Reporting to the CMA: Google Android Developer Verification

Recently Google announced a further push of its developer verification, in which it states that all apps on “certified Android devices” will be required to have developer verification. This includes apps which are distributed via other means like F-Droid or manual download, so goes far beyond the scope of their own distribution platform.

To become verified, developers would need to provide their personal details which includes uploading a “government-issued identity document”. They will also need to pay a fee, requiring a Google payments profile. Business will face additional requirements which include a website address, a D-U-N-S number, and to be verified in the Google Search Console.

This is a massive leap in control, further centralising approval power to Google across the entire Android ecosystem while cementing themselves as the ultimate gatekeeper of what users can run on their own devices, all under the guise of security. This is a further step away from an open ecosystem, while being harmful to any platform competition & innovation.

Personally I’ve been going through the process of adding my apps to F-Droid, worried about being able to keep up with the increasingly tricky & burdensome Play store requirements, while allowing an avenue of access that’s not reliant on Google. Yet even then, it would remain reliant on Google for everyone on standard non-modified/rooted/official devices.

As with their Web Environment Integrity a couple of years ago, as a UK resident I feel my best bet to counter this is via the Competition & Markets Authority (CMA).

I have submitted a report to the CMA, the contents of which you can see below. If you’re in the UK, and care strongly about open platforms, I’d advise you to also report this which can be done here.

Report

Note: I wrote this up quite quick, it could be a lot better but I’m not sure how much extra detail actually helps for these kinds of reports. The main thing really is just to bring this kind of thing to the CMA’s attention.

Google are introducing required developer verification for Android applications, including those which are installed outside their own Google Play Store: https://android-developers.googleblog.com/2025/08/elevating-android-security.html

This further centralises control of the wider Android platform to Google, allowing them to act as a gate-keeper even beyond their own means of distribution. These changes also impact the ability for alternatives to innovate and survive since to engage with the existing large Android market they’d still be requirement to interact with Google, and agree to their terms/requirements. I’m also confident these requirements would also play into the integrity checks that are becoming increasingly used by applications, which would further tie a range of applications down to just Google’s approved ecosystems, and thus make it harder for alternatives to thrive.

I believe it’s in the interest of the UK public, business competition, and the UK’s own tech sovereignty that such platforms which are so engrained in society are made more open and diverse rather than being further controlled & monopolised by few US tech firms.