Google is closing the door on unrestricted sideloading on Android. Starting September 2026, only apps from verified developers will be allowed on Google-certified Android devices.
The tech giant has cited security as the main reason for the change: internet-sideloaded apps are responsible for over 50 times more malware than apps from the Google Play store.
“Following recent attacks, including those targeting people's financial data on their phones, we've worked to increase developer accountability to prevent abuse,” the Android Developers Blog post reads.
“We’re adding another layer of security to make installing apps safer for everyone: developer verification.”
Developers can already sign up for the verification early access, which will begin in October 2025. Google Play developers are already familiar with the verification requirements through the existing Play Console process.
The gradual change will begin next year, with the verification procedure opening for all developers in March.
The rollout will begin in September 2026 in Brazil, Indonesia, Singapore, and Thailand. Only apps registered by verified developers will be allowed on certified Android devices in these countries. The requirements will be expanded globally in 2027 and beyond.
“To be clear, developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer,” Google assures.
“We believe this is how an open system should work – by preserving choice while enhancing security for everyone.”
Google is building a new dedicated Android Developer Console for developers who distribute apps outside its ecosystem, so they can “easily complete their verification.”
The support page explains that developers will be required to verify their identity and register their package names. The main steps include providing personal details, including name, address, email address, phone number, organization’s details, and, likely, an official government ID.
“You'll need to prove you own your apps by providing your app package name and app signing keys,” Google explains.
Students and hobbyists will be able to use a separate type of Developer console account.
“This creates crucial accountability, making it much harder for malicious actors to quickly distribute another harmful app after we take the first one down,” Google believes.
“Think of it like an ID check at the airport, which confirms a traveler’s identity but is separate from the security screening of their bags; we will be confirming who the developer is, not reviewing the content of their app or where it came from.”
Announcement sparks intense debate
The announcement has sent shockwaves through developer communities, provoking intense debate and over 1,000 comments on Hacker News. Many users are criticizing the change as a step away from openness and user control.
“Every day we stray farther from the premise that we should be allowed to install/modify software on the computers we own,” user “medhir” posted.
“The question really isn't whether we should be able to modify computers we own, it's whether we own them at all,” another user responded.
Google is forcing developer verification on Android apps installed outside the Play Store via sideloading or alternative app stores. This strips away the anonymity indie devs have relied on outside Google's control and forces developers to expose personal info just to distribute… pic.twitter.com/FO3nIBFl8R
undefined Ray Vahey (@rayvahey) August 26, 2025
Other contributors complained about other issues, such as privacy erosion and potential surveillance.
“Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe,” one of the users said.
Your email address will not be published. Required fields are markedmarked