If you haven’t seen this yet, Google is planning to require mandatory developer identity verification for all Android apps, including apps distributed outside the Play Store, taking effect September 2026. This affects every independent and open source Android developer directly.
This is not just about the Play Store. After September 2026, on any certified Android device, applications from unverified developers will be blocked by default. The only proposed bypass, the “advanced flow”, exists only as a blog post and has not appeared in any beta, dev preview, or canary release. No one outside Google has seen it.
The community has been fighting back at keepandroidopen.org:
- Read the full breakdown of what this means
- Sign the open letter (organisations only)
- Contact your national regulators — contacts listed by country on the site
- Add the countdown banner to your project
September 2026 is closer than it looks. The time to push back is now.
While play services are mandatory for play cartification, the opposite is not automatic. In fact, bootloader and device fingerprint play an important role and when you replace the stock OS usually play integrity fails by design.
Do you know first hand that you can achieve play integrity with Graphene and no strange tricks like spoof signature or root?
Passing Google play integrity would not be possible without making the phone insecure ironically. Best choice you can do is to use websites instead of apps that require it or stop giving them business and go to someone who don’t.
Graphene OS has done some great strides though on reducing access play services has on the phone when needed such as using android auto.
Linux phones aren’t going to be able to banking apps either. They also are no way close to Android, especially Graphene in security for mobile OS.