Android Security or Vendor Lock-In? Google’s New Sideloading Rules Smell Fishy

Google already dominates the global smartphone market through Android, and now it is taking another step that has many, including myself, concerned. You see, Android powers more than 70 percent of smartphones worldwide, which gives Google unrivaled influence over how billions of people use their devices.

The company announced that starting in 2026, apps installed on certified Android devices, whether through the Play Store, sideloaded APKs, or third-party stores like F-Droid, will need to come from a developer who has gone through Google’s new verification process.

Google frames this as a security measure to protect against fraud and malware. According to its own research, apps from internet sideloading sources are over 50 times more likely to contain malware compared to those on the Play Store. The main idea here is to make it harder for repeat offenders to return under a new identity after being banned.

The irony here is hard to ignore. Despite years of security features baked into Android, sophisticated spyware like Pegasus has still managed to bypass protections and infect devices. It is difficult not to see this as Google tightening its grip on the entire Android ecosystem under the guise of safety.

The rollout begins in October 2025 with early access for some developers, expanding to all developers in March 2026. By September 2026, the requirements will be enforced in Brazil, Indonesia, Singapore, and Thailand. A global rollout is expected from 2027 onward.

Security or Gatekeeping?

the android developer verification is shown here with two main steps listed — *The steps required to get verified under the* *Android Developer Verification* *program.*

The verification process will require developers to register with Google through a dedicated Android Developer Console, built specifically for those distributing outside the Play Store.

A separate dashboard will exist for student and hobbyist developers, but the system still requires sharing personal identifying information like legal name, address, and phone number with Google.

Do you see the problem with this approach?

This change will have major implications for free and open source software. F-Droid and other alternative app stores rely on independent developers, many of whom may be unwilling or unable to provide their personal details to Google.

While sideloading will technically remain possible, the barrier of developer verification means fewer apps will be available outside Google’s control.

In practice, this could turn Google into the effective gatekeeper for all apps on "certified" Android devices, which includes nearly every modern Android phone that hasn’t been rooted, aside from the likes of Huawei.

This will be difficult for competition regulators worldwide to ignore. By requiring all apps on certified Android devices to come from Google-verified developers, the company is not banning sideloading outright, but it is centralizing control over who can distribute apps at scale.

Suggested Read 📖

🎗️

Here's why you should opt for It's FOSS Plus Membership:

- Even the biggest players in the Linux world don't care about desktop Linux users. We do.
- We don't put informational content behind paywall. Your support keeps it open for everyone. Think of it like 'pay it forward'.
- Don't like ads? With the Plus membership, you get an ad-free reading experience.
- When millions of AI-generated content is being published daily, you read and learn from real human Linux users.
- It costs just $2 a month, less than the cost of your favorite burger.

Become a Plus Member today and join over 300 people in supporting our work.