Mishaal Rahman / Android Authority
TL;DR Google will soon verify the identities of developers who distribute Android apps outside the Play Store.
Developers must submit their information to a new Android Developer Console, increasing their accountability for their apps.
Rolling out in phases from September 2026, these new verification requirements are aimed at protecting users from malware by making it harder for malicious developers to remain anonymous.
Most Android users acquire apps from the Google Play Store, but a small number of users download apps from outside of it, a process known as sideloading. There are some nifty tools that aren’t available on the Play Store because their developers don’t want to deal with Google’s approval or verification requirements. This is understandable for hobbyist developers who simply want to share something cool or useful without the burden of shedding their anonymity or committing to user support. Unfortunately, malicious developers take advantage of this openness and hide behind a curtain of anonymity when distributing malware. To combat this, Google is introducing a major change that pulls back that curtain, making it harder for malicious actors to distribute harmful apps.
Don’t want to miss the best from Android Authority? Set us as a preferred source in Google Search to support us and make sure you never miss our latest exclusive reports, expert analysis, and much more.
What’s changing for apps distributed outside the Play Store? Today, Google announced it is introducing a new “developer verification requirement” for all apps installed on Android devices, regardless of source. The company wants to verify the identity of all developers who distribute apps on Android, even if those apps aren’t on the Play Store. According to Google, this adds a “crucial layer of accountability to the ecosystem” and is designed to “protect users from malware and financial fraud.” Only users with “certified” Android devices — meaning those that ship with the Play Store, Play Services, and other Google Mobile Services (GMS) apps — will block apps from unverified developers from being installed.
Google says it will only verify the identity of developers, not check the contents of their apps or their origin. However, it’s worth noting that Google Play Protect, the malware scanning service integrated into the Play Store, already scans all installed apps regardless of where they came from. Thus, the new requirement doesn’t prevent malicious apps from reaching users, but it does make it harder for their developers to remain anonymous. Google likens this new requirement to ID checks at the airport, which verify the identity of travelers but not whether they’re carrying anything dangerous.
Aamir Siddiqui / Android Authority
What information will developers need to submit to Google, and how? Developers who distribute apps outside the Play Store will need to verify their identity through the new Android Developer Console that Google is currently building. This is equivalent to the Google Play Console that Play Store developers currently use, but Google says it will provide a simpler, more streamlined verification process.
... continue reading