Google is making Android more like iOS by blocking "sideloading" of unverified apps starting next year. Jordan Bravo breaks down why "sideloading" is a psyop term designed to make normal software installation seem dangerous, how Google's new developer KYC requirements will kill freedom tech, and why this gradual "boiling of the frog" approach threatens projects like GrapheneOS. Plus a chilling reminder from former NSA/CIA director Michael Hayden: "We kill people based on metadata."

Chapters

• 00:00 Opening Quote: Satoshi KYC Example
• 00:41 Introduction and Show Sponsorship
• 01:59 Solo Episode Format and Holiday Week
• 02:47 Google Blocks Android Sideloading Starting 2026
• 03:12 "Sideloading" is a Psyop Term
• 04:24 Apple's Security vs Freedom Model
• 04:44 Google's New Developer KYC Requirements
• 06:28 Developer Identity Verification Requirements
• 07:14 Impact on Freedom Technologies - Satoshi Example
• 07:47 GrapheneOS and De-Googled Android Safe (For Now)
• 08:43 Android Source Code Becoming Closed
• 10:02 Hope for Future Mobile Operating Systems
• 10:51 Ladybird Browser as Example of Ground-Up Development
• 11:19 State of Mobile Linux
• 12:07 Email and Boost Support Information
• 12:34 Metadata Collection: Signal vs WhatsApp Comparison
• 13:23 Signal's Minimal Metadata Footprint
• 13:43 WhatsApp Uses Signal Protocol but Collects Metadata
• 15:11 What Metadata Can Reveal About You
• 15:34 Michael Hayden Quote: "We Kill People Based on Metadata"
• 16:38 Breaking Down the Hayden Quote
• 17:30 Importance of Minimizing Metadata Leakage
• 18:00 Fighting Back Against Surveillance State
• 18:24 Conclusion and Next Episode Preview

Links

• Jordan Bravo
• Stephen DeLorme
• Boost in on Fountain.FM
• Google Android Sideloading Policy Changes
• Michael Hayden 'We Kill People Based on Metadata' Video - Just Security

Transcript

SOV 021 Is Google Killing Android

Stephen D: [00:00:00] Think about all of the freedom technologies that would not be possible if every developer had to fully KYC themselves.

I mean, just imagine, Bitcoin's creator, Satoshi Nakamoto having to KYC himself to Google in order to distribute Bitcoin to the world. Right? It's, it's laughable. It's the antithesis of freedom technology and the cypher punk ethos of write code, let people download it, let them run it, and, you know, run it outside or parallel to the existing centrally controlled system.

Jordan Bravo: Welcome to the Sovereign Computing Show, presented by ATL BitLab. I'm Jordan Bravo, and this is a podcast where we teach you how to take back control of your devices. Sovereign Computing means you own your technology, not the other way around.

Stephen DeLorme: [00:01:00] This episode is sponsored by ATL BitLab. ATL BitLab is Atlanta's freedom tech hacker space. We have co working desks, conference rooms, event space, maker tools, and tons of coffee. There is a very active community here in the lab. Every Wednesday night is Bitcoin night here in Atlanta. We also have meetups for cyber security, artificial intelligence, decentralized identity, product design, and more.

We offer day passes and nomad passes for people who need to use the lab only occasionally, as well as memberships for people who plan to use the lab more regularly, such as myself. One of the best things about having a BitLab membership isn't the amenities, it's the people. Surrounding yourself with a community helps you learn faster and helps you build better.

Your creativity becomes amplified when you work in this space, that's what I think at least. If you're interested in becoming a member or supporting this space, please visit us at atlbitlab. com. That's A T L B I T L A B dot com. Alright, on to our show.

Stephen D: [00:02:00] Welcome to the Sovereign Computing Show. I'm Jordan Bravo, and today we have a little bit of a different show for you. first of all, I am solo, so Steven will not be joining us for this episode, and this is gonna be a little bit of a shorter episode. today was, or this week was a holiday week, and, I wanted to make sure we got something out rather than nothing.

So. this will not be the typical length episode, but I do have some interesting stuff to talk about. We're gonna take a look at a article that came out, and for those of you watching the video, I'm gonna put it up on the screen here. But of course, all the links will be in the show notes as well, so you can check those out.

Okay. The headline of this article is Google Will Block Side Loading of Unverified Android apps starting next year. Let's talk about this word side loading for a second. This [00:03:00] word is a psyop by, I wanna say apple, but just anybody who wants to control you and your apps and psyop you into thinking that it's somehow.

Abnormal to download an app from anywhere on the internet and install it yourself. So I think this goes back to Apple when they have the iPhone, they have the centrally controlled software distribution channel, which is the app store. So if you notice that you, you're on an iPhone, it's, you can't really, unless you jailbreak the phone and do stuff that kind of voids your warranty is not well supported.

You can't put applications on there that you didn't download from the app store. Now, if you do, if you, if you jailbreak your phone and you route it or whatever. And you just drag and drop or load something on there that is, that you downloaded from somewhere else. [00:04:00] That is called, they call that side loading.

And I think this term is confusing because really what you're just doing is you are. Downloading it from a different source, but they wanted to give it this special term because it, it makes you think you're doing something different or wrong, like you're breaking the rules. And they, apple goes with the security over freedom model.

Like if you have a spectrum of, security on one end and freedom on the other. Apple's all the way on the security side and with minimal freedom. Now, I would argue that they don't always have to be diametrically opposed. You can have some freedom and security as well. but let's just keep it simple for now.

So Google is gonna be shifting to be more like iOS on the iPhone and starting next year, they're not going to allow stock. Google Android users to [00:05:00] just si to quote unquote side load apps by, for example, if you were to download an a PK from a website, from GitHub or Foid or any of these alternative app stores that we talked about in previous episodes, they are going to make that.

More difficult, starting next year for stock Google, Android. And the way that they're gonna do that is they will start requiring any developer, uh, let me back up right now, if you wanna load an A PK on your Google Android phone, you can do that. You might get a warning about it, but it will allow you to do that.

Uh, and by that I mean. Putting an app on there, that's an A PK package, that's an Android package that you're not getting from the Google Play Store. So you might be getting it from another source such as Foid or Tanium, which you can pull directly from places like GitHub and GitLab to get it [00:06:00] directly from developers or code bases.

So. Right now you can do that with Google Android, but starting next year, you won't be able to, unless the developer Ky Cs themself and creates a, they have to create a Google account and basically they're developing it, to be the developer portal for Android will be through Google and all developers will have to.

Register with them and submit their identity verification, and then they'll have their signing keys so that even if you want to, if a developer wants to distribute an app outside of the app store, they will still have to sign themselves up for this Google program and, identify themselves. So this means that, You won't be able to install an app unless it has gone through the Google, Google controlled process, which involves the developers KYC themselves. So [00:07:00] again, this, this is gonna be more like Apple, but think about all of the freedom technologies that would not be possible if every developer had to fully KYC themselves.

I mean, just imagine. Sat, Bitcoin's creator, Satoshi Nakamoto having to KYC himself to Google in order to distribute Bitcoin to the world. Right? It's, it's laughable. It's The antithesis of freedom technology and the cypher punk ethos of write code. Let people download it, let them run it, and, you know, run it outside or parallel to the existing centrally controlled system.

So what's the good news of this? The good news is that this will not affect Degod versions of Android such as Graphos. calx Os is another one we've talked [00:08:00] about that will not be affected Lineage os. However, it is likely that Google will continue tightening the screws until it's impossible for developers to create and maintain these nongo versions of Android.

And I foresee that in time, Android will be closed, closed source in all, but name we saw earlier, a few months ago. earlier in 2025, we saw that Google started closing the source code of their releases on Android. So you can still get the, the, um, base source code is open, but we can no longer see the development process and getting those final binaries.

It has become opaque and so, uh, we've seen on Twitter. Developers of Graphos and other projects that create other versions of Android, they, they have stated that this has made it harder for them to develop because they're unable [00:09:00] to see the exact process by which Android is being developed at Google. So while each of these steps that Google's taking.

Is not, a hundred percent locking it down immediately. It is this slow, gradual boiling of the frog that is continuing to make Android more like iOS in terms of being completely locked down, and it will essentially be closed source because no one will be able to develop on top of it. Even though that technically might have some source code that's available for view viewing online, so I, I'm hopeful that the Freedom Loving development community, the people of Graphene os and these other versions of Android that are degod, I'm hoping that there are enough people out there in a high enough demand [00:10:00] that should something.

B uh, should Google take further action that prevents development of these other versions? Somebody will, I don't know if forking is the right word, but somebody will take either the base Android and just start developing on top of it without Google's involvement at all. Or maybe we'll see a completely from the ground up.

Mobile operating system written, that's open source and free. That's a, that's a big task, and I don't see that happening anytime soon. But however, I mean, on the other hand, look at Ladybird, the browser that's being built from scratch by first one developer, now a small handful on that team, not using any of the pre-existing code.

So it is possible, an an operating system, even a mobile operating system is a. It is a huge, huge project, but, it [00:11:00] is possible that one could be built from the ground up. And the other option is that we see further development of the mobile Linux, uh, operating system. Right now, the state of mobile Linux is such that most people are not gonna be able to use it as a daily driver just because it's.

It doesn't have a huge ecosystem of both hardware and software, so there's a long way to go on that. But reeling it all back in, I don't think Android is totally screwed today. We still have graphene os we still have, calx and lineage and. As it is right now. Graphing on the pixel is a very good mobile operating system with no spyware and completely free and open source.

So all in all, I, I think this is, this is not the end of the world. I just wanted to sound the alarm bells a little bit and please keep an eye out for that [00:12:00] in case, uh, Google takes any further measures to stop this in the future.

That's the end of that topic. But before I move on to the next item, uh, I want to remind everybody that you can boost in on Fountain FM or other podcasting 2.0 apps to the Sovereign Computing Show, and you can email us as well sovereign@atlbitlab.com. We will read your feedback and we will, uh, respond to it here on the show.

The next item I have for you is. Something that is from 2014, and you might wonder how is this relevant? Well, we talk a lot on the show about metadata and how we want to use apps, especially messaging and, and things that are. Use for communication that minimize the possibility of collection of metadata.

We talked [00:13:00] about how signal the, uh, private messenger, for example, has a very good metadata footprint because it's so small, they really can't see the, the signal servers cannot see anything about their users except for when the account was created. The, and the, the phone number with which it was created in the last.

Time that the user was online. So those are three pieces of metadata and compared to most other apps, that's really good. That's virtually nothing, uh, that you can tell about the user from that metadata. Uh, contrast that with WhatsApp. WhatsApp is a really good comparison because it uses the same.

Encryption protocol under the hood. It uses the signal protocol so that the contents of your messages on WhatsApp are end-to-end encrypted. So meta the owners of WhatsApp, they can't actually see your [00:14:00] content in theory if it's not leaked in other ways like backups. But let's just say in theory they can't see the content of your messages.

However, they sure can see the metadata. They, in fact, they rely on that metadata in order to be able to monetize WhatsApp and be able to, uh, collect user data and ads and generate ads for that targeted ads. So what is that metadata they're collecting? Well, it's, we, we don't know exactly because they.

Don't publish that information, but we can know based on other messaging apps and the kind of things that Facebook in general can collect. So you could think, um, your identity, the, the identity of your Facebook login, your real name, which you're probably using on Facebook, all of your photos. Your contact list, your contacts, names, email addresses, phone numbers, the time that [00:15:00] you talked, the length of your messages, the duration, the size, so they can really build up a great picture of who you're talking to.

They can see, um, any websites that you link in there, they can. Get your IP address so they know where you are roughly speaking, they can tell what, what, um, network you're on, if you're using your Verizon or at and t. So there's a lot of metadata that they can collect about you. And I want to share this clip from 2014.

This is a video clip of former director of NSA of the NSA and the CIA. And he's got this famous quote here. We kill people based on metadata. So I'm gonna let this clip play right now. It's a, it's 45 seconds.[00:16:00]

So in case you didn't catch that, you have Michael Hayden. That's the guy who says we kill people based on metadata. And who is the former director of the NSA and CIA. He's, he's saying, metadata tells us everything we need to do, we need to know in order to take action. he was. Referring to, somebody else had [00:17:00] quoted the former NSA general counsel, Stuart Baker, saying that quote, metadata absolutely tells you everything about somebody's life.

If you have enough metadata, you don't really need content, end quote. And so he's, he's referring to that and saying, we can, we don't need the content. We have enough with metadata. And then he makes a little cheeky joke. About how, oh, we're not ac we're not gonna do that with this metadata. And everybody laughs because it's so funny that we're all being surveilled.

Ha ha ha. But the reason I bring this up, I wanted to emphasize the importance of not leaking your data in general and metadata in particular. And so everything that we talk about on this show is it is. pulling in that direction. So, I'm proud to be helping everybody else out, and I'm proud to be going on this journey myself of minimizing my leakage of metadata and other data [00:18:00] in general.

And, it feels good to be giving the finger to people like this who think that. It's, um, not only do they kill people based on the metadata, but they just do blanket surveillance on all of us, guilty and innocent alike. And then on top of that, they laugh about it and think it's a, it is a big joke. So with that, I'm gonna leave you for today.

We will see you pretty soon. We're gonna have another episode coming out here in just a few days. And it'll be back to our regularly scheduled program. We'd love to hear from you if you boost in to the Sovereign Computing Show or email us sovereign@atlbitlab.com. We will read it and respond and, can't wait to hear some more of your feedback.

So thanks everybody, and we'll see you next time.

Stephen DeLorme: Hey, thanks for listening. I hope you enjoyed this episode. If you want to learn more about anything that we discussed, you can look for links in the show notes that should be in your podcast player, or [00:19:00] you can go to atlbitlab. com slash podcast. On a final note, if you found this information useful and you want to help support us, you can always send us a tip in Bitcoin.

Your support really helps us so that we can keep bringing you content like this. All right. Catch you later.