AdGuard is proud to be among the signatories of a newly published open letter opposing Google’s upcoming developer verification policy. The campaign was spearheaded by F-Droid, which launched it last year and has been rallying support ever since. The letter has now been signed by a growing number of civil society groups and technology organizations, including F-Droid itself, Electronic Frontier Foundation, Free Software Foundation, and Vivaldi. It is addressed to Google execs Sundar Pichai, Larry Page, and Sergey Brin among others.The message is clear: the proposed policy represents a fundamental shift in how the Android ecosystem operates — and not for the better. We fully support every concern raised in the letter and stand in solidarity with the organizations calling on Google to reconsider.What are Google’s new app verification requirementsAt the heart of the debate is a new mandatory verification system for Android developers. Unlike existing requirements that apply only to apps distributed through Google Play, this framework goes much further. It requires all Android developers, even those who distribute their apps independently via their own websites, third-party app stores, enterprise systems, or direct file transfers, to first obtain a de-facto approval from Google.In practical terms, this means developers will be required to create an account in a new Google console, agree to Google’s terms and conditions, pay a $25 registration fee, and complete an identity verification process. That process includes submitting a valid government-issued ID, such as a passport or driver’s license, providing a verified email address and phone number confirmed via one-time codes, and cryptographically linking their app to their verified identity. Developers must upload the public SHA-256 fingerprint of their signing key and submit a signed APK containing a designated verification file to associate the app’s package name with their registered identity.Importantly, developers who already have apps on Google Play won’t have to start from scratch. Instead of creating a completely new account, they’ll get a new option in their existing Play Console to register any apps they distribute outside of Google Play. Developers who only distribute apps outside the Play Store, however, will need to create a brand-new account and go through the full registration and verification process. This means that for many established developers, the new requirements are an extension of what they already do for Google Play rather than an entirely separate system. For those working exclusively outside the Play ecosystem, though, it’s a completely new set of steps.The scheme has been in early preview since November 2025 and will open to all developers in March 2026. Beginning in September 2026, enforcement will start in Brazil, Indonesia, Singapore, and Thailand. From that point forward, any developer who has not completed the verification process and registered their apps will see those apps blocked from installation on certified Android devices in those countries. Google has indicated that the policy will later expand globally.Google has stated that students and hobby developers will be able to create special accounts with fewer checks and without paying the standard $25 fee. While that may soften the burden at the margins, it does not change the underlying reality: independent software distribution on Android will now require Google’s explicit permission.This is a profound change, one that shatters the entire premise of the Android ecosystem, long regarded as the antithesis of the closed Apple ecosystem. Until now, Android positioned itself as an open ecosystem — one where developers could build and distribute software without having to pass through a single corporate gatekeeper. Under the new framework, that openness is fundamentally curtailed. The policy extends Google’s control beyond its own Play Store and into the broader Android landscape, effectively giving the company the technical ability to prevent installation of apps it has not approved.What is wrong with the new Google rulesThe impact on the developer community and first and foremost cutting-edge innovation within it could be significant. Volunteer-run open-source projects, privacy-focused developers, and teams in regions where Google services are limited or hard to access could all run into new hurdles. What sounds like a “10-minute process” on paper can easily turn into a real obstacle for small teams with limited time and resources.There are also legitimate privacy concerns for developers themselves. Requiring government-issued identification, verified phone numbers, and other personal data concentrates sensitive information in one place. For developers building tools specifically designed to protect user privacy, being forced to surrender their own personal data as a precondition for distribution is deeply contradictory.Equally troubling is the broader enforcement context. Google has a long history of app suspensions and rejections that developers describe as opaque, inconsistent, and difficult to appeal. Granting the company expanded authority over all Android app distribution — not just Play Store listings — amplifies concerns about arbitrary enforcement and limited recourse.Moreover, there is strong reason to question whether the policy will achieve its stated goal of improving security. Determined malicious actors have repeatedly demonstrated their ability to bypass safeguards, even within Google Play, where identity verification and compliance checks already exist. A Bitdefender investigation last year revealed that over 331 malicious apps made it onto the platform, reaching millions of users despite existing verification requirements. These apps were able to bypass Android 13's security measures and deceive users, all while masquerading as legitimate software.For legitimate developers, though, the impact will be immediate and real. Independent creators who rely on sideloading or third-party app stores may decide the extra paperwork, fees, and compliance headaches just aren’t worth it. The result? Fewer apps outside Google Play and in general — not because users don’t want them, but because the added friction pushes developers away. This, in turn, will discourage competition and slow down innovation.From a user’s point of view, the policy could also create a false sense of security. If apps can’t be installed unless they’re “verified,” people may assume that verified automatically means safe. It doesn’t. Verification just confirms who’s behind the app, it doesn’t guarantee clean code or rule out malicious behavior. That misplaced confidence could make users less cautious, weakening the security awareness Android’s warning system was meant to encourage.What can be done insteadAndroid already has solid security tools built in. Things like sandboxing, detailed permission controls, verified app signing, sideloading warnings and Google Play Protect create multiple layers of protection. If these tools are properly enforced — and that “if” really matters — they should be more than enough to address real security threats without putting the entire ecosystem under tighter centralized control.For example, Google Play Protect continuously scans apps on a device, including those installed outside Google Play, and checks them against Google’s threat detection systems. It can warn users about harmful apps, disable them, or remove them in serious cases. In short, it’s built to detect bad behavior no matter where an app comes from.Thus, security and openness don’t have to be mutually exclusive. Android has managed to balance both for years. But when new policies hand even more control to a single platform owner — and this is happening at a time when regulators are already looking closely at competition and market dominance — it raises real concerns. Moves like this can strengthen Google’s gatekeeping power, sideline alternative app stores, and make it harder for independent developers to compete on equal terms. It looks as if that’s not just about security and more about who controls access to users.Android’s biggest strength has always been its openness. That’s what attracted developers and users in the first place. It’s our belief that preserving that openness benefits everyone.For us at AdGuard, this isn’t just theoretical. Our users know that the full version of AdGuard for Android isn’t available on Google Play, because Google’s policies don’t allow full-fledged, system-wide ad blockers there. Instead, it’s downloaded directly from our official website or trusted third-party app stores.We remain committed to keeping AdGuard accessible to everyone, and we’ll take all the necessary steps to comply with Google’s new policy to ensure the app stays available going forward when and if it takes effect. However, at this stage, it is still unclear exactly what will be required of us to remain fully compliant under the new framework. At the same time, we believe the better solution would be for Google to reconsider this direction and preserve the openness that has long defined the Android ecosystem.