- Google briefly required non-custodial wallets to obtain licenses meant for custodial services, sparking backlash.
- The policy could have effectively banned many wallets in the U.S. and EU despite no legal requirement.
- Google later clarified non-custodial wallets aren’t in scope, but the incident shows the risk of corporate-driven regulation.
Google’s recent Play Store policy update sparked alarm among cryptocurrency developers and privacy advocates by imposing licensing requirements on wallet apps, seemingly without distinguishing between custodial and non-custodial models. Initially, the rules mandated that all wallet developers secure registrations such as FinCEN’s Money Service Business (MSB) license in the U.S. or a MiCA license in the European Union. For non-custodial wallets—software that gives users sole control of their private keys—these requirements are not just burdensome; they’re structurally incompatible. Although Google later clarified that non-custodial wallets were “not meant to be in scope” and promised a policy revision, the incident revealed deeper tensions between corporate compliance policies and decentralized technology.
The U.S. Impact: Pushing Beyond Legal Requirements
Under the original policy wording, U.S. wallet developers would need to register as an MSB and as a state-level money transmitter, or operate as a chartered bank. This effectively imposed Anti-Money Laundering (AML) and Know Your Customer (KYC) obligations on all wallet apps. The problem is that FinCEN’s 2019 guidance explicitly exempts unhosted (non-custodial) wallets from these classifications, recognizing that they never hold or transmit customer funds. By extending bank-like compliance costs to projects that don’t legally need them, the policy risked forcing small developers off the Play Store and limiting consumer access to privacy-preserving tools.
The EU Angle: A De Facto Ban Under MiCA
In the European Union, Google’s policy aligned with MiCA’s licensing framework for Crypto Asset Service Providers (CASPs). However, CASPs are defined as entities that issue, exchange, or hold custody of digital assets—criteria that non-custodial wallets do not meet. Because national regulators would not issue MiCA licenses to software that never takes custody of user funds, the requirement would have amounted to a de facto ban. The only way a non-custodial wallet could remain on the Play Store in the EU would be if it were distributed by a licensed CASP, consolidating market control in the hands of regulated intermediaries.
FATF Influence and “Regulation by Commercial Enforcement”
The policy bore striking similarities to the Financial Action Task Force’s (FATF) 2021 guidance, which encouraged treating some non-custodial software developers as Virtual Asset Service Providers if they had any measure of involvement—such as operating a user interface. While FATF’s recommendations are not legally binding, they carry significant weight because member states risk sanctions for non-compliance. By adopting FATF’s broad interpretation into its app store rules, Google was effectively enforcing regulatory norms through market dominance rather than law, ushering in what critics call “regulation by commercial enforcement.”
Why This Matters for Open-Source and Privacy
Non-custodial wallets are central to the cryptocurrency ethos of financial sovereignty. They allow users to transact without relying on trusted third parties and without surrendering sensitive personal data. Imposing licensing regimes designed for custodial financial institutions not only risks eliminating smaller wallet projects but also threatens to reduce consumer choice to a narrow set of heavily monitored, KYC-enforced applications. This could further entrench centralized players at the expense of innovation and privacy.
Conclusion
Google’s clarification that non-custodial wallets will be exempt from its Play Store licensing requirements is a welcome development, but the episode highlights a growing vulnerability: essential crypto tools can be restricted not just by governments, but by corporate policy decisions. As FATF-inspired compliance frameworks seep into the private sector, developers and users alike may find themselves fighting the same battles for privacy and autonomy on new fronts. The balance between user protection, legal compliance, and open access to non-custodial technology remains precarious—and worth watching closely.
