NOW LET US – AI RAG SaaS Studio TP.HCM
NOW LET US
Digital Product Studio
Back to news
DEV-TOOLS...6 min read

A new Android malware from Google

Share
NOW LET US Article – A new Android malware from Google

Google is quietly deploying "Android Developer Verifier" (ADV) via Play Protect to billions of devices. Open-source advocates warn this program acts as a Trojan horse, giving Google absolute control over which apps are allowed to run on Android.

If you are running Android 8 or higher, a virus has been installed on your device and is silently awaiting remote activation. Over the past few months, devices around the world have been infected with this novel strain, with as many as 4 billion Android handsets and tablets estimated to have already been contaminated, meaning that around half of all humanity may be at risk from this threat.

Disguising itself as the innocuously-titled “Android Developer Verifier” (ADV) process, this trojan horse runs surreptitiously in the background as a system service with full root privileges, quietly awaiting an activation signal. The service cannot be blocked, disabled, or removed. Unlike a commonplace bit of malware, this extraordinary strain won’t be detected and neutralized by Play Protect (the malware scanning and remediation service that is installed on all Android Certified devices). In fact, Play Protect is itself the vector through which this virus is transmitted and installed.

That is because it is Google themselves who is propagating ADV. And once activated, this malevolent process has exactly one goal: to block you from running software by developers who haven’t been approved centrally by Google.

Threat masquerading as Protection

We first raised the alarm about the Android Developer Verification program last September (“F-Droid and Google’s Developer Registration Decree”) shortly after it was first announced. Google’s looming requirement that all Android developers register themselves centrally is rationalized as a solution to help stem the spread of malware. However it doesn’t actually feature any capabilities to prevent a malevolent actor from distributing malware in the first place; the only alleged benefit of ADV is that it may help slow the actions of an already-identified recidivist by requiring that they create (or buy) another account in order to continue distributing their malware with a new signing key.

For this fairly narrow threat vector of malware recidivism, a variety of considerably less draconian solutions have been proposed. Play Protect itself could be enhanced to scrutinize more closely those newly-installed apps that have elevated permissions or that were obtained through suspect channels, continuing with their recently touted advances in on-device security capabilities. Or a system of federated verifiers might be implemented (as proposed in “DCM: A Developers Certification Model for Mobile Ecosystems”, 2023) that would empower end-users to select their own trusted curators and authorities for ex-ante approval. Instead, Google has used this minor vector as a pretext to radically re-engineer the entire Android ecosystem by fiat, upending a 18 year tradition of open software development and positioning themselves as the world’s sole gatekeeper for which apps are permitted to exist.

What They Talk About When They Talk About Malware

Should a developer — contrary to our recommendation — elect to register themself with Google as a “verified” developer, they should expect to sign up for an account and pay a fee, surrender detailed personal information and upload government-issued identification, and then proceed to register the identifiers and signing keys for all the apps they intend to distribute (now or ever).

But the most diabolical stage is the compulsory agreement to the Android Developer Console Terms of Service. There are numerous causes for disquiet in this document, but the most concerning of all ought to be:

6.5 If You violate any of the Terms or if You distribute malware or other harmful applications, Google may terminate Your access to the ADC…

This reasonable-sounding clause begs the question: what exactly is meant by “malware”? No definition of the term is to be found anywhere in the document. With the absence of any formal definition, standard, or guideline, it implicitly states:

…and “malware” means

whatever we say it means.

As we discussed in “What We Talk About When We Talk About Sideloading”, beware the dangers of allowing the terminology of debate to be defined by those who don’t have your best interests at heart. Malware being synonymous with “software we don’t like” means that they can unilaterally dictate — driven either by business incentives or by being compelled by a sufficiently powerful government — what the malware-du-jour definition is to be.

For precedent, personal content filtering in the form of “ad blockers” has long since been banned from the Play Store, and they have even classified some instances as malware. How long before they designate all ad-blocking software as malware, block installation on all Android certified devices worldwide, and permanently designate all developers of this class of software as malware creators? Such a move would certainly be aligned with their commercial incentives as the global ad-tech monopolist, and would be completely in accordance with the language of their ADC Terms and Conditions.

Like a Lead Balloon

In terms of voluntary developer uptake, they recently claimed that “over 99% of [Play developers’] apps have been registered” suggests that ADV is somehow a popular and widely-accepted dictate. That couldn’t be further from the truth: those 99% of developers were auto-opted-in without their informed consent due to being already bound by their Play Store agreements.

In fact, hundreds of thousands of people have signed a petition opposing ADV. The Open Letter at keepandroidopen.org denouncing the program has been signed by over 70 organizations around the world, including the EFF, FSF, FSFE, ACLU, and the inestimable Forbrukerrådet. Any internet search, chatbot query, or social media poll will confirm that the opposition to this program is overwhelming and the condemnation is universal. 90% of viewers of the developer roundtable video where they attempt to defend the program registered a dislike of the spectacle, and even Google Gemini responds to inquiries about the popularity of the program with:

Aside from Google itself, finding full-throated, enthusiastic support for the mandatory Android Developer Verification program in the tech community is virtually impossible.

The backlash is overwhelmingly dominant—headlined by the “Keep Android Open” coalition of civil rights and open-source groups fiercely opposing the central registration requirement.

And yet their lockdown blitzkrieg proceeds apace. Legislators and regulators have thus far been unreceptive to the outcry. Our own position as a bastion of software freedom and respect for user rights and privacy is in extreme jeopardy. The F-Droid model of security and trust through open-source transparency is fundamentally at odds with the “trust me bro” security model of the closed-source commercial app stores. And while these two models have been able to co-exist for the past 16 years of F-Droid’s existence, it appears that Google intends to establish a regime where they alone have a monopoly on the definitions of “security” and “trust”.

What to Expect in the Days to Come

We do not yet know the exact failure mode to expect when the ADV activation is triggered on September 30. If you are one of the 580 million people living in Brazil, Indonesia, Singapore, or Thailand, know that these are the first four targets of the ADV lockdown according to their published timeline (global rollout is ominously predicted to then occur throughout “2027 and beyond”).

There are many things we don’t know about what to expect on September 30. Some common questions that we do not yet have the answer to, for those in the afflicted regions, are:

  • What will happen if I try to install or launch the F-Droid app?
  • What will happen to all the apps I’ve installed through F-Droid? Will they be disabled? Deleted?
  • If apps that I rely on are suddenly disappeared, what happens to the data they contain? Can I still retrieve it?
  • With all software installations and launches now being reported back
© 2026 Now Let Us. All rights reserved.

Source: Hacker News

Advertisement
Ad slot ready: 5887729102

More in this category

NOW LET US Related – CursorBench 3.1

dev-tools

CursorBench 3.1

CursorBench 3.1 introduces new coding tasks focused on codebase understanding, bugfinding, planning, and code review. The latest benchmark results show Fable 5 models leading the pack, while GPT-5.5 and Composer 2.5 offer impressive cost efficiency.

NOW LET US Related – Kimi K2.7 Code is generally available in GitHub Copilot

dev-tools

Kimi K2.7 Code is generally available in GitHub Copilot

Kimi K2.7 Code, the first open-weight model in GitHub Copilot, is now generally available, offering developers a lower-cost and highly flexible option for their coding workflows.

NOW LET US Related – Bring back crappy forums

dev-tools

Bring back crappy forums

A nostalgic look at the history of web forums, from Usenet to early CGI scripts, and why modern social media fails to replicate their unique sense of community.

NOW LET US Related – Global review confirms mRNA vaccines are safe, effective and full of promise

dev-tools

Global review confirms mRNA vaccines are safe, effective and full of promise

A comprehensive global review confirms that mRNA vaccines are safe, highly effective, and hold immense promise for treating other diseases like cancer and influenza.

NOW LET US Related – Opening up 'Zero-Knowledge Proof' technology to promote privacy in age assurance

dev-tools

Opening up 'Zero-Knowledge Proof' technology to promote privacy in age assurance

The open-sourcing of Zero-Knowledge Proof (ZKP) libraries will empower developers to build privacy-enhancing applications and digital ID solutions. This initiative supports the EU's age assurance efforts and fosters a more secure digital ecosystem.

NOW LET US Related – ZCode – Harness for GLM-5.2

dev-tools

ZCode – Harness for GLM-5.2

ZCode has officially launched as a powerful harness optimized for the GLM-5.2 model, making agentic coding faster and steadier. With flexible plans and multi-platform integration, ZCode is set to empower software engineers to push the boundaries of modern development.

EXPLORE TOPICS

Discover All Categories

Deep dive into the specific technology sectors that matter most to you.