- 817
- 220
Google representatives announced that from 2026, only apps from verified developers will be allowed to be installed on certified Android devices. This measure is aimed at combating malware and financial fraud, and will affect apps that are installed from third-party sources.
The requirement will apply to all “certified Android devices,” that is, devices that run Play Protect and have Google apps pre-installed. Similar requirements appeared
in the Google Play Store back in 2023 , and the company claims that this led to a sharp decrease in malware and fraud. Therefore, now the requirements will become mandatory for any apps, including those distributed through third-party app stores and sideloading, that is, installation from third-party sources (when the user downloads the APK file to the device themselves). Google compares the new requirements to checking documents at the airport.
[td]"Think of it like an airport ID check — it verifies the traveler's identity, but is separate from the inspection of their luggage. We will verify the developer's identity, but not the content of their app or its origin," the company writes.[/td]In this way, Google wants to combat “convincing fake apps” and make it more difficult for attackers who start distributing new malware shortly after Google has removed the previous one.
A recent analysis reportedly showed that third-party sources from which apps are installed using sideloading contain 50 times more malware than apps available in the Google Play Store.
At the same time, Google emphasizes that “developers will retain the same freedom to distribute their apps directly to users through third-party sources or use the app store of their choice.”
To implement the new initiative, a separate and simplified Android Developer Console will be created for developers who distribute their apps outside the Google Play Store. After verifying their identity, developers will need to register the package name and signing keys for their apps. Those who distribute apps through the Google Play store “are likely already compliant with verification requirements through the existing Play Console process,” which requires organizations to provide a DUNS (Data Universal Numbering System, a unique nine-digit identification number for legal entities). The new verification system will begin testing in October of this year, with the first Android developers gaining access. The mechanism will open to everyone in March 2026. The verification requirement will first go into effect in September 2026 in Brazil, Indonesia, Singapore, and Thailand. Google explains that these countries are “particularly affected by these forms of fraudulent apps.” Then, in 2027, developer verification will begin to be applied globally. @ xakep.ru
The requirement will apply to all “certified Android devices,” that is, devices that run Play Protect and have Google apps pre-installed. Similar requirements appeared
in the Google Play Store back in 2023 , and the company claims that this led to a sharp decrease in malware and fraud. Therefore, now the requirements will become mandatory for any apps, including those distributed through third-party app stores and sideloading, that is, installation from third-party sources (when the user downloads the APK file to the device themselves). Google compares the new requirements to checking documents at the airport.
A recent analysis reportedly showed that third-party sources from which apps are installed using sideloading contain 50 times more malware than apps available in the Google Play Store.
At the same time, Google emphasizes that “developers will retain the same freedom to distribute their apps directly to users through third-party sources or use the app store of their choice.”
To implement the new initiative, a separate and simplified Android Developer Console will be created for developers who distribute their apps outside the Google Play Store. After verifying their identity, developers will need to register the package name and signing keys for their apps. Those who distribute apps through the Google Play store “are likely already compliant with verification requirements through the existing Play Console process,” which requires organizations to provide a DUNS (Data Universal Numbering System, a unique nine-digit identification number for legal entities). The new verification system will begin testing in October of this year, with the first Android developers gaining access. The mechanism will open to everyone in March 2026. The verification requirement will first go into effect in September 2026 in Brazil, Indonesia, Singapore, and Thailand. Google explains that these countries are “particularly affected by these forms of fraudulent apps.” Then, in 2027, developer verification will begin to be applied globally. @ xakep.ru