Android was built on a promise. You could pick up a computer, write some software, and put it in people’s hands — no permission required, no gatekeeper standing between you and your users. That promise made Android the most widely used operating system on the planet, running on roughly 3.9 billion active devices worldwide. It attracted hobbyists, researchers, privacy advocates, and open-source communities who believed in a genuinely open platform.
That promise is now officially on the clock.
Starting in September 2026, Google will require every Android developer — including those who never touch the Play Store, who distribute their apps directly from their own websites, who build free open-source tools for activists and journalists — to register centrally with Google. That registration requires your legal name, home address, phone number, email address, and in many cases, an official government-issued ID. There’s also a $25 fee.
No registration, no installation. Your app simply gets blocked.
What Google Is Actually Requiring
Google announced the program in August 2025, framing it as a security measure. The idea is that by tying every Android app to a verified human identity, bad actors who spread malware can be more easily shut down and prevented from reappearing.
On paper, it sounds reasonable. In practice, the scope of it is staggering.
The requirement applies across all Android distribution channels — not just the Play Store. Want to put your app on F-Droid? Register with Google. Publishing a direct APK download on your own website? Register with Google. Listing on Samsung’s Galaxy Store or the Amazon Appstore? Still Google. The verification process requires legal name, address, and email at minimum, and some developers will be asked to upload government ID. Organizations must also provide a D-U-N-S number, a proprietary business identifier managed by the private company Dun & Bradstreet.
The program entered early preview in November 2025. Enrollment opened to all developers in March 2026. Enforcement begins in September 2026, initially covering Brazil, Indonesia, Singapore, and Thailand — with a global expansion planned for 2027.
The Problem With “Just Register”
Google’s framing — “it’s just a simple, one-time registration process” — glosses over the deeper structural issue.
Until now, the distinction between Android and iOS was real and meaningful. Apple controls every app on every iPhone. If Apple doesn’t approve your software, it doesn’t exist on that platform. Android, by contrast, allowed sideloading: you could install software from anywhere, built by anyone, without asking Google’s permission. That wasn’t a bug. It was the point.
What this policy does is convert sideloading from a right into a privilege administered by Google. Every developer who wants their app to run on any certified Android device — regardless of whether they’ve ever had a relationship with Google — must now submit their identity to Google, pay Google’s fee, agree to Google’s terms and conditions, and register their applications with Google’s systems.
As a coalition of civil society groups put it in an open letter to Sundar Pichai: this “extends Google’s gatekeeping authority beyond its own marketplace into distribution channels where it has no legitimate operational role.”
Who This Really Hurts
There’s a particular irony in who bears the greatest burden from this policy.
Consider the privacy app ecosystem. Tools like NewPipe (a YouTube client that doesn’t track you), encrypted messaging apps, VPN clients, and anonymity tools exist precisely because their developers and users don’t want Google in the loop. These apps are often distributed through F-Droid specifically because it doesn’t require Google account integration, doesn’t harvest analytics, and doesn’t demand identity verification. The developers chose to stay outside Google’s orbit as a matter of principle.
Now Google wants their home address.
The same logic applies to apps built for journalists in authoritarian countries, tools for political dissidents, software designed to circumvent surveillance. Many of the people building these tools have very good reasons — personal safety among them — for not wanting to hand their government ID to a major American corporation with a documented history of complying with government data requests.
Beyond the privacy angle, there’s the sheer chilling effect on open-source development. F-Droid, which hosts hundreds of free and open-source apps, operates on a model fundamentally incompatible with Google’s requirement. F-Droid doesn’t collect developer identities — that’s a feature, not an oversight. Its security model relies on reproducible builds and community code review, not identity accountability. The platform cannot compel developers to register with Google, and cannot claim app identifiers on developers’ behalf without effectively hijacking their software.
F-Droid has been direct about the stakes: the Android Developer Verification program is, in their words, “a grievous breach of trust with the free and open-source community that helped propel Android to the dominant position it holds today.”
41 Organizations Say No
On February 24, 2026, an open letter addressed directly to Sundar Pichai, Larry Page, Sergey Brin, and Google’s general manager for app ecosystem trust was published at keepandroidopen.org. By February 26, it had 41 signatories. The list includes:
- Electronic Frontier Foundation (EFF)
- Free Software Foundation (FSF)
- F-Droid
- Article 19 (international freedom of expression organization)
- Proton AG (makers of ProtonMail and ProtonVPN)
- Fastmail
- Vivaldi
- AdGuard
- Software Freedom Conservancy
- Free Software Foundation Europe (FSFE)
These are not fringe actors. Proton AG’s products are specifically chosen by journalists, activists, and dissidents around the world because of their privacy posture. The EFF has spent decades fighting for digital rights in courts and legislatures. Their participation signals that this isn’t just a developer inconvenience — it’s a civil liberties issue.
The letter’s core argument: “While we do recognize the importance of platform security and user safety, the Android platform already includes multiple security mechanisms that do not require central registration. Forcibly injecting an alien security model that runs counter to Android’s historic open nature threatens innovation, competition, privacy, and user freedom.”
The letter was also copied to regulatory authorities and policymakers worldwide — a deliberate signal that the coalition is prepared to escalate to antitrust regulators if Google doesn’t respond.
Google’s Defense (And Its Holes)
Google has compared the verification process to “an ID check at the airport” — confirming who the developer is without reviewing the content of the app. The company maintains it will not review or approve apps, just verify identities.
There are two problems with this analogy.
First, airports don’t have the power to ban you from all flights everywhere if they disapprove of who you are. Google does. An unregistered developer’s app is blocked from installation on virtually every Android phone on the planet.
Second, Google has vaguely hinted at an “advanced flow” that might eventually allow experienced users to install unverified software — but has declined to commit to any specifics before the September 2026 enforcement date. The keepandroidopen.org coalition has noted that this uncertainty makes it impossible to assess whether any such workaround would be usable or merely theoretical. Until it’s demonstrated and vetted, they argue, it can’t be factored into planning.
Google has also offered a lighter-touch option for students and hobbyists: a free account type that allows distribution to a limited number of devices without government ID. Critics point out that this doesn’t help open-source developers trying to reach thousands of users, or privacy tool developers who have principled objections to identity registration regardless of the fee.
Is Android Still Open?
For years, Android’s openness was a genuine competitive differentiator. While Apple’s App Store was the only door into iOS, Android’s sideloading capability meant that alternative ecosystems — F-Droid, Aurora Store, direct distribution — could thrive alongside the Play Store. Developers who had ethical or practical objections to Google’s terms had an exit.
That exit is not being closed entirely — custom Android builds like GrapheneOS, LineageOS, and /e/OS are not affected by this policy, since they don’t rely on Google’s certified device ecosystem. But for the billions of people running standard Android on Samsung, Motorola, and other certified devices, the landscape is shifting. The alternative distribution ecosystem that was once a genuine alternative is now required to route its identity through Google.
As one analysis put it, this converts what was once a “polytheistic” Android ecosystem — many stores, many distribution channels, many gatekeepers — into something much closer to Apple’s single-gatekeeper model. The form is different. The effect is similar.
What Happens Next
The Keep Android Open movement is asking developers to refuse early sign-ups for the program and to make their objections known directly to Google. They’re asking users to install F-Droid on their Android devices, file regulatory complaints, and contact digital rights organizations. The keepandroidopen.org site includes a countdown banner, a change.org petition, and a template for contacting competition regulators in dozens of countries.
Google has not publicly responded to the open letter as of the time of writing.
The September 2026 deadline is real. The companies and organizations opposing this policy have until then to either change Google’s mind, create enough regulatory pressure to force a course correction, or build technical alternatives that make the requirement moot.
Android was supposed to be the open one. Whether it still is depends on what happens in the next six months.
Want to learn more or take action? Visit keepandroidopen.org and read the open letter at keepandroidopen.org/open-letter.
