Google is softening its approach towards the new Android developer verification requirements after widespread pushback. Most Android users will still be limited to downloading apps from only verified developers. However, “experienced users” will get a workaround.
In its latest blog post, Google reiterated its commitment to security and protecting Android users from “real harm” caused by sideloading malicious apps from unverified developers.
“While security is crucial, we’ve also heard from developers and power users who have a higher risk tolerance and want the ability to download unverified apps,” Google said in the blog post about the upcoming changes.
The tech giant said it is building a “new advanced flow” for experienced users to accept the risk of installing unverified software, which will be designed to resist coercion and ensure that users aren’t tricked into bypassing safety checks under pressure from a scammer.
“It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands. We are gathering early feedback on the design of this feature now and will share more details in the coming months,” Google said.
Students and small developers who build apps for a small group, such as family or friends, will be able to use a dedicated account type “for students and hobbyists,” allowing them to distribute apps to a limited number of devices without undergoing full verification requirements. They will be exempt from the $25 fee, which is required for full developer accounts.
Other than that, Google is sticking to the original plan to roll out developer verification in the Android Developer Console – only apps by verified developers will be allowed on Google-certified Android devices.
Fifty times more malware in sideloaded apps
Google has already started inviting app creators who distribute their apps exclusively outside of the Play Store to sign up for early access. All Play developers will soon receive invites in the Play Console.
Starting from September 2026, all Android apps must be registered by verified developers before they can be installed on certified devices. First, the requirements will take effect in Brazil, Indonesia, Singapore, and Thailand, and will later be rolled out globally.
“Our analysis shows that apps installed from internet sideloaded sources account for over 50 times more malware than apps available through Google Play. This both hurts users and erodes trust in the entire ecosystem,” said Raz Lev, Product Manager at Google, in a video explainer.
“This new verification will make it much harder for bad actors to distribute harmful apps.”
Google emphasizes that bad actors abuse sideloaded apps to intercept notifications, two-factor authentication codes, and ultimately to drain bank accounts. Despite advanced safeguards and protections, unverified cybercriminals can launch new, harmful apps instantly.
“It becomes an endless game of whack-a-mole. Verification changes the math by forcing them to use a real identity to distribute malware, making attacks significantly harder and more costly to scale,” Google said.
Play developers who have already completed the registration won’t need to do it again.
Developers who distribute apps outside of Play will complete the registration on the newly designed Android Developer Console.
“To create an account, we will ask for a government ID of the person creating the account, the contact phone number, and the email address that you will need to verify. For organizations, we will also ask you to provide and verify your website and business registration information,” Lev said.
To register an organization, Google will use a nine-digit identifier from business intelligence firm Dun & Bradstreet (DUNS number), which can be obtained for free directly from the company.
“This can take some time, so make sure to get started early,” Lev noted.
Google clarified that apps can still be installed through ADB (Android Debug Bridge) and through enterprise management tools on managed devices.
Google also stated that it will not disclose developer information – it only collects the data for identity verification purposes.
Many tech pros on Hacker News remain skeptical about the recent announcement. Some even pointed out hypocrisy, claiming that an official app store is full of low-quality apps that abuse excessive permissions for tracking and potentially malicious activities.
“It's my device. Not Google's,” one of the users posted.
“Also, it's not SIDE loading. It's installing an app.”
Cybernews previously reported on the campaign to “Keep Android Open,” which encourages developers and users to alert regulators. The initiative was endorsed by F-Droid, a popular alternative app store, which directly challenges Google’s claims.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked