Google is moving forward with a significant security change for Android, mandating developer verification for apps installed outside of the Google Play Store—a practice known as sideloading. This move has raised concerns among some users about restricted choice. However, Google is firm on its stance: sideloading is “absolutely not” going away. That said, it’s definitely changing.

The core purpose of this change, according to Google’s Director of Product Management for Android App Safety, Matthew Forsythe, is to protect both users and legitimate developers from “bad actors.”

Google’s developer verification for app sideloading on Android

Sideloading, the ability to install apps from unverified sources, is a foundational element of Android. However, Google claims that internet-sideloaded sources contain 50 times more malware than apps downloaded through Google Play.

To address this security risk, Google is introducing new requirements:

Digital Signature: All sideloaded apps must be digitally signed by the developer. Without this signature, the app will not install on Android-certified devices.

Accountability: If a verified developer is caught distributing harmful software, Google can revoke their certificate. This will cause all of their associated apps to stop working.

This new system aims to ensure that when a user downloads an application, it genuinely comes from the developer it claims to be, regardless of the distribution source.

Impact on developers and users

Google emphasizes that this requirement is not meant to limit user choice. Verified developers will retain the freedom to distribute their apps through any app store or directly to users.

Google has also provided over a year of time before the change takes effect for developers to adapt.

Crucially, developers can continue to build, debug, and test their apps locally using Android Studio without verification. The recently reported “ADB workaround” for sideloading apps on Android will remain unaffected. However, verification and package registration will be required to distribute an application to a wider testing group or for full sideloading on certified devices.

For hobbyists, teachers, and students who only distribute apps to a limited number of devices, Google is exploring a free developer account type that will bypass the need for a full government ID verification.

Ultimately, Google is betting that the vast majority of Android users will experience no change. Plus, the less tech-savvy will get an additional security layer protecting them from potentially malicious or “sketchy” apps distributed through unverified sources online. The verification process mirrors security measures long used by companies like Apple. However, it will still be more open than that of the Cupertino giant.
The post Google Claims Android App Sideloading Won’t Die, But Change appeared first on Android Headlines.

Source: ndroidheadlines.com