When you bought an Android phone you traded a little polish for a lot of choice. That bargain is changing.
What Google is doing
Starting in September 2026, Google will require most apps installed on certified Android devices to be associated with verified developer identities. The rollout begins in Brazil, Indonesia, Singapore and Thailand and will expand globally in 2027. For full-distribution developers this means identity checks, business verification (including DUNS numbers for companies) and a $25 registration fee; individuals must provide government ID, an email and phone number and prove ownership of their signing keys. If an app comes from an unverified developer, devices will impose delays or block launches outright. Google frames the move as a security fix meant to stop coercive scams and ransomware that trick victims into sideloading malicious apps.
The new flow isn’t a simple toggle. Users who insist on installing outside the Play Store will face a multi-step process: enable developer mode, confirm they’re not being coached, reboot, reauthenticate, wait 24 hours, and then re-confirm the change — all while being shown screens warning them of risks.
Why developers and privacy advocates are alarmed
For open-source projects, hobbyists and developers in restricted jurisdictions these requirements are not trivial. Projects that depend on volunteers or anonymous contributors may find the paperwork and public listing of identities untenable. Developers in sanctioned countries, or those who need anonymity for safety reasons, could be effectively excluded. F‑Droid — the community-run repository for free and open-source Android apps — has warned the policy could threaten its ecosystem because many of its upstream developers won’t or can’t register with Google.
Privacy and civil‑liberties groups see a different danger: a global, searchable registry of app creators. That dataset can be requested by governments or abused internally. More than 70 organizations, including Proton, Brave, Tor and the EFF, have publicly criticized the plan and organized under campaigns such as Keep Android Open. Petitions and public appeals are underway, and industry observers note the rollout comes with surprisingly little public explanation from Google.
Security theatre — or real protection?
Google’s argument is straightforward: anonymous, sideloaded apps have been used in social‑engineering attacks that hand strangers access to phones. Requiring identity makes it easier to hold bad actors accountable. That’s not nonsense — real people have had their phones hijacked by fraudsters coaxing them through an install.
But critics point out a gap between the stated goal and the practical effect. Requiring identification and adding friction won’t stop every scam, and the extra hurdles mostly impact legitimate small developers and privacy‑minded projects. Many of the everyday harms users face — aggressive tracking, deceptive full‑screen ads, predatory microtransactions and apps quietly exfiltrating contacts or location — come from Play Store apps, not from obscure sideloads. Google enforces rules unevenly and has clear commercial incentives not to highlight in‑store misbehavior.
The hypocrisy argument: the Play Store problem
It’s hard to press a “security” case while presiding over a store that regularly hosts apps designed to maximize attention and revenue. Games that nudge you to spend, apps with opaque trackers and services that harvest off‑site browsing behavior all survive on the Play Store. Google takes a cut of in‑app purchases and benefits from the ad ecosystem that tracking enables, so critics argue the company is policing sideloads while tolerating — and profiting from — harmful tactics inside its own marketplace.
If you want the company's motives sketched another way: tightening sideloading can be a lever to nudge users inward, toward the Play Store and other Google services. That inward pull is compounded as Android folds more AI and convenience features into the system. Deeply integrated assistants and cross‑device sync make the platform stickier; leaving becomes a choice between convenience and extra technical effort. For a closer look at how Google is building those frictions, see coverage of Android’s sideloading roadblock.
Who wins, who loses
Winners:- Large app publishers and established businesses that already meet verification requirements and benefit from fewer competitors.
- Average consumers who may avoid some low‑sophistication scams. Losers:
- Small teams, volunteer projects and privacy‑conscious developers who rely on anonymity or want to avoid public business IDs.
- Users who value the ability to run alternative app stores or experimental software without corporate gatekeeping.
The technical pathway remains: advanced users can still install unverified apps via ADB or a special advanced flow, but Google’s changes are intentionally frictiony — a 24‑hour delay and repeated confirmations make casual sideloading rare.
What you can do (if you care)
Options exist but they’re imperfect. Use community app stores like F‑Droid where possible; they list anti‑features and are built around open‑source principles. Voice concerns to regulators (in the EU there are already overlapping rules like the DSA and DMA that influence platform behavior). Support campaigns such as Keep Android Open and sign petitions if you object. And if you’re a developer, consider how public verification will affect contributors and user trust.
Meanwhile, Google’s monetization experiments continue to shape the economic incentives of the Play ecosystem — from buy‑once game promotions to new trial systems — which matters because the company still earns from in‑store purchases and ads. For more on that side of Play’s strategy see Google Play’s recent moves around buy‑once games and trials.
There’s an irony here worth noticing: a company promising to “protect” users by limiting where apps can come from is asking us to trust its judgement — and its business model — to decide which apps are safe. That’s a big ask for an OS that built its reputation on freedom of choice. The question now is how many corners of Android’s openness will be traded for the promise of fewer scams, and who gets to make that trade.
