Google is pushing ahead with its unpopular attempt at developer verification and has recently outlined why it's not so objectionable. Is verification desirable or just another way of tightening Google's grip on software distribution?

At this time when app stores are being declared illegal monopolies you might think that Google would be treading more carefully, but no. Instead of freeing things up it recently announced that a new developer verification program would be introduced that would require developers to register their identity with Google to prove that they are who they claim to be and only programs produced by verified developers would load and run on Android. 

To register you need to provide some sort of "official" or "government" id - details to be provided - and many already think that this is a step too far towards 1984. The overall reaction to the idea hasn't been good and Google has now tried to address some of the concerns. One of the biggest issue is sideloading, i.e. loading programs without using an app store:

"Does this mean sideloading is going away on Android?

Absolutely not. Sideloading is fundamental to Android and it is not going away. Our new developer identity requirements are designed to protect users and developers from bad actors, not to limit choice. We want to make sure that if you download an app, it’s truly from the developer it claims to be published from, regardless of where you get the app. Verified developers will have the same freedom to distribute their apps directly to users through sideloading or through any app store they prefer."

Well yes and no. According to F-Droid, the alternative app store: 

"The F-Droid project cannot require that developers register their apps through Google, but at the same time, we cannot “take over” the application identifiers for the open-source apps we distribute, as that would effectively seize exclusive distribution rights to those applications."

The bottom line being that the F-Droid store will most likely have to close.

The issue is made more complicated by the fact that every verified developer has to use a unique application identifier and so there cannot be multiple versions of the same program available from different sources under different verifications. This is a much more direct problem for anyone running an Android course as this generally involves allowing multiple students to work with multiple copies of the same program - which is going to be difficult to impossible. Google's solution is:

"We recommend you register. It's a simple, one-time process that will allow anyone to download and install your app. However, if you prefer not to, we are also introducing a free developer account type that will allow teachers, students, and hobbyists to distribute apps to a limited number of devices without needing to provide a government ID."

How they decide if you are teacher, student or hobbyist isn't specified, but you can be sure it will be an interesting process because if it isn't it represents a big loophole in the whole scheme of things. 

One of the things that has been worrying me in particular is how it will effect Android Studio - the IDE I love to hate. It seems that the whole verification scheme is null and void if the phone is hooked up via the adb Android debugging link:

"You will continue to be able to build and run an app even if your identity is not verified. Android Studio is unaffected  because deployments performed with adb, which Android Studio uses behind the scenes to push builds to devices, is unaffected. You can continue to develop, debug, and test your app locally by deploying to both emulators and physical devices, just as you do now."

but:

"If your team’s current test process relies on distributing APKs to testers for installation using methods other than adb, you will need to verify your identity and register the package. "

Finally there is the issue of how they are going to check verification status. I cannot believe that it will be an offline process. So this now raises the issue of what happens when the user downloads a program then goes offline. Clearly there is potential to generate customer annoyance. 

I can do no better than leave the last word to the F-Droid blog:

"By tying application identifiers to personal ID checks and fees, Google is building a choke point that restricts competition and limits user freedom. It must find a solution which preserves user rights, freedom of choice, and a healthy, competitive ecosystem."

I hope the regulators are smart enough to understand that this isn't just about user safety - its a Trojan horse that strengthens Google's grip on the ecosystem. Given that Google is busy appealing to the Supreme Court the decision that it has to open up its app store, this could be seen as preparing for the worst.

If they open up the play store but then introduce developer identification have the opened up the play store?

More Information

Let's talk security: Answering your top questions about Android developer verification

F-Droid and Google's Developer Registration Decree

Related Articles

Google Demands Dev Identity For All Android Apps

Court Rejects Google's Appeal - An Epic Win

Jury Decides Play Store Is A Monopoly

Epic Games V Apple & Google - Smash The App Stores

Google To Pay $90 Million To Devs - But It's Not Enough

Google Matches Apple's App Store Cut

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info