentions.
I say it's pretending because scammers are good at shifting tactics. If convincing users to install malware ceases to be the path of least resistance, they'll convince users to install legitimate remote access utilities, hand over credentials directly, or some other scheme I haven't thought up because I'm not a scammer.
The reality is far worse than that. Remember FBI vs Apple? That defense came down to Apple not having software in place that could facilitate the demand being made of them. If they'd had such a system they would presumably have been required to comply.
The government can presumably get an illegal app forcibly removed from an app store but at present you could still install it yourself. With this system they could compel Google to block it entirely.
You take a step forward.
He takes a step back.
"Meet me in the middle" says the unjust man.
Bought a new phone? Moved from iPhone to Android? Want help from your friend/family member/librarian/other to setup your new phone for getting apps? Sorry, you need to come back a day later before you can actually use it.
Guess what the normal/non-tech user does in this 24hr period? Go to Play Store, install a bunch of apps, forget that you had the desire to use an alternative.
This indeed does make F-Droid no longer a tool for normal people, but only a tool for those willing to do a bunch of "Advanced" things on their phone. By definition, not regular users.
Will bypassing this bureaucracy be just a matter of buying a Chinese Android phone?
As it stands, Android Developer Verification (ADV) is a death sentence for F-Droid, Obtainium, and other competitors to the Google Play Store, both commercial and non-commercial. We are disappointed that they are still trying to steamroll this through in the face of overwhelming public opposition.
There are numerous reasons to object to the program, but a few of the top ones are:
1. You own your computer, and you should be the sole decision-maker for what software you can install on it.
2. "Malware" means whatever Google says it means, and their terms and conditions change daily; today malware is banking scams, tomorrow it is … ad-blocking? VPNs? Their decisions are un-reviewable and opaque, and they have obvious commercial incentives to block certain kinds of (otherwise-legal) software.
3. Centralizing global developer registrations through a US corporation makes it subject to the rules (and whims) of the current regime. Citizens of sanctioned countries or members of sanctioned entities (like the International Criminal Court) will be legally barred from registering, blocking them from creating and distributing software _anywhere_ in the world (not just the US).
4. Scenarios that Google claims ADV will protect against — such as high-pressure phone calls manipulating vulnerable users into installing scam apps — have _already_ been addressed by incremental improvements to Android security over the years, such as "Enhanced Fraud Protection" introduced in Android 13 (and expanded in Android 15). Android has incrementally improved its security features over its near 20 years of existence. There is no evidence that anything has suddenly changed to justify such a disproportionate and extreme lockdown.
5. Being required to pay Google for the privilege of uploading your government identification so that you might be permitted to contribute to the Android software ecosystem is such an abominable insult to the developers that helped build the platform. It deserves all the utter contempt that has been heaped upon it thus far, and begs regulatory scrutiny from those few countries that still have the courage to stand up to these bullies.
We emphatically recommend against developers signing up for this program or endorsing it in any way.
"Those who give up freedom for security deserve neither."
My dad on the other hand, who worked for Control Data in the 1980s regularly installs some of the scummiest apps imaginable, and they're all from the Play Store proper.
Launchers that don't actually launch things and serve ads. Apps that launch full screen ads while you're doing things saying your device is infected. Absolute trash.
Like maybe just maybe put some energy into going after the stuff in the Play Store first. As the Play Store exists now, it is unsafe.
That's presumably why there's a lockout period - it keeps a scammer from reasonably holding the line until they can pressure you to finish it.
...if the scammer can get the victim to physically drive to Target a buy a bunch of gift cards, what makes you think they need to install anything on your phone? Having RCE on a human is more useful than RCE on a device.
Has anyone seen the report for that analysis. I bet most people here would love to read it too.
Does anyone here have experience using Ubuntu Touch? That's the closest thing I've seen to "generic touchscreen linux" for mobile phone hardware. I'd love a device that works for multimedia, navigation, web browsing, and a handful of APKs like various chat apps (and really anything can can arbitrarily use the hardware), but it seems like tying a cellular modem to this ends up fucking up the whole dream because of carrier and manufacturer motivations/compensations.
1. enable developer mode
2. confirm you aren't being coached
3. restart your phone and reauthenticate
4. come back after 24 hours and unlock device
5. install app from unverified developer, option of enabling for 7 days or indefinitely
Personally I am hopeful that people work toward a completely new, non-Android OS. 15 GB of space on my phone, and 1.5 GB of RAM, is dedicated to Android OS alone. This design, and the control this company (and the mobile providers, and device manufacturers) have over the mobile world, is ridiculous. Let's start over.
The original Droid phone I used had only 256mb of memory, and could still multitask and run multiple apps at once with that limited memory. Its crazy how bloated things have become over the years.
I stuck with Android for years as a dev as I once did Android apps and occasionally do tinker.
This is my last Android phone and Jolla is my next phone.
A single for-profit company owning the full HW and SW stack? My trust in companies lately is at a lifetime low. It just leaves a bad taste in my mouth.
So what's the solution then? At the same time, I'm curious how this ends up happening to end users. Enabling unknown sources is trivial in a way (it's just one check box and if you try to install an APK from, say, Firefox, it'll take you right there), but how are people even getting to that point??
>What Android versions will the developer verification requirements be enforced on? It will apply to all certified Android devices running Android 7 or higher. These updates are delivered through Google Play services to help maintain consistent security across the ecosystem. Last updated: March 23, 2026
I stopped because Pixel AOSP phones were actually decent.
Now I guess i'll be buying phones based on which I can flash with custom roms again.
I guess I can sort of manage to keep my head above water and keep buying secondhand phones which I unlock and install a supported version of LineageOS. But it's cumbersome, it gets more difficult and more restrictive every time. And I literally have a doctorate in computers for crying out loud! Is there any hope for Granny? For a kid? For >99% of people? Of course not.
This is so clearly a matter for government oversight: prevent abuse, monopolies, protect the citizen's safety, rights, welfare, etc. It's not reasonable to expect consumers to figure out if the meat they buy is tainted, just as it's not to figure out if their phone spies on them, manipulates information, or sells their data (especially when there's a duopoly). That's why we have laws and food inspectors, paid for by the public, working for the public. Same thing with digital rights.
IMHO governments are partially behind those initiatives so they are unlikely to regulate themself- reason in last few years they intensified work on Digital ID, Age Verification, Chat control, KYC, etc.
One thing EU loves is regulation though, so I expect they will introduce preemptive regulations to enforce strict ID verification as well as regulations to fine big companies for breaching user privacy with strict ID verification policies.
AIUI, they have told Google to find a fix, or else.
I been living in SE Asia for few years each in Thailand, Malaysia, Indonesia, Vietnam and really didn't notice that this is supposed to be like major political problem.
'Fraud' is the same smoke screen and excuse as 'protect the children from social media or pedophiles'.
* Chat control is toothless if users can simply side-load an app without snooping.
* The EU companies who successfully lobbied for regulations against Apple now see that the 15% tax is worth it when they can A/B test the counterfactual. So those companies no longer care if Google will do the same thing.
* The EU is now in an awkward position that it is ok for a newspaper to sell your personal info via pay-or-consent, but not for a social network to do it. Some will keep yammering on about "gatekeepers", but it's sort of an emperor has no clothes moment.
* Declaring that iPadOs is a gatekeeper (after it failed to meet the quantitative criteria for such) was another such emperor has not clothes moment. The whole "gatekeeper" narrative has turned into a farce.
* The people commenting on this forum are not even a rounding error in the EU electorate.
> It's not reasonable to expect consumers to figure out if the meat they buy is tainted, just as it's not to figure out if their phone spies on them, manipulates information, or sells their data (especially when there's a duopoly).
Indeed! Neither would it be reasonable for the sellers of meat to demand anonymity! If one sells tainted meat, he should be held accountable! We should identify him!
Yet, the creators and sellers of software for a General Purpose Computer (remember, that is the argument why phones should be regulated) demand that they should be above the law, anonymous and unaccountable!
Schrodinger's computing device: The one which is so vital to everyday life that we must not prohibit the user to run whatever software he likes, yet so unimportant that we have not a care in the world to identify any fraudster who might wish to distribute software.
Do you see how quickly that argument can be flipped to support what google is doing here? Honestly I wouldn't be surprised if half the reason to to lock down phones is because governments keep pressuring them to do so.
The EU Commission is currently pushing the shitty EU Identity Wallet for mandatory age verification, and it requires GooglePlay Services to be installed for "anti-tampering". That also means a ban on non official versions of Android like LineageOS and GrapheneOS.
And Google thinks it can pull this ridiculous stunt.
Most people are too non-technical to understand why this is a bad thing even when it's explained to them. Plus, whatever administration is in power in the US has a lot of influence.
Trump has already said that he wouldn't tolerate regulation that affects American companies [1], painting regulation that happens in another country as something that will affect US citizens. (I mean if you use the GDPR as an example, it's not wrong. Think of cookie pop ups while browsing the web in the US)
I would like the the EU would go harder with their regulations, because it usually results in other countries or states following their lead, but I dont see that happening. Regulation has been painted as "bad", and we have at least 3 more years until that changes.
[1] https://www.cnn.com/2026/01/12/tech/us-eu-tech-regulation-fi...
This lays bare the stupidity of applying the pay-or-consent law to only Facebook and not everyone. Every important newspaper in Europe has pay-or-consent. It does not matter that each one individually is smaller, the effect is the same.
The law was carefully crafted to ensure European businesses (newspapers) are not "gatekeepers" while ensuring American businesses (social networks) are. That fact did not go unnoticed in the rest of the world.
Crazy idea, maybe they shouldn't be using those then. Maybe they should use email? Or god forbid a TOTP app. Or perhaps webauthn via the platform provided authenticator.
They very clearly aren't behaving in good faith. That's why the harsh sentiment.
Based on the reaction here, it's obvious I'm missing something here, but I just don't see any real reason devs are feeling like they are being driven away. It's hardly more of an inconvenience than enabling developer mode, and I feel like we all get why they hide the developer settings menu behind that.
How it's going: almost everything is signed, even pirated apps.
????