If you haven’t seen this yet, Google is planning to require mandatory developer identity verification for all Android apps, including apps distributed outside the Play Store, taking effect September 2026. This affects every independent and open source Android developer directly.
This is not just about the Play Store. After September 2026, on any certified Android device, applications from unverified developers will be blocked by default. The only proposed bypass, the “advanced flow”, exists only as a blog post and has not appeared in any beta, dev preview, or canary release. No one outside Google has seen it.
The community has been fighting back at keepandroidopen.org:
- Read the full breakdown of what this means
- Sign the open letter (organisations only)
- Contact your national regulators — contacts listed by country on the site
- Add the countdown banner to your project
September 2026 is closer than it looks. The time to push back is now.
Nothing, but in some countries banks force you to use apps. You know, "for your security ".
Pretty much. My bank imposes transfer limits on the web portal vs the app, since there’s purportedly more security in the physical device rather than a web page accessible from any system.
While I don’t necessarily disagree with this, it means those apps also have to be searching for things like “Is USB debugging on? Is this running in an emulator? Is the device rooted?”
None of these are bad checks to make from a security perspective, but by relying on the app on a single device as a defacto MFA hurts the ability to manage personal finances when you’re in a position like this, with Google defining the security requirements of their ecosystem at a higher level than any single app.