A new security measure on the horizon could reshape the Android landscape — and not everyone is thrilled. Google is preparing to roll out a mandatory identity verification system for all Android app developers who distribute apps outside the Play Store. While the move is officially framed as a step to combat malware, critics argue it may also be a subtle play to reassert control over the open-source side of Android.
A safety net — or a power grab?
Set to launch gradually, this new program will begin rolling out in selected regions like Brazil, Indonesia, Singapore, and Thailand as early as 2026, with a global rollout expected by 2027. The idea is simple: developers who want to offer apps via third-party stores or direct APK downloads will have to verify their identity through Google — and yes, they’ll also have to pay for the privilege.
On paper, that sounds like a smart move. Sideloading — the process of installing apps manually — has been a weak spot for malware. But not everyone is convinced this is purely about security.
Critics, including the team behind F-Droid, a long-standing alternative app store offering open-source software, fear this is the beginning of the end for platforms like theirs. Why? Because the new rules would force developers to register with Google, something many open-source contributors either can’t or won’t do. And since F-Droid doesn’t impersonate developers to do it on their behalf, thousands of apps could simply vanish from the store.
F-Droid pushes back
In a lengthy statement, F-Droid argued that Google's motives go beyond protecting users. The team claims the security argument is a convenient cover to tighten control over app distribution. They point out, not unreasonably, that even the official Play Store has been home to malicious apps — despite its extensive vetting process.
F-Droid’s model, by contrast, is built around transparency: every app is submitted as open-source code, independently reviewed, compiled, and published without ads or trackers. The platform’s volunteers argue that their ecosystem already operates with strong protections, and adding another centralized checkpoint not only breaks their process — it undermines the very idea of open software.
What’s at stake for Android?
To F-Droid and similar platforms, this isn’t just about app distribution. It’s about creative and digital freedom. Requiring developers to register through a central authority, they argue, is akin to making artists apply for a license to publish their work. That’s why they’re calling on regulatory bodies — particularly in the US and the EU — to intervene before the plan becomes the new normal.
Their plea is directed squarely at the European Commission’s Digital Markets Act (DMA), which is designed to curb tech giants’ monopoly power. If Google’s new policy stands, F-Droid warns it could effectively sideline alternative stores and independent developers, flying in the face of the DMA’s goals.
Timing that raises eyebrows
All this is unfolding just as Google faces increased scrutiny from courts and regulators. A recent legal loss to Epic Games over the Play Store’s dominance has already forced Google to open the gates to third-party app stores. But this new verification system could quietly reinstall those gates — under the guise of safety.
By controlling who gets to sideload apps and how, Google might retain its central role in the Android ecosystem, even while appearing to support competition. For developers, especially those in the open-source community, it’s a moment of uncertainty — and potential upheaval.
Whether this shift will genuinely make Android safer or simply safer for Google’s bottom line remains to be seen. But one thing is clear: the balance between user protection and developer independence is tilting. And the world is watching.
