Google’s new reCAPTCHA has a hidden Play Services requirement we all missed

Google is quietly making Google Play Services mandatory for its next-generation reCAPTCHA system on Android. If you are using a custom ROM or a phone without official Google apps, you might soon find yourself locked out of websites running this new security check.

A recent post on the degoogle subreddit put the spotlight on a seemingly standard support page. The document covers troubleshooting steps for reCAPTCHA Mobile Verification. It states that completing a challenge requires a compatible mobile device. For Android, that means having Google Play Services version 25.41.30 or higher installed.

This change is part of a much larger rollout. On April 23, Google announced Google Cloud Fraud Defense. The company pitched it as the next evolution of its popular bot protection software.

The new setup introduces an AI-resistant challenge. When the system flags suspicious activity, it drops the old image puzzles. Instead, users are asked to scan a QR code with their smartphone. According to the official blog post, this proves human presence and stops autonomous AI agents from performing account takeovers.

But here is the catch. From what I was able to gather, this GMS requirement was live long before anyone reported on the new Fraud Defense platform. I ran the support page URL through the Internet Archive and found a snapshot recorded back in October 2025.

The older version of the page asked for Play Services version 25.39.30. Google clearly laid the groundwork for this mobile verification system last year and kept it running quietly in the background.

For the vast majority of people with Android phones, this new QR code scan will probably work seamlessly. Google says the goal is to create a simpler customer experience by replacing disruptive puzzles with silent background verification.

For the privacy community, it is starting to look like a massive headache. Tying web verification to a proprietary app framework means a de-Googled phone fails the test by default. It is a hard sell for users trying to distance themselves from Google’s data collection. If this next-generation reCAPTCHA gets adopted widely, browsing the web without Play Services might not be fun.

Ultimately, it depends on how trigger-happy Google’s fraud detection gets. If the system works as intended, most people will never even see the QR prompt. But if it misfires, anyone without Play Services is going to hit a wall.

We stand out from the tech-media crowd because we break news stories; we mainly bring you stuff that you won’t find anywhere in the mainstream tech media. Our stories have been picked up by some of the world’s most popular websites and media outlets—more info is available here.