At the centre of the row is Google’s plan to require apps on certified Android devices to be tied to a verified developer identity. Google first announced the policy in August 2025, opened registration to all developers in March 2026, and says enforcement will begin in September 2026 in Brazil, Indonesia, Singapore and Thailand before expanding more widely from 2027. Google’s own developer documentation says the system will apply to certified Android devices running Android 7 or higher through updates delivered via Google Play services.
Google argues the change is meant to make Android safer by making it harder for repeat offenders to spread malware, scamware and impersonation apps. In its March blog post, the company said Android does not have to choose between openness and security and outlined an “advanced flow” that will still allow power users to install apps from unverified developers after extra steps designed to interrupt high-pressure scam tactics. That flow includes enabling developer mode, confirming the user is not being coached by a scammer, and then choosing whether to allow installs for seven days or indefinitely. Google says the advanced flow will launch globally in August, alongside limited distribution accounts intended to preserve narrower sharing use cases.
That compromise has not quieted critics. An open letter dated February 24 and coordinated by Keep Android Open says the policy would force developers distributing software through their own websites, third-party stores, enterprise channels or direct transfers to seek permission from Google first. The letter argues that mandatory verification, government-issued identification, fees and agreement to Google’s terms amount to gatekeeping outside Google’s own marketplace. It also says the system could create new barriers for small developers, volunteer-led open-source projects, humanitarian groups, researchers and app makers in regions affected by sanctions or weak registration infrastructure.
The criticism has been echoed by technology and digital-rights groups including Nextcloud, which said more than 30 organisations had signed on to oppose the programme. Their objections go beyond market access. They argue that a centralised registry of developers and applications raises privacy and surveillance questions, especially for those building sensitive, privacy-preserving or politically contentious tools. The open letter also contends that Android already has security mechanisms that do not require a universal registration layer controlled by Google.
Coverage by The Verge indicates Google has made some concessions, including limited workarounds for students and hobbyists to share apps with up to 20 people without providing government identification or paying a fee. The same report said verification remains in an early phase and described the broader pushback from developers who see the policy as an overreach rather than a balanced upgrade to platform security. That matters because Android’s commercial success has long rested partly on a contrast with Apple’s more tightly managed ecosystem, giving developers and users greater freedom to install and distribute software outside the main app store.
Google, for its part, is trying to frame the policy as an answer to a scam environment that has become more organised and more costly. In its March post, the company cited a 2025 Global Anti-Scam Alliance report saying 57 per cent of surveyed adults experienced a scam in the previous year, with global consumer losses of $442 billion. From Google’s perspective, verified identities create accountability and make it harder for malicious developers to return under new names after takedowns. The company has used similar logic inside Play Console, where identity checks for Play developers already require information such as government identity documents, and in some cases organisational records and D-U-N-S numbers.
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.
