Why Brave is opposing Google’s Android developer registry

Google has announced that starting September 2026, every Android app developer must register with Google and upload government-issued identification, even if they don’t use the Google Play Store. Brave has joined the EFF, the Tor Project, and more than 40 other organizations in calling upon Google to Keep Android Open and withdraw this requirement, which undermines a historically user-first ecosystem, presents massive privacy risks, and further entrenches Google’s surveillance economy.

Google is overriding user choice

When users install software outside Google’s Play Store, they are choosing to control what runs on their devices without Google’s gatekeeping. That choice is fundamental to what makes Android an open platform.

Last year, we launched an official Brave repository on F-Droid (a free and open source Android app store) so users could get Brave without going through Big Tech app stores and the accompanying tracking and restrictions. Many of our users specifically want software that is not mediated by Google.

Google’s new policy would override that choice. Even when a user deliberately seeks out an app from an independent source, Google would require the developer to have registered with Google first: paying a fee and submitting their legal name, physical address, phone number, and government ID for mandatory developer verification.

A developer registry is a privacy risk

Google’s developer verification policy creates a centralized database, controlled by a single corporation, containing the real-world identity of every person who writes software for Android. 

The privacy risks are immense: developers (often volunteers) who build privacy-first browsers, encrypted messaging apps, VPNs, Tor-based software or tools for journalists and activists in hostile environments would be required to upload government ID and other highly personal data to Google. These developers are unlikely to trust Google and might stop developing for Android, leaving vulnerable users much worse off.

This is part of a pattern

Google has repeatedly proposed mechanisms that expand its control over the platforms it operates, and we have opposed them each time. To name just a few:

1. Deprecation of Manifest V2 reduces what extensions can do, weakening the tracker blockers and other privacy tools that users rely on.

2. Google’s AMP Project inserts Google between users and the websites they want to visit, and requires pages to be built in ways that benefit Google’s advertising systems. Under pressure, Google eventually walked back this project.

3. Privacy Sandbox uses Google’s browser monopoly to force participation in advertising infrastructure and cement Google’s control over the Web. Under pressure, Google walked back this project as well.

Each of these mechanisms share the same structure: Google leverages its platform position to try to insert itself into activities where users and developers did not ask for Google’s involvement, framing the change as beneficial.

Keep Android open

The open letter we signed urges Google to do three core things: rescind the mandatory registration requirement for developers distributing outside Google Play; engage transparently with developers and civil society on security improvements that respect the platform’s openness; and commit to platform neutrality.

We believe privacy should be easy, both for users and for the developers who build tools to protect them. A policy that forces every Android developer to hand their identity to Google, regardless of whether they use Google’s services, makes Android a less-open and less-private platform.