For the past 15 years1, F-Droid has provided a safe and securehaven for Android users around the world to find and install free and opensource apps. When contrasted with the commercial app stores — of which theGoogle Play store is the most prominent — the differences are stark: theyare hotbeds of spyware and scams, blatantly promoting apps that prey ontheir users through attempts to monetize their attention and mine theirintimate information through any means necessary, including trickery anddark patterns.[^spyware1]https://f-droid.org/2025/09/04/twif.html[^spyware1]: “Spyware maker caught distributing malicious Android apps foryears”:https://techcrunch.com/2025/02/13/spyware-maker-caught-distributing-malicious-android-apps-for-yearsF-Droid is different. It distributes apps that have been validated to workfor the user’s interests, rather than for the interests of the app’sdistributors. The way F-Droid works is simple: when a developer creates anapp and hosts the source code publicly somewhere, the F-Droid team reviewsit, inspecting it to ensure that it is completely open source and containsno undocumented anti-features such as advertisements ortrackers2. Once it passes inspection, the F-Droid buildservice compiles and packages the app to make it ready for distribution. Thepackage is then signed either with F-Droid’s cryptographic key, or, if thebuild is reproducible[^reproducible], enables distribution using theoriginal developer’s private key. In this way, users can trust that any appdistributed through F-Droid is the one that was built from the specifiedsource code and has not been tampered with.https://f-droid.org/docs/Anti-Features/[^reproducible]: F-Droid Reproducible Builds Introduction:https://f-droid.org/docs/Reproducible_Builds/Do you want a weather app that doesn’t transmit your every movement to ashadowy data broker3? Or a scheduling assistant that doesn’tsiphon your intimate details into an advertisementnetwork[^surveillance-ads]? F-Droid has your back. Just as sunlight is thebest disinfectant against corruption, open source is the best defenseagainst software acting against the interests of the user.https://www.howtogeek.com/884233/your-weather-app-is-spying-on-you-heres-what-to-do/#why-are-weather-apps-such-a-privacy-nightmare[^surveillance-ads]: “Online Behavioral Ads Fuel the SurveillanceIndustry—Here’s How”:https://www.eff.org/deeplinks/2025/01/online-behavioral-ads-fuel-surveillance-industry-heres-howGoogle’s move to break free app distributionThe future of this elegant and proven system was put in jeopardy last month,when Google unilaterally decreed4 that Android developers everywherein the world are going to be required to register centrally with Google. Inaddition to demanding payment of a registration fee and agreement to their(non-negotiable and ever-changing) terms and conditions, Google will alsorequire the uploading of personally identifying documents[^regid], includinggovernment ID, by the authors of the software, as well as enumerating allthe unique “application identifiers” for every app that is to be distributedby the registered developer.[^regappid]require all apps to be registered by verified developers in order to beinstalled by users on certified Android devices.”https://android-developers.googleblog.com/2025/08/elevating-android-security.html[^regid]: Android developer verification: “You will need to provide andverify your personal details, like your legal name, address, email address,and phone number. You may also need to upload official government ID.”:https://developer.android.com/developer-verification#verify-your-identity[^regappid]: Android developer verification: “You’ll need to prove you ownyour apps by providing your app package name and app signing keys.”:https://developer.android.com/developer-verification#register-your-appsThe F-Droid project cannot require that developers register their appsthrough Google, but at the same time, we cannot “take over” the applicationidentifiers for the open-source apps we distribute, as that wouldeffectively seize exclusive distribution rights to those applications.If it were to be put into effect, the developer registration decree will endthe F-Droid project and other free/open-source app distribution sources aswe know them today, and the world will be deprived of the safety andsecurity of the catalog of thousands of apps that can be trusted andverified by any and all. F-Droid’s myriad users5 will be leftadrift, with no means to install — or even update their existing installed —applications.because we don’t track users or have any registration. “No user accounts, bydesign”:https://f-droid.org/2022/02/28/no-user-accounts-by-design.htmlThe Security CanardWhile directly installing — or “sideloading”6 — software can beconstrued as carrying some inherent risk, it is false to claim thatcentralized app stores are the only safe option for softwaredistribution. Google Play itself has repeatedly hostedmalware[^playmal1][^playmal2], proving that corporate gatekeeping doesn’tguarantee user protection. By contrast, F-Droid offers a trustworthy andtransparent alternative approach to security: every app is free and opensource, the code can be audited by anyone, the build process and logs arepublic, and reproducible builds ensure that what is published matches thesource code exactly. This transparency and accountability provides astronger basis for trust than closed platforms, while still giving usersfreedom to choose. Restricting direct app installation not only underminesthat choice, it also erodes the diversity and resilience of the open-sourceecosystem by consolidating control in the hands of a few corporate players.came up with; it means “installing software without our permission,” whichwe used to just call “installing software” (because you don’t need amanufacturer’s permission to install software on your computer).’ —Pluralistic: Darth Android:https://pluralistic.net/2025/09/01/fulu/[^playmal1]: “224 malicious apps removed from the Google Play Store after adfraud campaign discovered”:https://www.malwarebytes.com/blog/news/2025/09/224-malicious-apps-removed-from-the-google-play-store-after-ad-fraud-campaign-discovered[^playmal2]: “Malware-ridden apps made it into Google’s Play Store, scored19 million downloads”:https://www.theregister.com/2025/08/26/apps_android_malware/Furthermore, Google’s framing that they need to mandate developerregistration in order to defend against malware is disingenuous because theyalready have a remediation mechanism for malware they identify on adevice: the Play Protect service7 that is enabled on allAndroid Certified devices already scans and disables apps that have beenidentified as malware, regardless of their provenience. Any perceived risksassociated with direct app installation can be mitigated through usereducation, open-source transparency, and existing security measures withoutimposing exclusionary registration requirements.harmful behavior”:https://support.google.com/googleplay/answer/2812853We do not believe that developer registration is motivated by security. Webelieve it is about consolidating power and tightening control over aformerly open ecosystem.The Right to RunIf you own a computer, you should have the right to run whatever programsyou want on it. This is just as true with the apps on your Android/iPhonemobile device as it is with the applications on your Linux/Mac/Windowsdesktop or server. Forcing software creators into a centralized registrationscheme in order to publish and distribute their works is as egregious asforcing writers and artists to register with a central authority in order tobe able to distribute their creative works. It is an offense to the coreprinciples of free speech and thought that are central to the workings ofdemocratic societies around the world.By tying application identifiers to personal ID checks and fees, Google isbuilding a choke point that restricts competition and limits userfreedom. It must find a solution which preserves user rights, freedom ofchoice, and a healthy, competitive ecosystem.What do we propose?Regulatory and competition authorities should look carefully at Google’sproposed activities, and ensure that policies designed to improve securityare not abused to consolidate monopoly control. We urge regulators tosafeguard the ability of alternative app stores and open-source projects tooperate freely, and to protect developers who cannot or will not comply withexclusionary registration schemes and demands for personal information.If you are a developer or user who values digital freedom, you canhelp. Write to your Member of Parliament8,Congressperson[^congressperson] or other representative, sign petitions indefense of sideloading, and contact the European Commission’s DigitalMarkets Act (DMA) team9 to express why preserving opendistribution matters. By making your voice heard, you help defend not onlyF-Droid, but the principle that software should remain a commons, accessibleand free from unnecessary corporate gatekeeping.https://www.europarl.europa.eu/meps/en/home[^congressperson]: Find Your Representativehttps://www.house.gov/representatives/find-your-representativehttps://digital-markets-act.ec.europa.eu/contact-dma-team_en “For fifteen more”: ↩ F-Droid Anti-Features overview: ↩ “Your Weather App Is Spying on You, Here’s What to Do”: ↩ Android Developers Blog: “Starting next year, Android will ↩ How many F-Droid users are there, exactly? We don’t know, ↩ ‘“Sideload” is a weird euphemism that the mobile duopoly ↩ “Google Play Protect checks your apps and devices for ↩ Members of the European Parliament ↩ Contact the DMA team: ↩