By the time this article is published, it will be 99 days until Google starts blocking unverified app developers.
Context
Starting in September 2026, users will no longer be able to download Android apps directly from developers’ websites or from F-Droid the way they can today. All developers will be required to undergo verification by Google, regardless of whether they distribute their products through Google Play or through alternative platforms. Otherwise, their apps will be blocked on all certified Android devices (and almost all devices outside China are certified), first in four countries and later worldwide. If it’s a new developer, users simply won’t be able to launch the app.
This looks like Google screwing over current Android users: devices they bought precisely because they were open will effectively stop being so without their consent. Android will start resembling the closed iOS ecosystem — but without iOS’s advantages, such as stronger privacy protections, seamless interoperability between devices inside the ecosystem, and so on.
Android has always given users more freedom. By design, the operating system is open, allowing people to customize it, decide for themselves what to download and from where, and choose from a broader range of applications than users of proprietary operating systems can. Meanwhile, the developer community could identify bugs and propose improvements.
Now that freedom is being taken away.
At the moment, the verification requirements don’t seem draconian. Individuals must provide a government-issued ID, email address, phone number, and confirm ownership of .apk files using their signing keys. Developers must also create a developer account and pay a $25 fee, even if they intend to distribute apps outside Google Play.
Companies, meanwhile, must have a registered legal entity, a website indexed in Google Search Console, and a DUNS number (essentially a business ID used to assess a company’s credibility). All of this information will be publicly displayed on developers’ Google Play pages.
Large businesses satisfy these requirements by default. But what about Iranian developers who can’t safely expose identifying information? What about developers in China, where Google is officially blocked? And most importantly, What guarantees that Google won’t tighten verification requirements even further, pushing smaller participants out of the market?
Why Is This Happening
Google hasn’t made any major public statements. The post announcing this fundamental update appeared as a routine post in August 2025 and briefly in a Q&A section on Google Help. Apparently, the corporation understands how unpopular this decision is.
The post states that the measure “will help deter bad anonymous actors, hold developers accountable, and boost user confidence.” In other words, Google is explicitly framing anonymity itself as a danger.
An announcement like this couldn’t possibly go unnoticed, and secrecy in situations like these only undermines reputation. Does this mean the company doesn’t respect users enough to let them decide which applications to install — while not even fully acknowledging their right to be informed?
Formally, sideloading will remain available. But in practice, users who want to install apps outside Google Play will need to be both technically advanced and very patient:
-
enable developer mode by tapping the Build Number seven times in system settings,
-
confirm they aren’t being coached by anyone,
-
restart the phone,
-
reauthenticate and wait for 24 hours,
-
and then confirm again that they are really the ones making this change.
The steps are accompanied by scare screens about risks users may encounter as a result of these actions.
The corporation’s decision might at least have been understandable if it applied only to EU residents. Europe has the DSA — Digital Services Act — which, among other things, requires platforms to enhance transparency in ecommerce. Apple implemented a similar change for the EU App Store in 2025 to comply with the act’s requirement that app developers provide their ‘trader status’ of app developers to provide their “trader status.” Corporations were told to make “reasonable efforts to perform random checks on products sold on their services”, and they concluded that the easiest approach was simply to collect developers’ credentials so they could hand them over to the police or courts if necessary, rather than dealing with violations themselves.
But this decision applies globally — and the rollout will actually begin in Brazil, Indonesia, Singapore, and Thailand.
Google’s intention — even if partially compelled by regulators — to permit only de-anonymized developers strongly resembles the “trusted registries and other whitelists that authoritarian regimes are particularly fond of”, including Russian authorities. The justification is always the same: protection from fraudsters, invisible enemies, immorality, and so on. In reality, such systems rarely improve security. What they do improve is state and corporate control over the information citizens consume.
At the same time, registries like these create powerful leverage over businesses. Entrepreneurs who fail to meet the criteria — or are simply denied inclusion — lose access to consumers and struggle to compete. And because the requirements are often vaguely worded or difficult to satisfy, only the most compliant and politically convenient companies can expect to remain on the market.
Can Anything Be Done
Google controls Android development and commercial services such as Play Store and Google Maps, but the operating system itself is still built on open-source software through the Android Open Source Project (AOSP). The corporation can’t radically rewrite the fundamental principles of an ecosystem it doesn’t even fully own.
At the time of publication, 70 organizations from 22 countries have spoken out against the upcoming changes. Signatories including Proton, Brave, Tor, and The Electronic Frontier Foundation (EFF) argue that the update:
-
creates friction and barriers to entry for open-source apps relying on volunteer contributors, privacy-focused developers, developers in sanctioned countries, and others,
-
creates a comprehensive database of all Android developers with the potential to be handed over in response to government requests or used for tracking developers activity,
-
creates risks of arbitrary rejection or suspension without clear justification, etc
— while the Android platform already includes multiple security mechanisms.
Activists have launched the public campaign Keep Android Open and are urging developers not to comply with Google’s requirements or undergo verification.
Users who disagree with the corporation’s policy can:
-
sign the petition against limiting APK file usage. One of them already has slightly more than 155,000 signatures, despite Android accounting for nearly 70% of the global mobile OS market;
-
install F-Droid, a repository of free and open-source applications. The more people use it, the harder it becomes for Google to suffocate sideloading entirely;
-
If you’re in the EU, write to local regulators. Apart from the DSA, there’s the DMA (Digital Markets Act), which is sort of contradictory to the DSA, as it pushes competition. Even Apple was forced to allow EU developers to distribute apps independently of the App Store, following the DMA antitrust rules;
-
help spread awareness. Most Android users still have no idea this is happening.
For now, the water around the frog has only started to warm up. It’s crucial not to let it boil.
Silence censorship. Protect your privacy and bypass restrictions with Xeovo VPN. Use code «HBR-10».
ссылка на оригинал статьи https://habr.com/ru/articles/1039210/