https://android-developers.googleblog.com/2025/08/elevating-android-security.html
Google has announced a comprehensive new security initiative called “Developer Verification” that will require all Android app developers to verify their identities before their applications can be installed on certified Android devices, extending beyond Google Play Store requirements to include third-party app sources. The policy, set to begin early access in October 2025 and become mandatory by 2026-2027, aims to address the significant malware threat posed by anonymous developers who exploit sideloaded applications, with Google’s analysis revealing over 50 times more malware from internet-sideloaded sources compared to apps available through the official Google Play Store.
The phased implementation will begin with early access to the Developer Verification program in October 2025, followed by full availability to all Android developers in March 2026, before becoming mandatory in Brazil, Indonesia, Singapore, and Thailand in September 2026 and rolling out globally in 2027. This expansion builds upon Google’s existing D-U-N-S number requirement introduced in August 2023 for Google Play publishers, which has already demonstrated effectiveness in reducing malware on the official platform. The new verification system will block installation of non-compliant apps on certified Android devices with security warnings, affecting mainstream devices from major manufacturers including Samsung, Xiaomi, Motorola, OnePlus, Oppo, Vivo, and Google Pixel.
The policy specifically targets certified Android devices that have passed Google’s Compatibility Test Suite and are approved to ship with Google Play Services, while non-certified devices from manufacturers like Huawei, Amazon Fire tablets, and unauthorized Chinese devices will remain exempt from the enforcement. Google’s decision reflects the growing challenge of malicious actors who hide behind anonymity to create convincing fake apps that impersonate legitimate developers and exploit brand recognition for malicious purposes. This represents the most significant expansion of Android security controls beyond the official app store ecosystem, potentially reshaping the landscape for independent app distribution and third-party app stores that have traditionally operated with fewer restrictions on developer verification.