In the coming weeks, Google plans to initiate testing for its newly announced verification scheme aimed at Android developers. However, details regarding the operational mechanics of this process remain scarce. In response to this impending change, F-Droid, a well-known free and open source app repository, has taken a proactive stance, voicing concerns that the verification scheme could jeopardize alternative app stores.
F-Droid has been a prominent player in the realm of free and open source software (FOSS) for Android for nearly 15 years. The platform serves as the largest source of FOSS applications, allowing users to sideload apps manually since they are not available through the Google Play Store. Google's recent announcement indicates that all Android app developers will be required to register their applications and their identities with Google. This means that any app not validated by Google will become un-installable on certified Android devices in the future.
Given that nearly all Android devices outside of China utilize Google services, the implications are far-reaching. F-Droid argues that Google's verification program poses a significant threat to the free distribution of apps. Google asserts that tying real identities to apps can help mitigate the prevalence of malware, a claim supported by incidents observed in the Play Store. Nonetheless, F-Droid points out that the Play Store is not immune to malicious applications, suggesting that Google's strategy may not effectively eliminate the risks associated with sideloading.
The potential verification process poses a significant challenge for F-Droid's operations. Unlike Google Play, F-Droid does not engage in tracking user data or displaying invasive advertisements. Instead, each application is submitted in source code form, which F-Droid verifies and compiles. F-Droid has stated that it cannot mandate developers to register with Google or take over app identifiers for registration, as this would effectively infringe upon the distribution rights of the original authors.
F-Droid warns that if Google is permitted to exert control over the entire Android software ecosystem through its developer verification program, it could spell the end for their project. Furthermore, F-Droid highlights that Google will likely require independent developers—many of whom offer their apps for free—to pay registration fees, a burden that could dissuade developers from participating.
F-Droid's position is unequivocal: device owners should retain the right to choose the software they install. Forcing developers to register with a central authority undermines the principles of free speech and thought, according to F-Droid. The blog post accuses Google of using security concerns as a facade for consolidating its monopoly over app distribution, particularly as the company faces increasing scrutiny from antitrust actions.
In light of these developments, F-Droid is urging regulators in the US and EU to closely examine Google's verification plans before they are fully implemented. Google is currently navigating significant changes mandated by court rulings related to antitrust cases, including the one initiated by Epic Games. These rulings may compel Google to open its app distribution system by promoting third-party stores within the Play Store and allowing content from Google Play to be mirrored in other storefronts, thus reducing its monopoly power.
Despite these pressures, Google's latest focus on restricting sideloading could enable the company to maintain its central role in the Android software ecosystem. F-Droid is calling on developers and users who are concerned about these changes to reach out to their government representatives and advocate for action. Specifically, they suggest leveraging the European Commission’s Digital Markets Act (DMA) to protect FOSS applications from Google's stringent regulations.
While the pilot verification program is set to launch next month, it is important to note that unverified apps will not be blocked for nearly a year. This phased approach will initially affect a select number of markets, including Brazil, Indonesia, Singapore, and Thailand, with plans for global expansion by 2027.
