New policy aims to curb malware and fraud from sideloaded apps, while still preserving Android’s open ecosystem
Expanding Developer Verification Beyond the Play Store
Google announced on Monday a major policy shift: starting in 2026, Android developers distributing apps outside of the Play Store will be required to verify their identity — a rule previously reserved for Play Store submissions.
- The update impacts all certified Android devices, not just those using Google Play.
- Sideloading and third-party app stores will still be permitted, but developers must now submit legal identification to distribute apps.
- Google will request a legal name, address, phone number, and email for verification.
Why Google Is Making This Change
The move is part of Google’s effort to fight the rising tide of Android malware, much of which comes through unverified sideloaded sources.
- Google cited internal research showing that malware is over 50x more likely to come from sideloaded or web-distributed apps compared to those on Google Play.
- Malicious actors have often exploited the anonymity of sideloading to distribute spyware, commit fraud, or harvest personal data.
- By requiring identity checks, Google aims to increase accountability, deter abuse, and raise the cost of malicious distribution.
“This change doesn’t mean Android is closing off,” the company emphasized. “It means users will have more transparency and trust — wherever their apps come from.”
Key Rollout Dates and Regional Prioritization
The verification policy will be introduced gradually to allow developers and platforms to adapt:
- October 2025: Early access program opens for developer testing and feedback.
- March 2026: Identity verification becomes mandatory for all developers globally.
- September 2026: The policy will be enforced for sideloaded apps in Brazil, Indonesia, Singapore, and Thailand.
- 2027 onward: Global rollout begins for all certified Android devices.
Implications for Indie and Hobbyist Developers
While commercial developers must disclose verified information, Google is planning safeguards for students and hobbyists:
- A separate Developer Console account type will allow smaller or non-commercial developers to participate without exposing personal contact details publicly.
- However, even hobbyist developers will still need to verify their identity privately with Google.
This could push independent developers to form LLCs or register as businesses to protect personal privacy, mirroring changes Apple made earlier this year in the EU to comply with the Digital Services Act (DSA).
Striking a Balance Between Openness and Security
Despite tightening requirements, Google insists that Android will remain an open platform:
- Third-party app stores and sideloading are not going away.
- The verification system is intended to filter out bad actors without penalizing legitimate developers.
- Users will gain greater visibility into who built their apps, even outside the Play Store.
