Google’s New Scheme to Force Android Developers to Verify Their Identity
Mika Baumeister / Unsplash
Toggle Dark Mode
The Android device platform has long been more open than Apple’s iOS and iPadOS platforms, with Google making it easier for users to install apps from outside of their official app store. However, over the last decade or so, Google has tightened up some of its rules, trading flexibility for security and privacy protections. Now, Google is locking things down even further on the Android platform, as it plans to begin verifying developers’ identities, even for apps offered outside the Google Play Store.
This week, Google announced that it will soon begin verifying the identities of all Android developers — not just those offering apps in the Play Store. Apps that are not verified will soon be blocked on most Android devices. Google says the move will provide the best of both worlds, with users no longer having to choose between freedom and security.
You shouldn’t have to choose between open and secure. By engineering security into the core part of the OS, Android has proven that you can have both, and we continue taking new steps in that direction.
Google’s Play Store (originally named “Android Market”) initially offered little in the way of curation, but over the years it has evolved to become more secure, although it had a ways to go in that department when compared to Apple’s App Store.
In the early years, the Play Store was home to numerous less-than-secure and unsafe apps, including those that could gain root access on devices or monitor keystrokes and internet activities in other apps or on the web. Since then, Google has implemented multiple detection and review mechanisms that can catch malware and malicious content before the apps reach users’ devices.
As I mentioned earlier, the Google Play Store still has some work to do compared to the Apple App Store, but Google is making progress. The search giant says apps sideloaded onto devices from outside of the Play Store are 50 times more likely to contain malware.
Now comes Google’s new developer verification system, which it describes as being like an “ID check at the airport.” Google Play began requiring app developers to verify their identities in 2023, and reports seeing a large drop in malware and fraud since then.
Google appears to be taking a page from Apple’s playbook, which many Android developers and users could find to be a bit of a pain in the butt. Google will offer an Android Developer Console that developers will be required to use if they plan to offer their wares outside of the Google Play Store. Once the developers have had their identities confirmed, they will also be required to register the package name and signing keys of their apps. However, unlike the more controversial notarization program that Apple launched in the EU, Google doesn’t plan to check the content or functionality of the apps.
Starting next year, Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices. This creates crucial accountability, making it much harder for malicious actors to quickly distribute another harmful app after we take the first one down. Think of it like an ID check at the airport, which confirms a traveler’s identity but is separate from the security screening of their bags; we will be confirming who the developer is, not reviewing the content of their app or where it came from. This change will start in a few select countries specifically impacted by these forms of fraudulent app scams, often from repeat perpetrators.
Only apps that have had their identities verified will be allowed to be installed on certified Android devices, which essentially includes every Android-based device. Any Android device with Google services installed is considered “certified,” excluding only a few specific devices, notably Amazon’s Fire tablets. The few Android smartphones running non-Google builds of the mobile operating system are mostly based in China, with Huawei and Honor being the best known of the bunch, but that’s a whole other can of worms.
Google plans to begin testing its new system via early access in October 2025, and all developers will have access to the new console come March 2026. Google plans to launch this feature in Brazil, Indonesia, Singapore, and Thailand in September 2026. It expects to expand the verification requirements globally by 2027.
Google’s ongoing antitrust case with Epic Games is likely to force the Company to change its app distribution process, allowing third-party app stores to rehost Play Store content on their own storefronts. The new verification system could let Google open the door to this while allowing it to keep developers under its thumb.
