Android’s open model faces a profound shift starting in September 2026. Google will begin requiring that all applications installed outside its official store be signed by verified developers. The company presents this measure as a security improvement, but it represents a substantial change to Android’s original spirit, conceived as an open and modifiable system. Countries such as Brazil, Indonesia, Singapore, and Thailand will be the first to implement this new model, which will gradually expand worldwide.
The new policy introduces strict requirements for developers and limits software distribution. The system requires paying a fee, submitting an official identity document, and handing over the private signing key to Google. This removes the anonymity that has historically characterized the ecosystem. For users, unverified applications will only be installable after navigating multiple warnings and hidden options, in what the company calls a “high-friction flow.” This strategy deliberately hinders the use of open-source tools, privacy-focused applications, and alternative stores such as “F-Droid.”
The measure is particularly harmful to activism and civic organization. The requirement to identify oneself with official documentation to distribute applications removes the anonymity that many human rights defenders, journalists, and social movements rely on to operate safely. A developer living under an authoritarian regime, or any activist wishing to share secure communication tools, would be forced to reveal their real identity, exposing themselves to surveillance and persecution risks. Organizations such as “Article 19,” “Electronic Frontier Foundation,” and “The Tor Project” have warned that this system creates a “single corporate chokepoint” in app distribution, increasing the risks of control and repression against those engaging in political dissent through technology.
There are concerning precedents in the company’s handling of user data. The case of Amandla Thomas-Johnson illustrates these practices. This Cornell University student attended a protest and, in April 2025, U.S. Immigration and Customs Enforcement (ICE) requested his data from Google. The company provided it without prior notification, breaching its public commitment. According to the “Electronic Frontier Foundation,” this procedure is part of an internal system known as “simultaneous notification.”
European alternatives are emerging to preserve technological independence. Companies such as Volla, Murena, and Iodé are promoting the “UnifiedAttestation” project, an open-source alternative to Google’s integrity API that currently blocks banking and government applications on operating systems free from Google services. This initiative, based on decentralized certification and peer review, aims to allow alternative ROMs to validate their security without relying on Google’s infrastructure, preserving an escape route for users seeking control over their devices and protection of their civic activity.
Reduced publication of source code further weakens the open ecosystem. Google has decreased the frequency of Android source code releases, moving from quarterly to semiannual updates. This makes it harder for projects such as “/e/OS” and “LineageOS” to fix vulnerabilities quickly, undermining their viability and reducing ecosystem diversity.
Android is moving toward a more closed model, drifting away from its original philosophy. This shift marks a turning point in the governance of the operating system, bringing it closer to controlled ecosystem models. The promise of freedom that once defined Android is fading, while the global free software community and digital rights organizations work to develop resistance mechanisms to ensure digital sovereignty and protect those who use technology to defend human rights and hold power accountable.
References
-
Keep Android Open. https://keepandroidopen.org/
-
Yahoo News. “Apps distributed outside the Play Store will soon be tied to verified developer identities.” https://tech.yahoo.com/apps/articles/apps-distributed-outside-play-store-221539128.html
-
Electronic Frontier Foundation. “EFF to State AGs: Investigate Google’s Broken Promise to Users Targeted by the Government.” https://www.eff.org/press/releases/eff-state-ags-investigate-googles-broken-promise-users-targeted-government
-
The Register. “Rogue devs of sideloaded Android apps beg for freedom from Google’s verification regime.” https://www.theregister.com/2026/02/24/google_android_developer_verification_plan/
-
TuttoAndroid. “App bancarie su ROM personalizzate: arriva UnifiedAttestation.” https://www.tuttoandroid.net/news/2026/03/12/app-bancarie-unifiedattestation-1144241/
-
heise online. “Paying without Google: New consortium wants to remove custom ROM hurdles.” https://www.heise.de/en/news/Paying-without-Google-New-consortium-wants-to-remove-custom-ROM-hurdles-11204037.html
-
CyberInsider. “EFF urges state probe into Google over undisclosed data sharing with ICE.” https://cyberinsider.com/eff-urges-state-probe-into-google-over-undisclosed-data-sharing-with-ice/
-
abit.ee. “Android Developers Demand Google Cancel Mandatory Verification Policy.” https://abit.ee/en/soft/android-google-developer-verification-open-letter-eff-f-droid-open-source-google-play-en
