Posted by Suzanne Frey – VP, Product, Belief & Development for Android
You shouldn’t have to decide on between open and safe. By engineering safety into the core a part of the OS, Android has confirmed which you could have each, and we proceed taking new steps in that path.
As new threats emerge, we’ve continued to evolve our defenses. Following current assaults, together with these concentrating on folks’s monetary information on their telephones, we have labored to extend developer accountability to stop abuse. We’ve seen how malicious actors cover behind anonymity to hurt customers by impersonating builders and utilizing their model picture to create convincing faux apps. The dimensions of this menace is critical: our current evaluation discovered over 50 occasions extra malware from internet-sideloaded sources than on apps obtainable by way of Google Play.
To higher shield customers from repeat unhealthy actors spreading malware and scams, we’re including one other layer of safety to make putting in apps safer for everybody: developer verification.
Beginning subsequent yr, Android would require all apps to be registered by verified builders so as to be put in by customers on licensed Android gadgets. This creates essential accountability, making it a lot more durable for malicious actors to rapidly distribute one other dangerous app after we take the primary one down. Consider it like an ID verify on the airport, which confirms a traveler’s identification however is separate from the safety screening of their baggage; we can be confirming who the developer is, not reviewing the content material of their app or the place it got here from. This transformation will begin in a number of choose nations particularly impacted by these types of fraudulent app scams, usually from repeat perpetrators.
Since we applied verification necessities on Google Play in 2023, we have now seen firsthand how useful developer identification is in stopping unhealthy actors from exploiting anonymity to distribute malware, commit monetary fraud, and steal delicate information. Bringing the same course of to Android extra broadly will present a constant, frequent sense baseline of developer accountability throughout the ecosystem.
In early discussions about this initiative, we have been inspired by the supportive preliminary suggestions we have acquired. In Brazil, the Brazilian Federation of Banks (FEBRABAN) sees it as a “important development in defending customers and inspiring accountability.” This assist extends to governments as properly, with Indonesia’s Ministry of Communications and Digital Affairs praising it for offering a “balanced method” that protects customers whereas preserving Android open. Equally, Thailand’s Ministry of Digital Economic system and Society sees it as a “constructive and proactive measure” that aligns with their nationwide digital security insurance policies. And companions just like the Developer’s Alliance have known as this a “crucial step” for guaranteeing “belief, accountability, and safety” throughout your entire ecosystem.
To make this course of as streamlined as potential, we’re constructing a new Android Developer Console only for builders who solely distribute exterior of Google Play, to allow them to simply full their verification; get an early have a look at the way it works. A notice for pupil and hobbyist builders: we all know your wants are totally different from business builders, so we’re making a separate kind of Android Developer Console account for you.
When you distribute apps on Google Play, you’ve doubtless already met these verification necessities by way of the prevailing Play Console course of. You will discover extra details about how these necessities apply to you in our guides.
To be clear, builders can have the identical freedom to distribute their apps on to customers by way of sideloading or to make use of any app retailer they like. We imagine that is how an open system ought to work—by preserving selection whereas enhancing safety for everybody. Android continues to indicate that with the precise design and safety ideas, open and safe can go hand in hand. For extra particulars on the precise necessities, go to our web site. We’ll share extra info within the coming months.
Timeline and tips on how to put together
That can assist you prepare, we encourage all builders who distribute apps on licensed Android gadgets to join early entry. That is one of the simplest ways to organize and keep knowledgeable.
Early members will even get:
- An invite to an unique group dialogue discussion board.
- Precedence assist for these new necessities.
- The prospect to offer suggestions and assist us form the expertise.
Right here is the timeline that will help you plan:
- October 2025: Early entry begins. Invites can be despatched out progressively.
- March 2026: Verification opens for all builders.
- September 2026: These necessities go into impact in Brazil, Indonesia, Singapore, and Thailand. At this level, any app put in on a licensed Android system in these areas should be registered by a verified developer.
- 2027 and past: We’ll proceed to roll out these necessities globally.