Open Letter to Google on Mandatory Developer Registration for App Distribution
Source: Hacker News
Draft Letter
Date: February 24, 2026
To:
- Sundar Pichai, Chief Executive Officer, Google
- Sergey Brin, Founder & Board Member, Google
- Larry Page, Founder & Board Member, Google
- Vijaya Kaza, General Manager for App & Ecosystem Trust, Google
CC: Regulatory authorities, policymakers, and the Android developer community
Re: Mandatory Developer Registration for Android App Distribution
Introduction
We, the undersigned organizations representing civil society, nonprofit institutions, and technology companies, write to express our strong opposition to Google’s announced policy that would require all Android app developers to register centrally with Google in order to distribute applications outside of the Google Play Store. The policy is slated to take effect worldwide in the coming months.
Key Concerns
| Concern | Explanation |
|---|---|
| Erosion of Android’s open nature | Android has historically fostered an open ecosystem that encourages innovation and competition. Mandatory central registration runs counter to this principle. |
| Redundant security measures | The platform already incorporates multiple robust security mechanisms (e.g., Play Protect, sandboxing, permission model) that protect users without needing a central registry. |
| Impact on privacy and user freedom | Centralized developer data collection could compromise privacy and limit user choice in sourcing apps. |
| Potential stifling of competition | Smaller developers and emerging companies may face undue barriers, reducing market diversity. |
Our Request
- Withdraw the mandatory registration policy immediately.
- Engage with the open‑source and security communities to explore less restrictive, collaborative alternatives that preserve Android’s openness while enhancing security.
- Provide a transparent roadmap for any future security initiatives, allowing stakeholders to contribute to the design and implementation.
Conclusion
While we recognize Google’s commitment to platform security and user safety, we believe that imposing a universal registration requirement is unnecessary and harmful to the Android ecosystem. We urge Google to reconsider and work jointly with the broader community to develop solutions that uphold both security and openness.
Signed,
(List of undersigned organizations and representatives)
Our Concerns
1. Gatekeeping Beyond Google’s Own Store
Android has historically been an open platform where users and developers can operate independently of Google’s services. The proposed developer‑registration policy fundamentally alters that relationship by requiring developers who wish to distribute apps outside Google’s Play Store—through their own websites, third‑party app stores, enterprise distribution systems, or direct transfers—to first obtain permission from Google via a mandatory verification process. This process includes:
- Acceptance of Google’s terms and conditions
- Payment of a registration fee
- Submission of government‑issued identification
This extends Google’s gatekeeping authority into distribution channels where it has no legitimate operational role. Developers who choose not to use Google’s services should not be forced to register with, or submit to the judgment of, Google. Centralising the registration of all applications worldwide also gives Google newfound power to disable any app for any reason across the entire Android ecosystem.
2. Barriers to Entry and Innovation
Mandatory registration creates friction and barriers to entry, particularly for:
- Individual developers and small teams with limited resources
- Open‑source projects that rely on volunteer contributors
- Developers in regions with limited access to Google’s registration infrastructure
- Privacy‑focused developers who avoid surveillance ecosystems
- Emergency‑response and humanitarian organisations requiring rapid deployment
- Activists working on internet freedom in countries that criminalise that work
- Developers in sanctioned countries or regions where Google cannot allow sign‑ups
- Researchers and academics developing experimental applications
- Internal enterprise and government applications never intended for public distribution
Each additional bureaucratic hurdle reduces diversity in the software ecosystem and concentrates power in the hands of large, established players who can more easily absorb compliance costs.
3. Privacy and Surveillance Concerns
Requiring registration with Google creates a comprehensive database of all Android developers, regardless of whether they use Google’s services. This raises serious questions about:
- What personal information developers must provide
- How this information will be stored, secured, and used
- Whether the data could be subject to government requests or legal processes
- The extent to which developer activity is tracked across the ecosystem
- The impact on developers working on privacy‑preserving or politically sensitive applications
Developers should have the right to create and distribute software without submitting to unnecessary surveillance or scrutiny.
4. Arbitrary Enforcement and Account‑Termination Risks
Google’s existing app‑review processes have been criticised for opaque decision‑making, inconsistent enforcement, and limited appeal mechanisms. Extending this system to all Android‑certified devices creates risks of:
- Arbitrary rejection or suspension without clear justification
- Automated systems making consequential decisions with insufficient human oversight
- Developers losing the ability to distribute apps across all channels due to a single, un‑reviewable corporate decision
- Political or competitive considerations influencing registration approvals
- Disproportionate impact on marginalised communities and on controversial yet legal applications
A single point of failure controlled by one corporation is antithetical to a healthy, competitive software ecosystem.
5. Anticompetitive Implications
The requirement allows Google to collect intelligence on all Android development activity, including:
- Which apps are being developed and by whom
- Alternative distribution strategies and business models
- Competitive threats to Google’s own services
- Market trends and user preferences outside of Google’s ecosystem
This information asymmetry gives Google significant competitive advantages, enabling it to pre‑empt, copy, and undermine competing products and services, raising serious antitrust concerns.
6. Regulatory Concerns
Regulatory authorities worldwide—including the European Commission, the U.S. Department of Justice, and competition agencies in multiple jurisdictions—are increasingly scrutinising dominant platforms’ ability to prefer their own services and restrict competition. They are demanding greater openness and interoperability.
We also note growing concerns that regulatory intervention could increase mass surveillance, impede software freedom, and threaten open‑internet and device‑neutrality principles.
We urge Google to explore alternative ways to comply with regulatory obligations while preserving Android’s open nature, without expanding gatekeeper control over the platform.
Existing Measures Are Sufficient
The Android platform already includes multiple security mechanisms that do not require central registration:
- Operating‑system level security – application sandboxing and a robust permission system.
- User warnings for apps that are installed directly (i.e., “sideloaded”).
- Google Play Protect, which users can enable or disable at will.
- Developer signing certificates that establish software provenance.
No evidence has been presented that these safeguards are insufficient to protect Android users—they have done so for the entire seventeen years of Android’s existence. If Google’s concern is genuinely about security rather than control, it should invest in improving these existing mechanisms instead of creating new bottlenecks and centralizing control.
Our Petition
We call upon Google to:
- Immediately rescind the mandatory developer‑registration requirement for third‑party distribution.
- Engage in transparent dialogue with civil society, developers, and regulators about Android security improvements that respect openness and competition.
- Commit to platform neutrality by ensuring Android remains a genuinely open platform where Google’s role as platform provider does not conflict with its commercial interests.
Over the years, Android has evolved into a critical piece of technological infrastructure that serves hundreds of governments, millions of businesses, and billions of citizens worldwide. Unilaterally consolidating and centralizing the power to approve software in the hands of a single, unaccountable corporation is:
- Antithetical to the principles of free speech,
- An affront to free software,
- An insurmountable barrier to competition, and
- A threat to digital sovereignty everywhere.
We implore Google to reverse course, end the developer verification program, and begin working collaboratively with the broader community to advance security objectives without sacrificing the open principles upon which Android was built.
The strength of the Android ecosystem has historically been its openness; Google must work towards restoring its role as a faithful steward of that trust.