Disguising itself as the innocuously-titled “Android Developer Verifier” (ADV) process, this trojan horse runs surreptitiously in the background as a system service with full root privileges, quietly awaiting an activation signal. The service cannot be blocked, disabled, or removed. Unlike a commonplace bit of malware, this extraordinary strain won’t be detected and neutralized by Play Protect (the malware scanning and remediation service that is installed on all Android Certified devices). In fact, Play Protect is itself the vector through which this virus is transmitted and installed.
[…]
As we discussed in “What We Talk About When We Talk About Sideloading”, beware the dangers of allowing the terminology of debate to be defined by those who don’t have your best interests at heart. Malware being synonymous with “software we don’t like” means that they can unilaterally dictate — driven either by business incentives or by being compelled by a sufficiently powerful government — what the malware-du-jour definition is to be.
For precedent, personal content filtering in the form of “ad blockers” has long since been banned from the Play Store, and they have even classified some instances as malware. How long before they designate all ad-blocking software as malware, block installation on all Android certified devices worldwide, and permanently designate all developers of this class of software as malware creators?



They say it cannot be removed, but my Canta screens suggest that it has been removed. Roll on September I guess.
Countdown is on.
You can definitely remove the APK, but it’ll just reinstall itself next time Play Store services do their thing. In addition, Google Play won’t allow installation of new apps without approval from the service, so removing it will block install via official GPlay.
The main ways to avoid it to my knowledge are to either go through the official ADB method (if you have official Google Play) or use a de-Googled phone and install via alternative stores eg Aurora / F-Droid.
Interesting, can you tell me more about the official ADB method? I’m using Canta in conjunction with Shizuku which is using wireless ADB debugging.
Google has simply officially said they won’t block ADB sideloading as part of the change, so it’s the same old ADB install method for unsigned APKs that devs use.
Shizuku uses ADB commands to install apps so it’s much of a muchness there - same thing. Though I speculate Google will start to block Shizuku installs (of the main Shizuku app) from the Gplay store in soonI’m sure due to ‘breech of T&Cs’ of some kind, but really to add more side-loading hurdles.
OK thanks for explaining. I’ll do a bit more reading now that I know how to ask the right questions! 👊🏼