[German]Google has plans to adapt its Android system so that all developers of Android apps must register. Otherwise, the app will no longer be able to run. The F-Droid project is now sounding the alarm because it believes this will spell the end.
Android app developer registration: What is it all about?
In view of the large number of malicious Android apps, Google is taking drastic measures for the future. All developers of Android apps will have to identify themselves to Google if they want their apps to continue running on certified Android devices.
Google announced this on August 25, 2025, in a blog post titled A new layer of security for certified Android devices. Starting in 2026, Google wants all apps from verified developers to be registered so that they can be installed by users on certified Android devices. This should make it much more difficult for malicious actors to quickly distribute another malicious app after a version has been deleted by Google.
Google wants to verify who the developer is, but not the content of their app or its origin. This change will initially be introduced in a few select countries that are particularly affected by this type of fraudulent app scam, which often originates from repeat offenders. I had provided the schedules published by Google in the post Google requires Android app developers to identify themselves. From 2027, these regulations are to apply worldwide for Android.
The F-Droid project is at risk
For 15 years, the F-Droid project has been providing an alternative store for Android apps that can be installed on Android devices via side-loading. This project offers many open source Android apps free of charge. Users tend to prefer the app versions from the F-Droid store because, unlike the bloatware offered in the Google Play Store, they are not contaminated with tracking and advertising. However, I have noticed that F-Droid apps that I have occasionally installed do not run very stably and sometimes have "modest" functionality – I have deleted many of them.
While writing my article Google requires Android app developers to identify themselves, the question "what will happen to F-Droid?" crossed my mind. Hardly any developers will register with Google in order to then put their apps in the F-Droid store.
In a statement dated September 29, 2025, the F-Droid project addresses Google's plans. It states that F-Droid has been providing Android users worldwide with a safe place to find and install free open source apps for 15 years. In contrast to commercial app stores—of which the Google Play Store is the best known—the differences are striking. Commercial stores are breeding grounds for spyware and fraud and openly promote apps that exploit their users by trying to monetize their attention and spy on their private information by any means necessary, including tricks and dark patterns.
Apps in the F-Droid store, on the other hand, are validated before being accepted, it is argued. When a developer creates an Android app and hosts the source code publicly, the F-Droid team reviews the app to ensure that it is completely open source and does not contain any undocumented anti-features such as advertising or trackers. Once the review is complete, the F-Droid build service compiles and packages the app to prepare it for distribution in the F-Droid store. The package is then either signed with F-Droid's cryptographic key or, if the build is reproducible, released for distribution in the store with the original developer's private key. This way, users can trust that every app distributed through F-Droid has been created from the specified source code and has not been tampered with.
Google's move jeopardizes the operation of the F-Droid store with its free apps, the project rightly argues. Google unilaterally decrees that Android developers worldwide are required to register centrally with Google. In addition to paying a registration fee and agreeing to the (non-negotiable and constantly changing) terms and conditions, Google also requires software authors to upload documents identifying themselves, including official identification, and to list all unique "application IDs" for each app to be distributed by the registered developer, it says.
The F-Droid project cannot require developers to register their apps through Google. However, it also cannot adopt the application IDs for the open-source apps offered in the F-Droid store, as this would effectively mean seizing the exclusive distribution rights for these Android apps (which the project does not want to do).
If Google's developer registration regulation comes into force, it would spell the end of the F-Droid project and other distribution sources for free/open source apps as we know them today, it is argued – and this cannot be dismissed out of hand. The world would lose the security and reliability of a catalog containing thousands of apps.
The security argument put forward by Google does not hold water, writes the project, making the following point: While the direct installation – or "sideloading" – of software can be considered to involve certain risks, it is wrong to claim that centralized app stores are the only secure option for software distribution. Google Play itself has repeatedly hosted malware, proving that control by companies does not guarantee protection for users.
Unlike Google's Play Store, F-Droid offers a trustworthy and transparent alternative approach to security: every app is free and open source, the code can be checked by anyone, the build process and protocols are public, and reproducible builds ensure that what is published matches the source code exactly.
According to F-Droid, this transparency and accountability provides a stronger basis for trust than closed platforms, while still giving users freedom of choice. Restricting direct app installation not only undermines this freedom of choice, but also compromises the diversity and resilience of the open source ecosystem by leading to consolidation.
Google has since published this post, which states that sideloading will remain available, but leaves many questions unanswered.
