The irony cuts deep. In October 2025, Google lost an antitrust case to Epic Games. A federal judge ordered the company to open Android. Google appealed. They lost again. The Supreme Court let the order stand. So Google complied—sort of.
Developers can now use external payment processors. They can direct users outside the Play Store ecosystem. The 30% commission no longer applies to transactions routed through alternative systems. By every measure, Android appears more open than it was before.
Except it doesn’t work that way in practice. While one hand opened the Play Store door, Google’s other hand built something. Not a lock exactly. More like a system that looks like infrastructure when it’s actually control.
What Actually Changed in October
Starting this month in the US, Play Store developers got three genuine new abilities. They can integrate third-party payment processors directly into their apps, bypassing Google entirely. They can tell users about payment methods and app sources outside the Play Store through in-app messaging and direct links. For transactions routed through these alternative channels, Google takes no commission—a real $30,000 gap for a developer earning $100,000 annually.
For an alternative app store like F-Droid distributing free software, this removes a financial barrier that previously forced compromises.
But here’s the architecture underneath: Google hasn’t abandoned gatekeeping. They’ve rebuilt it.
The Infrastructure Play
Starting in 2026, Google is implementing what they’re calling developer verification. Every developer publishing to Android devices—not just the Play Store—will need to register with Google, submit government-issued identification, verify their identity through Google’s cloud-based system, and pay a $25 processing fee. Apps from unverified developers won’t be installable on Google-certified Android devices.
The framing is security. The functionality is something else.
The verification system applies to side-loaded apps. It applies to apps from alternative stores. It applies to any software you try to install on a device certified by Google—which is 95% of Android devices outside China. You can theoretically bypass the Play Store. You cannot bypass Google’s verification infrastructure.
From a technical standpoint, this is engineered with real sophistication. From a regulatory standpoint, it’s elegant. The court said open the store. Google opened it. The court didn’t explicitly say “and don’t create new mechanisms to control the entire ecosystem.” So Google did exactly that.
What This Looks Like from the Inside
If you lead a technology organization or manage developer relations, three realities need to shape your decisions.
The official distribution channel remains hostile to competition. The Play Store’s contract terms, search algorithms, and review processes haven’t fundamentally changed. If you’re building something that competes with Google’s interests—alternative payment systems, privacy tools, competing services—you’re still operating in a place where the house makes the rules.
An alternative distribution path exists but requires Google’s approval anyway. You can use F-Droid, alternative app stores, or direct side-loading. But if Google doesn’t verify your developer account, your application won’t run on certified devices. You’ve traded one gatekeeper for a different gatekeeper wearing different clothes.
The verification system creates a point of centralized control that feels technical rather than corporate. Unlike Play Store review, which happens locally on Google’s infrastructure, the verification system depends on cloud connectivity to Google’s servers. If Google decides to de-prioritize your verification, delay it, or deny it—there’s no transparent appeal process. There’s no disclosed standard beyond “we’re ensuring developer accountability and security.”
Who’s Paying Attention
Last week, developer advocates formalized a movement called “Keep Android Open.” The response wasn’t muted professional disagreement. Marc Prud’hommeaux, a board member of F-Droid and founder of App Fair, reported that 90-95% of developers surveyed expressed concerns ranging from concerned to outraged. F-Droid issued a direct public statement: Google’s claim that “side-loading is fundamental to Android, and it’s not going anywhere” is “clear, concise, and false.”
This matters because F-Droid serves millions of users with free software that corporate app stores won’t carry. Their survival under the verification system is uncertain. Some free software projects will migrate to different platforms. Others will probably die.
But what happened next tells you more than the initial outcry: Regulatory bodies started paying active attention.
Brazil’s CADE (Administrative Council for Economic Defense) announced it’s formally reviewing the verification scheme, with enforcement authority beginning September 2026. Brazil is one of the first jurisdictions where Google must comply with locally-enforced antitrust decisions. EU regulators are tracking the development closely. They’ve already fined Google €2.95 billion for self-preferencing its own ad services. A verification system that gates access to 95% of Android devices arguably represents the same antitrust violation in a harder-to-detect form.
Multiple US state attorneys general have initiated conversations about antitrust implications. The Supreme Court hasn’t yet ruled on Google’s appeal of the original Epic verdict, so the regulatory picture remains genuinely unsettled.
Why This Pattern Keeps Happening
If you look at Google’s history with regulatory pressure, something becomes visible. When enforcement catches up to market dominance, the company doesn’t change behavior. It relocates the behavior to a place the law hasn’t caught up to yet.
They did this with Chrome’s ad-blocking extensions. When regulators questioned whether Google was suppressing ad-blocking tools to protect YouTube’s advertising model, the company deployed “security” arguments to limit extension capability. The argument was credible enough to be defensible. The outcome was reduced competition.
They did this with AOSP access. When developers wanted to contribute to Android Open Source Project development, Google tightened the requirements and gated certain features behind a cloud verification layer they controlled.
And now they’re doing it with developer verification. The framing is security and user protection. The outcome is more concentrated control over who can distribute software on Android.
It’s not malicious in isolation. Each individual decision is defensible. Collectively, they describe a pattern: dominant companies don’t give up control; they sophisticate it. They build it into the infrastructure in ways that are harder to challenge legally because they’re no longer explicit policy—they’re “technical requirements.”
The Regulatory Uncertainty Variable
This is where I’m less certain of anything. Brazil moves first. The CADE review will either accept the verification system as proposed or demand modifications. That becomes a test case. If Brazil requires transparency, local verification, or reduced gatekeeping, those requirements may influence broader regulatory action.
The EU is watching intensely. They have both the motivation and the enforcement authority to challenge the system. A formal investigation could start within the next 12-18 months.
The US Supreme Court’s pending decision is the variable most likely to reshape everything. If they side with Google and overturn the Epic ruling, the verification system becomes moot because the entire open Play Store requirement disappears. If they uphold Epic, the regulatory burden on Google intensifies.
Whether any of this actually changes outcomes is the question underneath. Regulatory action could force modifications to the verification system. But Google has demonstrated remarkable ability to rebuild gatekeeping infrastructure faster than regulators can challenge it. The verification system is technically sophisticated enough that modification orders could be indefinitely litigated. And even if it’s rolled back, Google has five years to develop the next version.
What You’re Actually Choosing About
Strip away the regulatory detail and the technical architecture. What we’re discussing is who controls the device in your pocket.
For developers, it means your ability to reach billions of users on Android devices is no longer determined by merit, user demand, or competition. It’s determined by whether a company headquartered in Mountain View approves of you. That approval process is centralized, cloud-dependent, and opaque.
For users, it means the illusion of openness without the substance. Android will continue to feel open because side-loading technically exists. But the friction required to install unapproved applications has been raised substantially. The barrier to entry for competing with Google’s interests just got much higher.
For the open-source ecosystem, it’s more than a business problem. Free software thrived on Android partly because the platform was genuinely open. The verification system doesn’t prohibit free software directly. It makes the path narrow and uncertain.
The Question Underneath
Here’s what sits with me: What does open actually mean if the company controlling the verification infrastructure has ultimate say over who gets approved?
Google’s answer is: “We’re keeping you safe.” The open-source community’s answer is: “We’re keeping you free.” Those aren’t the same thing. And they’re not both achievable simultaneously when one entity controls the infrastructure that enables either.
The verification system might be legally defensible. It might even have legitimate security value. But it’s also the most sophisticated form Google has found to answer a court order—not by genuinely opening the ecosystem, but by building a new kind of closed gate and calling it protection.
The industry sees it. Regulators see it. The real test is whether they’ll move with enough speed and sophistication to prevent Google’s architecture from becoming so entrenched that meaningful intervention becomes impossible.