F-Droid: New developer rules could mean the end for alternative app stores

The creators of the alternative app store F-Droid say that the new developer review rules would make Google the gatekeeper for all Android apps.

Google Android bugdroid in front of lock symbol.

(Image: Primakov/Shutterstock.com)

Sep 29, 2025 at 11:27 am CEST

5 min. read

By

Andreas Floemer

On 25 August, Google announced that from autumn 2026, only applications whose publisher has previously registered with Google and signed the respective application may be installed on certified Android devices. The developers of the Play Store alternative F-Droid believe that these new requirements jeopardize independent app stores.

F-Droid as a contact point for open-source apps

F-Droid is unlikely to mean much to most Android users, but the app store is an important point of contact for Android enthusiasts in particular, which, unlike Google Play, only offers free and open-source apps. The store only allows applications that are free from trackers, adverts and hidden data collection tools.

Read also

Gmail Outage: Weeks of problems with Exchange ActiveSync

Image of a smartphone showing a tree fallen on the road on its screen

Android: Google enables live video streaming to emergency call centers

iPhone and Samsung device side by side, showing the back

EU welcomes seamless data transfer between iPhone and Android

Pixel Watches show new features on their displays

Pixel Watch: WearOS 6.1 brings new gestures and Smart Replies

Google Photos becomes the video editor for Android

According to its information, the store has been in existence for 15 years and is a popular port of call for privacy-conscious Android users. However, the number of apps is nowhere near as large as that of the Play Store: F-Droid hosts around 3,800 apps, while Google's Play Store has around 1.8 million apps on offer following a comprehensive clean-up in April.

F-Droid sees alternative app stores in danger

As the F-Droid team explains in a post on its blog, the alternative app store can no longer exist and operate as before due to Google's new regulation. This is because in the future, every Android app on certified Android smartphones—i.e., those with Google services—must be linked to a registered developer identity, which is verified with an official ID and other personal data. Developers would also have to register their app identifiers and signature keys directly with Google. This would make Google the “central authority” for checking Android apps, including those that are not offered in the Play Store.

Until now, F-Droid had certified its hand-picked apps itself: “When a developer creates an app and hosts the source code publicly somewhere, the F-Droid team checks it to ensure that it is completely open source and does not contain any undocumented anti-features such as adverts or trackers,” explains F-Droid. Once this check has been passed, “the F-Droid build service compiles and packages the app to prepare it for distribution.” The package is then either signed with F-Droid's cryptographic key or, if the build is reproducible, it can be distributed with the private key of the original developer.

In this way, users can be confident that every app distributed via F-Droid has been created from the specified source code and has not been tampered with, according to the creators. The real identity of the developer is irrelevant.

F-Droid criticizes the fact that Google's new regulation means that alternative app stores can no longer offer apps directly, as they have no control over the keys or IDs. F-Droid further explains that it cannot take over the identity of apps on behalf of open-source developers or force independent contributors to register with Google.

They conclude in their blog post: “The developer registration regulation will end the F-Droid project and other free/open-source app distribution sources as we know them today.”

Videos by heise

Google explains the new developer verification beyond the Play Store by claiming that it will increase security and prevent malware. F-Droid doubts this and points out that malicious apps have been repeatedly discovered in the Play Store, while Android has built-in protection features such as Google Play Protect that can detect and remove malicious apps from devices. Furthermore, F-Droid believes that its open-source approach is more transparent and trustworthy than commercial stores such as Google's.

F-Droid also does not believe that mandatory developer registration is for security reasons. Instead, the team assumes that it is about consolidating power and tightening control over a formerly open ecosystem.

Custom ROMs with problems too

In recent months, Google has also made other dubious decisions that cast doubt on the future approach of a continued open Android. For example, Google has made the development of custom ROMs more difficult: with the release of Android 16, the company has also released the source code of the new OS version in the Android Open-Source Project (AOSP), which allows independent developers to compile their forks of the operating system under the rather permissive Apache 2.0 license. However, the company has not included the device trees for Pixel devices that were previously released at the same time.

Google also changed its security patch strategy for Android in the summer of this year. In the future, major security patches will only be released quarterly, and the source code will no longer be published regularly. This means that custom ROM developers will no longer be able to deliver monthly security updates.