Google is taking a significant step toward enhancing the security of Android apps by expanding its developer verification requirements across all platforms, not just those apps installed via the Google Play Store. This initiative will begin its implementation in September 2026 in specific countries including Brazil, Indonesia, Singapore, and Thailand, with the company aiming for a global application by 2027.
New Developer Requirements
To facilitate this process, developers will need an Android Developer Console account. This account should be connected to a Google payment profile, with a one-time fee of $25 applicable to all developers. Furthermore, developers—whether individuals or organizations—will have to submit valid government-issued identification and verified phone numbers. Organizations will also be required to provide business registration documents and possess a verified website.
Additionally, each app's package name must be registered with Google and linked to the verified developer. This involves supplying a public key certificate from the app signing pair and uploading the package signed with a private key. Interestingly, Google does not require the actual APK to be uploaded for distribution, taking a different path from typical app store requirements.
Google has also promised a less burdensome, fee-free process tailored for students and hobbyists, although details on how this will be implemented are still awaited. Current Play Store developers won't need to establish a new account, thereby streamlining the transition for existing contributors to the ecosystem.
Impact and Security Concerns
These new restrictions will largely apply to devices that are Google-approved and that utilize core Google services. However, devices with niche, 'de-Googled,' or customized Android builds might face limitations, as certain apps which verify Google Play installation or device integrity might not function as intended. Notable examples are Meta's WhatsApp and the Revolut banking app, illustrating potential areas of concern for users of less conventional Android systems.
Google positions these changes as critical to battling security risks. Suzanne Fey, Google's Vice President of Product, highlighted analysis that shows a higher prevalence of malware originating from apps sideloaded from internet sources compared to those obtained via Google Play. This underscores the need for fortified security measures.
Despite the rationale, the developer community and independent builders have expressed dissatisfaction. They argue that these new requirements complicate app distribution, bringing the open Android landscape closer to Apple's tightly controlled iOS ecosystem, which could stifle innovation and limit users' capabilities to install apps freely from various sources.
As Google prepares for this extensive rollout, it remains to be seen how these changes will be received and adapted into the wider Android ecosystem.
