Google says its new Android developer verification rules are intended to make phones safer. Scotland should still pay attention, because a country moving public services, homes, businesses, language tools and local innovation into apps cannot afford to let access to those apps depend too heavily on one private gatekeeper.
A technical change announced by Google may look, at first glance, like a matter for software developers. But it is actually a warning shot across Scotland’s digital future.
Google is introducing Android developer verification for apps installed on certified Android devices, including apps distributed outside Google Play. From September 2026, the company says apps in selected countries must be registered by a verified developer to be installed on certified Android devices, before a wider global rollout. Google says the measure is intended to deter malicious developers and make Android safer.
While malware, scams and abusive apps are real, the concern is that a company which is not elected, not Scottish, and not accountable to voters may gain more practical control over which lawful software can reach ordinary people’s phones in Scotland.
That is not a small matter.
The Keep Android Open campaign argues that Google’s proposal would require developers who distribute apps through alternative channels, including their own websites and third party app stores, to first pass through a mandatory Google verification process. F Droid, one of the best known repositories for free and open source Android software, has warned that mandatory developer registration could turn Android from an open platform into a more restricted one where developers must register centrally with Google to distribute software.
Google disputes the darker interpretation. It says the policy is about security, not control. It presents developer verification as an extra layer intended to protect Android users while preserving openness. Scotland should be warned by Google’s architecture. The direction of travel is clear enough. The more ordinary app installation depends on verified developers, recognised accounts, registered package names and platform approval systems, the less the phone behaves like a device owned by the citizen. It becomes more like a managed terminal inside a privately governed ecosystem.
An American Company Setting Terms for Scotland’s Digital Markets
There is a further point Scotland should not avoid. Google is an American technology company. Through Android, Google Play, Play Protect certification and developer policy, it is attempting to set the terms on which developers in other countries may enter the mobile software market, how quickly they may do so, what identity information they must provide, and under what rules their apps may reach ordinary users. That power arrangement is extraordinary.
A Scottish developer building a lawful app for a Scottish community may still find that the practical gateway to Android users is controlled not by Scottish law, a Scottish regulator, a UK court or a democratic public body, but by a private company headquartered thousands of miles away. If the developer does not accept the company’s verification system, the app may become harder for ordinary users to install on certified Android devices.
It is a sovereignty issue.
Scotland is being encouraged to digitise public services, grow its technology sector, modernise transport, support health access, preserve language and culture through digital tools, and build more connected homes and communities. Yet one of the main routes into that digital life is governed by a foreign corporation whose rules can change faster than public policy can respond.
The issue is not that Google is American. The issue is that a private American platform can shape how foreign countries, including Scotland, participate in the digital market and at what pace. But the practical effect is gatekeeping. A country that wants digital innovation cannot be relaxed about foreign private control over the entrance to its own digital economy.
Scotland should not build its digital future on a permission system operated abroad.
Why Scotland Is Exposed
Scotland is already moving deeper into digital government. The Scottish Government’s delivery plan for sustainable digital public services sets out actions to 2028 and says that by then the Government will have developed an app to let users access services on their phone or computer. The same plan says the work will be overseen through joint governance involving the Scottish Government and local authorities.
There is nothing wrong with better digital public services. Scotland should have modern, accessible, efficient systems. But a public service that depends too heavily on private app stores, platform rules, device certification and corporate identity checks is not fully sovereign. It is built on rented ground. That is the danger. Scotland may be designing more of civic life around apps at the very moment the app world becomes less open.
Scotland’s Developers and the Innovation Problem
The first group at risk is not the large corporate developer. Banks, supermarkets, transport companies and major software houses will probably comply with Google’s requirements. They have legal departments, compliance officers and the administrative patience of large beasts.
The pressure will fall differently on small Scottish developers. A student in Dundee building a language tool, a sole developer in Inverness writing a community transport app, a volunteer in the Western Isles maintaining a local notice system, a small Glasgow team creating privacy software, or an open source contributor building a tool for carers may not find the process so simple. Some will comply. Some will hesitate. Some will decide that identity submission, central registration, future policy risk and platform dependence are not worth it.
Innovation often begins as a side project, or a tool built because the official option is poor. If app distribution becomes more formal, more permission based and more exposed to corporate rules, the smallest Scottish innovations may be filtered out before they become strong enough to survive.
That should concern Scotland. The country needs more digital independence.
Language, Culture and Community Tools
Apps are not only for shopping and banking. In Scotland, they can preserve language and history, or support tourism and small businesses.
Gaelic learning tools, Scots language resources, pronunciation guides, local history trails, archive companions, heritage interpretation apps, walking routes, wildlife recording tools, ferry alerts, village notice apps and community event systems all belong to a quieter kind of digital infrastructure.
These projects often serve smaller audiences. They may be built by charities, small companies, universities, volunteers, cultural bodies or individual developers. They may never become commercially large. That does not make them unimportant. A small app preserving local speech may matter more to Scotland than another polished corporate service designed to harvest attention.
If the app environment becomes harder for small and independent developers, cultural technology may suffer early. Scotland should not allow tools for language and heritage to become collateral damage in a platform security policy written elsewhere.
Homes, Cameras, Heating and the Smart Device Trap
The issue is not confined to what appears on a phone screen. The phone now controls the home.
Security cameras, doorbells, heating systems, thermostats, smart locks, alarms, baby monitors, care devices, lighting, energy monitors, electric vehicle chargers, solar inverters and farm sensors increasingly depend on apps. If the available app ecosystem narrows, the hardware market narrows with it. Often smaller developers can offer more privacy-based apps that don’t feed your data into a corporate system.
Large manufacturers will adapt. Smaller privacy preserving systems may struggle. Older devices may lose support. Local control options may be harder to install. Consumers may be pushed toward cloud based products from larger firms whose apps remain compliant, visible and approved.
That matters in Scotland. A security camera that can only be controlled through a corporate app is not simply a camera. It is a threat to privacy and a dependency. A smart lock that requires a phone app to work is not convenience. It is a hostage situation when the power goes out.
Rural Scotland and the Islands
This is especially serious for rural Scotland.
In a city, a failed app may be an inconvenience. In rural Scotland, if people are pushed into app only systems, the failure of a phone, account, app store, cloud service or developer registration can have outsized effects. We are already seeing this play out as banks have closed across Scotland leaving no option but digital solutions. For rural Scotland, redundancy is not nostalgia. It is survival.
Privacy Minded Scots May be Trapped from Both Sides
A further group deserves attention: people who already distrust mainstream digital systems. Some Scots deliberately use open source apps, privacy browsers, offline maps, local camera viewers, encrypted tools, non corporate keyboards, direct downloads and F Droid style repositories because they do not want constant tracking, advertising profiles or unnecessary cloud accounts.
If independent developers refuse to verify with Google, some of the very tools used to reduce surveillance may become harder for ordinary users to install. The result would be perverse. People trying to avoid platform control could be pushed back toward platform approved software. Google’s Android developer verification is not the same as a government digital ID requirement for every user. It is a developer identity system. But it belongs to a wider civic drift in which more digital activity is placed behind identification, verification, account systems and permission layers.
One measure may be defensible. Many measures combined can create a world in which ordinary digital life depends on approval at every gate.
Public Services Cannot Become App Only
The public sector lesson is plain. No essential Scottish public service should be available only through a proprietary mobile app. Health access, council services, school communication, transport, housing, benefits advice, emergency information and public reporting tools must have robust web, phone, assisted and, where necessary, paper routes.
A public service cannot be considered universal if it requires a supported smartphone, a live app store account, a verified developer chain, a stable cloud service and a user who has not lost access to their phone. The dominant smartphone ecosystems are controlled by large American corporations. They should not become the only practical route between a Scottish public service and a Scottish citizen.
The app may be convenient, but Scotland must remain sovereign. The human route must not be abolished in the name of efficiency.
Google is Not Elected
The constitutional issue is simple.
Google is not an elected body. Yet its rules can shape who may build software, who may distribute it, what tools ordinary people can easily install, and which companies are able to reach the public.
The UK Competition and Markets Authority has already recognised the power of Apple and Google in mobile platforms. In October 2025, the CMA confirmed that both companies had strategic market status in mobile platforms under the UK’s digital markets regime. The regulator said its work covered mobile operating systems, native app distribution, browsers and browser engines. Google’s policy is not being introduced by a neutral public authority. It is being introduced by a company already recognised as a powerful mobile platform gatekeeper.
Scotland should not pretend this is merely a developer administration update. It is part of a larger question about who controls the digital roads.
What Scotland Should Demand
Scotland does not need to reject technology. It needs to insist that technology remains answerable to citizens.
Public bodies should require every essential service to work through a proper website as well as an app. Procurement rules should test for platform lock in. Councils, NHS bodies, schools and transport agencies should ask whether a service works without a Google account, without an Apple account, without a particular app store and without unnecessary identity linkage.
Scottish Government, universities and enterprise agencies should support small developers with guidance on platform compliance, open standards, progressive web apps and privacy preserving design. Scotland should also encourage open source civic tools, especially for language, rural resilience, heritage, local transport, public information and digital inclusion.
The CMA should be pressed to examine whether developer verification harms competition, alternative app distribution or the ability of small UK developers to reach users outside dominant app stores.
Above all, Scotland should adopt a simple principle for public life: Essential services must not depend on one private platform’s permission.
Scots should prepare. Find a bank that allows full web access, not only app access. Make sure you can log in, view accounts, transfer money, download statements and manage payments from a browser. Keep at least one physical bank card and one account that does not depend entirely on an app. Download important statements, policies, receipts and documents as PDFs and store them locally. Print recovery codes for email, banking, password managers and two factor authentication. Do not make one phone the master key to money, home, work, identity and communication. Check whether your energy supplier, broadband provider, council, school, insurer, transport service and health service can be accessed without an app. Avoid app only smart locks, heating controls, security cameras and alarms. Prefer devices with local controls, browser access, local recording or manual override. Before buying smart home equipment, ask whether it works without a cloud account and whether it can be controlled if the app disappears. Back up photos and important documents locally, not only in a phone cloud. Use apps for convenience, but keep a second route. For privacy minded users, test alternative Android systems only on a spare phone first. Do not risk banking, authenticator apps or essential services on an untested main device. For community groups, do not build essential communication only inside one app or one private platform. Keep email lists, websites, printed notices or phone trees where appropriate. For developers, document signing keys, package names, distribution routes and fallback plans. Build web versions where possible. Make data export easy.
Scotland is moving more of its services, homes, businesses and community life into apps. It must not be casual about who controls the app gates. Convenience is useful. Security is necessary. But neither should become the quiet machinery by which citizens lose practical freedom.
