Android 开发者验证：在开放与选择与安全之间取得平衡

Android 开发者验证：在开放与选择与安全之间取得平衡
Android developer verification: Balancing openness and choice with safety

原始链接: https://android-developers.googleblog.com/2026/03/android-developer-verification.html

谷歌正在通过一种新的“高级流程”来增强Android安全性，同时保持平台的开放性，该流程用于安装来自未经验证的开发者的应用程序。谷歌认识到一些用户愿意承担经过计算的风险，因此此功能允许侧载安装，但会主动防范日益猖獗的诈骗手段。这个过程并非简单的绕过。它需要启用开发者模式，确认用户没有受到胁迫，重启手机以切断远程访问，以及进行生物识别重新验证的24小时等待期。这种人为的阻力旨在扰乱诈骗犯，他们会迫使受害者禁用安全功能。与此同时，谷歌还为学生和爱好者提供免费的“有限分发帐户”，允许在最多20台设备上共享应用程序，无需身份验证或费用。高级流程和有限帐户都将于8月上线，在新的开发者验证要求完全实施之前，确保Android对所有人保持可访问性，同时优先考虑用户安全。

一篇最近的谷歌博客文章，关于安卓开发者验证，在Hacker News上引发了讨论。新系统旨在平衡开放性和用户安全，但为非应用商店安装的应用程序（即在Google Play商店之外安装的应用程序）引入了24小时的等待期。用户担心此延迟会严重影响依赖于在Play商店不可用的开源软件（OSS）的用户，实际上需要等待一天才能完全使用新手机。一些人将其比作令人沮丧的运营商解锁流程。虽然承认这项举措有益于阻止诈骗者，但评论员担心这会阻碍OSS的采用，并最终导致谷歌完全移除侧载功能。有人建议使用GrapheneOS和Lineage等替代方案，但随着安卓变得越来越封闭，它们的长期可行性受到质疑。甚至有人正在考虑切换到SailfishOS等替代操作系统，以避免谷歌日益增长的控制。

原文

Posted by Matthew Forsythe, Director Product Management, Android App Safety

Android proves you don't have to choose between an open ecosystem and a secure one. Since announcing updated verification requirements, we've worked with the community to ensure these protections are robust yet respectful of platform freedom. We've heard from power users that they want to take educated risks to install software from unverified developers. Today, we're sharing details on a new advanced flow that provides this option.

Advanced flow safeguards against coercion

Android is built on choice. That is why we’ve developed the advanced flow – an approach that allows power users to maintain the ability to sideload apps from unverified developers.

This flow is a one-time process for power users – but it was designed carefully to prevent those in the midst of a scam attempt from being coerced by high pressure tactics to install malicious software. In these scenarios, scammers exploit fear – using threats of financial ruin, legal trouble, or harm to a loved one – to create a sense of extreme urgency. They stay on the phone with victims, coaching them to bypass security warnings and disable security settings before the victim has a chance to think or seek help. According to a 2025 report from the Global Anti-Scam Alliance (GASA), 57% of surveyed adults experienced a scam in the past year, resulting in a global consumer loss of $442 billion. Because the consequences of these scams that use sophisticated social engineering tactics are so severe, we have carefully engineered the advanced flow to provide the critical time and space needed to break the cycle of coercion.

How the advanced flow works for users

Enable developer mode in system settings: Activating this is simple. This prevents accidental triggers or "one-tap" bypasses often used in high-pressure scams.

Confirm you aren't being coached: There is a quick check to make sure that no one is talking you into turning off your security. While power users know how to vet apps, scammers often pressure victims into disabling protections.

Restart your phone and reauthenticate: This cuts off any remote access or active phone calls a scammer might be using to watch what you’re doing.

Come back after the protective waiting period and verify: There is a one-time, one-day wait and then you can confirm that this is really you who’s making this change with our biometric authentication (fingerprint or face unlock) or device PIN. Scammers rely on manufactured urgency, so this breaks their spell and gives you time to think.

Install apps: Once you confirm you understand the risks, you’re all set to install apps from unverified developers, with the option of enabling for 7 days or indefinitely. For safety, you’ll still see a warning that the app is from an unverified developer, but you can just tap “Install Anyway.”

A secure Android for every developer

We know a "one size fits all" approach doesn't work for our diverse ecosystem. We want to ensure that identity verification isn't a barrier to entry, so we’re providing different paths to fit your specific needs.

In addition to the advanced flow we’re building free, limited distribution accounts for students and hobbyists. This allows you to share apps with a small group (up to 20 devices) without needing to provide a government-issued ID or pay a registration fee. This ensures Android remains an open platform for learning and experimentation while maintaining robust protections for the broader community.

Limited distribution accounts and advanced flow for users will be available in August before the new developer verification requirements take effect.

Visit our website for more details. We look forward to sharing more in the coming days and weeks.