What will be the fate of Android after September 2026?

For more than a decade, the main difference between Android and Apple’s iOS has been its “openness,” or the ability to install any code from any source—at any time. But in September 2026, Google will introduce sweeping changes that will upend the rules of the ecosystem for its 3.9 billion users.

Google will put a new gatekeeper at the door

At the heart of the upcoming changes is the Android Developer Verification policy. While Google has always required verification only for developers on the Play Store, it is now expanding this requirement to any app that a user wants to install on a “certified” Android device (equipped with Google Play Services). The app doesn’t have to be on the Google Play Store, but it will need to have a digital signature from the developer, which will need to be verified by Google.

In September 2026, Android will begin enforcing a policy that will only allow apps from verified developers to be installed without any problems. The initial rollout will focus on four regions: Brazil, Indonesia, Singapore, and Thailand. Google chose these markets due to the high number of financial scams and malware attacks. By 2027, we can expect this policy to expand to the entire world.

For the first time, the same rules will apply to installing all apps – even those not on Google's Play Store. If a developer wants users to install their app on a standard Samsung, Pixel, Xiaomi, Honor phone without any problems, they will have to register with Google.

Is registration really such a “buzz” for developers?

The transition from an open sandbox to a vetted ecosystem brings significant discomfort for independent and hobbyist creators. Under the new rules, developers must interact with the new Android Developer Console, which is designed specifically for those distributing apps outside of the Play Store.

• One-time fee: Similar to the Play Store, developers must pay $25 to register.
• Official identification document: Both personal and business accounts require valid government documents and a verified phone number.
• Key registration: Developers must upload public key certificates and register app package names (e.g. com.example.app) with Google.
• Online presence: Google will require a website with a privacy policy and support page even for small projects.

This move creates an audit trail for every piece of software. Google’s logic is simple. By eliminating anonymity, they remove a shield used by malicious actors. But for the open source community, it means mandatory identity disclosure. A developer making a niche privacy tool or a simple emulator will no longer be able to share their work with the world anonymously.

How will we install applications after September 2026?

The term “sideloading” (downloading apps outside of the Play Store) has always been a point of pride for Android power users. Traditionally, it involves downloading an APK file from a third-party source and clicking “Install.” In September, the process will split into two distinct paths.

If the developer is registered with Google, the sideloading process will remain relatively simple. The system will recognize the signature, verify it against the global registry, and allow installation with a standard warning. Trusted third-party stores (like the Epic Games Store) that participate in Google's partner programs will have even fewer problems.

If a user tries to install an app from a developer who is not registered, such as a hobbyist developer on GitHub or a developer of a legacy app, the operating system will trigger what Google calls a "high-friction flow."

Unofficial information suggests that this will include multiple full-screen warnings using scary language about the high level of risk. In some regions, the “Install” button may even be hidden behind multiple submenus. This is unconfirmed information for now. Google’s official text still says that “starting in September 2026, all apps will be required to be signed by a verified developer.” Google also says that they will prepare a separate dashboard for students and hobbyists, but they have not yet revealed any further information.

While Google insists that sideloading is not “dying,” critics argue that making the process difficult to the point that the average user gives up is effectively tantamount to banning it.

Will there be a bypass?

For developers and power users, the Android Debug Bridge (ADB) has long been the go-to solution. Using a computer to “push” an app over a USB cable (adb install app.apk) has historically bypassed many UI limitations.

However, a September 2026 update is expected to integrate verification directly into the package manager. This means that the system will also check the online database in real time when installing via ADB. If the application is not signed or verified, the installation may fail. Users may have to manually enable a special “advanced developer mode,” which Google says will only be temporary and will require re-authorization from time to time.

Interestingly, Huawei, Google's number one enemy, could benefit the most from this situation. Not only have Huawei devices not been considered "Android certified" for several years, meaning this block should not affect their existing devices, but the Chinese manufacturer has also been developing its own operating system that is not based on Android for some time.

Why now? Is the reason really malware protection?

Google is basing its decision on data. According to Suzanne Fey, Google’s vice president of product, a recent analysis found that malware is 50 times more prevalent in apps downloaded from “non-store online sources” (compared to the Play Store).

In regions like Indonesia and Brazil, “overlay attacks,” where a fake app is placed over a banking app to steal passwords, have become an epidemic. By requiring ID for every developer, Google can effectively “kick” someone out of the entire ecosystem if they’re caught doing something malicious.

The phone has become one of the main entrances to a person's savings, but is closing the ecosystem really the right solution? Was Apple right all these years?

The open source community (FOSS) disagrees, calling the changes a takeover by the American giant. Platforms like F-Droid, which hosts thousands of open source applications, face a difficult choice. If F-Droid doesn't force its developers to register with Google, the entire store could be labeled as a "source of unverified software," which would turn off most users.

Is Google's new wall even legal?

The European Digital Markets Act (DMA) was enacted precisely to prevent gatekeepers like Google from restricting competition. Google will likely find itself on thin ice come September.

From the DMA’s perspective, the key question is whether the new verification requirements constitute “unnecessary friction.” Article 6(4) of the DMA states that gatekeepers must enable the installation and effective use of third-party apps or app stores. Google will argue that verification is “strictly necessary” for user security (which the DMA allows under certain conditions), but the European Commission will likely examine whether the fee ($25) and the mandatory submission of documents are proportionate.

If the Commission finds that Google is using these security measures to force users to use its Play Store, Google could face fines of up to 10 billion euros (or even 20 billion euros in the event of a repeat offense) of its global turnover. The legal battle between “security as a service” and “freedom of choice” will define the future of Android in Europe over the next two years.

Keep Android Open is a movement that opposes Google

More than 40 organizations (Brave, F-Droid, Nextcloud, AdGuard, microG, Epic Games, etc.) and civil society groups have signed an open letter to Google demanding the immediate abolition of mandatory registration.

If you don't agree with these changes, the movement suggests that you start using alternative stores (F-Droid, Aurora Store, etc.). The larger the user base outside of the Play Store, the harder it will be for Google to completely block these sources.

On platforms like keepandroidopen.org, signatures are being collected to be submitted to regulators in the EU and the US. In the EU, citizens can write to the European Commission about DMA violations if they believe that the new security measures prevent free software choice.

The solution, which unfortunately is not yet as accessible as we would like, is to use alternative operating systems. Systems like GrapheneOS are on the rise, but installation is not easy and is not feasible on all phones. Ironically, it is easiest to install on a Google Pixel phone. Motorola recently announced a partnership with GrapheneOS. Perhaps this is the beginning of a whole new movement of manufacturers looking to get out of the Google ecosystem.

Android as we know it is clearly on its way out. Will it just become a more secure version of iOS, or will the community's rebellion force Google to compromise?

September 2026 is D-Day for Android.