Android’s open ecosystem set it apart from the iPhone when touchscreen smartphones first emerged nearly two decades ago. Over time, Google has gradually traded some of that openness for enhanced security, and its next move could represent the biggest concession yet in the effort to block malicious apps. The company has announced plans to verify the identities of all Android app developers—not just those publishing on the Play Store. Going forward, apps from unverified developers may not function on most Android devices.

Figure 1. Google to Block Installation of Unverified Android Apps Starting Next Year.

In the early days, Google performed minimal curation of the Play Store (or Android Market, as it was once called). However, it has long worked to improve the platform’s security, addressing its reputation for being less safe than the Apple App Store. Years ago, it was even possible to publish exploits on the official store that could gain root access on devices. Today, multiple review and detection mechanisms help curb malware and banned content. Still, Google reports that sideloaded apps are 50 times more likely to contain malware than those from the Play Store. Figure 1 shows Google to Block Installation of Unverified Android Apps Starting Next Year.

This risk is driving the new developer verification system, described by Google as an “ID check at the airport.” After introducing identity verification for all Google Play developers in 2023, the company observed a sharp decline in malware and fraud. Since anonymity allowed bad actors to distribute malicious apps, verifying developers outside the Play Store is expected to further enhance Android security.

Implementing this verification outside the Play Store will require Google to adopt a more assertive approach—similar to Apple’s—which some Android users and developers may find intrusive. To facilitate this, Google plans to introduce a streamlined Android Developer Console for developers distributing apps outside the Play Store. Once their identities are verified, developers will need to register their apps’ package names and signing keys. However, Google will not review the content or functionality of the apps themselves.

Google states that only apps from verified developers will be installable on certified Android devices—which includes nearly every Android device with Google services. Devices running non-Google versions of Android are not affected, though these make up a very small fraction of the global Android ecosystem outside of China.

The company plans to begin early testing of the system in October this year. By March 2026, all developers will be able to access the new console to complete verification. In September 2026, the feature will launch in Brazil, Indonesia, Singapore, and Thailand, with global rollout targeted for 2027.

This represents a seismic shift for Android. The move comes amid the ongoing Google Play antitrust case brought by Epic Games, which could soon force changes to Google’s app distribution model. Google recently lost its appeal of the verdict and intends to take the case to the U.S. Supreme Court. In the meantime, the company will need to start adjusting its app distribution system, barring further legal developments.

Among other mandates, the court has ordered Google to allow third-party app stores and enable Play Store content to be rehosted on other platforms. This could increase user choice, which is what Epic and other developers sought. However, third-party stores won’t have the deep system integration of the Play Store, meaning users will be sideloading apps without Google’s security layers.

It’s unclear how significant a security risk this truly poses. On one hand, Google’s concerns are understandable—most major malware threats on Android originate from third-party repositories. On the other hand, enforcing a near-universal installation whitelist is a heavy-handed approach. It would require virtually all Android app developers to meet Google’s requirements before most users could install their apps, potentially allowing Google to maintain control even as the app market opens up. While current requirements are minimal, there’s no guarantee they won’t grow stricter over time.

The existing documentation doesn’t clarify what happens when a non-verified app is installed or how devices will check verification status. It’s likely that Google will distribute this whitelist through Play Services as the rollout nears. We’ve reached out to Google for more details and will report back if we hear anything.

Source:TECHNICA

Cite this article:

Priyadharshini S (2025), Google to Restrict Sideloading of Unverified Android Apps Beginning Next Year, AnaTechMaz, pp. 303