Mishaal Rahman / Android Authority
Last week, Google dropped a bombshell: The company plans to verify the identity of all developers who distribute apps for Android, even those outside the Play Store. Starting next year, if a developer chooses not to verify their identity, Android will prevent their apps from being installed on certified devices (ie. devices with Google Mobile Services). This news sent shockwaves through the enthusiast community, with many criticizing Google for transforming Android into an iOS-like walled garden.
Google claims its goal is to prevent bad actors from distributing malicious software under a cloak of anonymity. However, many believe the company has an ulterior motive, such as killing emulation on Android or hindering Android-based e-readers. In response, Sameer Samat, President of the Android Ecosystem at Google, said, “Sideloading is fundamental to Android, and it’s not going anywhere.” He added that the company’s new requirements aren’t designed to limit choice but rather to “make sure that if you download an app from a developer, regardless of where you get it, it’s actually from them.”
However, Samat’s statement did little to assuage people’s fears, as it didn’t explain a key part of the equation: the how. We know what Google wants to do (block Android apps from unverified developers), when it wants to do it (starting September 2026 and rolling out through 2027), and why (to reduce malware), but not how it’s going to enforce this policy on devices.
Aamir Siddiqui / Android Authority
The most obvious method would be through Google Play Protect, the on-device security service available on all certified Android devices. As the system’s Package Verifier, Play Protect already has all the privileges needed to enforce Google’s new developer verification requirements, so it would make a lot of sense for it to take on these new responsibilities, especially since it already comes bundled with Google Mobile Services. But we’ve recently learned that Google is going another route — one that raises more questions than it answers. On the bright side, we’ve also learned that Google may leave some existing mechanisms to sideload apps intact, provided you’re comfortable using developer tools. You’re reading the Authority Insights Newsletter, a weekly newsletter that reveals some new facet of Android that hasn’t been reported on anywhere else. If you’re looking for the latest scoops, the hottest leaks, and breaking news on Google’s Android operating system and other mobile tech topics, then we’ve got you covered.
Subscribe here to get this post delivered to your email inbox every Saturday.
Coming soon: Android Developer Verifier Rather than enforce its new developer verification requirements through Play Protect, Google is apparently creating an entirely new system service called Android Developer Verifier. This new app will be responsible for validating whether an application package is associated with a verified Android developer, i.e., a developer who has registered with Google through the new Android Developer Console.
Google A screenshot of the Android Developer Console
The Android Developer Verifier app can’t be found on current devices, unlike Play Protect (which is part of the Play Store). Instead, it will be distributed in the future, with Google mandating that its OEM partners preload the app on new devices launching with Android 16 QPR2 or later.
... continue reading