If you haven’t seen this yet, Google is planning to require mandatory developer identity verification for all Android apps, including apps distributed outside the Play Store, taking effect September 2026. This affects every independent and open source Android developer directly.
This is not just about the Play Store. After September 2026, on any certified Android device, applications from unverified developers will be blocked by default. The only proposed bypass, the “advanced flow”, exists only as a blog post and has not appeared in any beta, dev preview, or canary release. No one outside Google has seen it.
The community has been fighting back at keepandroidopen.org:
- Read the full breakdown of what this means
- Sign the open letter (organisations only)
- Contact your national regulators — contacts listed by country on the site
- Add the countdown banner to your project
September 2026 is closer than it looks. The time to push back is now.
I don’t get it… Google‘s main appeal over Apple is that you can install anything on Android. It runs worse, is less stable and sometimes just does dumb stuff. That’s like if Nintendo would get rid of Mario/Pokémon
Android’s own appeal probably died somewhere in 2013 or 2014, but it has always kept strong for a very simple reason: phone prices. You could either pay 700 dollars for an iphone, or 200 for an android
That was it before they got a solid fanbase. Now the main appeal is that they are mostly cheaper phones.
Cheaper, but not by far:
iPhone 17 Pixel 10 iPhone 17 Pro Pixel 10 Pro iPhone 17 Pro Max Pixel 10 Pro XL € 979 899 1339 1099 1489 1299 You are taking the flagship phones. If you want a simple, functional phone, you can find some decent ones for a price as low as 200€
Indeed, since the company behind Android+PlayServices also sells phones running Android+PlayServices. But aside from this it’s on me for reading something that was not written.
Why make this a table instead of a list?
I just love having to scroll horizontally to read a comment.
I don’t think that’s really the main appeal, honestly. The main appeal is just that it isn’t Apple. And were I someone who didn’t care about the installation of third-party applications, I wouldn’t be running to buy an iPhone. Android is just plain more customizable and if you need a quality of life feature, you’re probably going to find some way to have it.
Android is just plain more customizable and if you need a quality of life feature, you’re probably going to find some way to have it.
Yes.
I used to feel that way about stock Android, but the really useful apps dried up on Google Play a few years back.
Discovering F-Droid brought back the joy of customizing Android, for me.
My conclusions:
- Much of the charm of Android is already gone for the average user, but many haven’t noticed.
- Making F-Droid harder to install isn’t going to help.
I’m not sure what Google has done to alienate the folks writing quality free apps, but whatever it is, most of them are only on F-Droid, already.
This feels like Google is just shutting the door on the walled garden they’ve been building for awhile.
Except now that feature is locked
You can get an iPhone at around 500$. Below that price, sure, Android is good. But once you reach the price at which you could get an iPhone, why not get one in the first place? Android isn’t more customizable in this day and age than iPhone.
Besides custom launchers and icons, the only thing that comes to my mind is custom WhatsApp messaging sound.
deleted by creator
I’ve never used a banking app. Don’t they usually have web sites? What am I missing on?
Nothing, but in some countries banks force you to use apps. You know, "for your security ".
Pretty much. My bank imposes transfer limits on the web portal vs the app, since there’s purportedly more security in the physical device rather than a web page accessible from any system.
While I don’t necessarily disagree with this, it means those apps also have to be searching for things like “Is USB debugging on? Is this running in an emulator? Is the device rooted?”
None of these are bad checks to make from a security perspective, but by relying on the app on a single device as a defacto MFA hurts the ability to manage personal finances when you’re in a position like this, with Google defining the security requirements of their ecosystem at a higher level than any single app.
I am forced to use the app to access the website.
my main use of my bank application is for verification for government stuff, as well as managing my money without having to get on my pc. it would be really annoying to lose access to it, as with it i dont have to use the verification number table which is physical table of numbers that has to be replaced occasionally and could get lost.
So much for their “don’t be evil” policy
didnt they drop it like decade ago?
Yeah, about the same time we started cutting Google out of our day to day. Every time we hear about Google it’s just getting more and more evil/greedy in one way or another
google can eat shit.
the moment I see a viable linux phone, I’m out.
But they did this knowing that at this point there is not a viable alternative. It’s both monopoly, vendor lock, eee and enshittification all at once…
by 2027 there will be a linux phone. consumers won’t put up with this shit and vendors aren’t so blind to see an opportunity.
2127…
2227…
2327…
2427…
Surely 2527 will be the year of the Linux phone…
There was already a Linux phone and even a Firefox phone, but with no wide app support it’s going to be a failure, just like it happened with Windows Phone.
And I’m saying this as a person who would love for a true Linux phone alternative to succeed.
All a Linux phone needs to succeed is an app store and to be able to securely process payments without google and then developers and companies are interested.
Fuck them. I hope open source / de-googled android can somehow survive this.
There actually has been an update on this. The advanced flow has been revealed and it’s like a 24-hour wait and a few prompts to go through and I’ll reboot and enabling developer mode… Bit of friction but all in all it’s better than nothing I guess.
The dev verification is “optional”. With the condition that if a developer doesn’t then users can only install after jumping through a few hoops.
Yeah at least it’s better than Apple’s approach, where you have to connect your phone to a PC once every 7 days to reactivate Developer Mode. Don’t have a computer? Fuck you!
That said, I have zero faith in Google sticking with the compromise solution in the long run. They’re going to try to force the change on everyone again in the future, once they’ve broken us down a bit more.
Meanwhile at least we have a little longer than September before they actually ruin the platform completely… How long? Who could say but I’ll take what small victories I can get
It just occured to me what this is all about: shutting down the ICE tracking app. They won’t carry it on the play store, but its still being shared.
With this, you can’t get it on your phone. And, given how much Google is sucking up to tRump, they want to help him shut this down along with all the other evil.
The governments put pressure on Google to police off play apps and harm because they are attached to Android so they’re being required to build this.
You can still get it, you just need to wait 24h before you can install the first app the first time, and there will be some big scary warnings.
Right, but after this change over?
Ya, this is their new workflow for people who dont authentic themselves.
Turn on developer mode and choose the right setting, reboot phone, wait 24h, then you can install anything. You have the option to stay like this, or revert to 24h wait after 7 days.
Edit: they just announced it in the past few days.
Google is the biggest threat to anything good in technology, this cancer must be eradicated
Fuck Google.
Banks, government apps and main apps (Whatsapp, etc.) are on Google Play. It’s clear governments will stick with Google. What is left to know is how seriously democratic governments take civil liberties.
There have been talks in Europe about how we are dependent on American tech for our digital infrastructure. Some politicians even pushing for an alternative to Apple and Google. I hope everyone else wakes up before it’s too late.
They’re really working hard at distancing themselves from that “Don’t be evil” motto.
they did that years ago
they stopped as soon as they stopped blocking eleciton denial content YT. they were preparing to support trump with propaganda 1-2 years before his election.
I thought they just rolled this back?
Once per device you will need to wait 24 hours before installing unauthorized apps. That’s all the new restrictions do. It will basically not affect power users at all.
For scammers, the 24 hour waiting period completely breaks their scams. They won’t be able to trick people into installing malware if they have to call back to resume the scam the next day. Google said that was their goal and their new solution actually does this without impeding power users.
Google found the balance that we were asking them for, yet people won’t stop complaining and even lying about it in posts like this. Maybe that energy is why the users won this time, but either way, take that energy and fight any of the thousands of real fights.
Sideloading APKs is an easy vector but so is the Google Play Store. It’ll take scammers like 5 minutes to just perma move to GPlay shenanigans, and its already well known to have poor quality control and tons of malware available to download with the useless play protect logo.
This is just Google’s public justification for creating their walled garden. They already pulled this exact scam with Chinese OEMs which is how Huawei got banned, and others stopped selling in the US. They huffed up some story about CCP spyware and then mandated that GPlay be installed in full, otherwise face consequences from congress.
Even Samsung got pulled in and they essentially agreed to use GApps as the de facto communication suite for their phones in exchange for allowing Samsung to continue to use their Galaxy store.
They see stuff like AOSP as a threat because anyone can just fork the OS and make their own non google Android, and they don’t want any OEM to replace GPlay like what Motorola is attempting right now (hence the increased urgency to lock down Android).
Google’s monopoly in the mobile space revolves around every phone using GPlay, so they’ll do anything to maintain their control.
“Will not affect power users at all” is just not true. I will now have to wait an entire day before I can start using my next phone. Well, either that or android-translation-layer advances enough for me to switch to a Linux phone full-time.
Got a link boss? You’ll excuse me if I don’t take your word for it and all that
The website linked above lays out the change https://keepandroidopen.org/
That is all true, however it seems like a slippery slope to me.
To stop scams, it would instead be a good idea to block app installation (of ANY apps including in the Play Store) when the screen is being monitored or a call is active.
Then when sideloading apps, grey out the install button for 3 seconds to hopefully pull the user out of any mindless flow state a scammer has put them in.
Or we stop babyproofing the world for fools. Imagine a car that only ran gas from approved gas stations because someone was caught inhaling unapproved gas when someone else told them it would heal their sickness.
Maybe we could just have a switch for normal/expert user, with a warning that expert user mode should never be enabled if you’re not an expert. That’s it.
For a start, there’s no reliable way to detect when the screen is “being monitored”. You’re presumably thinking of remote control apps but they use the accessibility API which is something many users with visual impairment have enabled all the time, for things like screen readers.
Basically all of them use the “Cast” feature, so you just need to detect that.
Google made some noises in a blog post, but beyond that there is no evidence that they have changed direction. I guess you can take them at their word if you want, but that seems rather naive given the context.
They came out with more information on what their walk back looks like. More information is on the website https://keepandroidopen.org/
This entire flow is delivered through Google Play Services, not the Android OS, meaning Google can modify, restrict, or remove it at any time without an OS update and without any user consent. The advanced flow has still not appeared in any Android beta, dev preview, or canary release. As of the date of this update, it exists only as a blog post and UI mockups. The community is being asked to accept a product announcement as a functional safeguard five months before the mandate takes effect.
Until Google provides a shipping implementation that can be independently verified, our position remains unchanged: all apps from non-registered developers will be blocked once their lockdown goes into effect in September 2026.
As far as I’m aware, there’s only the advanced flow thing that is mentioned in this post?
If that’s the only solution, I wouldn’t call that “rolling back.”
For a while they were completely removing the ability to install unsigned apps altogether. So continuing to allow it albeit with more steps is indeed stepping back somewhat from what their plans were.
Rolling back usually means to revert it fully.
The advanced flow (which includes a 24hr wait time) is not rolling back and I wouldn’t call it stepping back either. It’s obviously designed to kedp friction high so thst no one even bothers with freedom and privacy protecting apps that dont want to or can’t go through googles verification process.
This isn’t what you think it is… it’s barely conceding when the friction remains this high.
You’re being overly pedantic about my word choice instead of actually just discussing this without trying to be condescending and one up people. Online discussions are conversations, not competitions.
I’m not being overly pedantic and I am discussing it, sorry if my reply sounded a bit blunt though.
My main point is that my reply to your original comment was made with a different understanding to what you actually meant, which is not “rolled back.”
(And that I disagree that their slight change to the plan, which has yet to be seen by the public as far as i’m aware, is anywhere near a move in the right direction, maybe the tiniest nudge ever, but not meaningful).
p.s. my thoughts on your word choice was only a tiny part of my message :/
They did, but why talk about that when we can just fearmonger about things that aren’t happening?
There is more information on the website. This was Google’s “solution”:
Update: Google has revealed the “advanced flow” — it is not a solution
On March 19, 2026, Google published details ↗ of the “advanced flow” mechanism intended for “power users” to allow installation of applications from unverified developers after the lockdown takes effect. It goes like this:
- Enable Developer Mode ↗ by tapping the software build number in About Phone seven times
- In Settings > System, open Developer Options and scroll down to “Allow Unverified Packages.”
- Flip the toggle and answer a scare screen confirming that you are not being coerced
- Enter your device unlock pin/password
- Restart your device
- Wait 24 hours
- Return to the unverified packages menu at the end of the security delay
- Scroll past additional scare screen warnings and select either “Allow temporarily” (seven days) or “Allow indefinitely.”
- On the next scare screen, confirm that you understand the risks.
- You can now install unverified packages on the device by tapping the “Install anyway” option in the package manager.
This entire flow is delivered through Google Play Services, not the Android OS, meaning Google can modify, restrict, or remove it at any time without an OS update and without any user consent. The advanced flow has still not appeared in any Android beta, dev preview, or canary release. As of the date of this update, it exists only as a blog post and UI mockups. The community is being asked to accept a product announcement as a functional safeguard five months before the mandate takes effect.
Until Google provides a shipping implementation that can be independently verified, our position remains unchanged: all apps from non-registered developers will be blocked once their lockdown goes into effect in September 2026.
I’m gonna stick to pre-owned devices with alternate ROMs like Lineage, Cyanogen, RR, Havoc, Bliss, cr, Viper, AOSP, KP, ISP, etc. or any of the other hundred brews. I don’t anticipate getting a phone that runs android and is not able to be modified EVER. Eventually if the time comes that the tech changed so vastly that they’re not usable anymore (like 3G now) by then hopefully there will be full Linux phones or some other varieties. Maybe many.
But the thing is the mainstream masses just don’t give a shit. Their rights and liberties have been getting chewed away at for decades and they just can’t seem to care. As long as they are entertained enough and the culture like ours - ie geek subculture / hacking community continues to be mocked and vilified, they’re certainly not gonna listen to us.
But what’s new about that? Nada.
We are forever going to remain a fringe community and I just accept that. When a family member has Alexa devices and I show them all the analytics and tests and records from all the various sources that provide empirical evidence of constant surveillance and spying and uploading of eavesdropped audio and the folks just go eh oh well eh yeah but ah useful eh I have nothing to hide ehhh urrrgh … I start to see them with sunken eye sockets and protruding brow ridges. They are the fools and the suckers and the sheep. They’re the ones who will line up to be implanted with a chip, they’re the ones who will pay to have their brains mapped and catalogued. You can’t cure fucking stupid. Meanwhile people like us will remain the fringe “undesirables” as long as our hearts beat.
The solution is GrapheneOS. You can install it on Google Pixels today, and Motorola is going to release some devices with official support for it in 2027.
That’s not the single solution. You can put dozens of ROMs on dozens of other devices. I buy older devices at cheap prices and put custom ROMs on them and then sell them. It’s fairly lucrative; more so as time goes on. Plenty of people want this kind of privacy but don’t have the skills or confidence to modify their devices. Motorola and Samsung the most by far, but also LG and various others occasionally.
Yeah the real issue is ease of access and simplicity. GrapheneOS is appealing to me, but 1. I don’t want to buy a google pixel just to get it and 2. I don’t have the confidence to replace the OS, no matter how easy the guide says it is. If I had someone in person to help me I’d maybe consider it, but I’m just so worried I’d mess it up and brick the phone
I was planning to get an android phone in a few months since I unfortunately still have my old iPhone, but with this GrapheneOS Motorola phone coming out in 2027 I might see if I can make this phone last till that comes out if android is gonna be locked down too
I buy slightly older phone in Lots. I clean them, test them and then I change them over to a ROM that runs nicely. Then I sell them at a modest markup. I’ve sold about like twenty so far in the past year and I have about forty waiting to be finished. Due to chronic illnesses I have, I often have weeks during which I can’t make any progress.
I know there are plenty of enthusiasts who would like to run a smoother OS that doesn’t spy on them or waste sys resources on bloatware, but oftentimes those people are afraid to do their own hack for concern they’ll mess up. That’s basically my customer base and I’ve been very happy to help get these devices to folks who want this experience.
I like crDroid, ResurrectionRemix, BlissOS, Lineage, Havoc, /e/, Iodé, and like a dozen others such as generic AOSP based etc. There are like a hundred. I just discovered SuperiorOS I put onto a Moto X4. Superior is quite an apropos name, it’s really sweet!
Samsung and Motorola are a smooth process (provided not restricted due to carrier or because it’s a prepay). Some LG are very good as well, but too many are not accommodating and also lots of them crap out. I do like my G4. I have about thirty devices I use somewhat regularly for this or that.
There are plenty brands, though, that I’ve not yet tried out.
Other ROMs are usually very bad at security with many being late to secuity updates, not supporting bootloader relocking, and not using the secure element. I would not trust them in the hands of someone who isn’t tech savvy or is at high risk of hackers.
I suppose. Hey to each their own. I personally toy with the other ROMs a lot but I don’t yet have anything running a custom brew that accesses anything very secure etc.
Wait that’s not a thing already?
So people can just make scam apps and once you report it to the App Store there is no recourse because even the company doesn’t know who they are?
The recourse has been removal.
And the solution proposed is not requiring identification specifically for Play store developers, but any developer at all.
Removal but no means for consumers to seek money back or damages because it’s just the Wild West?
I think if you’re publishing an app to a public store then they should know who the fuck you are.
This includes not in the Google play store so like f-droid or like how people would get software from a places website or GitHub or sourceforge or wherever and installing it like you can on Windows or a Mac or Linux
Rhis isn’t related to payment systems, which mostly have kyc requirements and extensive capacity to claw back money.
If it was only a question of publishing on the Play store, then I think that would make some sense. That’s not what’s happening here.
So the way compute used to work, is you could install any program you want from anywhere. You could buy a program from a web site or copy a disk and install the program.
Smartphones have been around since the late 1990s in various forms, it used to be, you could just install whatever you want.
Then, in 2008, Apple released the iPhone app store, and it was a closed space, a “walled garden”. You can only install apps on their phone if they approve them.
Google decided to join the phone race and released a phone where one could still install applications from anywhere, not just their store. There are multiple stores like others have mentioned, or you can download an APK file from anywhere and install it on your phone.
Part of their behavior since is slightly open to interpretation, as the technology is now used by everyone, not just tech nerds. People could install “bad” programs, and they could lose money, cell networks could be compromised, etc.
It likely costs a lot of companies a lot of money to deal with dumb users doing stupid shit. So from one perspective, making it extremely hard to install unknown programs from anywhere will curb that expense.
It could be a defensive move, as LLMs now allow anyone to write computer software with very little knowledge of it, and it is just bad timing.
On the other hand, since the beginning of computers, the owner of the machine could run whatever software they wanted.
This move by Google is basically making it so there is NO mobile compute platform that the owner of the device actually owns, and is allowed to do with their hardware what they want. Apple or Google, that is it. Apple had always been closed, which should have been made illegal, but I digress.
It has been a slippery slope with Android for almost 2 decades, and this move is basically the end of the ability for free humans to install free software from anywhere on the hardware they own and paid anywhere up to $3000 for.
Basically a huge dive for personal freedom on a planetary scale, decided by one corporation.
verified but still not responsible.
