Google to Require Developer Verification Even for Sideloaded Apps

Starting in 2026, all apps on certified Android devices will have to come from verified developers, and that includes distribution through official stores and sideloading.

Sideloading apps onto Android devices is a key strength of the OS. You can install apps from official sources, but you can also install applications manually. This has proven extremely useful in many situations, whether the customer is trying to use a region-locked app or install a pre-release version.

The unfortunate side-effect is that attackers use the same mechanism to push malware via third-party packages downloaded by potential victims from sketchy websites. 

According to Google, apps installed from internet-sideloaded sources contain over 50 times more malware than those downloaded from the Google Play Store, even though the official store is often targeted by criminals who find novel ways of bypassing existing protections. 

Developer verification 

To address the problem of malware from sideloaded applications, Google announced a new developer verification requirement for all apps installed on certified Android devices. 

This change means developers will have to register their identity before their apps can be installed, even if it’s through the sideloading process. Google compares the process to an airport ID check. It confirms who the developer is, not the contents of the app. 

By reducing anonymity, Google hopes to make it harder for repeat offenders to spread malicious apps, commit fraud or harvest private data. 

To streamline the process, Google is also launching a new Android Developer Console for those distributing apps outside Google Play. Student and hobbyist developers will have a lighter version of the process so they’re not left out.

In fact, this is likely one of the main problems people will have with the new rules. What if you’re building or modifying an app but you’re not a recognized developer? 

Timeline for rollout 

Google outlined a multi-phase implementation:

• October 2025 – Early access begins for developers (invite-only).
• March 2026 – Verification opens globally for all developers.
• September 2026 – Requirements take effect in Brazil, Indonesia, Singapore, and Thailand.
• 2027 and beyond – Global rollout of the requirement.

This change marks one of the biggest security updates to Android in years. By requiring developer checks for all apps, Google is directly addressing the problem of malicious actors exploiting anonymity to distribute malware.