Updated:In a response to Google, it was stated that this developer identity verification method is currently only applicable to Google-certified Android devices, which means that devices built with the open source version of Android will not be limited.
However, another statement is more interesting, that is, the developer identity verification mechanism will not be activated in China. Even when users use devices that have been certified by GMS services (such as Android phones sold in Taiwan) in China, they will not be subject to developer identity verification restrictions and can be installed through APK file sideloading.
GoogleAnnounceNew security measures will be added to the Android system. In the future, if users want to install apps through "sideloading", they must ensure that the apps come from developers who have completed identity verification. This means that the app installation and usage model that previously allowed free installation as long as the APK file was available will gradually be subject to stricter control.
According to Google, this measure stems from recent risk analysis, which showed that the amount of malware obtained from online sideload sources has continued to increase, even reaching 50 times more than that downloaded through the Google Play Store. Therefore, Google hopes to reduce the spread of malware and fraudulent applications on Android devices by "verifying developer identities."
Similar to airport "identity check"
Google stated that the new verification process does not check the actual content of the app, but only confirms the developer's identity, much like an ID check at an airport. In other words, verified developers can still freely choose the publishing platform, including other third-party app stores, but if verification is not completed, the app will not be able to be successfully installed and used on Google-certified Android devices.
In the United States and Europe, almost all Android phones with the Google Play Store service are considered "certified devices." Therefore, for most markets, developers must undergo identity verification if they want their apps to be sideloaded normally.
However, Android-based phones that are available in open source form in China, or other non-Google-certified Android devices, may still carry certain sideloading risks. It's unclear whether Google will implement further regulatory measures in this situation.
Added an independent developer management platform
To streamline the process, Google is building an Android Developer Console specifically for publishers outside the Google Play Store. Developers will be able to complete identity verification and register their app's bundle name here. This design will help expedite the review process and avoid overly complex procedures that reduce openness.
Google emphasized that this move is not equivalent to closing the Android ecosystem, but rather hopes to maintain openness while providing additional security protection to prevent users from being exposed to high-risk malicious programs when sideloading.
First to go on the road in 2026
This specification will be launched first in markets such as Brazil, Singapore, Indonesia, and Thailand by the end of 2026, and will then be gradually rolled out globally. Although this means an additional layer of verification for developers, in the long run, Google believes it will help reduce overall security concerns, increase user trust, and make people more confident in using Android sideloading installation mechanisms.
For consumers, this change may limit some of the flexibility of "free installation," but in exchange, it will provide greater security. For the developer community, the future will also place greater emphasis on "identity transparency." Competition within the Android ecosystem will not only be about app content, but also about commitment to trust and security.
