Keep Android Open

This article may incorporate text from a large language model, which is prohibited in Wikipedia articles. It may include hallucinated information, copyright violations, claims not verified in cited sources, original research, or fictitious references. Any such material should be removed. (May 2026) (Learn how and when to remove this message)

Keep Android Open is a campaign launched in October 2025 to oppose a Google policy requiring all Android app developers to register their identities with Google before their applications can be installed on certified Android devices, including via sideloading. The campaign by software developers and F-Droid board member Marc Prud'hommeaux and is hosted at keepandroidopen.org. It has attracted support from free and open-source software organisations and digital rights groups, as well as technology companies, across more than twenty countries.

The campaign's argument is that the verification requirement gives Google unilateral control over which software may run on certified Android devices regardless of how it is distributed, threatening independent app ecosystems, privacy-focused or custom ROMs.

In February 2026, the campaign published an open letter to Alphabet Inc. leadership calling for the policy to be withdrawn; by late April 2026 it had attracted signatures from more than sixty organisations across more than twenty countries.^[1]

Unlike Apple's iOS, Android has permitted sideloading, the installation of applications obtained outside the official Google Play store as a built-in capability. Users can enable installation from unknown sources in their device settings, allowing them to install application packages (APK files) downloaded from third-party stores, shared directly by developers, or obtained through repositories such as F-Droid, Droidify, NeoStore or Obtainium.

This openness has been cited as a distinguishing characteristic of the Android platform and has underpinned a broad ecosystem of independent software and alternative application stores, including custom ROMs such as GrapheneOS and LineageOS.^[2][3]

On 25 August 2025, Google announced a new mandatory developer verification programme.^[2] Under the programme, any app installed on a certified Android device regardless of whether it comes from Google Play, a third-party store, or direct sideloading must be linked to a developer account that has been verified by Google. The verification process requires developers to:^[2][4]

• Provide government-issued photographic identification;
• Pay a one-time US$25 fee and create a Google payment profile;
• Agree to Google's Terms and Conditions;
• Submit evidence of the application's private signing key; and
• Declare all current and future application identifiers.

Google cited security as the primary rationale, noting that Android accounts for the overwhelming majority of mobile malware infections globally, most of which arrive via unverified APK files.

The company argued that tying distribution to a traceable real-world identity would reduce the ability of malware authors to re-enter the ecosystem after being removed from Google Play under a new identity.^[4][5]

Mandatory enforcement was scheduled to begin in September 2026 in Brazil, Indonesia, Singapore, and Thailand, with a global rollout planned for 2027.^[4][6]

Following the announcement, opposition to the policy coalesced in developer forums. Criticism focused in particular on the burden placed on small developers, volunteers, academics, and researchers who lack the corporate infrastructure or willingness to share government identification with Google. In late October 2025, Marc Prud'hommeaux — a board member of the open-source app repository F-Droid and operator of the alternative iOS app store App Fair — formalised the opposition into the Keep Android Open initiative and launched the campaign website.^[7]

Prud'hommeaux framed the policy as an antitrust issue rather than a security measure, arguing that the requirement extended Google's gatekeeping role beyond its own marketplace and into distribution channels it does not own.^[7] He estimated that 90–95% of Android developers were "somewhere between concerned and outraged" and began engaging competition regulators in the United States, Brazil, and the European Union.^[7][8]

In November 2025, following sustained criticism, Google modified its plans in two respects. First, it announced a dedicated account type for developers distributing apps to limited audiences — such as family, friends, or small test groups — allowing distribution to up to twenty devices without requiring government identification or payment of the registration fee. Second, it announced an "advanced flow" for experienced users who wish to install applications from unverified developers: the flow requires the user to enable developer mode, confirm that they are not being coerced, restart their device, and authenticate with biometrics or a PIN after a twenty-four-hour waiting period.^[9][10]

Critics, including F-Droid and the Keep Android Open campaign, argued that the modifications did not address the central objection — that the policy extends Google's gatekeeping role to all certified Android devices regardless of distribution channel. The "advanced flow" retains compulsory additional steps and a waiting period, which campaigners contend treats adult users as incapable of making autonomous software installation decisions. The original enforcement timeline remained unchanged.^[8][11] The campaign judged the concessions insufficient and chose to escalate with a formal public letter.

On 24 February 2026, the Keep Android Open campaign published an open letter addressed to Alphabet CEO Sundar Pichai, co-founders Larry Page and Sergey Brin, and app ecosystem vice president Vijaya Kaza.^[12] The letter called on Google to withdraw the mandatory developer verification requirement in its entirety. It argued that:

• centralising developer identity data with Google creates surveillance risks and a potential vector for government compulsion;
• the requirement imposes barriers that disproportionately harm independent developers, researchers, nonprofits, and activists in countries where submitting government identification to a foreign corporation carries legal or personal risk;
• the policy extends Google's unaccountable app-review process to distribution channels outside Google Play, contradicting court-ordered obligations to maintain an open ecosystem; and
• alternative app ecosystems, including F-Droid and privacy-focused custom ROMs, face existential harm.^[12][13]

The letter was copied to competition regulators worldwide.^[14]

By late April 2026, more than sixty organisations from over twenty countries had signed the open letter.^[1][15] Signatories include:

The signatories span free software foundations, digital rights organisations, and technology companies from multiple continents.

F-Droid, a repository of free and open-source software applications for Android, described the verification requirement as an "existential" threat to its mission. A significant portion of the software in F-Droid is maintained by individual volunteers or pseudonymous developers who build tools for privacy, security, or niche communities and who are unwilling or unable to submit biometric or government identification to Google. Were the requirement enforced on all certified Android devices without the carve-outs subsequently announced by Google, such apps would become uninstallable on the devices used by most Android users worldwide.^[16][6]

Devices running GrapheneOS, CalyxOS, or LineageOS typically operate outside Google's certification programme and do not include the Google Play Services infrastructure against which verification checks are enforced. As a result, users of such systems are generally unaffected by the policy as currently written. However, campaigners argue that the normalisation of identity-gated software installation sets a precedent harmful to user autonomy more broadly.^{[17][non-primary source needed]}

Marc Prud'hommeaux^[18] and co-signatories of the open letter have engaged competition regulators in multiple jurisdictions. In the United States, Prud'hommeaux contacted antitrust officials in four states as well as the Department of Justice, citing the policy's interaction with remedies from the ongoing United States v. Google antitrust proceedings. Contacts were also made with Brazilian competition authorities (CADE) and European Commission officials responsible for enforcement of the Digital Markets Act.^[7][19]

Critics have noted an apparent tension between Google's simultaneous court-ordered obligations to open its payments ecosystem and its move to centralise developer identity across the broader Android distribution landscape.^[14]

Google has defended the developer verification policy as a security measure designed to close a specific enforcement gap, stating that mandatory identity verification would prevent malicious actors from re-entering the ecosystem after removal from Google Play. Google has not published a formal public response to the open letter as of April 2026.^[6][20]

• F-Droid
• Android (operating system)
• Digital Markets Act
• Open-source software
• Electronic Frontier Foundation
• Software Freedom Conservancy
• GrapheneOS

• Keep Android Open — official website
• Open letter to Google