Nextcloud joins open letter opposing Android Developer Verification Program

Post date

maart 3, 2026

Nextcloud’s commitment to open standards

Our long-standing commitment to open standards and open source has been widely recognized.

Recently, our CEO and founder, Frank Karlitschek, received the Special Recognition for Contributions to Business & Impact Award at the European Open Source Awards (EOSA) 2026.
Nextcloud was also recognized as a Digital Public Good by the Digital Public Goods Alliance (DPGA), joining respected initiatives such as Mozilla, Creative Commons, and PeerTube.

These recognitions underscore our continued dedication to open source, interoperability, and the protection of digital rights.

An Open Letter Opposing Android Developer Verification

Date: February 24, 2026 To: Sundar Pichai, Chief Executive Officer, Google To: Sergey Brin, Founder and Board Member, Google To: Larry Page, Founder and Board Member, Google To: Vijaya Kaza, General Manager for App & Ecosystem Trust, Google CC: Regulatory authorities, policymakers, and the Android developer community Re: Mandatory Developer Registration for Android App Distribution

We, the undersigned organizations representing civil society, nonprofit institutions, and technology companies, write to express our strong opposition to Google’s announced policy requiring all Android app developers to register centrally with Google themselves in order to distribute applications outside of the Google Play Store, set to take effect worldwide in the coming months.

While we do recognize the importance of platform security and user safety, the Android platform already includes multiple security mechanisms that do not require central registration. Forcibly injecting an alien security model that runs counter to Android’s historic open nature threatens innovation, competition, privacy, and user freedom. We urge Google to withdraw this policy and work with the open-source and security communities on less restrictive alternatives.

Our Concerns

1. Gatekeeping Beyond Google’s Own Store

Android has historically been characterized as an open platform where users and developers can operate independently of Google’s services. The proposed developer registration policy fundamentally alters that relationship by requiring developers who wish to distribute apps through alternative channels — their own websites, third-party app stores, enterprise distribution systems, or direct transfers — to first seek permission from Google through a mandatory verification process, which involves the agreement to Google’s terms and conditions, the payment of a fee, and the uploading of government-issued identification.

This extends Google’s gatekeeping authority beyond its own marketplace into distribution channels where it has no legitimate operational role. Developers who choose not to use Google’s services should not be forced to register with, and submit to the judgement of, Google. Centralizing the registration of all applications worldwide also gives Google newfound powers to completely disable any app it wants to, for any reason, for the entire Android ecosystem.

2. Barriers to Entry and Innovation

Mandatory registration creates friction and barriers to entry, particularly for:

Individual developers and small teams with limited resources
Open-source projects that rely on volunteer contributors
Developers in regions with limited access to Google’s registration infrastructure
Privacy-focused developers who avoid surveillance ecosystems
Emergency response and humanitarian organizations requiring rapid deployment
Activists working on internet freedom in countries that unjustly criminalize that work
Developers in countries or regions where Google cannot allow them to sign up due to sanctions
Researchers and academics developing experimental applications
Internal enterprise and government applications never intended for broad public distribution

Every additional bureaucratic hurdle reduces diversity in the software ecosystem and concentrates power in the hands of large established players who can more easily absorb such compliance costs.

3. Privacy and Surveillance Concerns

Requiring registration with Google creates a comprehensive database of all Android developers, regardless of whether or not they use Google’s services. This raises serious questions about:

What personal information developers must provide
How this information will be stored, secured, and used
Whether this data could be subject to government requests or legal processes
To what extent developer activity is tracked across the ecosystem
What this means for developers working on privacy-preserving or politically sensitive applications

Developers should have the right to create and distribute software without submitting to unnecessary surveillance or scrutiny.

4. Arbitrary Enforcement and Account Termination Risks

Google’s existing app review processes have been criticized for opaque decision-making, inconsistent enforcement, and limited appeal mechanisms. Extending this system to all Android certified devices creates risks of:

Arbitrary rejection or suspension without clear justification
Automated systems making consequential decisions with insufficient human oversight
Developers losing their ability to distribute apps across all channels due to a single un-reviewable corporate decision
Political or competitive considerations influencing registration approvals
Disproportionate impact on marginalized communities and controversial but legal applications

A single point of failure controlled by one corporation is antithetical to a healthy, competitive software ecosystem.

5. Anticompetitive Implications

This requirement allows Google to collect intelligence on all Android development activity, including:

Which apps are being developed and by whom
Alternative distribution strategies and business models
Competitive threats to Google’s own services
Market trends and user preferences outside of Google’s ecosystem

This information asymmetry provides Google with significant competitive advantages, allows it to preempt, copy, and undermine competing products and services, and may open many questions about antitrust.

6. Regulatory concerns

Regulatory authorities worldwide, including the European Commission, the U.S. Department of Justice, and competition authorities in multiple jurisdictions, have increasingly scrutinized dominant platforms’ ability to preference their own services and restrict competition, demanding more openness and interoperability. We additionally note growing concerns around regulatory intervention increasing mass surveillance, impeding software freedom, open internet and device neutrality.

We urge Google to find alternative ways to comply with regulatory obligations by promoting models that respect Android’s open nature without increasing gatekeeper control over the platform.

Existing Measures Are Sufficient

The Android platform already includes multiple security mechanisms that do not require central registration:

Operating system-level security features, application sandboxing, and permission systems
User warnings for applications that are directly installed (or “sideloaded”)
Google Play Protect (which users can choose to enable or disable)
Developer signing certificates that establish software provenance

No evidence has been presented that these safeguards are insufficient to continue to protect Android users as they have for the entire seventeen years of Android’s existence. If Google’s concern is genuinely about security rather than control, it should invest in improving these existing mechanisms rather than creating new bottlenecks and centralizing control.

Our Petition

We call upon Google to:

Immediately rescind the mandatory developer registration requirement for third-party distribution.
Engage in transparent dialogue with civil society, developers, and regulators about Android security improvements that respect openness and competition.
Commit to platform neutrality by ensuring that Android remains a genuinely open platform where Google’s role as platform provider does not conflict with its commercial interests.

Over the years, Android has evolved into a critical piece of technological infrastructure that serves hundreds of governments, millions of businesses, and billions of citizens around the world. Unilaterally consolidating and centralizing the power to approve software into the hands of a single unaccountable corporation is antithetical to the principles of free speech, an affront to free software, an insurmountable barrier to competition, and a threat to digital sovereignty everywhere.

We implore Google to reverse course, end the developer verification program, and to begin working collaboratively with the broader community to advance security objectives without sacrificing the open principles upon which Android was built. The strength of the Android ecosystem has historically been its openness, and Google must work towards restoring its role as a faithful steward of that trust.

Signatories (as of February 26, 2026)

AdGuard
The App Fair Project
ARTICLE 19
Associação Nacional para o Software Livre (ANSOL)
Aurora Store
The Center for Digital Progress (D64)
The Chaos Computer Club (CCC)
Codeberg e.V.
Cryptee
Data Rights
Digitale Gesellschaft
The Digital Rights Foundation
Digital Rights Watch
epicenter.works – for digital rights
/e/ Foundation
European Digital Rights (EDRi)
The Electronic Frontier Foundation (EFF)
Fastmail
FUTO
Ghostery
F-Droid

The Free Software Foundation (FSF)
The Free Software Foundation Europe (FSFE)
The Guardian Project
IzzyOnDroid
JMP.chat
KDE e.V.
microG
Molly
Nextcloud
Obtainium
The OpenStreetMap Foundation (OSMF)
Open Rights Group (ORG)
Osservatorio Nessuno OdV
Proton AG
Rossmann Group
Software Freedom Conservancy
Techlore
The Tor Project
Tuta Mail
Vivaldi Technologies AS