It’s been a tumultuous few months in the Android world.
What started out as a routine security update from Google, has now ballooned into a full-blown controversy about the future of the platform's openness and freedom. At the center of it all is a new developer verification policy that will require anyone who wants to publish an Android app, even outside the Google Play Store, to register directly with Google.
What this means, developers must submit extensive personal or corporate information including potentially government-issued ID, and agree to Google's terms.
Google says this shift is about safety: sideloaded apps installed from outside the Play Store have historically carried far more malware than those on the official marketplace, and tying an app to a verified identity is one way to hold bad actors accountable. According to internal figures, there are orders of magnitude more malicious apps coming from sideloading sources, and Google Play already blocks millions of bad submissions each year.
The company argues that expanding developer verification beyond the Play Store will reduce malware risk on billions of devices and close what it sees as a loophole in Android’s defenses.
But many developers, privacy advocates, and open-source communities see this as much more than a security tweak.
To them, this is like a fundamental shift in Android’s DNA.
For nearly two decades, Android’s openness has allowed users to install software from alternative app stores like F-Droid, and developers to build and share tools without ever having to ask Google’s permission. By injecting a mandatory identity layer at the distribution level, critics argue, Google is effectively locking down what has always been a far freer ecosystem than its rivals.
That argument is not just theoretical.
A coalition of more than forty organizations, from privacy-focused companies,technology companies, nonprofits, civil society, and more, has signed an open letter urging Google to reverse the policy.
The signatories, including Article 19, the Electronic Frontier Foundation, the Free Software Foundation, AdGuard, Brave, F-Droid, Fastmail, Proton, and Vivaldi, on Tuesday published an open letter to Alphabet and Google CEO Sundar Pichai, founders and board members Larry Page and Sergey Brin, and Vijaya Kaza, general manager for app and ecosystem trust, to voice their opposition to the plan.
They warn that the new model centralizes control in the hands of one corporation, creates barriers for independent and hobbyist developers, and undermines privacy by forcing creators to link code to real-world identities.
Critics also point out that the change could stifle innovation in regions where formal business registration is difficult or risky, and make it harder for emergency or humanitarian apps to be deployed swiftly and anonymously.
Open-source advocates worry that projects distributed exclusively outside the Play Store could be marginalized or even disappear.
F-Droid, one of the largest repositories of free and open-source Android software, has warned that its very model could be threatened if developers are effectively compelled to "get Google’s permission" before their apps will run. Organizations like KDE have publicly thrown their support behind the "Keep Android Open" campaign, highlighting that many independent apps for everything from privacy tools to creative software may struggle under the new regime.
In short, Google says it wants to make Android safer, and its chosen path is to centralize more of the ecosystem that apps depend on.
As the company moves toward mandatory registration for all Android developers, it has been highlighting the effectiveness of its existing security systems. Google points to Play Protect, the anti-malware layer built into all Google-certified Android devices, as proof that its approach works. As of early 2026, the company said that Play Protect scans roughly 350 billion apps every day, covering not just apps downloaded from the Play Store but also those installed through sideloading.
By tightening developer verification and asserting greater control over who can distribute software, Google is moving Android toward a more tightly managed model.
The open flexibility that once defined Android, especially the ability to freely sideload apps, could be significantly curtailed. Critics argue that the sideloading the world has long recognized may be reduced to a controlled pathway, where unverified apps simply won't install on modern Android devices unless Google has authenticated their source.
In practice, that would bring Android much closer to the gatekept structure associated with iOS.
Whether this is viewed as a necessary evolution for user safety or as a gradual consolidation of corporate power depends on where users and developers stand. What's undeniable, however, is that the debate has reignited fundamental questions about Android's identity. For the first time in years, the platform's open legacy is being seriously reconsidered, and the outcome could reshape the future of the world's most widely used mobile operating system.