Downloading applications from official app stores is a well-known strategy to steer clear of unreliable software. However, the hurdles that developers face in getting their applications into platforms like the Google Play Store have made sideloading a popular alternative.
Sideloaded apps—those obtained from unofficial sources—can indeed be safe, but navigating this territory can resemble a minefield. In response to this challenge, Google has unveiled plans to restrict the sideloading of applications from developers that it cannot verify.
New Security Measures
This initiative represents the latest chapter in the ongoing interaction between app developers and Google. The tech giant is framing this as “a new layer of security for certified Android devices.” Acknowledging that sideloading is unlikely to fade away, Google is now looking for ways to allow the practice to continue while enhancing safety.
In its announcement, which will be rolled out gradually and initially target a select number of countries, Google stated:
Starting next year, Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices. This creates crucial accountability, making it much harder for malicious actors to quickly distribute another harmful app after we take the first one down. Think of it like an ID check at the airport, which confirms a traveler’s identity but is separate from the security screening of their bags; we will be confirming who the developer is, not reviewing the content of their app or where it came from. This change will start in a few select countries specifically impacted by these forms of fraudulent app scams, often from repeat perpetrators.
As Google works on the specifics of the verification process, the efficacy of this initiative remains to be seen. The company has provided additional insights into the upcoming changes:
To make this process as streamlined as possible, we are building a new Android Developer Console just for developers who only distribute outside of Google Play, so they can easily complete their verification; get an early look at how it works. A note for student and hobbyist developers: we know your needs are different from commercial developers, so we’re creating a separate type of Android Developer Console account for you.
For those who already distribute apps on Google Play, it’s likely that they have met these verification requirements through the existing Play Console process. More information about how these requirements apply can be found in Google’s guides.
Importantly, developers will retain the freedom to distribute their apps directly to users through sideloading or utilize any app store they choose. Google believes that this approach aligns with the principles of an open system—balancing choice with enhanced security for all users. The company emphasizes that with thoughtful design and security measures, openness and safety can coexist harmoniously. For further details on the specific requirements, developers are encouraged to visit Google’s website, where more information will be shared in the coming months.
Google has outlined a tentative timeline for this initiative, with early access to the new system expected to begin in October of this year. By March 2026, the verification system is projected to be available to all developers. Notably, by September, any app installed on a certified Android device in Brazil, Indonesia, Singapore, and Thailand must be registered by a verified developer. The goal is to implement the verification system globally by 2027.
As these changes unfold, the industry is left to ponder: does this system strike a sensible balance? Are developers feeling optimistic or apprehensive about the need for verification? The conversation is open for thoughts and insights.
