Starting September 2026, anybody who wants to make an app for Android (even if they're not publishing on PlayStore) will need to register with Google (with govt-issued IDs). Brave, EFF, The Tor Project, F-Droid, Proton, and 40+ others signed an open letter opposing this last week.
I think it's interesting.
'Android developer verification' was announced last August. Basically, they want to verify all Android devs. For that, they need your personal information. If you're an organization, they need your D-U-N-S number. They plan to push this globally 2027 onwards.
This looks like a security measure. Google could catch devs that ship malware even outside their Store.
The problem is what doing so would mean for the community.
Android always allows installing apps from outside the Play Store, directly from APKs, from third-party stores like a dev's website, or from another device.
F-droid is a free and open-source app store with no ads, no Google. Many niche apps live outside Play Store. Brave is one such example that's distributed via F-droid.
Google requiring verification means - even devs who are not publishing on Play store will have to register.
The registry would have:
A developer database would be very attractive to governments and corporations looking to identify who built something they don't like.
And there's a sanctions issue. If you're in Cuba, Iran, or certain countries, your apps just.. stop working.
Apple requires $99/year and identity- Apple knows who you are. The platform is gate-kept.
But then, Apple was never an open platform. Nobody buys iPhone expecting to install open source apps. Or a macbook expecting to install custom distros.
Android however, has the open-thing woven deep into their marketing. The AOSP, sideloading, allowing devs to freely install and distribute apps. Changing the rules 17 years in doesn't sound great.
It's also interesting that iOS being locked down doesnt really solve scams and social engineering. Just changes how that happens.
The barrier to building apps (and sites) is dropping fast. You can have an LLM scaffold the whole thing and have a working APK in an hour. Small apps for your own phone, for your friends, for parents, for your personal site.
You'll have to pay a fee, get verified. Hobyyist dev exemption would be nice, I don't think they've launched that yet.
I don't think threat actors will be the ones to lose in this. They're privacy developers, open source devs, activists, people in sanctioned countries, vibe coders building something for themselves.
I think Brave's blog is a good read. They list the pattern: Manifest V2 deprecation (weakened extension capabilities, hurt ad blockers), AMP (inserted Google between users and websites), privacy sandbox (replaced third-party cookies with a Google-controlled ad system). All moves somehow expand Google's control over the platform.
The open letter is at https://keepandroidopen.org. Brave's full post is at https://brave.com/blog/keep-android-open.
Starting September 2026, anybody who wants to make an app for Android (even if they're not publishing on PlayStore) will need to register with Google (with govt-issued IDs). Brave, EFF, The Tor Proje
Read More
