Edit (2025-11-01): add a few pages for further reading, and changed instances of the word "sideloading", as F-Droid has pointed out that it is a loaded word.
I used to daily-drive an Android phone (I have since moved on, but not because of this incident). When I started caring more about privacy and free software, I was daily-driving Android:
As you can see, a lot of my (and presumably others') Android-based workflow involves what people would consider "sideloading", installing apps that are not distributed within Google's walled garden.
Unfortunately, that seems to be over now.
Android Developer Verification | Android Developers:
Starting in September 2026, Android will require all apps to be registered by verified developers in order to be installed on certified Android devices.
Basically, starting in September 2026 if you live in Brazil, Indonesia, Singapore, or Thailand, and at an unspecified time in 2027 "and beyond" everywhere else, you will no longer be able to install your own applications on phones with Google "Play" Services unless Google "verified" those developers.
In their announcement blog post, they make statements like "Android has proven that you can [be both open and secure]", and that ID verification is somehow "a new layer of security for certified Android devices".
This is not for security. If Google wanted to make Android more secure, they would implement strong app sandboxing with a strong permission system and strong anti-malware system. They would then require all new apps to be highly restricted by default, with the *option of opting the app out*. Instead of doing that, Google has decided to gag developers for their ID if they want people to be able to install apps on their new phone.
In the post, they mention (in bold) that their "recent analysis" (which they do not link to and is likely not public) claims to have found "over 50 times more malware" from non-vendor approved sources than distributed through them. Google doesn't mention how many other apps are out there. This statistic wouldn't mean anything if there were 50 times as many apps from "internet-sideloaded sources" out there. Google is probably looking for a statistic to impress and convince people that handing them your ID will actually do something. As far as I know, this statistic isn't even accurate, since there isn't a source for it.
Later in that blog post, they claim that gagging-for-ID will create "crucial accountability", liking it to an ID check at an airport; "[Google] will be confirming who the developer is, not reviewing the content of their app or where it came from". This is a fairly bad analogy; ID checks (and airport security in general), at least in the US, can be easily avoided. Even besides that, Google admits that they're not reviewing the app itself, just the person.
Throughout, they claim that ID-gagging will allow Android to "be open and secure", and that this will somehow still allow Android developers to "have the same freedom to distribute apps directly to users through sideloading or to use any app store they prefer". That may be true, but in a hollow sense. Sure, they have the freedom to distribute their app however they want, but only if they bow down to Google.
This situation has startling similarities to the parody piece "Right-to-Repair Wins!" by Jason Self, especially at the end: "The people have been empowered to choose, and their choice doesn't matter". Developers have the power to choose how they distribute their apps, as long as Google approves and (therefore) gatekeeps. That is, inherently, a restriction on freedom-to-distribute.
The "security" argument would be a lot better if Google wasn't letting in malware onto their own platform (this post came just four days before Google's announcement of their ID-gagging system):
"Android Document Readers and Deception: Tracking the Latest Updates to Anatsa"
In both the dedicated page, the announcement post, and their slide deck, Google does not mention a way for an end user to get around this. Worse-case, real app installing (that Google doesn't mediate) is de-facto banned. Even if Google will add an option for a user to turn the "developer verification" off, I do not trust Google enough for them to keep that option.
This new restriction only applies to phones with Google "Play" Services, so users of custom Android ROMs, such as LineageOS, GrapheneOS, or Replicant, are fine. Unfortunately, this still affects everyone who, for one reason or another (permanently locked bootloader, requiring GMS for some reason, etc.), is stuck with the stock operating systems on their devices.
Because of this, and other attacks by Google, I can no longer recommend any distribution of Android as a safe and reliable platform for a free software activist or an ethicist. I can't recommend iOS for the exact same reasons, just more exaggerated.
"Android 15 cracks down on sideloaded [sic] apps even harder to protect users"
That leaves the remaining options at phones that run GNU/Linux, and they aren't that good. Here are all the GNU/Linux-first options that I know of:
"GTK 4.18, the PinePhone and Megapixels"
Post announcing the discontinuation of the PinePhone Pro
You also have the option to get an Android-based device and run, for example, Ubuntu Touch or postmarketOS. You would still have to deal with Android stuff, but it could be another option, depending on the device you get.
If you're fine with Android, despite all this, I'd suggest getting a modern Pixel (7, preferably 8 series or newer), flashing GrapheneOS until they drop support, then going to LineageOS and hoping for the best, assuming your device will last that long. The problem with being on Android, even derivatives, is that you're at the mercy of Google, and Google can't be trusted.
One of the best alternatives might be getting a mobile hotspot and a laptop, tablet, or cyberdeck. You can run GNU/Linux on the device, and connect to the hotspot when you need network access on the go. If you need to communicate via SMS or traditional phone-number based calls, you could get a VoIP number or a burner phone, potentially even, e.g. redirecting those messages to an XMPP or IRC account.
Another great alternative is to forego another device entirely. If you need internet access, public Wi-Fi while using Tor is probably suitable. If you desperately need to, for example, make a phone call, and VoIP isn't suitable, you can always borrow someone else's device.
Just remember that, whatever option you choose, those communities are very nice and can help guide you, regardless of your skill level. We'll help you gain more control of your device. We're ready to bring you in.
"F-Droid and Google's Developer Registration Decree"
"What We Talk About When We Talk About Sideloading"
This post on linux@lemmy.ml [sic]
[1]: Note that this was before I heard of the internet permission that can be revoked via ADB, although that seems like more work than a firewall. As far as I can tell, you do "pm revoke <app_id> android.permission.INTERNET" in "adb shell". GrapheneOS exposes the permission directly in Settings as a normal permission, which Android doesn't do, for some reason (we all know the reason; so it's very difficult to make apps not surveil and phone home).