Elevating Android Security
Article Summary
Suzanne Frey from Google just announced a major shift in Android's security model. Starting 2026, every app installed on certified Android devices will need a verified developer behind it.
Google is introducing mandatory developer verification for all apps on certified Android devices, starting in select countries in 2026. This follows their discovery that internet-sideloaded apps contain 50x more malware than Google Play apps. The move aims to create accountability while preserving Android's open ecosystem.
Key Takeaways
- Internet sideloaded apps have 50x more malware than Google Play apps
- Developer verification becomes mandatory in Brazil, Indonesia, Singapore, Thailand by September 2026
- New Android Developer Console launches for non-Play Store developers
- Sideloading and third party app stores remain fully supported
- Early access opens October 2025, full rollout March 2026
Android is requiring verified developer registration for all apps on certified devices to combat repeat bad actors, while maintaining the platform's open distribution model.
About This Article
Malicious actors hide behind anonymity to impersonate developers and distribute fake apps that look legitimate. Google's analysis shows this threat is much bigger on sideloaded sources than on official channels.
Google launched developer verification on Google Play in 2023. It confirms who developers actually are through an ID-check process that's separate from app content review. They're now bringing this same verification to certified Android devices through a new Android Developer Console.
Developer verification stops bad actors from quickly pushing out harmful apps after their previous ones get removed. It creates accountability that makes it harder for repeat offenders to use the ecosystem for malware and financial fraud.