Google is set to implement a significant change in its approach to app distribution on Android devices, particularly for those apps that are sideloaded outside of the Google Play Store. This initiative aims to enhance user security by verifying the identities of developers who distribute applications beyond the confines of the official marketplace.
What’s changing for apps distributed outside the Play Store?
In a recent announcement, Google unveiled a new “developer verification requirement” that will apply to all Android apps, regardless of their source. This move is designed to bolster accountability within the ecosystem and protect users from potential malware and financial fraud. Only users with “certified” Android devices—those equipped with the Play Store, Play Services, and other Google Mobile Services—will be prevented from installing apps from unverified developers.
While Google will verify the identities of developers, it will not scrutinize the content of their applications. However, the existing Google Play Protect service will continue to scan all installed apps for malware, irrespective of their origin. This new layer of verification is akin to airport ID checks, ensuring that developers can be identified without necessarily vetting the safety of their apps.
What information will developers need to submit to Google, and how?
To comply with the new requirements, developers distributing apps outside the Play Store will need to authenticate their identities through a newly developed Android Developer Console. This console will streamline the verification process, making it easier for developers to register.
Developers will be required to provide their legal name, address, email, and phone number. Organizations will also need to submit their website and a D-U-N-S number. Notably, while this information is displayed on Google Play listings, Google has assured that it will not be made public for developers using the new console.
Recognizing the unique needs of hobbyist and student developers, Google plans to create a separate account type within the Android Developer Console that will impose fewer verification requirements and waive the typical registration fee. This consideration aims to alleviate concerns about privacy and personal information disclosure.
For developers already utilizing the Google Play Console, there will be no need to create a new account if they intend to distribute apps outside the Play Store; they can register their non-Play apps through their existing accounts.
When will Google’s new developer verification requirements go into effect?
The rollout of these new requirements will occur in phases, beginning with an early access program in October 2025. This program will allow developers to engage in discussions, receive priority support, and provide feedback. The full implementation will commence in March 2026, culminating in the initial requirements taking effect in September 2026 for users in Brazil, Indonesia, Singapore, and Thailand—regions particularly affected by fraudulent app scams.
While developers will still have the option to distribute their apps outside the Play Store, the new accountability measures may raise concerns among those who value privacy and anonymity. Nevertheless, Google’s findings indicate that sideloaded apps pose a significantly higher risk of malware compared to those available on the Play Store. The effectiveness of these new requirements will ultimately be assessed once they are fully operational.
This article was updated at 1:35 PM ET with more information from Google and screenshots of the Android Developer Console.
