Google is taking a significant step to enhance mobile app development security by introducing identity verification requirements for developers distributing Android apps outside the Play Store. This move aims to make it more challenging for malicious actors to remain anonymous and distribute malware, ultimately protecting users from financial fraud.
Sideloading has long been a popular way for Android users to download apps that aren't available on the Google Play Store. While this approach allows hobbyist developers to share their creations without adhering to Google's approval process, it also creates an opening for malicious actors to hide behind anonymity and distribute harmful apps. To combat this issue, Google is introducing new verification requirements designed to increase accountability in the ecosystem.
What's Changing for Apps Distributed Outside the Play Store?
Google has announced a new "developer verification requirement" that will apply to all Android devices, regardless of their source. This means that developers distributing apps outside the Play Store must verify their identity with Google. The company claims this added layer of accountability is crucial in protecting users from malware and financial fraud.
Only certified Android devices, which ship with the Play Store, Play Services, and other Google Mobile Services (GMS) apps, will block apps from unverified developers from being installed. Google emphasizes that it will only verify developer identities, not inspect app contents or origins. This is similar to airport ID checks, which verify travelers' identities but don't examine their luggage.
What Information Will Developers Need to Submit to Google?
Developers distributing apps outside the Play Store will need to submit their information through a new Android Developer Console currently being built by Google. This console will be simpler and more streamlined than the existing Google Play Console, which developers use to distribute apps on the Play Store.
The Android Developer Console will require developers to provide their legal name, address, email, phone number, and other identifying information (organizational details for companies). Although this information is surfaced to users on Play Store listings, Google assures that the data provided by developers through the Android Developer Console "will not be surfaced to users."
Hobbyist and Student Developers: Separate Verification Requirements
Many hobbyist and student developers already complain about these requirements on Google Play, as they force individuals to reveal their personal information unless they set up a business address. To accommodate these developers, Google is creating a separate type of Android Developer Console account that will have fewer verification requirements and won't require the $25 USD registration fee.
When Will Google's New Developer Verification Requirements Go into Effect?
The new requirement won't roll out immediately but will be implemented in phases. An early access program will open in October 2026, allowing developers to participate in discussions, receive priority support, and offer feedback. The full rollout is planned for March 2026, six months before the requirements begin.
In September 2026, the requirement will take effect for users in Brazil, Indonesia, Singapore, and Thailand. At this point, any app a user installs must come from a verified developer. Google plans to continue rolling out the requirement globally through 2027.
By making it harder for malicious developers to remain anonymous, Google's new identity verification requirements aim to boost mobile app development security and protect users from financial fraud.