Google Tightens Android Security: Unverified Apps Will Be Blocked
For nearly two decades, Android’s openness distinguished it from the iPhone. Over time, however, Google has prioritized security, gradually trading some of that freedom for tighter safeguards. Its latest initiative could mark the biggest shift yet. Starting in the coming years, Google will require every Android app developer to verify their identity, regardless of whether apps are published in the Play Store or distributed elsewhere. Apps without verified developers will not install on most certified Android devices.
Google compares this process to an ID check at the airport. Since enforcing identity verification for Play Store developers in 2023, the company has reported a steep decline in malware and fraud. It argues that extending this system beyond its store is necessary because apps sideloaded from outside sources are, according to Google, 50 times more likely to contain malicious code.
To manage this, Google is creating a streamlined Android Developer Console. Developers will use it to register their apps’ signing keys and package names after verifying their identities. While the company stresses that it will not review app content or functionality, the identity requirement will be mandatory for installation on certified devices. Those using non-Google builds of Android, which represent a small fraction of the market outside China, will not be affected.
Testing begins in October 2025, with wider developer access planned for March 2026. Google intends to roll out the system in Brazil, Indonesia, Singapore, and Thailand by September 2026, with global expansion targeted for 2027.
Legal Pressure and Market Changes
The timing of this shift is significant. Google is in the middle of an antitrust battle with Epic Games, which could reshape how Android apps are distributed. Google recently lost its appeal of the verdict and now plans to take the case to the US Supreme Court. Meanwhile, it must start making changes. Among other requirements, the court ordered Google to allow third-party app stores and let Play Store content be rehosted elsewhere.
That decision increases consumer choice, but it also raises security concerns. Third-party stores will lack the same system-level integration as the Play Store, so many apps will be installed through sideloading. For Google, this increases the risk of malware spreading from less regulated sources.
Still, critics view the new verification system as heavy handed. Requiring every developer to meet Google’s standards before their apps can run may help Google keep control, even as distribution opens up. While the stated goal is security, developers worry about future restrictions that might follow.
Unanswered Questions
The documentation leaves several details unclear. For instance, Google has not said what happens if users attempt to install a non-verified app or how devices will check verification status. The most likely scenario is that the verification whitelist will be pushed through Google Play Services as the enforcement date approaches.
Whether this proves to be a true safeguard against malware or primarily a method of market control remains uncertain. For now, Google insists it is simply extending a system that has already reduced fraud in its store.
