Android’s defining advantage over iOS has always been openness. You could build an app, distribute it yourself, and never touch Google’s systems. That era is about to end unless the open-source community can force Google to back down.
Starting September 2026, any app installed on a certified Android device must be registered by a Google-verified developer. No registration, no installation. The verification demands government-issued identification, agreement to Google’s terms and conditions, and a $25 fee.
Developers who skip Google’s approval process will find their apps blocked, even when distributed entirely outside Google Play, through stores like F-Droid, the Amazon Appstore, or Samsung’s Galaxy Store.
Organizations, including the Electronic Frontier Foundation, the Free Software Foundation, F-Droid, Article 19, Fastmail, and Vivaldi, signed an open letter calling on Alphabet CEO Sundar Pichai, founders Larry Page and Sergey Brin, and app ecosystem chief Vijaya Kaza to kill the policy. Their message is simple: Google is reaching into distribution channels it doesn’t own, doesn’t operate, and has no legitimate authority over.
Reclaim Your Digital Freedom.
Get unfiltered coverage of surveillance, censorship, and the technology threatening your civil liberties.
“This extends Google’s gatekeeping authority beyond its own marketplace into distribution channels where it has no legitimate operational role,” the signatories argue. “Developers who choose not to use Google’s services should not be forced to register with, and submit to the judgement of, Google.”
Google announced the requirement in August 2025, framing it as a security measure against bad actors. “Starting next year, Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices,” the company said.
“This creates crucial accountability, making it much harder for malicious actors to quickly distribute another harmful app after we take the first one down.”
The program has been in preview since November 2025 and opens to all developers in March 2026. The September rollout adds Brazil, Indonesia, Singapore, and Thailand.
Google Play developers have faced similar verification requirements since 2023, so this primarily hits the alternative distribution ecosystem. Custom Android builds like GrapheneOS, LineageOS, and /e/OS are unaffected.
The letter doesn’t dismiss security concerns entirely. But it rejects the premise that government ID registration from Google is the solution. “While we do recognize the importance of platform security and user safety, the Android platform already includes multiple security mechanisms that do not require central registration,” the letter says. “Forcibly injecting an alien security model that runs counter to Android’s historic open nature threatens innovation, competition, privacy, and user freedom. We urge Google to withdraw this policy and work with the open-source and security communities on less restrictive alternatives.”
What the signatories are naming, specifically, is that this policy converts sideloading from a right into a privilege Google administers. Independent developers, researchers, academics, and open-source contributors with limited resources now face the same identity-verification demands as commercial app publishers. Their government IDs go into Google’s systems. Their apps go under Google’s opaque review process. Their ability to reach users becomes contingent on Google’s continued approval.
Google built its mobile dominance partly on the argument that Android was different: more open, less controlled, a genuine alternative to Apple’s walled garden. This policy narrows that difference considerably. And registration that runs through a single corporate gatekeeper is control, regardless of what it’s called.
