Google is tightening security measures around Android app distribution, announcing on Monday that starting next year it will begin verifying the identities of developers distributing apps on Android devices — not just those on the Play Store.
The move marks one of the company’s most sweeping efforts yet to crack down on malware and fraud that have long plagued its platform.
The changes will apply to all certified Android devices once fully live, though the global rollout will be staggered. Google emphasized that Android will remain open, meaning developers can still distribute apps outside of the Play Store through sideloading or alternative app stores. But anonymity — once a hallmark of Android’s sideloading culture — will be eliminated. Developers who previously relied on alternative distribution channels to avoid disclosing their identity will now have to provide full credentials, a step Google says will help root out bad actors engaged in malware distribution, financial fraud, and theft of personal data.
Register for Tekedia Mini-MBA edition 19 (Feb 9 – May 2, 2026): big discounts for early bird.
Tekedia AI in Business Masterclass opens registrations.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register for Tekedia AI Lab: From Technical Design to Deployment (next edition begins Jan 24 2026).
The company backed the move with internal findings, stating that more than 50 times more malware entered Android devices via internet-sideloaded sources compared with Google Play, where developer verification has been mandatory since 2023.
Google will open early access in October 2025 for developers to test the system and provide feedback. By March 2026, identity verification will become mandatory for all developers. The first enforcement wave will begin in September 2026 across Brazil, Indonesia, Singapore, and Thailand, before expanding globally in 2027.
Under the new rules, developers will be required to provide a legal name, address, email, and phone number. This could push independent or hobbyist developers to register as businesses to protect their personal privacy. To accommodate such users, Google says student and hobbyist developers will have access to a separate category of Android Developer Console accounts.
The policy mirrors moves by Apple, which earlier this year imposed a similar requirement for its EU App Store to comply with the Digital Services Act (DSA). Under the regulation, app developers must disclose their “trader status” before distributing apps or updates. Apple’s earlier crackdown sparked debate among small developers who saw it as burdensome, but regulators insisted the changes were needed to protect consumers.
For Google, the shift comes after years of criticism that Android’s openness has made it a breeding ground for malware. While the company has repeatedly tried to improve Play Store vetting, sideloading has remained a weak point. In some cases, malicious apps disguised as financial tools, messaging services, or even popular games have infected millions of devices worldwide.
Analysts believe that this change will reshape the Android ecosystem, long valued for its flexibility compared with Apple’s more tightly controlled iOS. But some note that while the rules will strengthen user security, they could also deter smaller independent developers, particularly in emerging markets where sideloading is more common due to cost barriers and patchy Play Store availability.
Google’s strategy also aligns with growing global scrutiny of app ecosystems. Regulators in Europe, the U.S., and Asia are pressuring tech companies to do more to protect consumers, prevent scams, and ensure accountability among developers. With Apple already facing regulatory pressure in Europe and Google making preemptive moves, both companies are converging on stricter identity-based models for app distribution.
However, the rollout will test the balance between Android’s open-source DNA and the industry’s push for tighter security. For millions of developers, the next two years could define whether the platform remains a haven for independent innovation — or becomes more closely aligned with Apple’s walled-garden approach.