From F-Droid to emulators, here's who's hit hardest by Android's new verification rules

Even though there’s not a lot of love for them, Android’s new sideloading rules are perhaps not as controversial as they first seem. Still, Google’s changes to app installs from outside its Play Store ecosystem mark a fundamental shift in how Android handles user software. If you’re not trusted by Google, you’re going to have a trickier time getting your app in front of potential users.

While plenty of Android users are happily immersed in Google’s protective shell and might never notice the changes, the repercussions will certainly be felt more heavily in some quarters — especially in communities and software tools that deliberately try to avoid Google’s ecosystem.

Third-party app stores

Popular alternative app store F-Droid has been one of the fiercest critics of Google’s changes to app installations, and with very good reason. Even if external stores want to comply with Google’s app verification program to keep installing their tools just as simple as they currently are, there’s no guarantee that developers who host their apps on these stores will want to jump through the same hoops. The issue is further complicated by store key signing, which means that the same app from different stores isn’t always identified as the same.

That undoubtedly adds a lot of friction. Do other stores require all their developers to also be verified via Google’s system, essentially making them little more than an extension of the Play Store? Do they choose to suffer users questioning why some apps will install easily, and others can only be installed via the new “advanced flow”? There’s no easy answer for these platforms.

This issue isn’t limited to F-Droid. Other stores such as Aptoide, Huawei AppGallery, Xiaomi Mi Store, and Samsung Galaxy Store could see friction for apps submitted by developers who aren’t part of Google’s new verification system. APK repositories like APKMirror and APKPure, which distribute raw APKs, will similarly be impacted, especially for developers unwilling to reveal personal verification information.

In practice, this means a user trying to install a smaller, independent app may need to follow a multi-step “advanced flow” or resort to ADB. As designed, this extra friction could dissuade users from installing apps outside Play Store-approved channels.

Retro emulators

There are many very good reasons to host apps outside the Play Store. For instance, Play Store submissions and updates have to go through a review process, which can take several days. That can be a significant annoyance if you’re building and testing cutting-edge app ideas in the public domain.

You also don’t have to be a villain to not want to submit personal information to become a verified developer. A developer might have perfectly legitimate personal, legal, or security reasons for not wanting to put their information in Google’s hands, and, by extension, in the public’s, law enforcement’s, or other agencies’.

Retro game emulators fit this bill particularly well because they’re often quickly evolving pieces of software, and developers are often wise to remain anonymous. Nintendo has been aggressively shutting down Nintendo Switch Emulators, for instance, and is notoriously keen to involve lawyers whenever it can. Hobbyist hackers who put emulators together don’t want the legal headaches (or even the extra paperwork).

But outside the legal grey area, developer builds of the Dolphin Emulator, PPSSPP, and many other platforms can only be found on external platforms like GitHub. If you’re keen to test out the very latest features or see if a non-stable build can fix a bug you’ve been having, you’ll have to step outside of the stable versions that are Play-compliant.

The good news is that some popular emulator tools, such as RetroArch, are large projects with significant developer support spanning multiple ecosystems, including the Play Store. These emulators are more likely to comply with Google’s new requirements, keeping the user installation experience as simple as it’s ever been. However, tools that are on the cutting edge of emulator development, especially for consoles with active game development and therefore a monetary base, will now almost certainly require users to either enable “sideloading” through the new “advanced flow” or push app installs via ADB. Users of cutting-edge builds may also encounter more severe Play Protect warnings, which could discourage installation among less experienced users. While power users can navigate these hurdles, casual enthusiasts might find the process intimidating.

Encrypted messaging apps

I’m thankful to live somewhere safe enough not to have to worry too much about who reads my messages (though I am a Signal user, nevertheless), but not everyone is so lucky. Those living under occupation, in active warzones, or under the thumb of autocratic regimes have a much greater need to ensure that their messages are encrypted and secure.

The good news is that many popular chat and encrypted messaging apps (EMAs), such as Signal, have institutional backing and will presumably comply with verification. Still, many users download APKs of Signal or Telegram directly from official websites to bypass Play Store restrictions or regional blocks, which will soon mean extra work and Play Protect warnings that may make some users hesitant.

However, smaller privacy-focused messaging apps — particularly those aimed at users in high-risk regions — may not be verified. This means installing them will now involve either the “advanced flow” or resorting to ADB. For users in regions with limited Play Store access, this adds friction at the worst possible point.

Modding tools and rooting

Rooting and modding Android might not be as popular as it once was, but there’s still a healthy ecosystem of third-party tools that let you gain full OS and app freedom on your modern smartphone. All of which rely on installation from outside Google’s ecosystem. However, these often part-time, hobbyist developers aren’t necessarily going to want to comply with Google’s verification program, especially as they’re often trying to break out of Google’s confines.

Hobbyist developers with large user bases (well above Google’s “20-user exemption”) will be disproportionately affected, since their apps fall outside the lightweight verification exemption. For example, will the developers of Magisk, Shizuku, or LSPosed want the hassle of verifying their identities with Google? If not, using these tools falls into that new “advanced flow.” ReVanced Manager, or any similarly controversial ideas that pop up, certainly won’t be putting developer details into the public domain, though Google perhaps isn’t so worried about the implications for such apps.

Of course, those into rooting and modding will not doubt already be familiar with Developer Options and ADB. For established modding communities, these changes are an inconvenience rather than a barrier. But for new users exploring rooting or app modification for the first time, the extra steps and warnings could feel intimidating, potentially slowing adoption and community growth.

Power-user apps and independent utilities

Not every app outside the Play Store is some hobbyist toy or mod. Some apps simply can’t or don’t want to live under Google’s rules, and they exist for very practical reasons — giving developers, privacy-focused users, and security enthusiasts tools that just wouldn’t survive on the Play Store.

One of the most prominent examples is Termux, which provides a full Linux environment on Android. Its Play Store version has been limited due to various Google policy changes, so most users now download APKs directly from GitHub or F-Droid. Likewise, Bromite (a privacy-focused Chromium fork), NewPipe (an ad-free YouTube client), and App Manager (an advanced app package and permission manager) all offer powerful tools you can’t find in Google’s official ecosystem.

Installing APKs from third-party sources isn’t just about modding or gaming. There’s a whole set of legitimate, technical, privacy-conscious tools that rely on it to exist. Google’s new rules might not stop them from working, but they’re another barrier to user discovery and installation.

Added friction, but not game-breaking

Read the fine print carefully, and Google’s new app-loading processes aren’t as invasive as they could have been. For many users, nothing will change. Even for users exploring apps outside Google’s walled garden, the process is usually a one-time setup with a few simple steps and a short wait, keeping the experience virtually the same as it is today.

However, for power users in particular, Google’s upcoming changes are likely to be frustrating, if only because they infringe on what many believe is their freedom to do whatever they want with the devices they own. I have plenty of sympathy for that point of view.

This new policy aims to strike a balance between protecting the less digitally savvy from potentially harmful apps and preserving the freedom of more technically inclined users. It does, however, raise the skill floor for the Android modding ecosystem, alternative stores, direct-download APKs, retro emulators, and privacy-focused messaging apps. Google’s new sideloading and verification requirements do not prevent us from installing the apps and tools we want, but the perceived difficulty will almost certainly slow the adoption of non-Play Store apps.