Google has announced that on September 30, 2026, it will implement Android developer verification in four initial countries: Brazil, Indonesia, Singapore, and Thailand. This move will impact how apps are installed on certified Android devices, which are defined as those shipping with Google’s services and Play Protect—accounting for over 95% of Android devices outside of China.
From this date, certified devices will block the installation of apps from developers who have not registered their identity with Google. This policy will apply regardless of whether the app is sourced from Google Play or from major device-maker app stores, including those operated by Samsung, Xiaomi, OPPO, vivo, Honor, and Transsion.
For most users, this change will be seamless. Apps from verified developers will continue to install without interruption. However, the new verification process will create barriers for apps from unverified developers, particularly affecting independent and open-source channels that thrive on the freedom to distribute without needing Google’s approval.
What flips on September 30
The verification process will be executed on the device itself. Starting in June 2026, Google will introduce a new service called the Android Developer Verifier for devices running Android 8 and newer. This service will ensure that an app is associated with a verified developer before installation can proceed.
Post-September 30, any unregistered app will not be installable through the standard method. However, it can still be sideloaded using Android Debug Bridge (ADB) or through a more complex installation route that Google has designed. This advanced flow requires users to enable developer mode, restart their device, wait 24 hours, and reauthenticate before they can sideload an unverified app. This high-friction process is set to go global in August.
Registration for developers began in March, and Google reports that it now encompasses nearly all installations from Google Play and a significant portion from other sources. To register, developers must provide their legal name, address, and contact information, and may need to upload a government-issued ID. They must also demonstrate ownership of each app by submitting an APK signed with their private key.
In addition, Google is introducing APIs for bulk registration and package-name verification, along with OAuth delegation, allowing third-party stores to assist in the registration process. These APIs, including the Android Developer ID Status API and the Android Developer Console API, are expected to be available in July. Furthermore, a separate lane for limited-distribution accounts will be accessible in early July, enabling students and hobbyists to share apps with up to 20 devices without the need for a government ID or any fees. The standard full developer account will require a one-time fee of .
Why the open-source camp is fighting it
Google’s rationale for this initiative centers on combating malware. The company asserts that sideloaded apps are significantly more likely to harbor malicious content compared to those available on Google Play. The identity verification and the imposed waiting period are intended to mitigate these risks, particularly in the four selected countries, which are reportedly plagued by app scams often perpetrated by repeat offenders.
Since the program’s announcement in August 2025, there has been considerable backlash. F-Droid, a repository for free software apps, has voiced concerns that the new requirement could jeopardize its operations, as it relies on contributions from many pseudonymous developers who may be unwilling to disclose their legal identities to Google.
The Keep Android Open campaign, supported by over 70 organizations across 23 countries, has urged Google to reconsider the ID verification for apps distributed outside of the Play Store. While Google’s adjustments, such as the advanced installation flow and the introduction of limited-distribution accounts, address some concerns regarding sideloading, they do not alleviate the broader issue of a single entity controlling the installation process for nearly all Android devices outside of China.
As the global rollout approaches in 2027, several critical questions remain unanswered: Will Google establish an appeals process for developers mistakenly flagged? What information will be retained in the identity registry, and for how long? Additionally, is there a viable path for repositories like F-Droid that cannot comply with the per-app ownership verification without fundamentally altering their operational model?
