Google announced today that starting in 2026, only apps from verified developers will be installable on certified Android devices. The rule will apply not only to the Google Play Store but also to third-party app stores and sideloaded APKs, marking a major shift in Android’s open app distribution system.
The company said the change aims to combat malware and financial scams, noting that malware from sideloaded sources is more than 50 times higher than from apps on Google Play. By verifying the identity of developers, Google hopes to make it harder for malicious actors to reappear quickly after their apps are removed.
Verification will work like an “ID check at the airport,” Google explained, confirming who the developer is rather than assessing app content. Developers who already publish on Google Play likely meet the requirement through existing processes, while a new Android Developer Console will be created for those who distribute apps outside the Play Store.
The rollout will begin in September 2026 in Brazil, Indonesia, Singapore, and Thailand—countries heavily affected by fraudulent app scams—before expanding globally in 2027. Developer access to the verification system will start in October 2025, with wider access from March 2026.
Governments and institutions in affected regions have expressed support. Indonesia’s Ministry of Communications called it a “balanced approach” to safety, while Thailand’s digital ministry described it as a “proactive measure.” Brazil’s Federation of Banks said the policy would “significantly advance” user protection.
However, some developers have raised concerns that the system could harm independent creators and reduce Android’s openness. Critics argue that malicious actors may still find ways around the requirement, while legitimate developers could face unnecessary hurdles.
