Google has announced a new policy requiring comprehensive developer verification for all Android apps, aiming to improve ecosystem security after detecting 50 times more malware in apps installed outside Google Play.
The "Android Developer Verification" initiative adds an extra layer of protection, making it harder for malicious actors to distribute harmful apps. Developers will need to register via the Android Developer Console, providing official ID, contact information, a one-time registration fee, and an app signing key.
New verification requirements will take effect in September 2025 in Brazil, Indonesia, Singapore, and Thailand, and will be implemented globally from 2027 onward.
Google says the measure is critical to protect users, particularly from malware and scams targeting apps installed from third-party sources. Suzanne Frey, VP of Product at Google, noted that attackers often hide behind anonymity to distribute convincing fake apps, and malware from outside Google Play is 50 times more prevalent.
The policy has drawn criticism from some developers. The "Keep Android Open" initiative argues that mandatory verification undermines Android's open-source philosophy, may stifle innovation, and could deter privacy-focused independent developers from participating.
