Open-Source Android Apps Threatened by Google’s New Policy

Google’s latest developer registration mandate is raising serious concerns across the open-source community.

The F-Droid project, which operates a nonprofit, ad- and tracker-free app store for Android, warns that the new rules could threaten its very existence by making it nearly impossible to continue distributing free and open-source apps.

In a post by F-Droid board member Marc Prud’hommeaux, the project said the decree would create a “choke point” that threatens thousands of open-source apps. He warned that if enforced, the measure could end F-Droid “as we know it today,” cutting off a trusted alternative to Google Play.

New rules demand ID checks, app listings, and fees

Under Google’s new regulations, every Android developer will be required to register directly with the company, provide government-issued identification, and pay a distribution fee. Developers must also disclose all unique application identifiers for the apps they publish under their registration.

The rules apply globally, extending beyond Google Play to include apps distributed through sideloading or alternative stores, as long as they are installed on certified Android devices.

Google plans to open early access to the registration system in October 2025. Full enforcement will begin in September 2026 in Brazil, Indonesia, Singapore, and Thailand, with a worldwide rollout slated for 2027.

Open-source apps at risk

F-Droid warns that Google’s decree would prevent it from distributing updates or new versions of existing apps, effectively cutting users off from new features and improvements. Because the project is designed without user accounts, it cannot even estimate how many people would be impacted.

The project argues that forcing app identifiers into Google’s registration system hands exclusive control to a single gatekeeper. This, it says, threatens to dismantle the open ecosystem that has long depended on transparency and reproducible builds.

Surge in malware from sideloaded apps

Google defends the new registration rules as a security measure. The company points to its internal data showing that malware is over 50 times more likely to come from sideloaded sources than from apps on Google Play. According to Google, requiring verified developer identities will make it harder for malicious actors to exploit anonymity, reappear under new names after takedowns, and continue putting users at risk of fraud and data theft.

The move has drawn backing from outside groups. Brazil’s banking federation described it as a “significant advancement” in combating scams. At the same time, Indonesia and Thailand’s digital ministries commended it as a proactive step that strikes a balance between openness and safety.

Suzanne Frey, Google’s vice president for product, trust & growth, likened the process to an “ID check at the airport,” verifying who a developer is without reviewing the contents of their apps.

F-Droid disputes Google’s framing, countering that transparency and reproducible builds provide stronger safeguards than corporate gatekeeping. The project also points out that Google Play itself has repeatedly hosted malware, undermining claims that central control is inherently more secure.

The fight for app freedom

Critics warn that Google’s policy threatens app freedom by undermining sideloading and alternative app stores. For F-Droid, the mandate that all developers register with a central authority is as troubling as requiring writers or artists to obtain approval before publishing their work.

The project has urged regulators — including the EU’s Digital Markets Act team — to examine the decree as a potential curb on competition. It is also calling on developers and users alike to petition lawmakers in defense of open distribution.

The dispute highlights a growing fault line in the Android ecosystem: whether the future of apps will be defined by openness and community-driven trust, or by increasingly tight corporate control.