- Google will soon verify the identities of developers who distribute Android apps outside the Play Store.
- Developers must submit their information to a new Android Developer Console, increasing their accountability for their apps.
- Rolling out in phases from September 2026, these new verification requirements are aimed at protecting users from malware by making it harder for malicious developers to remain anonymous.
Most Android users acquire apps from the Google Play Store, but a small number of users download apps from outside of it, a process known as sideloading. There are some nifty tools that aren’t available on the Play Store because their developers don’t want to deal with Google’s approval or verification requirements. This is understandable for hobbyist developers who simply want to share something cool or useful without the burden of shedding their anonymity or committing to user support.
[…]
Today, Google announced it is introducing a new “developer verification requirement” for all apps installed on Android devices, regardless of source. The company wants to verify the identity of all developers who distribute apps on Android, even if those apps aren’t on the Play Store. According to Google, this adds a “crucial layer of accountability to the ecosystem” and is designed to “protect users from malware and financial fraud.” Only users with “certified” Android devices — meaning those that ship with the Play Store, Play Services, and other Google Mobile Services (GMS) apps — will block apps from unverified developers from being installed.
Google says it will only verify the identity of developers, not check the contents of their apps or their origin. However, it’s worth noting that Google Play Protect, the malware scanning service integrated into the Play Store, already scans all installed apps regardless of where they came from. Thus, the new requirement doesn’t prevent malicious apps from reaching users, but it does make it harder for their developers to remain anonymous. Google likens this new requirement to ID checks at the airport, which verify the identity of travelers but not whether they’re carrying anything dangerous.
[…]
So the new requirement doesn’t make things any safer, but gives Google a whole load of new personal data for no good reason other than that they want it. I guess it’s becoming more and more time to de-Google.
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft