cross-posted from: https://discuss.tchncs.de/post/45277582
Opening my weather app this morning I was greeted by this warning:
Google has announced that, starting in 2026/2027, all apps on certified Android devices will require the developer to submit personal identity details directly to Google. Since the developers of this app do not agree to this requirement, this app will no longer work on certified Android devices after that time.
It’s the first time I hear about this, seems to be about:
Cirrus app: Github
Was this a big thing I somehow missed? I hope more devs will follow suit.
I’m really confused by this. First, does any phone running a legit copy of Android count as a “certified Android device”?
How can they enforce this for apps not on the play store? Like if I write my own APK will my phone just refuse to run it if I don’t go through some paperwork with Google? How does that work?
Like if they’re capable of this then why aren’t they doing it already to prevent piracy?
To your first question: Google released a list of all “certified” android devices and it’s basically every phone from every halfway known brand. So yeah, you will be effected. The only devices unaffected by this would probably be no name Chinese phones (probably also Huawei, but I am not shure) and IOT devices like smart fridges. The best way to avoid this would probably be installing a custom ROM, like Graphene OS.
To your second question, the Android System already controlls the package Installation process, do you know the “Do you want to install this APK” popup, you geht every time you want to install an app outside of the playstore? That’s controlled by the android operating systen and by extension Google. In the future, every android apk would have to have a unique “developer key” attached to it and if it isn’t verified by google, the android system can just refuse to install the apk. For that, you don’t have to go through the playstore, but you still would have to go through a verification process with Google for every app, you make. How that will be implemented in detail is not yet quite known.
Google could have done this much earlier, it isn’t hard to implement, but you can’t make it in a way that only negatively impacts ransomware or pirated apps. And most sideloading on Android is perfectly legitimate, so the reason, why Google hasn’t done it, because there is (deservately) a big pushback from developers.
Huawei’s HarmonyOS NEXT is no longer based on Android code and requires some workarounds to install applications outside of AppGallery (Huawei’s app store).
Thank you.
Yes
Checks will be built into the operating system and run on install attempts
Yes
TBD. Probably a database check
Piracy of what?
certified android devices are those you can get in most stores. the play store is important for many people, ajd many apps don’t work correctly without the google mobile services components, and device makers can only legally install these on their phones if they certify their device. the certification process requires an array of quality controls and restrictions.
certified devices will need to integrate an app verifier that will check if an app has been approved by google. the public AOSP project is said to also get this, but anyone basing on it can rip it out or modify it to their advantage. but certified device makers don’t have a choice thn to include this restriction.
what we know so far, apps you made can be installed through a development tool. but app store aps like fdroid don’t have access to this tool, it’s difficult to enable, and somewhat risky too