Google is rolling out a new security initiative called Developer Verification to reduce malware risks, especially from sideloaded apps obtained outside the official Play Store. While Play Store developers have already been required to submit a D-U-N-S number since August 2023, this policy did not cover the vast ecosystem of apps distributed through third-party sources. Google reports that malware is over 50 times more common in sideloaded apps compared to those downloaded from its official marketplace.
Starting in 2026, developers will need to verify their identity with Google for their apps to run on certified Android devices, with early access to the program beginning in October 2025. The enforcement will first apply in Brazil, Indonesia, Singapore, and Thailand in September 2026, before expanding globally in 2027.
Non-compliant apps will be blocked on certified Android phones and tablets, displaying a warning to users. Certified devices include popular brands like Samsung, Xiaomi, Oppo, and Google Pixel, while non-certified devices, such as Huawei and Amazon Fire tablets, will not be affected by these new restrictions. This step aims to curb anonymity-based attacks where bad actors impersonate trusted developers to spread malware.
Read more...