The campaign argues that Google's Play Integrity API, sideloading restrictions, and aggressive anti-sideloading prompts form a deliberate ratchet that only tightens. Each change appears to be a reasonable security measure individually, but collectively they erode the openness that defined Android.
Submitted the campaign link with the framing 'Your phone is about to stop being yours,' signaling agreement that device autonomy is being systematically undermined by Google's policy changes. The post garnered 213 points and 102 comments, indicating broad community resonance.
The editorial identifies Play Integrity as the 'linchpin' because it gives any app developer a kill switch for non-Play-Store installs, custom ROMs, and unlocked bootloaders. This lets Google claim it doesn't block sideloading while building infrastructure that makes sideloading functionally useless — a distinction the editorial argues is deliberately deceptive.
A coalition of developers, open-source advocates, and digital rights groups has launched [Keep Android Open](https://keepandroidopen.org/en/), a campaign pushing back against what they describe as Google's systematic erosion of Android's open ecosystem. The initiative scored 213 points on Hacker News, signaling that the developer community is paying attention.
The core grievance: Google is methodically converting Android from an open platform where you control your device into a walled garden that merely looks open. The campaign targets several specific technical changes — the Play Integrity API, restrictions on sideloading, and increasingly aggressive prompts that discourage users from installing apps outside the Play Store. Each change, taken individually, looks like a reasonable security measure. Taken together, they form a ratchet that only tightens.
The timing isn't accidental. This comes after years of incremental lockdown: Android 13 restricted sideloaded app permissions, Android 14 added more friction to APK installs, and the Play Integrity API — which replaced SafetyNet — gives any app developer the ability to check whether an app was installed via the Play Store and refuse to run if it wasn't.
The Play Integrity API is the linchpin, and it deserves a close look. When a banking app checks Play Integrity, it's asking Google: "Was this app installed from the Play Store, on a device that passes Google's attestation checks?" If the answer is no — because the user sideloaded the APK, or runs a custom ROM, or has an unlocked bootloader — the app can simply refuse to function.
This isn't Google restricting what you install. It's Google giving every app developer a kill switch for devices that exercise the freedoms Android nominally provides. The distinction matters. Google can claim it doesn't block sideloading while building infrastructure that makes sideloading functionally useless.
For the open-source community, the implications are severe. F-Droid, the premier alternative app store for free and open-source Android apps, relies entirely on sideloading. Custom ROMs like LineageOS and GrapheneOS — which often provide *better* security than stock Android — fail Play Integrity checks by default. Users who care most about device security and privacy are, paradoxically, the ones most likely to be locked out.
The developer community on Hacker News drew sharp comparisons to Apple's iOS, but with an important difference: Android's openness was never an accident — it was the explicit value proposition that convinced OEMs, carriers, and developers to adopt the platform over the last 15 years. Pulling the ladder up now, after achieving 72% global mobile market share, is a classic platform play. Grow with openness, monetize with control.
Google's stated rationale is security and anti-fraud. And there's a kernel of truth there — sideloading is a real vector for malware, particularly in markets where users download APKs from sketchy sources. But the response is wildly disproportionate. It's like solving jaywalking by removing all sidewalks. The security argument also conveniently ignores that Google takes a 15-30% commission on Play Store transactions, giving it a $30+ billion annual incentive to funnel all app distribution through its toll booth.
If you distribute Android apps outside the Play Store — enterprise MDM deployments, internal tooling, beta testing via direct APK, or open-source apps on F-Droid — you need to audit your exposure to Play Integrity checks now. Apps that call the API will increasingly refuse to run on sideloaded installs, and that list grows every quarter.
For teams shipping enterprise Android apps via MDM or direct APK distribution, the practical advice is blunt: test your entire app portfolio against Play Integrity enforcement today, before your users discover the breakage for you. Some banking, DRM, and payment apps already hard-fail. More will follow.
If you maintain an open-source Android app, consider whether your users overlap with the custom ROM / F-Droid demographic (they almost certainly do) and explicitly decide not to integrate Play Integrity. Document that decision. It matters to your contributors.
For platform engineers evaluating mobile strategy, the trend line is clear: Android's openness is depreciating. Don't build critical infrastructure assumptions on freedoms that Google is actively removing. If your deployment model depends on sideloading or alternative distribution, build your contingency plan while you still have options.
The EU's Digital Markets Act (DMA) explicitly requires gatekeepers — including Google — to allow sideloading and alternative app stores. Apple has already been forced to comply (grudgingly) in Europe. Google is in the peculiar position of technically allowing sideloading while building technical infrastructure that makes it practically worthless — a compliance strategy that regulators will eventually see through.
The Keep Android Open campaign is partly a bet that public pressure, combined with regulatory momentum in the EU, South Korea, Japan, and India, can slow Google's timeline. Whether that bet pays off depends on whether developers actually show up. Open letters are cheap. Regulatory complaints with technical specificity are not.
Android's openness was always on borrowed time. The question was never *if* Google would tighten control, but *when* and *how fast*. The Keep Android Open campaign marks the moment the developer community formally acknowledged that the ratchet has turned far enough to threaten real workflows. The next 12-18 months will determine whether Android's remaining openness survives as a functional reality or becomes a marketing fiction — an open-source project you can fork but never actually ship on the hardware people use.
Someone here on HN used the term "cloud terminal" for modern electronic devices, and I think that is a very fitting name for phones and tablets. They are definitely not computers because they do not actually give the user access to general purpose computing in the sense that the users can
Let me play out a scenario, imagine to use a Desktop Hardware like a complete built rig, you would need a specific OS like Windows 11 and you could not run Linux on it, just because it's a vendor lock-in.Why is this acceptable for phones but would not for the case above?I know a lot of people d
This is the most important part:>> DevelopersDo not sign up. Don't join the program by signing up for the Android Developer Console and agreeing to their irrevocable Terms and Conditions. Don't verify your identity. Don't play ball.Google's plan only works if developers com
To be sincere, they were never truly ours. A proof of that is they were able to come up with this, and you don't have a way to reject it.What we actually need are (open) alternatives, not to double down on Google's ecosystem and Google-controlled OS. We need to control the device we bought
Top 10 dev stories every morning at 8am UTC. AI-curated. Retro terminal HTML email.
Respectfully, I think this is the wrong fight. And I fear it may be counter-productive, because all the effort put into asking Google to make it a little less painful to install an unverified app is not put into the real fight.IMHO, it should be fine for Google or Apple to do whatever they want with