Homestead
Welcome to my Lab / devblog
[~/homestead/]
name: homesteadhacker (John Brantly)
role: Product Engineer
exp:  Computing since 1984.
spec: Hardware, software, the stubborn stuff in between!
[~/homestead/]
authorship
100% HUMAN
All original, all me. Unless you count spell-checker.
AI ASSISTED
My ideas, my words. AI helped me refine.
AI SLOP
Never. Not here.
← back to all posts

No Thanks, Google: Why JotBunker Is F-Droid Only on Android

· AI ASSISTED · jotbunker, privacy, development, antitrust, android

I’m a solo developer. I built JotBunker because I wanted a privacy-first note tool for my own daily use. It fills a niche gap in the world of notes tools, so I decided to share it with the world for free. It’s GPL’d on GitHub. It doesn’t have a cloud. It doesn’t have accounts. It doesn’t want your data (coz, it’s yours). The whole point is that your data lives on your devices and your devices only.

So when I tell you that to ship JotBunker on Google Play, I’d have to:

  • Hand them my government-issued ID
  • Register every package name with them
  • Prove I own my own signing keys to them
  • Agree to their voluminous, non-negotiable, ever-changing Terms and Conditions
  • Recruit 12 strangers into a 14-day closed test before publishing a single thing
  • And then phone home to Google every time someone installs / updates my app on their own device

…you can probably guess what I think of all that.

Nope.

JotBunker for Android is going to be F-Droid only, plus a direct APK from my GitHub Releases page. That’s it. No Google Play. No developer verification. No identity registry. The source code is there for all to see.

Yes, this means the install path on stock Android is going to get harder starting September 2026, when Google’s “developer verification” decree starts enforcing. Yes, I know that locks me out of >95% of certified Android phones in the four launch countries (Brazil, Indonesia, Singapore, Thailand), and globally through 2027. I know what I’m walking away from.

I’m walking anyway.

What’s actually happening

In August 2025, Google announced that starting September 2026, every app installed on a “certified” Android device (which is roughly every mainstream Android phone outside China) has to come from a developer who has registered their real-world identity with Google. Not just Play Store apps. All apps. The APK on your friend’s web page. The hobbyist build for your church. The privacy tool from a solo developer who wants to share the thing they made for free. All of it.

If you don’t register, your app gets silently blocked on every certified Android device worldwide.

Google’s framing is “security.” The actual effect is a centralized identity gate on what software is allowed to exist on the phone you bought and own. F-Droid (the open-source app repository that’s been the soul of independent Android distribution for 15 years) has stated plainly that under these rules, the project as it currently operates ends. F-Droid signs apps from thousands of independent developers, many of them anonymous or pseudonymous by design. That model is structurally incompatible with Google’s “every signing key tied to a verified real human Google has ID’d” requirement.

The F-Droid team has been ringing the bell loudly, alongside the EFF, the Free Software Foundation, the Tor Project, and 50+ other organizations. The campaign is at keepandroidopen.org. I’m signing the open letter. As me. John Brantly, individual developer.

Why this hurts indie devs specifically

Big software companies will absorb the paperwork, the D-U-N-S number, the legal review. They have a compliance department. They already have a Google relationship.

The policy is precisely calibrated to grind down the individual. The hobbyist. The passion-project person. The “I built this for myself and shared it with a few friends” maintainer. That’s most of F-Droid’s catalog. That’s a huge chunk of what makes Android meaningfully different from iOS in the first place.

And the 12-tester rule for new Play Store accounts is the same energy. Recruit 12 humans into a closed test for 14+ days before you can publish anything. For a privacy app whose entire pitch is “no accounts, no central anything, no friction” — wrangling 12 strangers into a beta for the privilege of being allowed onto Google’s platform is the kind of bureaucratic farce that tells you everything about who Play is now actually built for. (Hint: not the kid in ninth grade with a Commodore 64 and an idea.)

And while we’re at it — Apple is no saint

Apple isn’t much better, I’m not letting them off the hook either. The DOJ filed a monopolization case against Apple in March 2024. Judge Neals denied Apple’s motion to dismiss in June 2025 and rejected every aspect of Apple’s argument. The case is deep in discovery now, with Apple fighting tooth and nail in foreign courts to delay it. Realistic timeline to any actual change to iOS distribution? Half a decade, minimum. Probably more.

So on iOS, JotBunker is on the App Store. I pay Apple their $99 a year. I follow their rules. I link the IPA on GitHub for the AltStore / SideStore crowd, no hand-holding. That’s the best I can do until the regulators do their job.

The cosmic joke is that Apple is being slowly forced toward openness by antitrust pressure, while Google is voluntarily walking toward Apple’s walled-garden model. By 2027, the open-vs-closed distinction between iOS and Android may functionally collapse. Both will be locked-down platforms with a corporate identity gatekeeper sitting between you and the software you want to run on the device you own. The only true escape valves will be alternative ROMs on Android (GrapheneOS, LineageOS, /e/OS, CalyxOS) and the EU/Japan markets on iOS.

For a privacy-first project explicitly built around “you own your data, no central authority” — both walled gardens are bad neighbors. I’m picking the path that’s least insulting to the project’s ethos.

What this means if you want JotBunker on Android

Let me start by saying that I use a stock iPhone. Everyone has to find their own happy place when it comes to privacy, and mine is a middle ground. I am hopeful that one day these solutions will offer the same level of service (without big brother). So only proceed if you want to ride the bleeding edge:

Your setupInstall pathFriction
GrapheneOS / LineageOS / CalyxOS / /e/OSF-Droid or direct APKNone
Stock Android (US), pre-Sept 2026F-Droid or direct APKStandard sideload
Stock Android, post-enforcementGoogle’s “advanced flow” with 24-hr waitReal friction
Obtainium users (any device)GitHub Releases auto-updateNone

GrapheneOS is the privacy-respecting Android that runs on Pixels and doesn’t phone home to Google. It’s exactly the OS that JotBunker was designed for (in spirit anyway).

For everyone else: F-Droid is the primary path as long as they can stay alive. Obtainium is excellent for power users — it pulls APKs straight from GitHub Releases and handles auto-updates without a store. Direct APK is always there.

How to fight back

If any of this matters to you, here’s where to plug in. None of these take much time and they actually move the needle:

  1. Sign the open letter at keepandroidopen.org. Individual developers and users both. This is the coalition with EFF, FSF, Tor, F-Droid, and 50+ others.
  2. File a complaint with the FTC at reportfraud.ftc.gov. Frame it as anticompetitive conduct harming small developers. As an individual, you have standing.
  3. Contact your representatives. The framing that lands across both parties: “American small businesses and independent software developers are being shut out of distribution by a corporate identity registry run by a single dominant company.” Antitrust plays in both Washington tribes right now.
  4. Don’t sign up for Google’s verification program if you’re a developer. Mass non-participation is the single most effective protest. Every developer who registers makes the policy more inevitable.
  5. Install F-Droid on every Android device you own. Distribution channels survive on usage.
  6. Try out GrapheneOS or LineageOS if you’re up for a challenge. Pixel + GrapheneOS is the cleanest path to keeping your Android phone yours.

Why I’m putting my actual name on this

The whole point of the policy fight is that real people make software, and the corporation was never built to be the unit of free expression. The maintainers of Signal, GrapheneOS, Tor, Briar, Tailscale, Proton, they started out as individuals first. Their names are on the work. Their stances are on the record. Privacy work is inherently a stance, not just a product. If I want JotBunker to mean what it says it means, my name has to be on it. The product and the politics.

So this post is signed John Brantly, the human, in Pittsboro, NC. Not GameFi LLC. Not “the JotBunker team” (there is no team, it’s me). This is a personal stand by a personal developer, and the software it ships with is the same.

If you’ve been looking for a small thing to do to push back on the slow lockdown of personal computing: install F-Droid, sign the letter, file the complaint, talk to your reps. And if you want a notes app that takes any of this seriously, JotBunker is for you.

Peace.