I really don't see how Google will make Samsung and the big Chinese Android phone manufacturers (Xiaomi, OnePlus, ...) put this crap on their own custom Android distributions, especially because all these guys know that if they do it will have a very severe cost -- Besides Play and the Galaxy Store F-Droid is probably the third most popular distribution channel for Android apps on Galaxy devices, for example.
So I do think the only people who will be really affected by this are those running Google's own Pixel devices which are entirely locked into the Play ecosystem. The rest not so much.
Google is used to put their shit into the Google Play Store contract they have with manufacturers.
Samsung, XiaoMi and OnePlus will let this pass because that will be that or losing access to Play Store. Oh and also they frankly don’t care at all because 99% of people will not know.
Android distribution are already incredibly shitty and most people are used since the 90s to have their computers and now their phones full of junk software. The average smartphone is not that different from the average windows XP/Vista PC of the 2000 era, with crapware everywhere, apps that are doing a lot of malicious things without the user even knowing (or frankly, caring).
For you and me it’s something unacceptable, but for most people it’s just the nth layer of enshitification.
> But you can still install whatever you want over ADB...
...if you wait 24 hours.
And also thanks to the new Google Play attestation API a lot of apps won't even work on alternative Android OS'es. But that's all needed in the name of security. Never mind if your Samsung Galaxy phone is EOL and hasn't been receiving updates for 4 years anymore. It still works with the attestation API. But the fully updated GrapheneOS phone is a real security hazard apparently, so it won't work with it.
So no, you can't just run everything you want via side-loading. It's pretty obvious Google is making a power play to curb down on everything that isn't going via Google Play.
Ok, that's some good news. Still leaves the attestation API though. Which makes using a non-Google sanctioned device a non-viable option. Also don't forget that the source code for Android is now, since 2026, only released twice a year (i.e. every 6 months).
So overall it's quite clear which direction Google is moving in. They are clamping down on the ecosystem.
PCI-DSS (enforced by banks/payment processors) means the EMV token store on your Android phone must be in an isolated uncompromised location (usually the TEE).
If your phone is rooted or has an unlocked bootloader then it's possible that trusted store is no longer secure or can be snooped on by a third party. Given Google Wallet/Pay handles EMV tokens and stores them on the phone, it has to pass PCI-DSS before banks will allow it.
This is the biggest reason why Google tries as much as possible to block Google Pay on rooted/unlocked devices. If a device fails compliance (a rooted phone certainly does), as far as banks are concerned it's not safe.
But people just find it easier to say "Google is Evil".
You also have the EUs Payment Services Directive (so a law) which require strong customer authentication, rooted devices can also fail up here. If anyone else than the user is able to unlock the screen (and thus authenticate a payment), you've failed the Payment Services Directive.
reply