Petition to stop Google from restricting sideloading and FOSS apps
108 comments
·August 28, 2025JumpCrisscross
These online petitions are worse than useless. They don’t do anything because they fail to communicate either conviction to a cause or the relevance of the signers. And they may take someone who would otherwise do something useful, like call their elected or participate in public comment, and make them complacent.
An open letter from the lead developers and decision makers of top-rated apps in the Play Store would be useful. But that takes work, unlike an online petition.
david_allison
Hi, developer of a top-rated app in the Play Store [AnkiDroid].
What do I need to do to make a difference, and how much time will this take?
[My elected officials listen, what's the path? Legislation?]
JumpCrisscross
> What do I need to do to make a difference, and how much time will this take?
EU or US?
> what's the path? Legislation?
Send them a letter explaining why this is bad for you. Keep it strictly factual and ideally concise. Copy Google’s legal [1] and any relevant digital or markets regulators. (If in the US, don’t forget your state regulators.)
Wait two weeks and then call the elected. Make sure they’re aware, and talk through your options. Send a letter thanking them for the call, incorporating any new information and actions they said they would take, and copy all of the previous parties again.
More work: reach out to other top developers and organise an open letter. This will be hard because everyone wants to include their pet issue and everyone will fight over scope and language.
monegator
what about EU? ChatControl has a website, but I am having trouble finding out who the hell to contact for the requirement for google play integrity in our goverment apps (which was recently changed from requiring hardware integrity, as graphene can only do the latter.), both national and comunitary, and whoever is in charge of the repositories is not responding to the tens of issues opened for it.
Now there's also this new requirement, and it's shocking the EU hasn't responded yet. Weren't we supposed to make ourselves more independent from US technology? But i wouldn't be surprised someone would be lobbying on google's behalf to convince the politicians that "trust me bro, google play is more secure"
benoau
In the US, perhaps try complaining to the lawyers on the DOJ antitrust case as they've been considering splitting Android off from Google.
dmix
They are placebos to make people feel better. https://en.wikipedia.org/wiki/Slacktivism
null
sorrythanks
There's also a form here for direct feedback on this topic to Google that may or may not be worth filling out:
https://docs.google.com/forms/d/e/1FAIpQLSfN3UQeNspQsZCO2ITk...
janice1999
Petitioning EU lawmakers would be better. American control of European data is already a bit issue at the moment in the face of US threats over Digital taxes and Microsoft being used to punish ICJ members.
graemep
EU (and the rest of Europe) are more concerned with controlling their own populations than keeping their data safe from the US. They are very much pro-big business dominance on the internet BECAUSE it makes it easier for them to regulate.
A lot of governments want to use American AI systems to run things to cut costs.
jeroenhd
Honestly, I'll be surprised if this plan doesn't break the DMA/DSA already.
Someone will need to collect the necessary resources to bring the fight to the courts, though.
gjsman-1000
The EU is almost ready to sign off on Apple's DMA compliance as sufficient, despite sideloading being similarly restricted, and despite 15-20% commissions remaining. The DMA was never written to allow completely anonymous sideloading, or even commission-free sideloading, another law is needed for that.
https://www.reuters.com/sustainability/boards-policy-regulat...
_joel
Wasn't this fairly successful at rasing the profile of the issue? https://www.stopkillinggames.com/
JumpCrisscross
Yes. Not a rando online petition: “we have succesfully escalated complaints on this problem to consumer agencies in France, Germany, and Australia, and have brought forth petitions for new law on this problem to various countries.”
Petitions from verified voters are powerful. Triply so if done in person, because the infrastructure that can collect signatures in person can also e.g. back a primary challenge or plebiscite.
ferociouskite56
How to plebiscite in 25 states https://ballotpedia.org/Initiated_state_statute
immibis
Has legislation been created as a result of that awareness?
And the vast majority of their awareness actually came from a failed counter-campaign by the opposition.
rep_lodsb
[delayed]
egorfine
Please bear in mind that Google was perfectly aware how much negative feedback they will receive from developers and they are completely and fully prepared for it. In other words, this decision was made with full awareness that developers and "screeching voices of minority" won't like it.
jerf
They can still miscalculate the intensity of the backlash or the willingness of people to do something about it. Many such stories. "The enemy has a plan so let's do nothing" is a great way to get consistently rolled in the world. As the saying goes, everyone has a plan until they are punched in the face; dishing out the occasional (and in this case fully metaphorical) punch in the face is not a hopeless endeavor.
(I agree with some other threads that merely signing a random petition is not a punch to the face. That's just whining. Systematic and organized, perhaps, but just whining.)
kotaKat
Yep. In the announcement, they already got full green light approval from various governments basically saying this was a great idea and the clear path ahead.
> …with Indonesia’s Ministry of Communications and Digital Affairs praising it for providing a “balanced approach” that protects users while keeping Android open.
> …Thailand’s Ministry of Digital Economy and Society sees it as a “positive and proactive measure” that aligns with their national digital safety policies.
> In Brazil, the Brazilian Federation of Banks (FEBRABAN) sees it as a “significant advancement in protecting users and encouraging accountability.”
AnonymousPlanet
The nerds are the ones who pave the way for technology, enabling people around them to adapt more easily to it. They find new paths into the undiscovered land that then get either shut down or commercially exploited. Companies like Google have piggybacked on this volunteer work.
I have the feeling that these companies don't need nerds anymore. Who needs pioneers if everything is paved and regulated?
weirdpickles
[dead]
SiempreViernes
Do you have evidence that they have accurate estimates of the potential for backlash? It is not that uncommon that people in power take decisions without thinking them though properly
egorfine
I've got no evidence that they have an estimation of the volume or scale of the feedback.
But I reckon we can all make an educated guess that they did anticipate negative feedback.
tliltocatl
You might be right, but didn't same thing applied to Web Environment Integrity stuff, that they ended up stepping back on (for how short of a time stretch is another story)?
egorfine
First, web environment integrity was about the web as a whole, not about something that is completely owned and under their control. Second, they will not stop trying. It was not their first approach and it won't be the last.
So, I believe that if they decided this is the path they want to take - they will find one way or another. It's not that resistance is futile (it's not!) but I believe that petitions are not a good tool for the case.
j4hdufd8
[dead]
JumpCrisscross
> delegitimize developer criticism before addressing its substance. This attacks the critics rather than engaging with their actual concerns
It’s a petition, not a debate. Who is speaking is absolutely relevant. Tens of thousands of tiny developers with a few million collective users aren’t relevant to Google.
> Appeal to Corporate Omniscience
This is not a logical fallacy. You may be thinking of appeal to improper authority. But in that case the criticism is that we don’t know Google anticipated this. Not what you wrote, which is technically ad hominem, since you conclude adversely based on Google being a corporation.
> ignores the possibility that feedback could be legitimate even if anticipated
No, it does not. It says such a petition brings no new information to the decision makers at Google. If Google (note: this is OP’s hypothesis, not a fact) anticipated small developers complaining. Small developers are complaining. That doesn’t make the complaints wrong. But it would make them practically irrelevant.
j4hdufd8
I did not mention the petition. I am merely offering feedback on the grandparent's argument about Google's policy (which itself also does not mention the petition).
It is absolutely a debate. Why are you here if not to debate?
egorfine
> The phrase "screeching voices of minority" is a
https://www.howtogeek.com/746588/apple-discusses-screeching-...
egorfine
> Appeal to Corporate Omniscience - The argument assumes that because Google anticipated negative feedback, this somehow validates their decision or renders criticism invalid. A company expecting pushback doesn't automatically make their decision correct.
This argument is not present nor implied in my comment.
> Circular Reasoning - The logic is essentially: "Google knew people would complain, therefore the complaints don't matter because Google expected them." This doesn't address whether the complaints have merit.
My text did not comment or expressed any opinion whether the complaints have merit.
> False Dichotomy - It implies that developer feedback is either completely valid (and Google should have changed course) or completely invalid (because Google was "prepared" for it). This ignores the possibility that feedback could be legitimate even if anticipated.
My comment does not present this dichotomy as described by you.
j4hdufd8
Exactly, your comment is absolutely useless. It added nothing of logical value to this debate. All your arguments are logically invalid.
kotaKat
The easy thing to do is ignore an AI slop comment like that, because someone apparently couldn’t think for themselves and had to shove it into an arrogant little machine to come up with a response.
OgsyedIE
The above post listing fallacies is entirely AI-generated and is likely a sleeper agent account that has been woken up from a pattern of posting non-content to disguise inactivity to start astroturfing for Google.
The cost/benefit of doing such on Hn is high.
JumpCrisscross
> likely a sleeper agent account that has been woken up from a pattern of posting non-content to disguise inactivity to start astroturfing for Google
“Please don't post insinuations about astroturfing, shilling, brigading, foreign agents, and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email hn@ycombinator.com and we'll look at the data.”
goda90
I think the biggest impact we can have, besides getting government regulation involved, is building the market share of an alternative.
rchaud
Yes. A decision like this creates the impetus to move to alternatives like Jolla OS that have an Android-compatible layer.
20 years in, the so-called "smartphone" duopoly have jointly converged towards a "dumb terminal" strategy, where almost nothing can be done without cloud-based authentication from a centralized third party. And this was the case prior to the AI horse manure they're baking into the OS.
I use the Fossify forks of Simple Mobile Tools apps (Gallery, File Manager, Calculator) because these can be installed via APK files and just be left alone. My Google Calculator app on the other hand seems to want to download new updates every single month.
elric
That, and staying away from anything that funnels money to Google.
null
hofrogs
By utilizing anti-user language like "sideloading" you are already submitting to their desire to own all hardware.
null
spacebacon
Build for the web. App stores are overrated. They will continue to make the same mistakes until they are irrelevant. Eventually.
layer8
With apps on the web you are inherently dependent on the respective web site operating. Local software provides more independence for users (in addition to certain UX benefits).
nicce
It is a social problem which is hard to reverse.
People use app stores because they are used for artificially worsened web pages. They are used to find apps with similar properties from app store.
And Google search is artificially so bad that they won’t even try it to find some apps. And most won’t use other search engines.
cosmic_cheese
It’s not purely social. A lot of web apps are legitimately poor, probably because the web has become the go-to platform for those looking to cut costs, who aren’t willing to pay for quality talent. This why there’s such a gulf between VS Code (not technically a web app, but built with web tech) and MS Teams for example: the former has had no expenses spared to woo devs and give MS legitimacy in software dev while the latter only needs to technically function since its audience is captive, so quality can be an afterthought.
So really, people need to start rejecting poor quality or poorly performing web apps. The collective bar for “good enough” is far too low, and so cheapskates will continue to churn out garbage.
sanex
How would this work with say my syncthing fork or DJI fly? Web doesn't really work here.
jeroenhd
Re DJI Fly: a combination of WebBluetooth, WebRTC, the normal location API, offline web pages (through managed caches), regular browser video features, and a bunch of other web technologies.
Re SyncThing: there's the File System Access API. You can ask the user for a folder and then operate on the files and directories inside it. Also from a locally cached offline copy, of course. Serviceworkers are there to run in the background, though I'm not 100% sure if the FS API and service workers can be combined to be honest.
It'll need as much effort or maybe even more to port it to the web as it has taken to develop the Android app, but it's almost definitely possible, at least on Chrome.
As part of Google's attempt to break free from the iOS app store, they accidentally invented an alternative to their own draconic measures.
cosmic_cheese
FS API is Chrome only though, and a lot of people use Firefox for Android for access to real uBO since Chrome for Android conveniently never gained support for extensions.
guidopallemans
First they came for the hardware, and I did not speak out —
Because I was not a hardware developer.
Because I was not an app developer.
Because I was not a web developer.
bagol
I just realized how powerless we are. The situation is almost unavoidable. Majority people will just accept this. They are unaware how restricted they are, thus they don't care.
gooob
are there enough devs to make "non-certified" phones? also i wonder if you'll be able to disable the verification check similar to bootloader unlocking.
rchaud
Non-certified phones won't be sold in Western markets. This whole scheme has one goal only, and that's to snuff out DRM-unfriendly third party apps like alternative Youtube clients, videogame emulators and P2P file sharing apps.
ulrikrasmussen
I thought the Digital Markets Act in the EU would make it illegal for Apple and Google to prevent people from sideloading apps. Is there some kind of loophole that allows Google to do this anyway?
stockresearcher
The EU has lots of laws, including some that were made after the DMA. One of them is the CRA, which says that by the end of 2027 all app marketplaces are required to provide developer contact info to people who download software. If the contact info is fake or wrong, the app marketplace can face fines.
So the app marketplace should probably verify the contact info, right? Would you take on that kind of risk to protect the anonymity of some rando you’ve never met and will never give you any money? I wouldn’t.
cryptonym
I don't understand how side-loading would impact information marketplaces should provide. If it's side-loaded, that's no longer marketplace responsibility.
stockresearcher
Good catch. Yes, side-loading directly from the developer website isn’t going to trigger marketplace obligations. Those obligations still exist but are the responsibility of the developer directly.
c0wb0yc0d3r
From what I’ve read Google’s new process sounds much like Apple’s app notarization process. Apple is still in complete control the user just isn’t required to go through the App Store.
ulrikrasmussen
I am not an iOS user, so I wasn't aware of how it worked. In that case the DMA is completely worthless.
immibis
Isn't Apple already getting sued for having that process?
arnaudsm
It's too late. As a developer, I'm pulling all my Android apps away from the Play Store.
If Google is hostile to me an my users, I prefer to dedicate my volunteer time to respectful plateforms instead.
pjmlp
Hardly anything left, Apple and Microsoft have their own issues, Web is basically ChromeOS aka Google, and I still cannot buy GNU/Linux or BSD laptops at the local computer store.
olejorgenb
Which platform though?
gooob
just making sure you understand the proposal correctly. you'd still be able to distribute the app through whatever means you want; the app just has to be signed with a key tied your identity that is verified by google, if trying to install on a "certified device" (which will be most devices).
i still disagree with the move. but it's not as bad as it could be. maybe there's a way to "unlock" a certified device (similar to unlocking the bootloader)?
vorpalhex
De-anonymization is being done for the same reason manifest v3 was - to help their youtube revenue.
zokier
When I was back there in Seminary School
There was a person there
Who put forth the proposition
That you can petition the Lord with prayer
Petition the Lord with prayer
Petition the Lord with prayer
You cannot petition the Lord with prayer!
If you truly want to protect your rights then don't petition Google, but instead petition FTC and other antitrust agencies. Petitioning Google just establishes that they have a choice here.
Chinjut
I agree, but under the current administration, the FTC isn't going to do anything to impede a megacorporation's profits. We're fucked, at least for the time being.
ferguess_k
Does Google ever care about petitions? Maybe stop using Google products is a better start.
As Google will allow only apps from verified developers to be installed on Android (previous discussion): https://news.ycombinator.com/item?id=45017028
A developer started a petition to stop Google from limiting app installation on Android devices unless developers provide personal identity documents.
Even though Google has not revoked similar controversial policies in the past, we do our best as much as we can. This change particularly threatens the freedom to build, share, and use software without giving away sensitive personal information. It affects independent developers, FOSS contributors, and even regular users who want to install apps outside of Google Play.
``Just imagine giving sensitive personal, government-issued ID to a corporation to install an app outside Google Play``
Let’s stand together to protect our freedom to create and use software without handing over personal information to a corporation. Every signature, share, and voice counts here
Support the petition here: https://chng.it/MsHzSXtJnw