Overview
To strengthen the Android ecosystem against malware and scams, Google will begin verifying the identity of developers who distribute apps on Android, even outside the Play Store [theHackerNews]. The company explained that requiring developers to register and undergo identity verification will create accountability and make it harder for bad actors to repeatedly publish malicious apps under new names.
The new policy will roll out first in Brazil, Indonesia, Singapore and Thailand, where the Android team plans to send verification invitations starting October 2025 before opening the process to all developers in March 2026. From September 2026 onward, only apps from verified developers will be installable on certified Android devices in those countries.
Policy details
Google said the changes are designed to prevent impersonation and reduce the distribution of malicious apps from third‑party marketplaces. The company noted that most Play Store developers already meet verification requirements, but developers who distribute apps outside of Google Play will need to register through a new developer console. A separate console for students and hobbyists is also in the works.
These measures build upon prior initiatives. In July 2023, Google began requiring organization developers to provide a D‑U‑N‑S number during registration. The new verification layer aims to provide a consistent baseline of developer accountability and protect users from repeat offenders. It also comes amid potential reforms to Google’s app store policies following antitrust actions.
Implications for developers and users
For developers in the affected countries:
- Prepare early: Start gathering the required identification documents and register when invitations arrive.
- Sideloading restrictions: After September 2026, users will only be able to install apps from verified developers on certified devices.
- Transparency and trust: Verified developers will enjoy greater user trust and may see better adoption, while unverified developers risk being blocked.
For end users:
- Install apps from trusted sources and avoid APKs from unverified developers.
- Check app permissions and reviews even when installing from the Play Store.
- Update devices regularly to benefit from Google’s security measures.
Conclusion
Google’s decision to verify developers underscores growing concerns about the proliferation of malicious Android apps. By mandating identity verification in Brazil, Indonesia, Singapore and Thailand, the company seeks to disrupt the rapid cycle of app takedowns and re‑uploads that has plagued the platform. While the requirement adds administrative overhead for developers, it promises greater accountability and a safer app ecosystem for users.
Sources:
redsec.ninja 
Leave a comment