Google announced a major policy update for Android app distribution. Beginning in 2026, developers will be required to verify their identities for all apps distributed on Android devices, not just those on the Play Store.
Highlights
- Global Identity Verification: Starting in 2026, all Android app developers—inside and outside the Play Store—must verify their legal identity with Google.
- Openness Maintained: Sideloading and third-party app stores remain allowed, but anonymous publishing will end.
- Security Motivation: Apps from sideloading are 50x more likely to carry malware; Google aims to cut fraud, impersonation, and malicious activity.
- Phased Rollout: Begins with early access in October 2025, mandatory verification for new developers in March 2026, and regional enforcement from September 2026 onward.
- Required Information: Developers must submit legal name, address, email, and phone number, raising privacy concerns for independents.
- Student & Hobbyist Accounts: A lighter verification tier will be available for non-commercial developers.
- Industry Alignment: Mirrors Apple’s compliance moves under EU’s Digital Services Act, part of a larger push for accountability in app ecosystems.
- Security Layering: Complements Google Play Protect, which flagged 13M+ malicious apps outside the Play Store in 2024.
- Mixed Developer Response: Some welcome the security, others fear Android’s open nature could erode.
- By 2027: Identity checks will be mandatory worldwide.
The company says the change is intended to reduce fraud and malware across the broader ecosystem while maintaining Android’s open distribution model.
Maintaining Openness, Ending Anonymity
The update will not restrict developers from distributing apps via sideloading or third-party app stores. However, developers will no longer be able to publish anonymously. Each developer must register their legal identity with Google before distributing apps on certified Android devices.
Security Motivations
Google cites security risks as the primary driver. According to its internal data, apps installed via internet sideloading were over 50 times more likely to contain malware compared to Play Store apps, where developer verification has been mandatory since 2023.
By expanding the policy, Google aims to reduce threats such as hidden malware, impersonation of trusted developers, and large-scale fraud.
Rollout Timeline
The policy will roll out in phases –
- October 2025 – Early access program opens for developers to sign up and provide feedback.
- March 2026 – Verification becomes mandatory for all new developers globally.
- September 2026 – Enforcement begins in Brazil, Indonesia, Singapore, and Thailand.
- 2027 onward – Gradual global expansion across all certified Android devices.
Information Developers Must Provide
To verify identity, developers will need to submit:
- Legal name
- Physical address
- Email address
- Phone number
Considerations for Students and Hobbyists
Google has acknowledged these concerns by announcing a separate account type for student and hobbyist developers. The goal is to enable non-commercial creators to continue publishing apps without the same level of disclosure required from businesses.
The move parallels Apple’s compliance steps in the EU under the Digital Services Act (DSA), where app developers must disclose trader status. Taken together, these changes point to a broader industry shift toward transparency and accountability in app distribution.
Fraud Prevention and Security Layering
Google compares the new verification system to an “ID check at the airport,” highlighting its focus on reducing impersonation and fraudulent activity. The company has reported a rise in malicious apps mimicking trusted developers, undermining consumer trust.
This update builds on Google Play Protect, which already scans apps across all sources. In 2024 alone, Play Protect identified over 13 million malicious apps outside the Play Store. Verification is positioned as a complementary safeguard on top of these protections.
Feedback from developer communities has been mixed. Some see the requirement as a necessary step toward accountability, while others worry it could erode Android’s open-platform ethos and push it closer to Apple’s more restrictive model.
But anyway, by 2027, developer identity verification will be mandatory worldwide. For users, the policy promises stronger protections and reduced risk of malware.
