YYaaa News

F-Droid Calls Google's ADV Malware — Pre-Installed on 4 Billion Android Devices, Activation Set for September 30

TL;DR

F-Droid labels Google's Android Developer Verification a piece of malware pre-installed on about 4 billion Android devices, set to activate September 30 in four pilot countries.

F-Droid published "What We Talk About When We Talk About Malware" on July 1, 2026, formally classifying Google's Android Developer Verification (ADV) program as malware. Its case: ADV runs as a background system service named "Android Developer Verifier" with root privileges, "cannot be blocked, disabled, or removed," and sits waiting for a remote activation signal. Estimated install base: roughly 4 billion devices, about half of humanity.

The trigger date is Google's own: September 30, 2026, first activating in Brazil, Indonesia, Singapore, and Thailand, with global rollout through 2027 and beyond. Once live, every app installed on a certified Android device — Play Store, F-Droid, apk from a friend, self-built hobby code — must come from a developer who has registered a real identity with Google, submitted government ID, paid a $25 fee, and registered their signing key. Organisations must also submit a D-U-N-S number, a process that can take up to 30 business days.

F-Droid's sharpest hit lands on the definition itself. The Android Developer Console Terms say "malware means whatever we say it means" — Google retains sole interpretive authority. F-Droid extrapolates: ad blockers, privacy tools, F-Droid itself could all be classified as malware and delisted, with no second chance for the user.

Opposition is coordinated through Keep Android Open, whose open letter now carries more than 70 organisations across 19 countries, including the EFF, Free Software Foundation, and Tor Project. Google publicly claims 99% developer registration — a number reached largely by auto-opting-in existing Play Store developers, which the opposition rejects.

F-Droid has spent over a decade taking public source code, auditing it for open-source compliance, compiling it, and signing releases with its own key. That "transparency through source" model has no place in the ADV framework, so not adapting effectively delists it from 95% of Android phones sold outside China.

Bet won: Google owns the global app-distribution gate — 4 billion devices funneled through a single verification pipe. Bet lost: on September 30, 2026, every sideload becomes a reminder that the highest privilege on this phone doesn't belong to its owner.

via F-Droid official / F-Droid open letter / Cybernews / Keep Android Open
F-Droid 把 Google ADV 定義為惡意軟件|40 億台安卓已預裝,9 月 30 日觸發