So I buy a device ... with my own money ... which I supposedly then own, but then I need to ask some corporation permission to use it, and it treats me like a toddler by giving me a 24 hour wait period for the ability to install applications on that device? I'd understand if this "feature" was a part of Parental Controls, but I'm not a child, so this is insulting. I see Google saw how Microsoft likes to spit on its users and wanted a piece of that action. How is this legal?
You are essentially a child to them. A child is just someone who has not yet developed the power to survive in a world full of adults. This is why parents guard and protect children, and when that fails society steps in to do it instead.
You are just a child to them. Not powerful enough to stick up for yourself. Ripe for abuse. The difference is society has decided not to step in to protect you from your abusive parents.
A 24 hour wait like this can sometimes be the result of a security team not knowing what else to do. There are all sorts of weird threat models when you think hard about how devices are used, like partners who have legit access to a phone at a certain point in time.
What's next? I buy a car which I cannot drive in certain locations unless I ask for permission and wait 24h? Daddy Car Dealership please let me drive in this location, pretty please?
Following this logic, adding a checkbox "I swear this app does not contain malware" to app publishing process would solve the problem with malicious apps on Play Store, right?
I hope consumers return these phones in droves like Windows RT and Windows 10 S. The issue is that sideloading isn’t an immediate concern—users would only realize the limitation later, when it’s too late to return the device.
I may be missing something, but what does the title have to do with the article? There is no mention about any waiting or mandatory reboot. What does OP have in mind?
yeah i was researching and accidently added an old article while copy pasting the link, the orginal blog was released yesterday on developer blog and is prob linked below.
I would have added it here, but i don't want hn to be label my account as spam
In school I learned the definition of politics was "the distribution of benefits and burdens". We can and probably should view this as a political question. The benefit is the consumer right to do whatever you want with the device you bought (used by some), vs the burden of making yourself attackable by scammers etc. Google are pushing first and foremost for protecting end-users from scammers. They do benefit from this, so there is probably an incentive for them to do so. It is very practical that they can call locking down their phones "protecting users".
The big question here is where on the balance scale we care about "protecting users against scammers" vs "protecting users against enshittification, closed ecosystems, and possible future power grabs". One side is very tangible and easy to understand, the other more abstract, and most consumers simply don't understand it well enough to make educated choices about it. This uncertainty is being used by powers that benefit from pushing towards the "lock-down" extreme of the scale. Peter Thiel said so himself.
It is also worth noting that it is these security guys' job at Google to invent security schemes. All in all they did their job as engineers, and ignoring personal responsibility to engineer solutions that balance needs not only technical but also social, they did everything right. In a larger society there should be people who take on the job of setting boundaries for these technical solutions. Just like you need technical people to push back on technical demands from non-technical people within a company, we people who push back on this sort of stuff in our society. Us technical folks are best suited to do this job.
TL;DR: The political question boils down to how many grandmas are we as a society happy with getting scammed in the name of protecting consumer freedoms? In the extreme and hyperbolic case, are we happy with an infinite number of grandmas being sacrificed? Where on the line do we want to be? And what other measures can we put into place to make the problem easier to solve without sacrificing basic freedoms? If you are technical you should probably consider taking more space in the public debate.
Would it not be nicer to have a dual boot phone where one OS is baked in rom and only contains certain necessary government/banking/medical service apps and the other is just completely free to use for whatever purpose? Just a thought...
There should be one screen each for self signing individual apps and updates, and another one for adding a public app store key to allow verifying apps and updates from that key. That would be factual and not scary. Yes, the question should be asked of the play store too.
People should by default not trust a developer or store that is scaring you into doing something.
The only sane way to buy a device is to pick a user-representing OS (eg Graphene), pick a device from its list of supported devices, and then install your desired OS on that device as soon as you get it as part of your setup process. Then if it's 24, 48, or 168 hours to receive your unlock code to install the secure OS, it's all just part of the setup process (and if they refuse to unlock for whatever reason, then you're still in the return period!). The longer you let the surveillance industry keep its hooks in you, the more friction and dependence they will add to every single thing you want to do that goes against their business interests.
this was already discussed, so no point for dupe, but there is no wait period for ADB install
and AFAIK this also affects only unverified developers, though hard to imagine why would someone install app from verified dev outside the play store, for the record I don't have gapps in my phone and use Aurora
Actually this OP seems to be the old announcement from 2025 with no additional news as far as I saw. If implemented like this, it will be horror.
The baseline for a usable solution for me is still that I can keep my banking apps and that I am able to use fdroid trusted builds from source, can install builds from other open source CI builds, install builds from my students I know personally without needing them to verify with a foreign entity and publishing their personal data.
Practically the law will require me to buy another 'developer phone' the for work. Actually allowing more profiles like the work or hidden profile would allow users to at least chose per profile and could at least put their banking apps into a sandbox where they work (requirement would be that Google wallet can also run from such a profile) . I actually would be very happy to run the main profile without any Google play services like Graphene does: I guess a lot of data protection risks would be solved by this.
yeah i accidently added an old article while copy pasting the link, the orginal blog was released yesterday on developer blog and is prob linked below.
I have asked the admin to update this with the latest blog, as i can't update it myself nor i can remove the submission
So I buy a device ... with my own money ... which I supposedly then own, but then I need to ask some corporation permission to use it, and it treats me like a toddler by giving me a 24 hour wait period for the ability to install applications on that device? I'd understand if this "feature" was a part of Parental Controls, but I'm not a child, so this is insulting. I see Google saw how Microsoft likes to spit on its users and wanted a piece of that action. How is this legal?
This post is propaganda. You don't own the phone. The term "buy" is defined as "revocable anytime lease".
You are essentially a child to them. A child is just someone who has not yet developed the power to survive in a world full of adults. This is why parents guard and protect children, and when that fails society steps in to do it instead.
You are just a child to them. Not powerful enough to stick up for yourself. Ripe for abuse. The difference is society has decided not to step in to protect you from your abusive parents.
you buy your hardware, you don't buy the software, you buy the license to use the software according license terms
If the hardware wasn't locked down on so many devices, this wouldn't be an issue because people could choose to use a different OS.
fine, but can you buy alternatives that run your software then?
This will not be a popular comment, but...
A 24 hour wait like this can sometimes be the result of a security team not knowing what else to do. There are all sorts of weird threat models when you think hard about how devices are used, like partners who have legit access to a phone at a certain point in time.
What's next? I buy a car which I cannot drive in certain locations unless I ask for permission and wait 24h? Daddy Car Dealership please let me drive in this location, pretty please?
Following this logic, adding a checkbox "I swear this app does not contain malware" to app publishing process would solve the problem with malicious apps on Play Store, right?
I hope consumers return these phones in droves like Windows RT and Windows 10 S. The issue is that sideloading isn’t an immediate concern—users would only realize the limitation later, when it’s too late to return the device.
Return them and get what instead? Every other popular phone platform is even more restrictive.
WHy not just add a hardware switch to allow Android sideloading?
Are these multibillion companies so incompetent to not think about it?
If they add a switch people might use the switch. You are confusing the excuse with the reason.
It’s not incompetence, it’s malice
> Think of it like an ID check at the airport
That's an interesting way of selling this.
I may be missing something, but what does the title have to do with the article? There is no mention about any waiting or mandatory reboot. What does OP have in mind?
yeah i was researching and accidently added an old article while copy pasting the link, the orginal blog was released yesterday on developer blog and is prob linked below.
I would have added it here, but i don't want hn to be label my account as spam
In school I learned the definition of politics was "the distribution of benefits and burdens". We can and probably should view this as a political question. The benefit is the consumer right to do whatever you want with the device you bought (used by some), vs the burden of making yourself attackable by scammers etc. Google are pushing first and foremost for protecting end-users from scammers. They do benefit from this, so there is probably an incentive for them to do so. It is very practical that they can call locking down their phones "protecting users".
The big question here is where on the balance scale we care about "protecting users against scammers" vs "protecting users against enshittification, closed ecosystems, and possible future power grabs". One side is very tangible and easy to understand, the other more abstract, and most consumers simply don't understand it well enough to make educated choices about it. This uncertainty is being used by powers that benefit from pushing towards the "lock-down" extreme of the scale. Peter Thiel said so himself.
It is also worth noting that it is these security guys' job at Google to invent security schemes. All in all they did their job as engineers, and ignoring personal responsibility to engineer solutions that balance needs not only technical but also social, they did everything right. In a larger society there should be people who take on the job of setting boundaries for these technical solutions. Just like you need technical people to push back on technical demands from non-technical people within a company, we people who push back on this sort of stuff in our society. Us technical folks are best suited to do this job.
TL;DR: The political question boils down to how many grandmas are we as a society happy with getting scammed in the name of protecting consumer freedoms? In the extreme and hyperbolic case, are we happy with an infinite number of grandmas being sacrificed? Where on the line do we want to be? And what other measures can we put into place to make the problem easier to solve without sacrificing basic freedoms? If you are technical you should probably consider taking more space in the public debate.
Would it not be nicer to have a dual boot phone where one OS is baked in rom and only contains certain necessary government/banking/medical service apps and the other is just completely free to use for whatever purpose? Just a thought...
There should be one screen each for self signing individual apps and updates, and another one for adding a public app store key to allow verifying apps and updates from that key. That would be factual and not scary. Yes, the question should be asked of the play store too.
People should by default not trust a developer or store that is scaring you into doing something.
The only sane way to buy a device is to pick a user-representing OS (eg Graphene), pick a device from its list of supported devices, and then install your desired OS on that device as soon as you get it as part of your setup process. Then if it's 24, 48, or 168 hours to receive your unlock code to install the secure OS, it's all just part of the setup process (and if they refuse to unlock for whatever reason, then you're still in the return period!). The longer you let the surveillance industry keep its hooks in you, the more friction and dependence they will add to every single thing you want to do that goes against their business interests.
this was already discussed, so no point for dupe, but there is no wait period for ADB install
and AFAIK this also affects only unverified developers, though hard to imagine why would someone install app from verified dev outside the play store, for the record I don't have gapps in my phone and use Aurora
The 'headline' is false. This is specifically for unsigned applications, not for all sideloaded apps.
>25 August 2025
Did they add another one?
https://news.ycombinator.com/item?id=47442690
Actually this OP seems to be the old announcement from 2025 with no additional news as far as I saw. If implemented like this, it will be horror.
The baseline for a usable solution for me is still that I can keep my banking apps and that I am able to use fdroid trusted builds from source, can install builds from other open source CI builds, install builds from my students I know personally without needing them to verify with a foreign entity and publishing their personal data.
Practically the law will require me to buy another 'developer phone' the for work. Actually allowing more profiles like the work or hidden profile would allow users to at least chose per profile and could at least put their banking apps into a sandbox where they work (requirement would be that Google wallet can also run from such a profile) . I actually would be very happy to run the main profile without any Google play services like Graphene does: I guess a lot of data protection risks would be solved by this.
yeah i accidently added an old article while copy pasting the link, the orginal blog was released yesterday on developer blog and is prob linked below.
I have asked the admin to update this with the latest blog, as i can't update it myself nor i can remove the submission
This is so outrageous I wouldn't mind it being on the front page every day until they back off.
I must have missed that yesterday.
>A new layer of security for certified Android devices
May I purchase a non-certified android device now? Because frankly, fuck you.
Not if you want to run any of your banking apps or all sorts of things. The open android I knew and loved is long gone
It could be worse. Do this after you buy the phone and then in 24 hours its like normal.
no because, from what I understand you have to do this on a per-app (per version even?) basis