Google is taking a major step to enhance the security of Android by targeting unverified apps. Beginning in September 2026, the company will prohibit the installation of Android applications from unverified developers on certified devices. This action is deemed essential to safeguard users from malicious actors who exploit the platform’s openness to distribute harmful APK files. In an announcement on August 26, 2025, Google stated that all developers—whether they publish through the Play Store or distribute applications independently—must verify their identities before their apps can be installed on certified Android devices. This developer verification program aims to ensure greater accountability throughout the Android ecosystem.
The initiative seeks to “elevate Android’s security to keep it open and safe.” Although Google clarified that it will not inspect or moderate app content or restrict their origins, it stressed the importance of verifying developers’ identities, similar to an ID check. This process will significantly hinder malicious actors from using fake names or disposable accounts, which are commonly used to perpetrate scams, spread malware, and engage in financial fraud. The verification procedure will consist of two main steps. Initially, developers must provide detailed identity information, including their legal name, address, phone number, and email. Organizations must also submit their D-U-N-S number and official website, while individuals are required to present government-issued identification.
Subsequently, developers will need to register their apps, demonstrating ownership by submitting package names and app signing keys. Most existing Play Store developers have already met these requirements, resulting in automatic registration of their apps. However, those distributing apps outside the Play Store will need to utilize a newly created Android Developer Console to complete this registration. To address privacy concerns from hobbyist and indie developers, Google has assured that none of the personal data collected during the verification will be made public.
The timeline for implementing this verification program is phased: October 2025 marks the start of early access for selected developers; March 2026 will see global access opening for all developers; and in September 2026, enforcement will commence in Brazil, Indonesia, Singapore, and Thailand, where apps must originate from verified developers on certified devices. The policy will gradually extend to other regions worldwide starting in 2027. With this initiative, Google aims to mitigate the risks linked to sideloading APKs—particularly those sourced from dubious or unknown origins. While this may affect some independent developers and alternative app platforms, the company asserts that this new policy is a vital measure for securing the Android experience without sacrificing its openness.
