Maya Robertson
Google is moving forward with its new developer verification system for Android apps while introducing measures to maintain flexibility for advanced users who prefer sideloading. The company confirmed that early access to the verification process begins this week, with full enforcement planned for 2026.
The new policy, first announced in August, requires developers to verify their identity before distributing apps—whether through the Play Store or third-party channels. Google says the move is designed to combat a rising wave of scams that exploit users through unverified apps, particularly in regions such as Southeast Asia.
According to the company, scammers often impersonate banks or service providers and pressure victims into downloading “security verification” apps outside the Play Store. These apps, which are actually malware, can intercept notifications and steal sensitive data such as two-factor authentication codes. Google argues that requiring verified developer identities will make these schemes more difficult to scale.
“Without verification, bad actors can spin up new harmful apps instantly. It becomes an endless game of whack-a-mole,” said Matthew Forsythe, Director of Product Management for Android App Safety. “Verification forces them to use a real identity, making attacks harder and more costly to execute.”
However, Google’s initial announcement drew criticism from developers who feared the policy would stifle experimentation and limit the ability to sideload apps. In response, the company outlined new accommodations for both power users and small developers.
A new “advanced flow” will allow experienced users to install unverified apps after acknowledging clear security warnings and explicitly accepting the risks. Google says the system will be designed to “resist coercion,” preventing scammers from manipulating users into bypassing safeguards.
For students and hobbyist developers, Google is creating a dedicated account type that enables limited app distribution without full verification. This approach, the company says, supports learning and small-scale experimentation while maintaining broader ecosystem security.
The developer verification system is already available in early access through the Android Developer Console for apps distributed outside the Play Store. Play Store developers will be invited to join the program later this month.
While Google emphasizes that the new framework will strengthen user protection, it also signals a shift in Android’s long-standing openness. By combining identity-based accountability with optional pathways for advanced users, Google is attempting to strike a balance between user freedom and the need to curb growing security threats across the global Android ecosystem.
Comments
Loading…