Fifty-six organizations including the Electronic Frontier Foundation, Proton AG, and F-Droid published an open letter in February 2026 demanding Google immediately reverse its mandatory Android developer verification policy. Moreover, starting September 2026, ALL Android apps—even sideloaded ones—must be registered by verified developers to install on certified Android devices. The policy applies to every distribution channel: Play Store, alternative stores, direct downloads, and sideloading. Consequently, it forces anonymous open-source developers and privacy activists to submit government-verified personal identities, creating what privacy experts are calling surveillance infrastructure disguised as security.
Google Builds a Developer Surveillance Database
The policy creates a centralized database of every Android developer with government-verified identities—names, addresses, and government IDs. Proton AG, which serves over 100 million users, warned that “centralized identity databases represent high-value targets for state surveillance.” Therefore, that database becomes an obvious target for authoritarian governments hunting dissidents, intelligence agencies seeking developer information, and hackers looking for high-value breach targets.
Here’s the dark irony: developers creating privacy tools must now expose their identities to build those tools. Furthermore, activists working on internet freedom software in hostile countries must choose between abandoning their projects or making themselves vulnerable to state targeting. Whistleblowers, dissidents, and human rights workers building encrypted communication tools? They’re out. The open letter put it plainly: “This barrier to entry harms activists working on internet freedom in countries that unjustly criminalize that work and privacy-focused developers who avoid surveillance ecosystems.”
Android’s open-source model relied on anonymous and pseudonymous contributors. However, Google just killed that.
F-Droid Faces Existential Threat
F-Droid, the non-commercial repository distributing thousands of privacy-focused open-source apps, called the policy “structurally incompatible” with their model. Additionally, F-Droid issued a blunt statement: “F-Droid unequivocally advises against signing up for this program, now or ever.” F-Droid operates as a decentralized, community-driven repository that doesn’t collect developer identity data. Nevertheless, under Google’s mandatory Android developer registration, that model dies.
F-Droid’s statement cut through Google’s PR spin: “Direct installation of user-chosen software on personal devices is genuinely disappearing, not merely changing.” Indeed, alternative app stores now face permanent competitive disadvantages—forced to comply with Google’s fees, terms, and identity requirements despite not using Google’s infrastructure. Google is extending control, as the open letter noted, to channels “where it has no legitimate operational role.”
Killing F-Droid exposes Google’s real goal: total control over Android software distribution, even outside Google Play.
Every Distribution Channel Gets Gatekept
This isn’t about Play Store security. Specifically, the policy applies to ALL Android app distribution channels: Play Store, F-Droid, alternative stores, direct downloads, sideloading, enterprise distribution, and file transfers. Even apps distributed internally within companies, never touching public stores or Google infrastructure, must register with Google. Thus, there are no exceptions for non-commercial, educational, or purely private distribution.
Sideloading—the ability to install apps from any source—has been Android’s defining difference from iOS since 2008. Historically, that openness made Android the platform of choice for developers who needed freedom from corporate gatekeeping. Yet, Google is now killing that promise while simultaneously claiming to usher in “a new era for choice and openness.” The doublespeak is staggering.
Android is converging with iOS’s closed model, and Google expects developers to applaud.
Security Theater Doesn’t Justify Surveillance
Google frames this as improving security and preventing malware. However, the open letter demolished that justification: “Existing security mechanisms—OS-level features, sandboxing, permission systems, and developer certificates—have adequately protected users for the entire seventeen years of Android’s existence.” If sideloading represented a security crisis, we’d have 17 years of evidence proving it. We don’t. Android’s existing sandboxing and permissions already isolate apps effectively. Meanwhile, malware primarily spreads through the Play Store—which already has developer verification—not through sideloading.
The real goal here isn’t safety. Instead, it’s surveillance and control. Google is building a comprehensive registry of everyone creating Android software—a treasure trove for any government demanding access. The security benefits are questionable. The privacy costs are massive and permanent.
Timeline: Registration Open Now, Enforcement in Six Months
The registration portal opened in March 2026. Subsequently, hard enforcement begins in September 2026 in Brazil, Indonesia, Singapore, and Thailand, with global rollout continuing through 2027 and beyond. Apps from unverified developers will be blocked from installation on certified Android devices after the deadline. Developers face a $25 one-time fee and must provide legal names, addresses, emails, and government-issued identification.
This isn’t hypothetical—it’s happening right now. Developers have six months to comply or be shut out of billions of Android users. Ultimately, Google is betting that developers will quietly comply rather than fight, abandoning Android’s open-source roots without a sustained revolt.
The 56 organizations that signed the open letter—spanning 19 countries and including major players like the EFF, Free Software Foundation Europe, Tor Project, AdGuard, Brave, and Nextcloud—are demanding Google immediately rescind mandatory registration for third-party distribution. Whether Google listens or doubles down will determine whether Android remains an open platform or becomes just another walled garden with better marketing.
