Google to require dev verification for all Android apps by 2027
(2025/08/26)
- Reference: 1756219210
- News link: https://www.theregister.co.uk/2025/08/26/android_developer_verification_sideloading/
- Source link:
Google will extend developer verification to all Android apps, not just those installed from the Play Store, beginning with Brazil, Indonesia, Singapore, and Thailand in September 2026, and followed by global rollout in 2027 and beyond.
Currently, developer verification is already required for the Play Store but not for apps installed from other sources. Today, developers do not need to register with Google to deploy an Android app.
That is changing. Developers will now need an Android Developer Console account, which like a Play Store account requires a one-time $25.00 fee, linked to a Google payment profile.
[1]
Accounts can be either either personal or organizational, both of which require the submission of government-issued identity documents and verified phone numbers. Organizations must also submit business registration documents and have a verified website. Finally, each app package name must be registered with Google with a public key certificate from the app signing pair, verified by uploading a package signed with the private key, to link it to the verified developer, though it is not necessary to upload the actual Android Package Kit (APK) that will be distributed.
[2]
[3]
This information is subject to change, being based on a [4]preview document [PDF] explaining the process. The company also said that there will be a less burdensome process, without a fee, for "students and hobbyists," but details have yet to be revealed. Existing developers registered to use the Play Store will not need a separate account as they are already verified.
Android today allows installation of unknown apps subject to a warning
The restrictions will apply to [5]certified Android devices , meaning Google-approved and including the core Google apps and services. Most Android devices fall into this category, though niche options exist, such as mobiles running [6]/e/OS , a de-Googled version of Android, or the open source [7]LineageOS . The downside of using non-Google Android from a consumer perspective is that some apps might not install, such as those that use the [8]Play Integrity API to verify that the app is "installed by Google Play, running on a genuine Android device."
Examples of apps that might not run on /e/OS or LineageOS Android devices include Meta's WhatsApp and the Revolut banking app, and users have no control over whether other official apps might refuse to run. Friction like this makes it unlikely that fully open source Android devices will ever be mainstream, despite the existence of the [9]Android Open Source Project (AOSP).
[10]Malware-ridden apps made it into Google's Play Store, scored 19 million downloads
[11]Google tweaks Play Store fees to keep Euro watchdogs at bay
[12]Google's Android boss suggests ChromeOS could be on borrowed time
[13]Google faces billion-quid bruising over Play Store fees in the UK
According to Google, the changes are necessary for security. Product VP Suzanne Fey [14]said that a recent analysis found over 50 times more malware from "internet-sideloaded sources" than on apps in Google Play.
Fey said Android remains an open system despite the new process and "developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer."
Developers disagree. "I can install an app onto a Windows computer from any source without verification by Microsoft. An Android device is a computer, like any other computer. It doesn't have to be this way. It's this way because a giant corporation controls it and decides they want this," [15]one Reddit user wrote .
[16]
Another dev who has built an Android app to be sideloaded told The Reg that Google's actions "really bother me." He added: "Google is making it harder and harder to build apps. Every year they do something to make it harder to do Chrome extensions, Docs add-ons, etc – every single thing that runs in something of theirs gets more difficult to distribute.
"For example, it used to be the case that if you were just creating a Chrome extension for yourself and a few colleagues, you could easily submit it to the Chrome store as unlisted. But now, even private or unlisted Chrome extensions have to go through verification which takes days, and even if you've changed one line of code can be arbitrarily rejected. And you need to have a website with a privacy policy and a support page for anything you create, even if it's only for yourself and two other people."
The announced changes will make Android more similar to Apple's iOS, in terms of how easy it is to install apps from any source. ®
Get our [17]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aK3aHFKwEP6FaQtMSQQlawAAAI4&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aK3aHFKwEP6FaQtMSQQlawAAAI4&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aK3aHFKwEP6FaQtMSQQlawAAAI4&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://developer.android.com/developer-verification/assets/pdfs/introducing-the-android-developer-console.pdf
[5] https://www.android.com/certified/
[6] https://e.foundation/e-os/
[7] https://lineageos.org
[8] https://developer.android.com/google/play/integrity
[9] https://source.android.com
[10] https://www.theregister.com/2025/08/26/apps_android_malware/
[11] https://www.theregister.com/2025/08/20/google_play_eu_changes/
[12] https://www.theregister.com/2025/07/16/android_replacing_chromeos/
[13] https://www.theregister.com/2025/06/12/google_play_store_fees/
[14] https://android-developers.googleblog.com/2025/08/elevating-android-security.html
[15] https://old.reddit.com/r/androiddev/comments/1mzw877/android_developers_blog_a_new_layer_of_security/napm8om/
[16] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aK3aHFKwEP6FaQtMSQQlawAAAI4&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[17] https://whitepapers.theregister.com/
Currently, developer verification is already required for the Play Store but not for apps installed from other sources. Today, developers do not need to register with Google to deploy an Android app.
That is changing. Developers will now need an Android Developer Console account, which like a Play Store account requires a one-time $25.00 fee, linked to a Google payment profile.
[1]
Accounts can be either either personal or organizational, both of which require the submission of government-issued identity documents and verified phone numbers. Organizations must also submit business registration documents and have a verified website. Finally, each app package name must be registered with Google with a public key certificate from the app signing pair, verified by uploading a package signed with the private key, to link it to the verified developer, though it is not necessary to upload the actual Android Package Kit (APK) that will be distributed.
[2]
[3]
This information is subject to change, being based on a [4]preview document [PDF] explaining the process. The company also said that there will be a less burdensome process, without a fee, for "students and hobbyists," but details have yet to be revealed. Existing developers registered to use the Play Store will not need a separate account as they are already verified.
Android today allows installation of unknown apps subject to a warning
The restrictions will apply to [5]certified Android devices , meaning Google-approved and including the core Google apps and services. Most Android devices fall into this category, though niche options exist, such as mobiles running [6]/e/OS , a de-Googled version of Android, or the open source [7]LineageOS . The downside of using non-Google Android from a consumer perspective is that some apps might not install, such as those that use the [8]Play Integrity API to verify that the app is "installed by Google Play, running on a genuine Android device."
Examples of apps that might not run on /e/OS or LineageOS Android devices include Meta's WhatsApp and the Revolut banking app, and users have no control over whether other official apps might refuse to run. Friction like this makes it unlikely that fully open source Android devices will ever be mainstream, despite the existence of the [9]Android Open Source Project (AOSP).
[10]Malware-ridden apps made it into Google's Play Store, scored 19 million downloads
[11]Google tweaks Play Store fees to keep Euro watchdogs at bay
[12]Google's Android boss suggests ChromeOS could be on borrowed time
[13]Google faces billion-quid bruising over Play Store fees in the UK
According to Google, the changes are necessary for security. Product VP Suzanne Fey [14]said that a recent analysis found over 50 times more malware from "internet-sideloaded sources" than on apps in Google Play.
Fey said Android remains an open system despite the new process and "developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer."
Developers disagree. "I can install an app onto a Windows computer from any source without verification by Microsoft. An Android device is a computer, like any other computer. It doesn't have to be this way. It's this way because a giant corporation controls it and decides they want this," [15]one Reddit user wrote .
[16]
Another dev who has built an Android app to be sideloaded told The Reg that Google's actions "really bother me." He added: "Google is making it harder and harder to build apps. Every year they do something to make it harder to do Chrome extensions, Docs add-ons, etc – every single thing that runs in something of theirs gets more difficult to distribute.
"For example, it used to be the case that if you were just creating a Chrome extension for yourself and a few colleagues, you could easily submit it to the Chrome store as unlisted. But now, even private or unlisted Chrome extensions have to go through verification which takes days, and even if you've changed one line of code can be arbitrarily rejected. And you need to have a website with a privacy policy and a support page for anything you create, even if it's only for yourself and two other people."
The announced changes will make Android more similar to Apple's iOS, in terms of how easy it is to install apps from any source. ®
Get our [17]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aK3aHFKwEP6FaQtMSQQlawAAAI4&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aK3aHFKwEP6FaQtMSQQlawAAAI4&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aK3aHFKwEP6FaQtMSQQlawAAAI4&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://developer.android.com/developer-verification/assets/pdfs/introducing-the-android-developer-console.pdf
[5] https://www.android.com/certified/
[6] https://e.foundation/e-os/
[7] https://lineageos.org
[8] https://developer.android.com/google/play/integrity
[9] https://source.android.com
[10] https://www.theregister.com/2025/08/26/apps_android_malware/
[11] https://www.theregister.com/2025/08/20/google_play_eu_changes/
[12] https://www.theregister.com/2025/07/16/android_replacing_chromeos/
[13] https://www.theregister.com/2025/06/12/google_play_store_fees/
[14] https://android-developers.googleblog.com/2025/08/elevating-android-security.html
[15] https://old.reddit.com/r/androiddev/comments/1mzw877/android_developers_blog_a_new_layer_of_security/napm8om/
[16] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aK3aHFKwEP6FaQtMSQQlawAAAI4&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[17] https://whitepapers.theregister.com/
"requires a one-time $25.00 fee"...
Mentat74
And so the 'nickel-and-diming' begins...
FDroid?
Forget It
How will this effect FDroid?
Re: FDroid?
seven of five
Nice little appstore you have there. Would be a shame if anything happened to it...
a recent analysis found over 50 times more malware from "internet-sideloaded sources"
zimzam
Yes, but is anyone downloading them. Are you also going to block website unless they have a Google certificate?
Blackjack
I use F-Droid so this sucks.
Also: https://www.theregister.com/2025/08/26/apps_android_malware/
Security? Right.
Adverts
hoola
Given the prevalence of adverts in so many Apps rendering them next to useless along with all the data grabbing that goes on that are far more problems than just certifying a developer.
There is one useful application I use that even after paying to "Remove ads" still presents adverts from "selected partners. Very sneakily they did not appear until after the (very) short window to get your money back.
Then the App where the exit button is hidden by a transparent Ad so you end up with a screen full of shite. As for what is termed "Appropriate" I just don't get it. The Ads themselves are for even worse shite so the point is clearly not the product but clicks on sites and grabbing data.
Re: Adverts
Neil Barnes
Even the phone maker supplied file manager has just started throwing adverts at me. WTF is wrong with the world?
IamAProton
I have a google-free android device (not used as a phone, mind you, I use a 'dumb' phone)
I don't like google position and I have no problem quitting entirely the 'smartphone', but i do not accept a bank that 'requires' and app, nor any other service.
Not sure for how long I can hold my position because 'people' but at least I feel like I'm more part of the solution rather than part of the problem...
MOBile
According to Google, the changes are necessary for security.
Yup, when a mob turns at your shop's door with a baseball bat, they also argue that small fee needs to be paid for security.
I mean, it's been hiding in the plain sight MOB-ill operating system.