Posted by Suzanne Frey – VP, Product, Belief & Development for Android
You shouldn’t have to decide on between open and safe. By engineering safety into the core a part of the OS, Android has confirmed that you could have each, and we proceed taking new steps in that route.
As new threats emerge, we’ve continued to evolve our defenses. Following current assaults, together with these focusing on folks’s monetary knowledge on their telephones, we have labored to extend developer accountability to forestall abuse. We’ve seen how malicious actors conceal behind anonymity to hurt customers by impersonating builders and utilizing their model picture to create convincing pretend apps. The dimensions of this menace is important: our current evaluation discovered over 50 occasions extra malware from internet-sideloaded sources than on apps obtainable via Google Play.
To raised shield customers from repeat unhealthy actors spreading malware and scams, we’re including one other layer of safety to make putting in apps safer for everybody: developer verification.
Beginning subsequent yr, Android would require all apps to be registered by verified builders with a view to be put in by customers on licensed Android units. This creates essential accountability, making it a lot more durable for malicious actors to shortly distribute one other dangerous app after we take the primary one down. Consider it like an ID examine on the airport, which confirms a traveler’s identification however is separate from the safety screening of their baggage; we can be confirming who the developer is, not reviewing the content material of their app or the place it got here from. This variation will begin in a number of choose international locations particularly impacted by these types of fraudulent app scams, typically from repeat perpetrators.
Since we applied verification necessities on Google Play in 2023, we’ve seen firsthand how useful developer identification is in stopping unhealthy actors from exploiting anonymity to distribute malware, commit monetary fraud, and steal delicate knowledge. Bringing an identical course of to Android extra broadly will present a constant, widespread sense baseline of developer accountability throughout the ecosystem.
In early discussions about this initiative, we have been inspired by the supportive preliminary suggestions we have obtained. In Brazil, the Brazilian Federation of Banks (FEBRABAN) sees it as a “vital development in defending customers and inspiring accountability.” This assist extends to governments as effectively, with Indonesia’s Ministry of Communications and Digital Affairs praising it for offering a “balanced strategy” that protects customers whereas preserving Android open. Equally, Thailand’s Ministry of Digital Financial system and Society sees it as a “optimistic and proactive measure” that aligns with their nationwide digital security insurance policies. And companions just like the Developer’s Alliance have referred to as this a “important step” for guaranteeing “belief, accountability, and safety” throughout all the ecosystem.
To make this course of as streamlined as doable, we’re constructing a new Android Developer Console only for builders who solely distribute exterior of Google Play, to allow them to simply full their verification; get an early take a look at the way it works. A be aware for pupil and hobbyist builders: we all know your wants are totally different from business builders, so we’re making a separate sort of Android Developer Console account for you.
When you distribute apps on Google Play, you’ve probably already met these verification necessities via the prevailing Play Console course of. You will discover extra details about how these necessities apply to you in our guides.
To be clear, builders may have the identical freedom to distribute their apps on to customers via sideloading or to make use of any app retailer they like. We imagine that is how an open system ought to work—by preserving selection whereas enhancing safety for everybody. Android continues to point out that with the precise design and safety ideas, open and safe can go hand in hand. For extra particulars on the particular necessities, go to our web site. We’ll share extra data within the coming months.
Timeline and how you can put together
That will help you prepare, we encourage all builders who distribute apps on licensed Android units to enroll in early entry. That is the easiest way to arrange and keep knowledgeable.
Early individuals will even get:
- An invite to an unique group dialogue discussion board.
- Precedence assist for these new necessities.
- The prospect to offer suggestions and assist us form the expertise.
Right here is the timeline that can assist you plan:
- October 2025: Early entry begins. Invites can be despatched out progressively.
- March 2026: Verification opens for all builders.
- September 2026: These necessities go into impact in Brazil, Indonesia, Singapore, and Thailand. At this level, any app put in on a licensed Android system in these areas have to be registered by a verified developer.
- 2027 and past: We are going to proceed to roll out these necessities globally.
