Nope.
Just remove gapps. Problem solved.
I have an Android device with a locked bootloader and no available custom ROMS. Am I fucked ?
You need to unlock bootloader first
So, I will no longer be allowed to install APKs that aren’t from the Play Store? I thought they backed down on that.
Only if you have gapps installed. So just reinstall your OS. It’s absent by default.
Problem solved.
not just play store it’s worse, if the developer didn’t pay to google and give ID to Google, no-one can install that app
Right now the best solution is using custom ROMs *without Google Play Services
That would only apply if Play services are involved.
I’ve installed many apps on devices with no play store, no networking, etc.
Google will need a mechanism to enforce this, that will be Play Services.
A lot of people reported that they did. I don’t know why. Nothing in their statement said that. They did say they were going to add some “advanced workflows” but didn’t elaborate anymore than that. It says it right in the link in OP:
Update: Google has not “backed down” from developer verification: Contrary to a vague mention of a possible “advanced flow” that may eventually allow “experienced users to accept the risks of installing software that isn’t verified”, Google’s description of the program continues to state plainly that: “Starting in September 2026, Android will require all apps to be registered by verified developers in order to be installed on certified Android devices”. Until such time that they have shown evidence that it will be possible to bypass the verification process without undue friction, we must believe what is stated on their official page: that all apps from non-registered developers will be blocked once their lock-down goes into effect.
I don’t even want a smart phone anymore. If I can’t load FOSS apps that aren’t loaded with ads, or some corporate fuck following my every move, then I don’t want a fucking smart phone anymore.
This makes me so god damn mad.
FuckGoogle
Is that a new ROM?
Use Custom ROMs with MicroG
Here is active and good custom ROMs
LineageOS (many devices) e/os (many devices) crDroid (many devices) GrapheneOS (only pixel)
that’s just it, they’re targeting custom ROMs with this too. the number of security updates for AOSP is being cut by Google in order to make custom ROMs less secure, so that they can then close down the project while claiming it’s to protect users. make no mistake, the end goal here is make everyone who uses Android have to do so on their terms.
it’s why Linux phones being mainstream is an absolute priority.
the number of security updates for AOSP is being cut by Google in order to make custom ROMs less secure
Please don’t spread misinformation. Google didn’t cut security updates. You can still get monthly security updates on Custom ROMs.
Also it’s just on certified devices
Starting next year, Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices. source
https://discuss.grapheneos.org/d/27068-grapheneos-security-preview-releases
This is probably where they got the 3 month number. It is fuckery and they are making the lives of custom rom developers more difficult than they need to be.
Here is a good information from LineageOS;
Over the last few years, AOSP has been shifting to a quarterly release cadence, meaning that new features and bug fixes are released every three months. link
misinformation and grapheneos, again?
Wow you’re completely full of shit aren’t you
what do you mean?
https://www.androidauthority.com/android-risk-based-security-updates-3597466/
They’re not releasing the list of vulnerabilities each month but instead doing it quarterly, so how are custom ROM devs supposed to patch vulnerabilities if google isn’t reporting them to manufacturers and developers like they’ve done for over a decade now?
“Android Security Bulletins will still be released, and picked to all supported LineageOS versions monthly.” LineageOS
Given how large and complex the Android operating system and its underlying components are, it’s not unusual to see a dozen or more vulnerabilities documented in a bulletin. However, the July 2025 bulletin broke this decade-long trend: out of the 120 bulletins published up to that point, it was the first ever to not list a single vulnerability.
Instead of bundling all available security patches into the next ASB, Google now prioritizes shipping only “high-risk” vulnerabilities in its monthly releases. The majority of security fixes, meanwhile, will be shipped in quarterly ASBs.
You are a slave
I just got my fairphone! It feels so free!
Good news on the GrapheneOS front: Graphene will be available on hardware other than Pixels.
I like my Pixel 6 Pro just fine, but I’m nonetheless thrilled about this.https://piunikaweb.com/2026/02/02/grapheneos-non-pixel-hardware-announcement/
good but I don’t have couple months
That’s just the announcement. The devices won’t be ready till 2027. 😖
Refurbished Pixels can be cheap nowadays. I got a Pixel 8a for less than 300 euros in great condition.
So, I guess this means that f-droid can only be installed via Google Play. /s
I’m getting flashbacks to using Internet Explorer to install Firefox.
edit: made sarcasm more obvious.
This is only fuel on the EU open source initiatives.
But I’m pretty sure Google wont get away with locking down EU customers anyway, as this is clearly a breach of the DMA.
They could clam a web app is the “alternative” I guess.
They’ll shut that down too. Somehow. For “security” I’m sure, even as the Play Store is infested with scam apps.
Play Store is infested with scam apps
Last time when I checked most of the apps was scam
They mandate 3rd party app stores. I think we are passed that.
Google is just power grapping what they can towards everyone else to make up for lost profit.
this is clearly a breach of the DMA
Is it? I think the DMA should have been written so that it is, but Apple does essentially the same thing and EU regulators don’t seem to be claiming that it’s a violation.
They mandate 3rd party app stores for Apple also. You can “side load” in the EU on an iPhone.
And have you seen Apples rules for app stores? Its pathetic that EU allows it.
i was gonna try turning a steam deck into all-in-one device including phone, with portable GSM router of whatever i’d to use it for calls (it does have a mic, right?)
not sure if/how that’ll work out
You could feasibly replace the m.2 SSD with one of these bad boys: https://ebay.us/m/JgLTUU
You would have to then boot from SD card, not sure if that’s supported. There are also docks with extra m.2 slots.
I’m reading that the steam deck has 8 pcie lanes. Theoretically there are plenty of possibilities for expansion (at a cost to portability and practicality).
Time to finally move to GrapheneOS. Hope they finish polishing it, including things like automated backups. I’m going to donate to them. They have consistently proved themselves to be a legitimate project.
GrapheneOS is ok but the people behind don’t have good reputation on open-source; They smear F-Droid, Firefox, Linux even uBlock Origin https://lemmy.zip/post/59060122
Yes, well, everything they say about F-Droid and Firefox is more or less true.
I would say there is a difference between constructive criticism and an “attack” and although the privsec article does bring up valid points* I would still regard it as the latter (despite their claims of objectivity), because they ultimately conclude that its premise is inherently flawed regardless of implementation details. They claim
This article aims to be purely technical. It is not an attack on F-Droid or their mission.
Yet while the authors claim to be “objective and technical” its not hard to notice all the “attacks on F-Droid’s mission” in this article, from the reference to F-Droid’s “ridiculous inclusion policy” to all the dismissive references to “ideology.” The message is clear, that F-Droid’s “mission” is Stupid and Ideological and the problems F-Droid aims to solve are not real. Thus, their suggested “alternatives” are just regular app stores that don’t enforce any of the guarantees that F-Droid does (namely, that the app corresponds to its source code and does not include proprietary components), because those guarantees aren’t worth anything** to the “Objective and Technical” people of privsec - you are Stupid and Ideological if you care about software freedom. In fact, Accrescent even says they allow proprietary software because free software “is not inherently more secure or private” - which is technically true, but very misleading, because free software never has claimed to be “more secure” - it has only ever offered the four freedoms, which as a user I feel entitled to on my own devices, so I only install apps that give me these four freedoms. Far from being “objective and non-ideological” the position of Privsec, Accrescent, and their advocates is that users neither deserve, need, or should want software freedom, as such I would characterize these organizations as hostile to the free software movement even if some of their points are factual.
I will add I am not entirely uncritical of F-Droid either, but my criticisms are more that they aren’t strict enough and should be building as much from source as possible instead of relying on prebuilt Maven dependencies as much as they do. I would also say although as a user I think F-Droid’s inclusion policy is a good thing and not “ridiculous” I agree it does put some amount of burden on developers who I imagine develop for the Google world first and the FOSS world second. It might be a good idea for F-Droid maintainers to take a more active role in, well, maintaining these apps instead of pushing the extra work onto the developers (this is typical in the GNU/Linux world, in which distro maintainers take up all the work to package upstreams, but F-Droid sometimes tries to cosplay as an “app store” despite it being a fundamentally different model).
* aside from a bizarre claim that F-Droid supporting multiple repositories is a Bad Thing because it interferes with, and I quote, “UserManager which can be used to prevent a user from installing third-party apps” - what does this have to do with privacy? I think this also speaks to a deeper conflict between security people and free software people, that being uncritical worship of “security models” even when they harm the user. Accrescent offers more or less the same justification for why it locks the user into their own store/repository, and I think it is subtly dangerous to suggest this is an “alternative” to F-Droid because it has very different values.
** According to one of the writers of that article,
Any better ideas for it are welcome.
Just allow devs to upload their own build with their own keys like Accrescent. It’s not like the whole “audit” system is meaningful anyways.
Of course, characterizing it as an “audit system” is missing the point entirely, but I imagine he knows that. Reducing the four freedoms down to “you can look at the source code and audit it” to then follow it up with “you can’t/aren’t going to audit every app you download so why bother with FOSS anyway” is a favorite rhetorical tactic.
Yes, however, the article is titled “F-Droid Security Issues”, not “F-Droid FOSS Issues”. I’m not sure why anyone would read that and say “well what about the four freedoms?”. That’s not what the article is talking about.
ultimately conclude that its premise is inherently flawed regardless of implementation details
In terms of security, which is true.
aside from a bizarre claim that F-Droid supporting multiple repositories is a Bad Thing because it interferes with, and I quote, “UserManager which can be used to prevent a user from installing third-party apps” - what does this have to do with privacy?
It doesn’t. It’s a security issue.
Just allow devs to upload their own build with their own keys like Accrescent. It’s not like the whole “audit” system is meaningful anyways.
It’s true, F-droid’s signature doesn’t provide any meaningful security guarantees.
They have an amazing reputation on open source. I think you’re conflating reputation on open source with reputation because of their willingness to understand & criticize issues with some other open source products. The issues with F-Droid’s security model have long been known & discussed by other prominent developers. It is why Obtanium has become increasingly popular. Heck, it is even mentioned on Privacy Guides. Their criticism towards Firefox is to my knowledge more specific to the Android security model & the reality is that Chromium provides significantly better sandboxing there. That isn’t an attack on Firefox itself but design choices or lack or commitment to the fundamentals, which Mozilla has routinely engaged in with Pocket, reselling Mullvad while breaking their browser support for tab container VPN integration if a user has Mullvad installed, their recent AI push, etc. But again they are specifically evaluating & criticizing the security or technical decisions in such instances. Likewise, it is fair to hate on Manifestat v3 used in newer Chrome extensions because not all the v2 features were supported out of the box, but there is no question that the security model in Manifest v2 was significantly worse & would be very easy for a malicious developer to have intercepted & logged all the requests. Manifest v3 solves that & they have uBlock Origin Lite now. I hope to see further improvements in this area. But criticizing the decisions of an open source project, especially as it pertains to security, does not make them anti-open source.
What Google has been doing to Android the past few years puts the future of Graphene in jeopardy. Especially with closing off third-party access to the binary blobs needed to enable newer Pixel hardware.
Is it possible to try Graphene out, like dual booting on PCs? Without throwing the existing Android setup away or bricking it?
Locked down platforms don’t have opt outs for the locks. Though it is a concerning move in the wrong direction.
What opt outs are you referring to? Installing an alternative OS?
Not sure if you’ve been following but the app lockdown does not prevent you from installing apps. You can opt out of the controls they are implementing. They backtracked after the outrage. The information on that website is not entirely correct.
They didn’t fully backtrack. They haven’t given details but there are still questions about what “advanced flow” means and whether it’ll involve Google spying on what people install. Even if they backed off the worst part of it, this is still monopolist, anti-consumer, and likely privacy-violating behavior, and the correct action isn’t to go “eh they compromise a little so I’ll shut up and eat my slop”
Was that supposed to refute what I said? Because it didn’t.
Yeah but theyre obviously gonna try again once everyone has move on
Did you actually read the link? They address this in a big red box:
Update: Google has not “backed down” from developer verification
Contrary to a vague mention of a possible “advanced flow” that may eventually allow “experienced users to accept the risks of installing software that isn’t verified”, Google’s description of the program continues to state plainly that:
Starting in September 2026, Android will require all apps to be registered by verified developers in order to be installed on certified Android devices
Until such time that they have shown evidence that it will be possible to bypass the verification process without undue friction, we must believe what is stated on their official page: that all apps from non-registered developers will be blocked once their lock-down goes into effect.
Not sure if you’ve been following but there’s no way to opt out. They did not backtrack on anything, despite widespread erroneous reporting. If you click the OP, it says as much. If you have a source that shows they did, please share it because I’d love to read it.
Here’s Google’s official blog where they back off from complete lockdown
Android Developers Blog: Android developer verification: Early access starts now as we continue to build with your feedback https://share.google/5jCv5uDMFcFnc11UN
that’s not backing down at all. they speak of a possible workflow, but they don’t say you’ll be able to install unverified apps. they still say they’ll require it, in fact.
Starting in September 2026, Android will require all apps to be registered by verified developers in order to be installed on certified Android devices
Did you actually read it? That’s not what it says at all.
Sure did. Did you?
"Empowering experienced users
While security is crucial, we’ve also heard from developers and power users who have a higher risk tolerance and want the ability to download unverified apps.
Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn’t verified. We are designing this flow specifically to resist coercion, ensuring that users aren’t tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands. We are gathering early feedback on the design of this feature now and will share more details in the coming months. "
As I said earlier, only a vague mention of an “advanced flow” that’s still in the works. Nothing saying they are no longer going to require distributors to register with Google, but it does say that they will require it on Google’s own website:
Starting in September 2026, Android will require all apps to be registered by verified developers in order to be installed on certified Android devices
Why you are spamming?
Do you know how to read? Do you know how to click links?
If you do you would see this in this page https://android-developers.googleblog.com/2025/08/elevating-android-security.html
Starting next year, Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices.
you can only do that if you use a custom ROM
but on official ROM, no you can’t
You are getting shit on in this thread, but all you are doing is showing what was said by the company. If they say sideloading is going to stay, then I would go with that until they don’t. I’m a find out before you freak out kind of person, but it seems there’s a lot of freak out and no find out here.
Heads firmly up asses all around, it’s like a discussion with MAGA.
No such “backing down” to speak of there
All Google has said is that “it’s not a sideloading restriction, but an ‘Accountability Layer.’ Advanced users will be able to’Install without verifying,’ but expect a high-friction flow designed to help users understand the risks.”
That quote comes from the director of product management from Google Play. It has not been altered or deleted since posted.
