Google has announced a momentous change in the ecosystem Android, since from next year (2026), sOnly applications created by verified developers will be allowed to be installed. on certified Android devices.
This measure ends the free installation of applications from downloaded APKs manually or from third-party directories, unless those developers formally register and confirm their identity to Google.
In contrast, the Unofficial builds based on the AOSP open source code will continue to allow installation of any application. However, for devices undergoing certification, manufacturers must enable additional checks to ensure that all installed software meets the required security standards. Android certification, in addition to enabling the use of services like Play Protect, ensures that manufacturers offer proper integration with the Google Play Store and access to critical security updates.
The origin of the measure: to stop malware on Android
Decision of Google responds to an increasingly evident threat. According to company statistics, malware distributed from external sources It's 50 times more common than the one detected within Google Play. Many cybercriminals have taken advantage of the anonymity to spread fraudulent applications that pose as legitimate software, putting the financial and personal data of millions of users at risk.
With this change, Google seeks to close the door to malicious actors Repeat offenders who, after a fraudulent app was removed, often quickly re-released new versions. Identity verification introduces additional liability: if a developer engages in harmful practices, they can no longer hide behind anonymity.
How developer verification will work
The new policy involves a two-stage process. First, the Developers will need to confirm their identity personal or corporate, providing data such as full name, address, telephone number and email, as well as an official identity document or, in the case of companies, an international legal identifier (DUNS).
In second place, Each application must be registered in a special directory, linking it to its author using the package name and digital signature keys. For those already publishing on Google Play, this process won't be necessary, as verification has been active since 2023.
For independent developers that distribute applications outside the official store, Google will enable a new tool called Android Developer Console, designed specifically to facilitate this registration. There will even be separate accounts for students and hobbyists, with more flexible requirements than those for businesses and commercial developers.
Implementation schedule
The transition will be rolled out gradually. In An early access period for developers will begin in October 2025. interested parties. In March 2026, verification will be open to all, and in September of that same year it will be mandatory in Brazil, Indonesia, Singapore and Thailand.
From 2027, this policy will be progressively applied in other countries., with the aim of achieving global coverage.
The announcement has already received support from different sectorsIn Brazil, the Brazilian Federation of Banks hailed it as a “significant advance in user protection.” In Indonesia, the Ministry of Communications deemed it a “balanced approach,” while in Thailand, it was seen as a “positive and proactive measure” aligned with its national cybersecurity policies.
The Developer Alliance also applauded the initiative, highlighting that this step strengthens trust and accountability within the Android ecosystem.
Despite these restrictions, Google emphasizes that developers will continue to have the freedom to distribute their applications. directly to users or through other alternative stores. The difference is that, from now on, they must do so with confirmed identity.
You shouldn't have to choose between openness and security. By integrating security into the core of the operating system, Android has proven that it's possible to have both, and we continue to move in that direction.
This balance seeks to demonstrate that Android's openness can coexist with higher standards of digital security, protecting users without sacrificing the flexibility that has characterized the platform since its inception.
Finally, if you are interested in knowing more about it, you can consult the details in the following link