Google is set to enhance the security framework for Android devices, implementing a significant change that will take effect in 2026. From this point forward, all applications must originate from verified developers, irrespective of whether they are downloaded through the Play Store, alternative app stores, or sideloaded directly.
Suzanne Frey, the Vice President of Product, Trust & Growth for Android, articulated this initiative in a recent blog post. She reassured users that they will not need to sacrifice openness for security. Frey emphasized that Android has consistently demonstrated the feasibility of integrating robust security measures into its operating system.
The motivation behind this new requirement stems from a notable rise in attacks targeting personal and financial information. Google has identified sideloading as a particularly high-risk avenue; in fact, the company reports that over 50 times more malware infiltrates systems via apps installed from the internet compared to those downloaded from Google Play. Malicious entities frequently exploit the anonymity of app distribution, masquerading as reputable developers to disseminate counterfeit applications. By mandating developer verification, Google aims to dismantle this veil of anonymity and elevate the standards against repeated exploitation.
Beginning in 2026, all applications installed on certified Android devices will need to be registered by a verified developer. This requirement extends to apps distributed beyond the Play Store. Google likens this measure to the passport control process at airports: while the developer undergoes scrutiny, the content or source of the app itself remains unexamined. To facilitate this verification, developers will be required to submit their official name, address, email, and phone number, which may prompt independent developers to establish formal business entities to safeguard their privacy.
Play Store developers are already familiar with the verification process
For those developers who choose to distribute their applications outside the Play Store, Google will introduce a new Android Developer Console designed for identity verification. Additionally, students and hobby developers will be provided with a tailored account type to accommodate their unique needs. Developers currently distributing through the Play Store will experience no changes, as verification has been a prerequisite since 2023.
This initiative mirrors a similar requirement recently adopted by Apple in the EU App Store, aligning with the Digital Services Act (DSA). Under this regulation, app developers must now disclose their “merchant status” when submitting new applications or updates.
The implementation of this new security layer will occur in phases. Developers will gain early access starting in October 2025, with a broader rollout scheduled for March 2026. By September 2026, these regulations will extend to Brazil, Indonesia, Singapore, and Thailand, with a global introduction anticipated in 2027.
Importantly, Google reassures developers that they will retain the ability to distribute their applications through sideloading or alternative app stores, ensuring that the ecosystem remains vibrant and diverse.
Tip: Google is equipping Android developers with tools to help determine the optimal pricing for their applications.
