This article is a more detailed follow-up to a Reddit post I recently published called “My prediction for Android”, which reflects my personal views as an Android developer, based on publicly available information and my own interpretation of current trends.
As most of you probably know by now, Google has recently announced that any Android app will need to be verified by Google before it can be installed on a certified Android device, even if the installation happens outside Google Play.
I have been developing Android applications for more than a decade, and I have witnessed firsthand all the “small” changes Google has rolled out over the years. In my view, these changes are slowly but surely destroying the idea of a truly open Android as we once knew it.
Beyond this concerning requirement, we are starting to see evidence that bootloaders may no longer be unlockable in the future. On top of that, Google has stopped releasing the device trees for the Pixel 10 series devices, which makes it much harder for custom ROMs to be ported to these devices. And then there is the growing push for Play Integrity, a technology that essentially forces you to run an app on a certified device with Play Services installed. When you put all these pieces together, the picture becomes very, very concerning.
The recent controversy
By making Android safer, we're protecting the open environment that allows developers and users to confidently create and connect. Android's new developer verification is an extra layer of security that deters bad actors and makes it harder for them to spread harm.
Starting in September 2026, Android will require all apps to be registered by verified developers in order to be installed on certified Android devices.
This is how Google introduced its new policy to every Android developer, regardless of whether they publish on the Play Store or not. From that moment on, if you want to install an app on a certified Android device, it will first have to pass Google’s verification process. And let me be clear here: that’s the overwhelming majority of Android devices in existence.
The verification process itself is very similar to what already exists inside Google Play. Developers basically have to provide identity documents and personal information so that Google can confirm who you are as an individual, or verify your legal identity if you are representing a company.
Google says this measure is “for user safety”. And while I do think that on some level this can help reduce the distribution of malware on Android devices, I think there’s more to this story than what we’re being told.
First, let’s clarify what a “certified Android device” actually is: it’s any version of Android that has been authorized by Google, where Google Play Services and the Play Store are pre-installed. In other words, almost every phone and tablet you can buy. You can see the list of certified brands here.
So yes, I can see how this might reduce the spread of malicious apps, since knowing the real identity of a developer can discourage bad actors. But at the same time, this effectively ends the privacy of many legitimate developers who contribute to the Android ecosystem, people who don’t write malware and who simply don’t want to hand over this type of personal information.
It also raises serious concerns about which types of apps may get banned. Think of apps that provide functionality outside of what Google officially allows, like some emulators or similar. This could easily extend to any app that Google —or anyone powerful enough to pressure Google— decides is “unacceptable”. And that takes us into the realm of political and geopolitical pressure, censorship, and ultimately turns Android into a closed ecosystem... almost exactly like Apple’s.
Yes, it’s true that many custom ROMs such as GrapheneOS or CalyxOS would remain outside of this system, meaning that users of these ROMs could still sideload any app they want without Google’s verification. But the real issue is that many developers may choose not to (or may not be allowed to) pass through this verification process. And in doing so, they risk losing exposure to a massive user base, along with the incentive to keep building apps for Android at all.
In other words, if a developer suddenly loses 99% of their potential audience, what real incentive do they have to keep building apps? This is why I believe the measure could indirectly hurt the entire custom ROM ecosystem as well.
No more unlockable bootloaders?
This trend could already harm custom ROMs by reducing the amount of software available to run on them, making life harder for their users. But the challenges for custom ROMs do not end there.
For those who may not know, in order to install a custom ROM such as LineageOS or GrapheneOS on an Android device, the bootloader must be unlockable. If the manufacturer decides to disable this option, then that device will only ever be able to run the stock operating system and nothing else. And as I mentioned earlier, some manufacturers, like Samsung, are already moving in this direction.
There are several reasons for this. It is very likely that manufacturers are under pressure from large institutions: banks, streaming services, and content providers with strict licensing requirements, to make sure their devices cannot easily be modified. A phone that allows custom ROMs makes it more difficult to enforce DRM and protect licensed content. There are also commercial motivations: manufacturers do not want to deal with warranty claims from users who bricked their phones while flashing custom software. And of course, there are the strategic interests of controlling the ecosystem itself.
In any case, if this trend continues and more manufacturers ship devices without unlockable bootloaders, custom ROMs could eventually cease to exist.
Device trees and components removed from AOSP
As if the situation were not already bad enough, there is more. In recent years Google has been steadily removing more and more components from AOSP. AOSP stands for Android Open Source Project, which is the open-source foundation of Android and the basis for all ROMs—including the “certified” ones. What Google has been doing is moving components out of AOSP and into their own proprietary repositories, which forces custom ROM developers to find their own replacements.
More recently, with the launch of the Pixel 10 series, Google announced that it would no longer be releasing the device trees for these models. A device tree is essentially the source code that describes the hardware: Android itself, drivers, and other key components that are required to run the operating system in that device. Without it, any ROM that wants to support the Pixel 10 will need to rely on reverse engineering.
To give you an idea of how complex reverse engineering can be: if I hand you a text file with clear instructions, all you need to do is follow them. But if I give you the same file scrambled with a secret code, and I don’t give you that code, you first have to decipher it before you can even start following the instructions. As you can imagine, the task suddenly becomes much, much more difficult.
About the adoption of Play Integrity
Finally, I want to talk about Play Integrity. This is a Google Play API that Android developers can currently choose to implement. What it does is basically ensure that your app only runs on a certified Android device with Play Services properly functioning.
Many apps already use this protection. For instance, the official ChatGPT app by OpenAI has it enabled, and it simply won’t run on a device without Play Services.
Right now this technology is optional, and it is up to each developer to decide whether or not to adopt it. But I would not be surprised if, over time, more and more pressure is applied to make adoption widespread, or perhaps even mandatory for all apps distributed through Google Play. To be clear, this is not the case today, and I am speculating here. Still, if this scenario were to materialize, it would mean that custom ROMs could no longer run any app that relies on this protection.
Conclusion
As you can see, the outlook is quite grim. The only realistic way I see this being stopped is through regulatory intervention. In Europe, for example, there are already laws like the Digital Services Act and especially the Digital Markets Act, which require so-called “gatekeepers” such as Google to allow the distribution of apps through alternative stores and sideloading. If Google’s verification process were to become too restrictive, it could very well attract the attention of European regulators.
In any case, I predict a very dark future for Android. I know my perspective may sound pessimistic, and I sincerely hope the future turns out brighter than what I am imagining. But as of now, I fear that Android is on the verge of abandoning the very freedom that once defined it.
Top comments (0)