F-Droid’s “Keep Android Open” campaign is a coordinated effort to stop Google from requiring all Android app developers to register with the company — paying fees, submitting government ID, and disclosing signing keys — before their apps can be installed on any certified Android device worldwide. If Google’s policy takes full effect starting September 2026, it will effectively end independent app distribution on Android, including F-Droid itself.
What Is F-Droid?
F-Droid is a free, open-source application repository for Android, founded in 2010 and celebrating its 15th anniversary in 2025. Unlike the Google Play Store or Samsung Galaxy Store, F-Droid does not charge developers, display advertisements, or track users. It operates on a straightforward principle: every app in the repository must be completely open source, audited by the F-Droid team, and compiled from its publicly available source code.
The platform’s security model is fundamentally different from commercial app stores. When a developer submits an app, F-Droid reviews the source code to verify it contains no undocumented “anti-features” — trackers, advertisements, or proprietary libraries. The build service then compiles the app directly from source, and where possible, uses reproducible builds to allow independent verification that the published binary matches the source code exactly. F-Droid does not require user accounts or registration, by design. It cannot track how many people use it.
As of early 2026, F-Droid hosts thousands of free and open-source apps — from privacy-focused browsers and encrypted messengers to scientific tools and utilities that have no commercial equivalent on mainstream stores.
What Is Google’s Developer Verification Program?
In August 2025, Google announced a new Android Developer Verification program through a blog post authored by Suzanne Frey, VP of Product, Trust & Growth for Android. The program requires all developers distributing apps on certified Android devices — meaning virtually every Android phone sold outside China, which represents the vast majority of the world’s Android installed base — to register with Google before their apps can be installed.
The registration process, as described in Google’s official documentation (as of February 2026), involves:
- A one-time $25 fee linked to a Google payment profile
- Government-issued identification documents for identity verification
- Business registration documents for organizational accounts (including a verified website)
- Enumeration of all app package names to be distributed
- Upload of a cryptographic proof linking the app’s signing key to the registered developer
Google’s timeline sets the initial enforcement in September 2026 across four countries — Brazil, Indonesia, Singapore, and Thailand — with global rollout planned for 2027 and beyond. The early access program for developers opened in October 2025, with full developer access from March 2026.
Google frames the program as a security measure, citing an internal analysis that found “over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.” The company argues that requiring developer accountability will deter repeat bad actors who use anonymity to distribute malware and financial scams.
Why Does This Matter for Open-Source Software?
F-Droid’s position is unambiguous: the developer verification decree will end the F-Droid project as it currently operates. The reasoning is structural, not theoretical.
F-Droid distributes apps that have been compiled from open-source code submitted by independent developers around the world. Many of these developers are volunteers, researchers, or small teams operating without legal entity, payment processing infrastructure, or willingness to submit personal identification to a corporation. Under the new rules, every app distributed through F-Droid must be registered under a verified developer account — either the original developer’s account, or another account that legally claims ownership of the app’s package identifier.
F-Droid cannot force its contributors to register with Google. Nor can it claim the package identifiers for apps it distributes without effectively asserting exclusive distribution rights — a move that would contradict the open-source ethos entirely. The result is a catch-22: comply with Google’s system, or cease to distribute apps on certified Android devices.
The Electronic Frontier Foundation has signed on to F-Droid’s open letter, articulating the broader concern: “When you set up a gate, you invite authorities to use it to block things they don’t like. And when you build a database, you invite governments (and private parties) to try to get access to that database.”
The EFF identifies specific communities most at risk: VPN developers distributing privacy tools in countries where those tools invite legal risk; reporters and activists building apps that document government abuses; researchers who use pseudonyms and cannot safely attach their government ID to a software project.
How the “Keep Android Open” Campaign Works
The campaign operates at keepandroidopen.org, launched by F-Droid and allied open-source advocates. It functions on several simultaneous tracks:
Developer resistance: The campaign urges Android developers not to sign up for Google’s early access verification program. The site argues that developer acquiescence is the only way Google’s plan can succeed — if a critical mass of developers refuse to register, the policy becomes impossible to enforce without blocking vast amounts of legitimate software.
Regulatory pressure: The campaign provides direct guidance to users and developers for contacting competition authorities in over 20 jurisdictions, including the European Commission’s Digital Markets Act team, the UK Competition and Markets Authority, the US Federal Trade Commission, and regulatory bodies in Brazil, Indonesia, Singapore, and Thailand — the four initial enforcement countries.
Consumer action: Users are encouraged to install F-Droid on their Android devices now, increasing the user base of alternative distribution to make it harder to marginalize.
Technical countermeasures: The campaign links to the FreeDroidWarn library, which developers can include in their apps to inform users about the verification issue.
The campaign’s Hacker News thread accumulated over 1,300 upvotes, reflecting broad technical community concern about the policy’s implications.
Google’s Security Argument — and Its Limits
Google’s core justification — 50x more malware from sideloaded sources — is cited without a linked study, making independent verification impossible. F-Droid’s published response notes that Google Play itself has repeatedly hosted malware: in 2025 alone, 224 malicious apps were removed from the Play Store after an ad fraud campaign was discovered, with over 19 million total downloads of malware from the Play Store recorded in the same period.
F-Droid also points to an existing technical solution: Google Play Protect, a service already active on all certified Android devices, which scans and disables malware regardless of where apps were installed from. If Play Protect already addresses the malware problem, the argument that mandatory developer registration is the only remaining defense becomes difficult to sustain.
Critics, including the EFF and multiple commentators, argue the real motivation is consolidation of market power — particularly notable given that Google simultaneously faces court-ordered changes to the Play Store following its loss in the Epic Games antitrust case. Google has now lost the appeal of that ruling and faces requirements to promote third-party app stores through Google Play. Developer verification, critics argue, provides a new mechanism to maintain central control over the Android software ecosystem even as the court attempts to open it.
Android App Distribution: A Comparison
| Platform | Cost to Developer | ID Required | Source Code Required | User Tracking | Sideloading |
|---|---|---|---|---|---|
| Google Play | $25 one-time | Yes | No | Yes | N/A (official store) |
| F-Droid | Free | No | Yes (open source) | No | Yes |
| Samsung Galaxy Store | Varies | Yes | No | Yes | N/A |
| Direct APK sideloading (pre-2026) | Free | No | No | No | Yes |
| Direct APK sideloading (post-Sept. 2026) | $25 + ID | Yes | No | Depends | Restricted |
The table illustrates that Google’s new requirements effectively align sideloading with Play Store registration requirements — collapsing the meaningful distinction between the two.
The Digital Sovereignty Dimension
The keepandroidopen.org campaign frames the issue not just as an open-source software problem but as a matter of national digital sovereignty. Over 95% of Android devices sold outside China are certified Android devices. Over half of all humans on Earth use an Android smartphone. A policy dictated by a single US corporation — requiring every app developer on Earth to register with that corporation before their software can run on the majority of the world’s smartphones — is, the campaign argues, an unprecedented privatization of what has historically been a public commons.
The campaign specifically notes Google’s track record of complying with government requests to remove legal apps — citing authoritarian regimes as examples — and asks whether states should cede their citizens’ software access to a company with that history.
The EU’s Digital Markets Act is frequently cited as the most promising legal avenue for challenge. The DMA designates Google as a “gatekeeper” and places specific obligations around interoperability and competition. F-Droid and allies argue that mandatory developer verification may directly violate the DMA’s requirements.
Meanwhile, early 2025 also saw Google close off public development of the Android Open Source Project (AOSP), moving development private. The keepandroidopen.org campaign notes this is how Google was able to implement the verification infrastructure without public review.
What Happens If Google Proceeds?
If the September 2026 deadline arrives without regulatory intervention or Google reversing course, the practical consequences are significant:
- Apps distributed through F-Droid that lack a verified Google developer registration will fail to install on certified Android devices in Brazil, Indonesia, Singapore, and Thailand starting September 2026.
- The global rollout in 2027 would extend this to virtually all Android users outside China.
- F-Droid has stated plainly that the project, in its current form, would cease to function under these conditions.
- Alternative app stores — including emerging commercial competitors to Google Play — face the same structural problem if they distribute apps whose developers refuse to register.
As of the date of this article (February 2026), F-Droid’s “This Week in F-Droid” newsletter notes that at FOSDEM 2026, many attendees believed Google had already backed down from the plan — a misconception the campaign is actively working to correct. Google’s official developer verification page continues to show the September 2026 enforcement timeline.
Frequently Asked Questions
Q: Is Google actually banning F-Droid? A: Not directly. Google’s policy requires all app developers to register with the company and submit identification. Since F-Droid distributes apps from thousands of independent open-source developers, many of whom will not or cannot register, F-Droid’s catalog would become unusable on certified Android devices.
Q: Can I still install F-Droid after September 2026? A: The F-Droid app itself may remain installable, but the apps it distributes will fail to install on certified Android devices in the initial four countries (Brazil, Indonesia, Singapore, Thailand) starting September 2026, with global rollout planned for 2027.
Q: Does Google’s malware argument have merit? A: Google cites “50x more malware from sideloaded sources,” but has not published the underlying study. F-Droid notes that Google Play itself has hosted malware (224 malicious apps removed in 2025), and that Google Play Protect already scans all installed apps regardless of source.
Q: What can developers do? A: The Keep Android Open campaign urges developers not to register for Google’s verification program, arguing that mass refusal makes the policy unenforceable. Developers can also include the FreeDroidWarn library in their apps to alert users to the issue.
Q: Will this affect custom ROMs like LineageOS? A: Devices running custom ROMs that forgo Google certification (and thus lose access to Google Play Services) would not be subject to Google’s verification requirements. However, the vast majority of Android devices sold to consumers are certified devices that would fall under the new policy.