Sounds like it’s aimed at the app developers themselves who may not want their apps to be sideloaded rather than a blanket ban on sideloading in general as an option to enhance the protection against it being possible - if google wanted to prevent sideloading anything at all, it would be significantly easier for them than implementing checks like this.
Ultimately it seems like your feelings about it will depend on whether or not you believe an app developer has the right to determine how their software is used, or if once they’ve built and released it it belongs to the world to do what they want with it.
Yeah I don’t see this as an end to sideloading which really wouldn’t make sense considering Apple was forced by the EU earlier to allow sideloading on the Iphone. Google would have to leave it available for the EU market or face the same type of suite.
I think this is developers wanting to make sure they get the appropriate funds for their work. At least that is how I see it presented
To my knowledge, Aurora downloads the APKs directly from Google, through a nondescript account that isn’t linked to you in any way, thus, this likely means nothing for you.
The way I have understood it, the API will let the app to perform a series of checks on the device.
For example, it will check if Google Play Protect is enabled on the device or not. On a degoogled custom rom, this would fail and consequently the user wouldn’t be able to install/update the application.
Because Google added APIs to make it work and enforce it. The Play Store knows what you have installed via the store.
I don’t think it is blocking installation. I think the apps are checking and then refusing to run. That seems worse and quite a bit harder to circumvent.
Yeah - this isn’t “google are blocking sideloading” so much as it’s “developers can now opt to not allow their apps to be sideloaded”, which is a completely different proposition in the wider view.
Ultimately it boils down to if the developer of the app you used would rather restrict their app to only being available usefully from the play store or not - they are the people you need to engage with, not google.
Okay. How could the API know that I’ve downloaded and installed something through Aurora if Aurora’s anonymous accounts are actually just real accounts to Google services, connecting to Google’s servers, downloading the APK and then running it on the device? Unless some black magic happened, I don’t see how the API could notice anything different than what the Play Store already does itself. Perhaps the API would know that apps were downloaded through the official client or through a third-party client.
I am no Android developer, but it would be trivially simple - sign the APK with a license tied to the account that downloaded it from the play store.
Check if that license matches the account that’s on the device trying to run the app - no match, no run.
Unless Aurora also provisions your device with the credentials for the ‘anonymous’ account its using rather than just passing along the raw APK it would be very easy.
It doesn’t know that you “downloaded it via Aurora”. It only knows “It wasn’t installed via the Play Store” which is all that matters.
The API can simply ask, “Was this installed via the Play Store?”. Since the Play Store is tracking everything you do through it, this is straightforward.
The API could just check for the IMEI/MEID, IMSI, SIM, and build serial against its play store data base to see if those were downloaded / installed under permissive actions.