Google’s Requirement For All Android Developers To Register And Be Verified Threatens To Close Down Open Source App Store F-Droid
from the formerly-open-ecosystem dept
It would be something of an understatement to say that Alphabet, Google’s holding company, is big and successful. Some Wall Street analysts are even predicting it could become the world’s most valuable corporation. Of course, even for business giants, enough is never enough. They always want more: more money, more power. As part of that tendency, Google seems to have decided that F-Droid, the free and open source app store for the Android platform, is a threat to the official Google Play Store that needs to be neutralized. At least that is likely to be the effect of Google’s announcement that it will require all Android developers to register and be verified before their apps can be allowed to run on certified Android devices. A post on the F-Droid blog explains what the problem is:
In addition to demanding payment of a registration fee and agreement to their (non-negotiable and ever-changing) terms and conditions, Google will also require the uploading of personally identifying documents, including government ID, by the authors of the software, as well as enumerating all the unique “application identifiers” for every app that is to be distributed by the registered developer.
According to the blog post, the impact on the F-Droid project would be severe:
the developer registration decree will end the F-Droid project and other free/open-source app distribution sources as we know them today, and the world will be deprived of the safety and security of the catalog of thousands of apps that can be trusted and verified by any and all. F-Droid’s myriad users will be left adrift, with no means to install — or even update their existing installed — applications.
Google says registration is needed to “better protect users from repeat bad actors spreading malware and scams”. Registration “creates crucial accountability, making it much harder for malicious actors to quickly distribute another harmful app after we take the first one down.” Slightly less convenient, perhaps, but not much harder. The F-Droid blog post points out that its open source app store already has a far better approach to security than Google’s proposed registration and verification:
every [F-Droid] app is free and open source, the code can be audited by anyone, the build process and logs are public, and reproducible builds ensure that what is published matches the source code exactly. This transparency and accountability provides a stronger basis for trust than closed platforms, while still giving users freedom to choose. Restricting direct app installation not only undermines that choice, it also erodes the diversity and resilience of the open-source ecosystem by consolidating control in the hands of a few corporate players.
Google is at pains to emphasize “Verified developers will have the same freedom to distribute their apps directly to users through sideloading or through any app store they prefer.” But that’s not true: their “freedom” will be soon be conditional, subject to Google’s whim and veto (as the company’s recent removal of the ICE-spotting app ‘Red Dot’ demonstrates). As a special concession, the company says:
we are also introducing a free developer account type that will allow teachers, students, and hobbyists to distribute apps to a limited number of devices without needing to provide a government ID.
... continue reading