Google will block sideloading of unverified Android apps starting next year

Android's open nature set it apart from the iPhone as the era of touchscreen smartphones began nearly two decades ago. Little by little, Google has traded some of that openness for security, and its next security initiative could make the biggest concessions yet in the name of blocking bad apps. Google has announced plans to begin verifying the identities of all Android app developers, and not just those publishing on the Play Store. Google intends to verify developer identities no matter where they offer their content, and apps without verification won't work on most Android devices in the coming years. Google used to do very little curation of the Play Store (or Android Market, if you go back far enough), but it has long sought to improve the platform's reputation as being less secure than the Apple App Store. Years ago, you could publish actual exploits in the official store to gain root access on phones, but now there are multiple reviews and detection mechanisms to reduce the prevalence of malware and banned content. While the Play Store is still not perfect, Google claims apps sideloaded from outside its store are 50 times more likely to contain malware. This, we are led to believe, is the impetus for Google's new developer verification system. The company describes it like an "ID check at the airport." Since requiring all Google Play app developers to verify their identities in 2023, it has seen a precipitous drop in malware and fraud. Bad actors in Google Play leveraged anonymity to distribute malicious apps, so it stands to reason that verifying app developers outside of Google Play could also enhance security. However, making that happen outside of its app store will require Google to take a page from Apple's playbook and flex its muscle in a way many Android users and developers could find intrusive. Google plans to create a streamlined Android Developer Console, which devs will use if they plan to distribute apps outside of the Play Store. After verifying their identities, developers will have to register the package name and signing keys of their apps. Google won't check the content or functionality of the apps, though.