28 February 2026 - Advocacy
In August 2025, Google announced that as of September 2026, it will no longer be possible to develop apps for the Android platform without first registering centrally with Google.
The registration will require all developers to:
This will be mandatory for every Android developer, even when they plan to distribute their app only on third-party channels (app stores like F-Droid, Aurora, Obtainium, etc), a clear violation of Europe’s DMA (Digital Markets Act).
We are aware that most of malware and spyware are distributed via the so called side-loading mechanism (a pejorative term indicating the direct installation of software of your choosing on the device that you own without intermediaries).
Google’s argument is that by centralizing all the developer registration, it would be easier to detect and ban threat actors and malware, with Google’s oversight.
However, this argument does not stand the test of reality. Just a few months ago it was found yet again that malware was distributed on the Play Store itself.
On the contrary, alternative app stores like F-Droid are actively pursuing real mitigation strategies, like Reproducible Builds.
The use of spyware is not illegal in most European countries, and states such as Italy make extensive use of it, often without adequate safeguards or transparency. In this context, it is unclear what Google’s role would be if a state were to request the distribution of surveillance tools through its platform. Even if the company wished to oppose such a request, it might find itself legally obliged to authorize them.
In the meantime, however, Google may already have weakened or rendered impracticable independent alternatives, such as third-party app stores and decentralized distribution mechanisms, which currently represent spaces of pluralism and potentially greater security. Concentrating decision-making power in a single private entity does not equate to greater protection; rather, it creates a single point of political and legal pressure.
If the goal is to protect users, the solution is not to strengthen technological monopolies but to strengthen democratic rules, transparency, and public accountability. Making the use of spyware illegal at the European level would not eliminate crime, but it would provide a structural safeguard for fundamental rights, independent of the commercial or strategic choices of any single company.
We believe in an open ecosystem, not mandated by “Evil” companies. For this reason we signed the Keep Android Open letter.
Along with multiple organizations, we call upon Google to:
You’ve read an article from the Advocacy section, where we defend online privacy and anonymity, document threats and invasive practices such as surveillance companies, and promote a conscious and free digital culture.
We are a non-profit organization run entirely by volunteers. If you value our work, you can support us with a donation: we accept financial contributions, as well as hardware and bandwidth to help sustain our activities. To learn how to support us, visit the donation page.
