Google is Killing Android's Open Ecosystem (And How to Fight Back)

Disclaimer: All factual claims in this post are sourced and linked. Editorial analysis and opinions are the author’s own. Nothing here constitutes legal advice.

Your phone is about to betray you. Google has declared war on every app it didn’t approve and by September 2026, your device could refuse to install them. Every privacy tool, every independent app, every FOSS project you depend on could become inaccessible.

Not just Play Store apps. Every app.

This isn’t a tweak to their store policies. This is Google seizing control of what software runs on devices you own, paid for, and have every right to use as you choose. The deadline is coming. The question is whether we’re going to let it happen.

What This Actually Means

Google’s new Android Developer Verification - Archive program requires the following from anyone who wants their app to remain installable after September 2026:

• Pay a fee to Google
• Agree to Google’s Terms and Conditions
• Provide government-issued identification
• Upload evidence of your private app signing key
• Register all current and future app package identifiers

Individual developers must submit government ID. Companies must obtain a DUNS number a business identification system managed by a private corporation (Dun & Bradstreet). Both paths route through Google’s centralized approval system.

The technical enforcement mechanism is already visible in Android’s own API documentation: PackageInstaller.DEVELOPER_VERIFICATION_FAILED_REASON_DEVELOPER_BLOCKED. When an app from an unregistered developer attempts to install, Android will throw this error and refuse. Your phone the one you bought will say no on Google’s behalf.

Google has made vague noises about possibly allowing an “advanced flow” for experienced users to accept risk of unverified software. But as keepandroidopen.org correctly points out: their official program page still states plainly that all apps from non-registered developers will be blocked. Until Google shows concrete evidence otherwise, we should believe what they’ve actually published, not what they’ve hinted at.

Why This Is Catastrophic

F-Droid Is Existentially Threatened

F-Droid is the backbone of FOSS Android. It’s an alternative app repository containing thousands of free, open-source applications many of which will never appear on the Play Store because their developers don’t want, or can’t afford, to deal with Google’s corporate gatekeeping. F-Droid builds apps from source and distributes them with its own signing key specifically to give users a trustworthy, privacy-respecting alternative to Google’s ecosystem.

Under the new rules, F-Droid would need to register every single app package identifier it distributes, with verified identity, through Google’s system. The Ars Technica coverage was blunt: F-Droid says this will kill the project. The Register reported the same: Google’s dev registration plan ‘will end the F-Droid project’.

F-Droid’s entire trust model is incompatible with registering under Google’s terms. You cannot be an independent, privacy-respecting alternative to Google while simultaneously registering your entire catalog with Google and agreeing to their conditions.

Anonymous Development Dies

Think about who builds privacy tools, security research apps, whistleblower communication tools, censorship circumvention software. Many of these developers work anonymously not because they’re doing anything wrong, but because revealing their real identity to a corporation that complies with authoritarian government demands is a genuine safety risk.

The EFF’s analysis, Application Gatekeeping: An Ever-Expanding Pathway to Internet Censorship, lays this out clearly: when you require government ID to publish software, you immediately exclude anyone for whom that ID could become a liability. Activists in authoritarian countries. Journalists. Security researchers. Privacy advocates building tools that powerful interests would rather not exist.

The ACLU has made the same point regarding app store oligopolies and corporate-government censorship. Mandatory identity collection doesn’t just inconvenience developers it creates a database of exactly who built every app that could threaten someone’s interests, accessible to any government that asks Google nicely enough.

Your Private Key Is Now Google’s Business

This one doesn’t get enough attention. The program requires developers to upload evidence of their private signing key listed explicitly in Google’s program requirements. App signing keys are the cryptographic foundation of Android app security they’re what proves an app update comes from the same developer as the original. Centralizing information about these keys with Google creates a single point of failure and a surveillance goldmine that didn’t need to exist.

The Bigger Picture: Google’s Monopoly Expands

Google has long wielded enormous power over Android through the Play Store and GMS (Google Mobile Services) licensing. But historically, Android’s saving grace was always the escape hatch: you could sideload. You could use alternative stores. You could run software that Google hadn’t blessed.

That escape hatch is what Google is now welding shut.

Cory Doctorow’s Pluralistic piece on “Darth Android” frames this correctly: this is a textbook example of what he calls “enshittification” applied at the platform level. First Google built Android’s ecosystem by promising openness. Now that they have near-total market dominance, they’re using that position to extract control they could never have justified asking for at the start.

The Register noted that Google chose to initially roll this out in four specific countries: Brazil, Singapore, Thailand, and Indonesia. Not coincidentally, these are markets with large Android user bases and less robust regulatory oversight than the EU or US. Google is testing the rollout where they think they can get away with it first.

This is not a security feature. This is monopoly expansion dressed up in security language.

“But Android is Open Source!”

Yes. The Android Open Source Project (AOSP) is real. The code is available. Anyone can fork it.

But this argument misses how the world actually works. “Open source” means the code is available it doesn’t mean every manufacturer can ship a competitive Android device without Google’s blessing. The apps people actually want and need banking apps, navigation, messaging require GMS (Google Mobile Services), which requires a licensing agreement with Google. Custom Android builds without GMS are functionally crippled for most users.

As F-Droid’s response What We Talk About When We Talk About Sideloading explains: the practical reality is that “certified Android devices” means “Google-licensed Android devices,” and that covers the overwhelming majority of Android hardware on Earth. When Google pushes this OTA update to those devices, the “just fork Android” option doesn’t help the billions of people using normal phones.

The open source license doesn’t protect you from a company that controls the infrastructure everyone actually depends on.

Who This Hurts

Privacy app developers who build tools specifically to protect people from corporate and government surveillance and who cannot do that work while being registered in Google’s identity database.

Small FOSS developers who write useful tools for their communities, share them freely, and have no interest in Google’s bureaucratic registration process or paying Google fees for the privilege of sharing free software.

Users in authoritarian contexts who depend on apps that would never be approved through official channels circumvention tools, secure communications, journalism platforms.

Alternative app ecosystems including not just F-Droid but any future alternative store that might emerge. The entire concept of a non-Google-controlled Android app distribution channel is killed if all apps must be Google-registered.

Digital sovereignty efforts by governments and organizations trying to build critical software infrastructure independent of US tech giants. As keepandroidopen.org notes, states are ceding their citizens’ digital rights to a company with a track record of complying with extrajudicial removal demands from authoritarian regimes.

What Happens If We Do Nothing

September 2026 arrives. The OTA update rolls out. Apps from unregistered developers stop installing. F-Droid’s catalog becomes inaccessible on standard Android devices. The developers who refused to comply on principle disappear from the ecosystem. The developers who caved now have their identities, their signing keys, and their complete app catalogs permanently registered with Google.

Anyone wanting to distribute Android software without Google’s knowledge and approval must either use a completely de-Googled Android fork (a significant technical barrier most users will never cross) or simply stop distributing for Android.

The “advanced flow” escape hatch Google vaguely hinted at if it materializes at all will almost certainly involve enough friction to make it impractical for typical users. That’s the point. The default behavior will be blocking. Circumventing the block will be intentionally difficult.

Over time, as this becomes normalized, the expectation that Android is “open” dies. The next generation of Android users grows up with the same mental model as iPhone users: you install apps from the approved store, or you don’t install apps. The concept of running whatever software you choose on your own hardware becomes a historical footnote.

This sets the template for other platforms too. Once Google demonstrates that users will accept this, the precedent is set.

What You Can Do Right Now

If you’re a developer: Do not sign up for the early access program. Do not submit to identity verification. Do not accept invitations to the Android Developer Console. Respond to any invitations by clearly stating your objections. Spread the word to other developers. It only works if developers comply developer resistance is the most effective tool available. Consider including the FreeDroidWarn library in your apps to inform your users.

If you’re a user: Install F-Droid now. Fight back before Google locks the door. Use it. Make alternative app stores a normal part of your Android life the larger their user base, the harder they are to dismiss. Fill out Google’s Android developer verification requirements survey and make your objections explicit.

Sign the petition at change.org.

Contact regulators. This is potentially a clear violation of the EU’s Digital Markets Act, which explicitly protects sideloading rights. Email the DMA team at EC-DMA@ec.europa.eu. File antitrust complaints with your national competition authority. The keepandroidopen.org site has specific contacts for regulators in the EU, UK, US, and dozens of other countries.

Make noise. Write about it. Talk about it. Link to keepandroidopen.org. The more visible this issue becomes, the harder it is for Google to quietly slip it through.

Why This Matters Beyond Android

This isn’t just an Android story. It’s a story about whether the general-purpose computer the device that runs whatever software its owner chooses can survive in the smartphone era.

We already lost that battle with iPhones. Apple decided years ago that iPhone owners don’t get to choose what software runs on their own hardware without Apple’s approval. That model is now so normalized that most people don’t even question it.

Android was supposed to be different. The entire competitive pitch, the entire justification for Android’s market dominance, rested on it being the “open” alternative. That wasn’t just marketing it was a real, functional difference that mattered to millions of people and enabled an entire ecosystem of privacy tools, FOSS software, and independent development.

Google is now betting that Android is dominant enough that they can abandon the promise that built the dominance. If they’re right, we end up in a world where every major computing platform is controlled by a corporation that decides what software you’re allowed to run.

That’s not a technical problem. That’s a human rights problem.

Bottom Line

The September 2026 deadline is real. The threat to F-Droid is real. The death of anonymous development is real. The expansion of Google’s gatekeeping monopoly is real.

The only things standing between the current state and that future are developer resistance, user pressure, and regulatory intervention. All three are possible. None of them happen automatically.

Go to keepandroidopen.org. Take the actions listed there. Tell people about this. The window to push back is open now it won’t stay open forever.

Your device should run your software. Fight for it.

References

• keepandroidopen.org
• Google’s official developer verification program
• Initial Google announcement
• F-Droid: “F-Droid and Google’s Developer Registration Decree”
• F-Droid: “What We Talk About When We Talk About Sideloading”
• Ars Technica: “F-Droid says Google’s new sideloading restrictions will kill the project”
• The Register: “Google’s dev registration plan ‘will end the F-Droid project’”
• The Register: “Google kneecaps indie Android devs”
• EFF: “Application Gatekeeping: An Ever-Expanding Pathway to Internet Censorship”
• ACLU: “Your Smartphone, Their Rules”
• Cory Doctorow / Pluralistic: “Darth Android”
• Techdirt: “Google’s Requirement For All Android Developers To Register…”
• TechCrunch: “Google will require developer verification for Android apps outside the Play Store”
• The Verge: “Google will verify Android developers distributing apps outside the Play store”
• Tuta: “Google plans to block side-loading like Apple”
• Android API reference: PackageInstaller.DEVELOPER_VERIFICATION_FAILED_REASON_DEVELOPER_BLOCKED
• Google’s November update on early access
• FreeDroidWarn