Google Is Closing the Last Door on Android Freedom | March 03-22

Google just made it harder to own your Android. Here's why that matters to all of us.

On Our Radar 🎯

Google's War on Sideloading Is a Digital Rights Problem, Not Just an Android One

Google has announced a new 24-hour developer verification process for sideloading unverified apps on Android. (aka, installing any application away from Google's own Play Store.) It's being framed as a 'security' improvement, but the implications go well beyond keeping malware off your phone. The quick summary: users must enable developer options, wait 24 hours, and jump through extra hoops before installing anything outside the Play Store.

F-Droid, the open-source alternative app store that's been a cornerstone of software freedom for years is calling it an existential threat. This new policy creates friction specifically around the apps that exist outside Google's control, the ones that don't monetize your data, the ones that give you genuine ownership over what runs on your device. Meanwhile, apps distributed through the Play Store sail through without any changes.

This is a pattern we've seen before with Apple who perfected it: take something that sounds reasonable on its face: "we're protecting users from bad actors"...and use it to quietly consolidate control over the entire software ecosystem. Google spent years positioning Android as the "open" alternative to iOS. That positioning is getting harder to defend. When a 24-hour verification gate can determine whether an app can even be installed, openness is just a marketing claim. We wish Google would come forward and admit they don't want an open ecosystem, or actually keep it open. We want to remind you that this news comes in light of:

The Epic verdict fallout: A U.S. jury ruled in December 2023 that Google maintained an illegal monopoly over Android app distribution. A September 2024 court order required Google to allow sideloading and third-party app stores. Now, just a year later, Google is rolling out developer verification mandates that critics say directly undermine that ruling. Make of that what you will.
AOSP releases cut from quarterly to biannual: Starting in 2026, Google moved from quarterly to twice-yearly AOSP drops. Top OEMs like Samsung still get early private access. Everyone else, including open-source forks and smaller manufacturers has to wait.
The AOSP main branch went read-only: In March 2025, Google froze the main AOSP development branch, directing contributors to a "stable releases only" workflow. Less community contribution, more Google-controlled pipeline.
Key features quietly moving to proprietary Play Services: Push notifications, location refinements, AI features, security tools and more capabilities that used to live in AOSP have been migrated to Google Mobile Services, which is closed, certified, and unavailable to independent forks.

Here's why this matters even if you've never touched F-Droid: your ability to use privacy tools, security tools, and apps that don't answer to ad-funded platforms depends on software freedom. Privacy and security can't fully exist without the ability to choose what runs on your device. Sideloading is the last real escape valve on Android. Closing it doesn't make you safer, it makes you more dependent on Google—which as we know has a tendency to host its own malware on the Play Store too, like here, or here, or here or here.

What you can do: Explore F-Droid as an alternative app source, consider switching to a privacy-respecting Android fork, and more importantly–make some noise! Keep Android Open includes countless ways to get involved, which you should all be doing!

Bits & Bytes 🤖

~ Proton Helped the FBI Unmask a Protestor

Under Swiss legal process, Proton handed over payment metadata that helped the FBI identify an individual. No message content was involved, but account payment data was handed over.

Our take: This isn't necessarily a betrayal story, it's a threat modeling lesson. Privacy and anonymity are different things, and they require different tools. If your threat model includes government adversaries, your setup needs to reflect that from the start. If this concerns your threat model, pay with cash or cryptocurrency privately‚ both of which Proton natively supports.

~ Instagram Is Killing E2EE in DMs

Meta is quietly removing end-to-end encryption from Instagram direct messages, rolling back a feature they only recently extended to hundreds of millions of users.

Our take: Meta's privacy features have always been reversible and PR-driven. They get added when there's regulatory or PR pressure, and they disappear when that pressure fades. If your private conversations matter, use Signal or another E2EE messenger from our resources. Our broader concern is if this represents the first domino falling (in a so-far united front) from the big tech companies who have broadly supported E2EE.

~ EU Parliament Votes to End Chat Control Mass Scanning

On March 11, the EU Parliament passed a meaningful amendment to the Child Sexual Abuse Regulation, restricting private message scanning to judicially-targeted suspects only, a direct rejection of the bulk surveillance approach that's been on the table for years.

Our take: A genuine win worth celebrating! That said, the Commission and most Council members are still pushing for broader scanning powers. Fight Chat Control is still live for a reason, don't stop fighting just yet.

This Week on Techlore 📺

We hit 300,000 subscribers 🎂 Thank you everyone! None of this happens without the people who watch, share, and support the work. The best part? We were actually together in person when it happened, on a work retreat for a project many of you have been waiting on. More on that for a future blog.

On Techlore Talks, we had Artyom Zorin, co-founder of ZorinOS to discuss their Linux distribution and why people are finally ditching Microsoft services:

Surveillance Report 258, dropping very soon This SR episode covers the Coruna iOS exploit kit targeting hundreds of millions of iPhones, Instagram's E2EE removal, the EU Chat Control vote, and a packed Defense Bulletin.

Friday Livestream is back ✅ We missed you all last week! We were playing catch-up after the retreat and a bit of illness hit the team. Come hang out, ask questions, and we're excited to be back. Keep an eye out for a public stream scheduled for Friday.

Thank you all for your patience, we've had a busy couple weeks away from our normal workflows, so this week we're getting back into the swing of our normal work. I promise it's for something big 😄 Additionally, our tools are currently being revamped to better integrate with our main website.

Action Item ✅

Privacy doesn't exist in a vacuum. Security tools only reach you if you're free to install them. These aren't separate fights, they're the same fight from different angles. Understanding that connection is what turns someone who cares about privacy into someone who can actually defend it. Start with your own Android setup, explore the relationships on your other devices, and help fight for the cause on Keep Android Open.