日本語
한국어
Tiếng Việt
简体中文
For nearly two decades, Android’s distinctive open nature offered a stark contrast to the more controlled environment of the iPhone. Over time, Google has progressively prioritized security, and its latest initiative marks a significant step towards a more regulated app ecosystem. The company has unveiled plans to mandate identity verification for all Android app developers, extending beyond just those publishing on the Google Play Store. Crucially, apps from unverified developers will ultimately cease to function on the vast majority of Android devices in the coming years, regardless of where they are offered.
Enhancing Security: From Open Market to Verified Developers
In its early days, the Android Market (now Google Play Store) had minimal content curation, leading to a reputation for being less secure than Apple’s App Store. While Google has since implemented rigorous review and detection mechanisms to combat malware and fraudulent content, the company states that apps sideloaded from outside its official store are a staggering 50 times more likely to contain malware.
This alarming statistic serves as the primary driver for Google’s new developer verification system. Described by Google as akin to an “ID check at the airport,” this system builds on the success seen within the Google Play Store. Since making identity verification mandatory for Play Store developers in 2023, Google has observed a dramatic reduction in malware and fraud, attributing this success to the removal of anonymity that bad actors previously exploited. Applying this verification model to all Android app distribution is expected to yield similar security benefits.
How the New Developer Verification System Works
Implementing this extensive verification outside its own storefront requires Google to adopt a more assertive stance, potentially impacting numerous Android users and developers. Google is introducing a streamlined Android Developer Console designed specifically for developers distributing apps outside the Play Store. After successfully verifying their identities, developers will need to register their app’s package name and its unique signing keys. It’s important to note that Google will not be reviewing the content or functionality of these applications, focusing solely on developer identity and app integrity.
Only apps with a verified developer identity will be installable on “certified Android devices.” This includes virtually every Android-based device that comes with Google services pre-installed. For the minuscule fraction of users running a non-Google build of Android (primarily outside of China), these new requirements will not apply.
Credit: Google
Phased Rollout: A Global Timeline
Google plans a gradual implementation for this significant change:
- October 2025: Early access testing of the new system begins.
- March 2026: All developers will gain access to the new console for identity verification.
- September 2026: The feature officially launches in Brazil, Indonesia, Singapore, and Thailand.
- 2027 (Target): Google aims to expand these developer verification requirements globally.
A Seismic Shift Amidst Antitrust Scrutiny
This initiative arrives at a pivotal moment for Android. The ongoing Epic Games antitrust case against Google Play recently saw Google lose its appeal, potentially forcing changes to its app distribution model in the near future. While Google plans to appeal to the US Supreme Court, court orders could compel the company to alter how it handles app distribution, including allowing third-party app stores and content rehosting.
Credit: Google
The paradox here is striking: while courts push for more choice and varied app distribution channels, potentially increasing sideloading, Google simultaneously introduces a system to tightly control which apps can be installed. Third-party app sources may lack the deep system integration and security layers offered by the Google Play Store, raising legitimate security concerns from Google’s perspective. Most major Android malware threats have historically propagated through unverified third-party app repositories.
However, critics argue that enforcing an installation whitelist across almost all Android devices is a heavy-handed approach. It places a universal requirement on every Android app developer to satisfy Google’s criteria before their applications can reach users. While the current verification requirements appear minimal, there’s no guarantee they will remain so, potentially giving Google substantial control over the burgeoning app market even as it is forced to open up.
Lingering Questions
Currently, available documentation does not fully detail the user experience if an attempt is made to install a non-verified app, nor how devices will check for verification status. It is presumed that Google will distribute this “whitelist” of verified apps and developers via Play Services as the implementation dates draw nearer. We are seeking further details on these crucial aspects and will provide updates as they become available.