![\"A](\"https:\/\/www.europesays.com\/uk\/wp-content\/uploads\/2025\/08\/Android_15_restricted_settings_hero_image.jpg\"\/ "\\"A")
<\/p>\n<\/p>\n
Mishaal Rahman \/ Android Authority<\/p>\n
TL;DR<\/p>\n
Most Android users acquire apps from the Google Play Store<\/a>, but a small number of users download apps from outside of it, a process known as sideloading<\/a>. There are some nifty tools that aren\u2019t available on the Play Store because their developers don\u2019t want to deal with Google\u2019s approval or verification requirements. This is understandable for hobbyist developers who simply want to share something cool or useful without the burden of shedding their anonymity or committing to user support. Unfortunately, malicious developers take advantage of this openness and hide behind a curtain of anonymity when distributing malware. To combat this, Google is introducing a major change that pulls back that curtain, making it harder for malicious actors to distribute harmful apps.<\/p>\n Don\u2019t want to miss the best from Android Authority?<\/strong><\/p>\n What\u2019s changing for apps distributed outside the Play Store?<\/p>\n Today, Google announced it is introducing a new \u201cdeveloper verification requirement<\/a>\u201d for all apps installed on Android devices, regardless of source. The company wants to verify the identity of all developers who distribute apps on Android, even if those apps aren\u2019t on the Play Store. According to Google, this adds a \u201ccrucial layer of accountability to the ecosystem\u201d and is designed to \u201cprotect users from malware and financial fraud.\u201d Only users with \u201ccertified\u201d Android devices \u2014 meaning those that ship with the Play Store, Play Services, and other Google Mobile Services (GMS)<\/a> apps \u2014 will block apps from unverified developers from being installed.<\/p>\n Google says it will only verify the identity of developers, not check the contents of their apps or their origin. However, it\u2019s worth noting that Google Play Protect<\/a>, the malware scanning service integrated into the Play Store, already scans all installed apps regardless of where they came from. Thus, the new requirement doesn\u2019t prevent malicious apps from reaching users, but it does make it harder for their developers to remain anonymous. Google likens this new requirement to ID checks at the airport, which verify the identity of travelers but not whether they\u2019re carrying anything dangerous.<\/p>\n Aamir Siddiqui \/ Android Authority<\/p>\n What information will developers need to submit to Google, and how?<\/p>\n Developers who distribute apps outside the Play Store will need to verify their identity through the new Android Developer Console that Google is currently building. This is equivalent to the Google Play Console that Play Store developers currently use, but Google says it will provide a simpler, more streamlined verification process.<\/p>\n A screenshot of the Android Developer Console<\/p>\n Like the Google Play Console, the Android Developer Console will ask developers to provide their legal name, address, email, and phone number. (Organizations will additionally need to provide their website and a D-U-N-S number.) On Google Play, this information is shown to users on Play Store listings, but Google told Android Authority that the information developers provide to Google through the Android Developer Console \u201cwill not be surfaced to users.\u201d<\/p>\n Mishaal Rahman \/ Android Authority<\/p>\n A Google Play Store listing showing the developer’s information.<\/p>\n Many hobbyist and student developers already complain about this requirement on Google Play, as it essentially forces them to reveal their personal information unless they set up a business address, so it\u2019s good to see that Android won\u2019t dox them. Google says it understands the needs of hobbyist and student developers are \u201cdifferent from commercial developers\u201d and is therefore creating a \u201cseparate type of Android Developer Console account\u201d for them. This separate account type will have \u201cfewer verification requirements\u201d and won\u2019t require the $25 USD registration fee that is otherwise required.<\/p>\n Speaking of which, developers only need to create a separate Android Developer Console account if they don\u2019t plan on distributing any of their apps on Google Play. Developers with existing Google Play Console accounts can use them to register their non-Play apps and signing keys.<\/p>\n When will Google\u2019s new developer verification requirements go into effect?<\/p>\n This new requirement won\u2019t go into effect immediately but will be implemented in phases. An early access program<\/a> will open in October 2025, allowing developers to participate in discussions, receive priority support, and offer feedback. The program will then open to all developers in March 2026, a full six months before the requirements begin.<\/p>\n The requirements will first go into effect in September 2026 for users in Brazil, Indonesia, Singapore, and Thailand. At that point, any app a user in those countries installs must come from a verified developer. Google is targeting these regions for the initial rollout as they\u2019re \u201cspecifically impacted\u201d by fraudulent app scams often committed by \u201crepeat perpetrators.\u201d A global rollout is planned to continue through 2027.<\/p>\n Once the requirement is active, developers can still distribute their apps outside the Google Play Store, but they\u2019ll be held more accountable. This will certainly upset some privacy-conscious developers who don\u2019t want to submit their personal information to Google, and it will also alarm some users who worry that Google is locking down Android too much<\/a>. Still, with Google\u2019s own analysis finding 50 times more malware from internet-sideloaded sources than from the Play Store, it\u2019s hard to argue this change won\u2019t do some good. However, the true effectiveness of the new requirements won\u2019t be known until they are fully implemented.<\/p>\n Google\u2019s new requirement is similar to Apple\u2019s Developer ID and Gatekeeper model on macOS, which has successfully stopped less sophisticated attacks. Even a small reduction in malware on Android would be a positive outcome, but whether it\u2019s worth the loss of developer anonymity is up for debate.<\/p>\n This article was updated at 1:35 PM ET with more information from Google and screenshots of the Android Developer Console.<\/p>\n![\"Google](\"https:\/\/www.europesays.com\/uk\/wp-content\/uploads\/2025\/07\/Google-Play-Protect-Apps-scanned-scaled.jpg\"\/ "\\"Google")
<\/p>\n![\"Android](\"https:\/\/www.europesays.com\/uk\/wp-content\/uploads\/2025\/08\/Android-Developer-Console.jpg\"\/ "\\"Android")
<\/p>\n![\"Google](\"https:\/\/www.europesays.com\/uk\/wp-content\/uploads\/2025\/08\/Google-Play-Store-listing-showing-developer-information.jpg\"\/ "\\"Google")
<\/p>\n![\"Android](\"https:\/\/www.europesays.com\/uk\/wp-content\/uploads\/2025\/08\/Android-Developer-Console-account-type.jpg\"\/ "\\"Android")
![\"Android](\"https:\/\/www.europesays.com\/uk\/wp-content\/uploads\/2025\/08\/Android-Developer-Console-payments-profile.jpg\"\/ "\\"Android")
<\/p>\n![\"Android](\"https:\/\/www.europesays.com\/uk\/wp-content\/uploads\/2025\/08\/Android-Developer-Console-rollout-timeline-scaled.jpg\"\/ "\\"Android")
<\/p>\n