Google has announced plans to begin verifying the identity of all developers who distribute apps on Android, even for those who distribute their software outside the Play Store.
“Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices,” the company said. “This creates crucial accountability, making it much harder for malicious actors to quickly distribute another harmful app after we take the first one down.”
To that end, the tech giant said it intends to start sending out invitations gradually starting October 2025, before opening it up to all developers in March 2026. The new requirements are expected to go into effect starting a year from now, in September 2026, in Brazil, Indonesia, Singapore, and Thailand.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
“At this point, any app installed on a certified Android device in these regions must be registered by a verified developer,” Suzanne Frey, vice president of Product, Trust and Growth for Android, added.
It’s worth noting that nothing much will change for developers who distribute apps through the Google Play Store, as they are likely to have already met these verification requirements through the existing Play Console process. A separate type of Android Developer Console account is in the works for student and hobbyist developers.
Google said the changes are designed to prevent malicious actors from impersonating developers and using their branding and reputation to create convincing fake apps. Compounding the problem is the presence of such malicious apps that are distributed via third-party app marketplaces from where users can sideload them.
The developer verification mandate adds to already existing security measures that block the sideloading of potentially dangerous apps in markets like Singapore, Thailand, Brazil, and India.
In July 2023, the company also began requiring all new developer accounts registering as an organization to provide a valid D-U-N-S number assigned by Dun & Bradstreet before submitting apps in an effort to build user trust.
The “new layer of security,” Google pointed out, aims to protect users from repeat bad actors spreading malware and scams, as well as provide a “consistent, common sense baseline of developer accountability” across Android. It also said the system preserves user choice while enhancing security for everyone.
While the Android app distribution rules are aimed at tightening the security of the ecosystem, they also come at a time when Google is potentially staring at major reforms to the Play Store, including distributing competing app stores through Google Play and providing rivals with access to its full app catalog, after having a lost an antitrust lawsuit brought by Epic Games in 2020.
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git