Generally speaking I like to stay out of controversial topics for numerous reasons. But now that Google aspires to enforce every developer on Android, regardless as to whether they are publishing with Google Play console or not, to submit to identity documents is quite frankly an insane move. Not only insane but a huge overreach and comes just weeks after Epics win against Google in Australia.
The real interesting thing here is Google’s reasoning and use of language. Lets take a look:
The scale of this threat is significant: our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.
Source: https://android-developers.googleblog.com/2025/08/elevating-android-security.html
“Internet-sideloaded”. You have to admire how easy it is to manipulate language to push a certain agenda. Google’s definition here is basically anything not from the Google Play Store. Let’s really think about that for a moment; using Google’s definition if we jump over to the desktop computing (Win/Linux/Mac) market. Is Chrome now inherently insecure because it was downloaded from a third party?
Did we not already have this in the past when Microsoft tried to push their initial UWP walled garden concept for Windows 8? I do know that it led to Gabe Newell’s public comments on Windows 8 amongst other things and clearly drove Valve to developing the Steam Machine/Controller/Link/Deck/OS projects.
Back on topic; it is a weak argument and makes me question their true motives.
As a counter point; what’s really interesting though is that if you actually look in to Android devices impacted by malware/malicious software the true origins for most users are likely:
- Apps acquired from Google Play directly.
- Google’s very own Ad platform that lead users away to potentially harmful/malicious content (internet-sideloading…).
- Or something they received, for example inbound message (email, SMS, WhatsCrap, etc.), containing a bad link.
It’s fairly safe to assume that your average Android users doesn’t know how to install alternatively sourced apps (apks), let alone third-party app stores. With that said; one could also assume that it is power users that would have this knowledge.
At what point are users responsible for their own actions? We certainly do not need Google to mother us. Or if Google does indeed implement these changes, are they then willing to accept liability for malware that then appears on their devices after implementation?
As an already verified developer with Google Play Console, even I can see that this is Google’s attempt to control what runs on Android even if they are forced to allow third-party apps stores in the future. This still lets them have a kill-switch for anything they do not (or their partners, government, etc.) agree with.
Maybe we all should avoid “side-loading” any Google software/services everywhere.
And so as the Android platform ages; so too does it beauty wane.
Android now:
