App distribution site F-Droid lashes out against Google's mandatory developer registration
Following Google's announcement that it will block the installation of apps from unverified developers on Android, app distribution site F-Droid has issued a statement in protest, stating that Google's new policy puts F-Droid's survival at risk.
F-Droid and Google's Developer Registration Decree | F-Droid - Free and Open Source Android App Repository
In August 2025, Google announced that it would introduce a 'Developer Verification System' that would effectively force all Android app developers to register their information with Google.
Google introduces 'Developer Authentication' feature to verify the identity of all apps installed on Android - GIGAZINE
Under this system, app developers must register information such as their address and name with Google, as well as the package name and signing key for their app. Going forward, Android will verify this information when installing an app on a device, and will block installation if the information does not match the registered information.
Many Android users are opposed to this system.
One of the major advantages of Android is that it allows users to install apps from sources other than the official app platform, Google Play. Many legal and useful apps are available through third-party platforms or directly on various websites, including those that violate Google Play's terms of service and therefore cannot be distributed through Google Play. However, Google's policy change will require all developers to register their information with Google.
This has raised concerns that the burden on individual developers will increase, and that apps that modify existing apps may become unusable. Normally, when an app is modified, the 'signature' recorded in the app is overwritten, and since the overwritten signature will naturally differ from the registered signature, it is thought that such apps will not be able to be installed.
The same applies when building an app yourself. Many Android users have asked whether they even need to register their signature if they build it themselves and sign it. While it's fine if you build your own app yourself, if you build someone else's app yourself, installation may be blocked.
F-Droid ensures transparency by allowing you to build other people's apps yourself.
F-Droid is a third-party app platform with a large lineup of open-source apps. F-Droid guarantees the safety of apps by either releasing apps signed by developers as is, or building and reviewing open-source software itself, and publishing the entire build process. It stands out from other app distribution sites in that it allows anyone to verify how apps are designed and built.
Google has stated that 'malware detected in apps installed from sources other than Google Play was more than 50 times higher than in apps installed from Google Play,' and is touting the benefits of its developer verification system, which restricts app installation from sources other than Google Play. However, just because installing apps from sources other than Google Play is dangerous does not mean that installing apps from Google Play is not dangerous.
Although apps distributed on Google Play are supposedly subject to Google's review, there are frequent cases where malware is introduced into app updates, allowing them to bypass Google's review, so the app is not necessarily completely safe.
In this respect, sites like F-Droid, which always verify and publish information even when apps are updated, can sometimes be more secure.
It's true that installing apps from sources other than Google Play without due caution is risky. Users must carefully check for themselves what kind of site is distributing the apps, and whether the apps and their developers are trustworthy. Still, the ability to 'select and install the apps you want' is a major advantage of Android, and restricting this mechanism would diminish Android's advantage.
F-Droid points out, 'Commercial app stores like the Google Play Store are breeding grounds for spyware and fraud, and blatantly promote apps that monetize users' attention or harvest personal information through deceptive and dark practices. F-Droid is different. We ensure that the apps we distribute operate in the user's interest, not the distributor's. Because of the way F-Droid works, developers cannot require apps to be registered through Google, or register apps that claim to be F-Droid. If developer verification goes into effect, it will mean the end of the F-Droid project and other free and open source app distribution sources in their current form, and the world will lose the safety and security that comes with a verifiable app catalog. Millions of F-Droid users will be left devastated, losing not only the ability to install apps but even the ability to update existing apps.'
F-Droid added, 'Our Play Protect service, enabled on all certified Android devices, scans and disables apps identified as malware, regardless of their origin. It's disingenuous to say that mandatory developer verification is necessary to protect against malware. We believe this is not for security purposes, but rather to centralize power and tighten control over a once-open ecosystem.'
There are still many details that are not known, such as what kind of information will be verified under the developer certification system, and whether the feared situation of 'all useful apps becoming unusable' will actually occur.
Samir Samat, president of Android Ecosystem, responded to a question from a member of the public: 'Can I patch and install my own APK (Android app file format) on my device? I don't intend to share my APK with others. I don't intend to be a developer; I just want to patch and build APKs.' He replied, 'Yes, this should all be possible without verification,' suggesting that, at least for homebrew apps, there is no need for complicated procedures.
Yep, this should all be doable without verification.
— Sameer Samat (@ssamat) August 28, 2025
On the social networking site Hacker News, there has been discussion about whether this violates the Digital Markets Act, which protects against monopolies. One user contacted the European Commission about this, and received a response saying, 'The Digital Markets Act effectively requires companies like Google to allow apps to be distributed on unofficial platforms, while at the same time allowing them to implement safeguards to verify whether apps from unofficial platforms pose a security threat.' The user argued that the European Commission's stance strengthens the duopoly, which is the exact opposite of the law's purpose.
Related Posts:
in Software, Posted by log1p_kr