The Digital Markets Act (DMA) is “the EU’s law to make the markets in the digital sector fairer and more contestable”.
F-Droid strongly aligns with many of the ideals of the DMA regarding ensuring user choice and privacy. For example:
- The DMA has provisions for ensuring third-party software applications or software application stores can be used: F-Droid has long been the premier way for privacy or free software focused users to install applications outside of the Google Play Store
- The DMA places limitations on how gatekeepers process personal data: F-Droid doesn’t even have accounts. We don’t track users at all. There is no personal data for us to process.
Recently, Google introduced a new developer verification policy which is at odds with the DMA. It demands that apps can only be installed on its operating system if the app developers have verified themselves with Google, even if the app is not installed via the Play Store. This may sound like it only impacts app developers, but it very much impacts end users choice and freedom, in a detrimental way that is not in the spirit of the DMA.
Google may argue that the policy they have put in place is strictly necessary and proportionate, to ensure that third-party software applications or software application stores do not endanger the integrity of the hardware or operating system provided by Google (Article 6.4).
This is demonstrably false.
Trust is not earned by verifying a developers legal identity. There is no way to verify whether an app published to the Play Store is harmful or not, regardless of whether their identity has been verified with Google.
Trust is earned by transparency. F-Droid users are able to verify with certainty the source code which was used to build an app they are about to install.
The way in which F-Droid builds free software from source and then distributes it to end users without needing to involve Google, is akin to how most Linux distributions have been distributing software for decades. These distributions mechanisms have stood the test of time, are regarded as extremely secure and trustworthy, and are used by most of the modern computing infrastructure across the globe.
Nobody has suggested that Linux distributions need to be made safer for end users by having a central authority verify each app developer. It should be no different for mobile operating systems.