In a significant move aimed at enhancing security across its platform, Google has announced that beginning in 2026, only applications from verified developers will be permitted for installation on certified Android devices. This initiative is designed to tackle the persistent issues of malware and financial fraud, particularly affecting apps sourced from third-party platforms.
New Verification Measures
The new requirement will apply to all certified Android devices—those equipped with Play Protect and pre-installed Google applications. Google’s previous measures, introduced in 2023, have already shown promising results, leading to a notable reduction in instances of malware and fraudulent activities. The forthcoming regulations will extend to all applications, including those distributed via third-party app stores and through the sideloading process, where users manually download APK files.
In a statement, Google likened the verification process to an airport ID check, emphasizing that while the developer’s identity will be confirmed, the content of their app will not be scrutinized. This approach aims to thwart the proliferation of “convincing fake apps” and complicate the efforts of attackers who rapidly deploy new malware following the removal of previous threats. Recent analyses indicate that apps installed from third-party sources via sideloading harbor malware at a staggering rate—50 times more than those available on the Google Play Store.
Developer Freedom and New Tools
Despite the tightening of security protocols, Google reassures developers that they will maintain the freedom to distribute their applications directly to users through various channels, including third-party sources and alternative app stores. To facilitate this new initiative, Google will introduce a streamlined Android Developer Console tailored for those distributing apps outside the Google Play Store. Developers will be required to verify their identity and register their app’s package name and signing keys as part of the process.
For those already distributing apps through the Google Play Store, compliance with the verification requirements is likely straightforward, as they are already familiar with the current Play Console process, which necessitates the provision of a Data Universal Numbering System (DUNS) number—a unique nine-digit identifier for legal entities.
Implementation Timeline
The verification system is set to undergo testing starting in October of this year, with select Android developers gaining early access. Full availability is expected by March 2026. The initial rollout of the verification requirement will take place in September 2026, specifically targeting Brazil, Indonesia, Singapore, and Thailand—regions identified as particularly vulnerable to fraudulent applications. Following this, a global implementation is anticipated in 2027.
As Google continues to refine its approach to app security, the tech giant remains committed to fostering a safer environment for users while empowering developers with the tools necessary to navigate this evolving landscape.
