Redazione RHC : 27 August 2025 16:49
Google representatives announced that starting in 2026, only apps from verified developers will be able to be installed on certified Android devices. This measure aims to combat malware and financial fraud and will affect apps installed from third-party sources.
The requirement will apply to all “certified Android devices,” meaning devices that run Play Protect and have Google apps preinstalled.
In 2023, the Google Play Store introduced requirements similar and, according to the company, this has led to a sharp decrease in malware and fraud. The requirements will now be mandatory for any app, including those distributed through third-party app stores and through sideloading (when the user independently downloads the APK file to the device).
“Think of this like an ID check at the airport: it verifies the traveler’s identity, but it’s separate from the baggage check. We will verify the developer’s identity, but not the content of their app or its origin,” the company wrote.
By doing this, Google wants to combat “convincing fake apps” and make it harder for attackers who start distributing another malware shortly after Google removes the previous one. According to a recent analysis, third-party sources from which apps are installed via sideloading contain 50 times more malware than apps available in the Google Play Store.
At the same time, Google emphasizes that “developers will retain the same freedom to distribute their apps directly to users through third-party sources or to use any app store they prefer.” To implement the new initiative, a separate and simplified Android Developer Console will be created, especially for those who distribute their apps outside the Google Play Store. After verifying their identity, developers will need to register the package name and signing keys for their apps.
Those who distribute apps through the Google Play Store are likely already compliant with verification requirements through the current Play Console process, which requires organizations to provide a Data Universal Numbering System (DUNS) number (a nine-digit unique identification number for legal entities). The new verification system will begin testing in October this year, with the first Android developers gaining access. The mechanism will be available to everyone starting in March 2026.
The verification requirement will first go into effect in September 2026 in Brazil, Indonesia, Singapore, and Thailand. Google explains that these countries are“particularly affected by these forms of fraudulent apps.”Later, in 2027, developer verification will begin to be implemented globally.
Redazione