Google just announced one of the biggest shake-ups to Android we’ve seen in years: For the first time ever, the company will require all app developers to verify their identity before their software can be installed on Android devices. Until now, this rule only applied to apps downloaded through the Google Play Store. But going forward, it will also apply to apps that are sideloaded.
If you’re not familiar, sideloading is when you install an app from outside the Play Store, usually by downloading an APK file from the web and installing it yourself.
This has always been one of the big differences between Android and Apple’s iOS. iPhones only allow apps from the App Store, while Android has given users the freedom to get apps from pretty much anywhere. But that freedom comes with risks, since Google doesn’t check those apps for malware or scams. With this new policy, Google won’t be reviewing sideloaded apps, but it will make sure the developers behind them are real and verified.
Why Google Is Making the Change
The change will roll out gradually, starting in Brazil, Indonesia, Singapore, and Thailand, before expanding worldwide. Google says it made the decision after finding “over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.” By confirming developer identities, the company hopes to make it harder for scammers to hide behind fake names or copycat brands.
Suzanne Frey, Google’s VP of Product, Trust and Growth for Android, explained the move in a blog post:
“As new threats emerge, we’ve continued to evolve our defences. Following recent attacks, including those targeting people’s financial data on their phones, we’ve worked to increase developer accountability to prevent abuse.
We’ve seen how malicious actors hide behind anonymity to harm users by impersonating developers and using their brand image to create convincing fake apps. The scale of this threat is significant: our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.”
Here’s the timeline Google has laid out for this rollout:
-
October 2025: Early access to the verification system begins, with invitations going out gradually.
-
March 2026: All developers can apply for verification.
-
September 2026: The new rules become strict in Brazil, Indonesia, Singapore, and Thailand. From this point on, any app installed on certified Android devices in those countries must come from a verified developer.
-
2027 and beyond: Google plans to expand the requirements worldwide.
Google compares the process to “an ID check at the airport,” where the company confirms the identity of the developer, but doesn’t go through their actual app. Importantly, the company stresses this isn’t about limiting choice:
Ms Frey added, “To be clear, developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer. We believe this is how an open system should work – by preserving choice while enhancing security for everyone.”
Whether this move will significantly cut down on Android malware is something only time will tell. But if it means fewer scams and more peace of mind, most users will probably welcome the change.
ALSO READ: Biggest Google Breach Puts 2.5 Billion Gmail Users at Risk – Here’s How to Stay Safe
