If you haven’t seen this yet, Google is planning to require mandatory developer identity verification for all Android apps, including apps distributed outside the Play Store, taking effect September 2026. This affects every independent and open source Android developer directly.
This is not just about the Play Store. After September 2026, on any certified Android device, applications from unverified developers will be blocked by default. The only proposed bypass, the “advanced flow”, exists only as a blog post and has not appeared in any beta, dev preview, or canary release. No one outside Google has seen it.
The community has been fighting back at keepandroidopen.org:
- Read the full breakdown of what this means
- Sign the open letter (organisations only)
- Contact your national regulators — contacts listed by country on the site
- Add the countdown banner to your project
September 2026 is closer than it looks. The time to push back is now.
IIRC, Google stated that it won’t affect MDM.
Is there some sort of in between of GMS and Non-GMS that this could possibly apply to?
It would really be about MDM.
With most MDM solutions there’s an owner app that actually owns the device and can install apps directly.
How familiar with this are you? I’m pretty sure most MDMs have to play nice with the rules set by GMS. There are MDMs made by the OEMs of some HW brands, and they have the system signature in their MDM agent for sideloading, but even then if they’re GMS compatible and not AOSP there are limitations to what they can control from GMS’s influence.
I’m familiar with Googles policy stating that apps deployed to Enterprise / Managed devices won’t require developer verification.
Non OEM Device Management apps are registered with Google Enterprise, so they are known apps with known signatures. They aren’t really classified as sidesoading, they are considered to be their own app store.