CRW

Home Wiki

Android Developer Verification

View on consumerrights.wiki ↗

Contents29
  1. Take action, make our voice heard
  2. Open Letter to Google
  3. Background
  4. Announcement and rationale
  5. Implementation timeline
  6. Updates
  7. Advanced flow
  8. Technical implementation
  9. Distribution types
  10. Package name registration
  11. Affected devices
  12. Developer response
  13. Technical concerns
  14. Privacy and safety concerns
  15. Open source community impact
  16. Consumer and user response
  17. Industry and organizational response
  18. Support
  19. Criticism
  20. Impact on specific use cases
  21. Enterprise and MDM deployments
  22. Alternative app stores
  23. Educational development
  24. Regulatory context
  25. European Union
  26. United States
  27. United Kingdom
  28. See also
  29. References

On August 25th, 2025, Google announced an upcoming application installation restriction on Google-certified Android devices, requiring all developers to register and verify their real-life identity through the Developer Verification program and be approved by Google before their apps can be installed on Android devices. This requirement extends to all installation methods including "sideloading", third-party app repositories like F-Droid, and direct APK installations. Google stated that this change "keeps the ecosystem open".[1]

This is a giant shift from Android's traditionally open ecosystem and an abandonment of Android's founding principles. It renders all existing APK files created throughout the years useless, and gives Google the ability to censor apps they dislike, such as those that can create permanent local backups of YouTube videos outside of Google's ecosystem with no data lock-in (a popular example being TubeMate), and lets them terminate developers out of spite for reasons unrelated to their apps (such as holding political views Google disagrees with), in addition to giving governments the ability to order Google to censor unwanted apps, similar to what already happened with Apple in China.

It also prevents new Android applications from being developed offline with no Internet connection or Google account, given that every package name has to be registered in the developer console. This can prevent even verified developers from creating apps in countries where governments intermittently turn off Internet access, block access to Google services, or selectively block individuals from accessing the Internet.

Individuals who lose access to their Google accounts (for example, as a result of losing an authentication factor) would no longer be able register new applications. Unlimited offline distribution can also become a thing of the past. Google can impose arbitrary installation quotas, meaning limit the number of installations, like they are planning to do with student accounts. In the future, Google can also stop accepting submissions for older Android versions altogether, forcing people to purchase new devices to run software that could technically run on their existing device.

As with any Google service, there exists a possibility that it will shut down entirely, given that Google has a long history of launching and shutting down experimental services. If Google shut down the Android Developer Console, no one could develop new Android application anymore, for any device sold with this verification requirement built in.

Take action, make our voice heard

Direct link to the useful resources provided by the Techlore https://keepandroidopen.org/

Open Letter to Google

The Open Letter signed by most of the privacy advocates and organizations.

The keep android open website includes the following resources:

  • ways to contact national regulators
  • open letter and petitions
  • f-droid additional sources
  • editorial blogs and press reactions
  • public discussions

Background

Android has historically allowed users to freely install applications from any source through APK files (sometimes called sideloading). This openness differentiated Android from competitors like iOS. It enabled alternative app repositories, including open-source repositories like F-Droid, & direct developer-to-user distribution, offline installation with no Internet connection and Google account required, installation of applications not available in the Play Store (such as Flappy Bird, after it was taken down by its developer, or TubeMate, which Google does not allow on the Play Store), and installation of earlier versions (such as non-adware versions of ES File Explorer).

The only technical requirements were that applications follow Android's technical guidelines for functionality & be signed with any certificate to maintain a chain of trust during updates.

This openness has been a defining characteristic of Android since its inception, supporting many different use cases from enterprise deployments to privacy-focused distributions. Google has defended this approach in antitrust proceedings, with Google's lawyers arguing in the Epic Games case that "Android and Google Play provide more choice and openness than any other major mobile platform"[2] & that the company's app store practices were "part of its fierce competition with Apple".[3]

Announcement and rationale

Google announced the Developer Verification requirements on August 25th, 2025, through the Android Developers Blog.[4] According to Suzanne Frey, VP of Product, Trust & Growth for Android, the system is designed to combat malicious actors who "hide behind anonymity to harm users by impersonating developers and using their brand image to create convincing fake apps."

Google cited security statistics showing "over 50 times more malware from internet-sideloaded sources than on apps available through Google Play".[5] The company framed the verification as "an ID check at the airport, which confirms a traveler's identity but is separate from the security screening of their bags".

Implementation timeline

The implementation will be conducted in global rollout phases:[6]

  • October 2025: Early access opens for invited developers
  • March 2026: Open to all developers
  • September 2026: Enforcement begins in Brazil, Indonesia, Singapore, and Thailand
  • 2027 and beyond: Global rollout continues

Key implementation details:

  • No grandfather clauses for existing apps or developers
  • Play Store developers likely already meet requirements through 2023's D-U-N-S implementation
  • Organizations requiring D-U-N-S numbers should begin the process 28 days before deadlines
  • Developers can initiate verification 60 days before enforcement
  • 90-day deadline extensions available for developers needing additional time
  • After deadlines, users encounter system-level blocks with no override option when attempting to install unverified apps

Updates

Google announced that it is developing an 'advanced flow' for 'experienced users' to be able to install apps from unverified developers and described the process as 'maximally obscure and high-friction'.[7][8] Free and open software distributor, F-Droid, clarified in a blog post that the android developer program remains to a credible threat to open source ecosystem on android and added a banner on the website as well as app linking to https://keepandroidopen.org/, for informing the dangers and recommending users to voice their concerns to relevant authority.[9]

In February 24 2026, the KeepAndroidOpen movement published an open letter to google signed by various free and open source software organizations, digital rights groups and developer communities accessible under https://keepandroidopen.org/open-letter/.[10] The letter criticizes the need for google to gatekeep software beyond its own distribution platform, centralization of power having implications to privacy, censorship and surveillance especially with Google's historically opaque decision-making and review approach, imposition of barriers to entry for developers in various scenarios, anti-competitive implications and regulatory concerns. F-Droid was among the various organizations to sign the letter that in a blog post also stands opposed to signing up for developer verification that will begin the process in March 2026, recommending to developers to oppose the move by refusing to sign up as well.[11]

On 4 March 2026, as part of changes following Google vs. Epic store Lawsuit, Google announced that it is allowing registered app stores to be published on google play platform if they "meet certain quality and safety benchmarks", which would otherwise be subject to same restrictions as those for other 'sideloaded' app.[12] Notably as part of the settlement, Epic games signed away its rights to sue Google over anything related as covered in the term sheet, until September 2032.[13]

Advanced flow

On 19 March 2026, Google finally revealed how its advanced flow program for installing unverified apps is being implemented. Google mentions that this is a one-time process for power users, but was crafted to prevent coerced install of unverified apps.[14]

  • Enable developer mode in system settings
  • Confirm you aren't being coached
  • Restart your phone and reauthenticate
  • Come back after the protective waiting period and verify - One-time, one-day wait
  • Install apps - option of enabling for 7 days or indefinitely

Since advanced flow is delivered through Google Play Services and not through Android OS, Google can modify, restrict, or remove it at any time without an OS update and without any user consent. Organizations such as keep android open movement continue to hold the position against the program because of this aspect. Since the implementation has not appeared in dev, beta or canary builds of android yet, Google is prompting the community to accept a product announcement as a functional safeguard five months before the mandate takes effect.

Preventing critical banking apps from functioning due to enabled state of developer mode also makes installing unverified applications unfeasible to many users which majorly affects the rapidly growing FOSS android community and forces developer verification as well as payment of verification fee to Google, only to operate under limitations Google grants.

On March 23, 2025, Matthew Forsythe, Director of Product Management for Developer Experience on Google Play at Google, answered a question from an Android user on X (formerly Twitter) regarding advanced flow on Android. Forsythe explained that it will be possible to disable developer node once advanced flow is enabled to use apps that don't work with developer Mode enabled, such as banking apps.

However, at present, it's not yet clear whether it will actually be possible to use advanced flow with Developer Mode disabled, and we don't know if enabling advanced flow will affect critical apps like banking apps, which might not function properly if the Advanced Feed system is enabled.

Technical implementation

Distribution types

The Developer Verification system creates two tiers of developer accounts:[6]

Limited distribution

  • Allows for distribution on up to 20 devices[15]
  • Intended for "students, hobbyists, and other personal use"
  • Free registration
  • Identity verification requirements unclear

Full distribution

  • No limits on app numbers or installations
  • Intended for "organizations and professional developers with wide distribution"
  • Requires a one-time $25 fee
  • Requires complete identity verification including:
    • Government-issued photo ID
    • Proof of address
    • Private email
    • Phone number
    • For organizations:
      • Website
      • D-U-N-S number (can take up to 28 days to obtain)

Package name registration

Developers must register package names before apps can be installed. The system creates a cryptographic link between developer identity & app signing keys. Ownership priority is determined by installation statistics - developers whose signing keys account for over 50% of known installs receive registration priority.[16][17]

Affected devices

The requirements apply to all "Google-certified Android devices" which includes:

  • Devices with Google Play Store
  • Devices with Google Mobile Services (GMS)
  • Devices with Play Protect
  • All mainstream Android devices from manufacturers including Samsung, Xiaomi, Motorola, OnePlus, and Google Pixel
  • The vast majority of Android devices sold outside of China

Custom ROMs without Google services & uncertified devices are not affected by these restrictions.

Developer response

Technical concerns

Prominent Android developer Mark Murphy (CommonsWare) raised several technical concerns:[18]

  • Debug keystore handling for development workflows remains unaddressed
  • Sample code from Android development books would become unusable as "at most one person on the entire planet" could register each package name
  • Beta testing workflows using different package names face complications
  • Questions whether "it will no longer be possible to test apps under development on Google-certified production hardware" after 2027

Privacy and safety concerns

Developers expressed significant privacy concerns:

  • Murphy cited the ICEBlock app developer who faced federal prosecution threats after identity disclosure, with his wife being fired from a DOJ job
  • EFF, Electronic Frontier Foundation, criticized risks of centralization in censorship as well as surveillance capability retained by Google[19]
  • Google's privacy policy allows sharing developer information with "trusted businesses or persons" without clear restrictions[20]
  • Open source developers fear harassment and doxxing after forced identity disclosure
  • F-Droid mentions that play store verification is proven to be ineffective at combating malware due to repeated instances of malware distributed through play store[21][22]
  • Jean-Héon points out that mandatory developer registration puts users at risk by pushing them to use dangerous workarounds to install unverified APKs of their choice and also puts developers at risk by exposing them to data leaks and identity theft. Jean-Héon advocates for a solution based on the device's antivirus software. [23]

Open source community impact

The F-Droid community reacted strongly, with one forum member stating: "F*** Google. Use GrapheneOS to drop Android... I find this development downright alarming".[24] Specific challenges include:

  • F-Droid builds apps from source with its own signing keys, creating coordination requirements with upstream developers to ensure that the applications distributed are reproducible
  • Community estimates suggest 85% of F-Droid apps could be "stuck in limbo" due to package ID conflicts
  • Some developers announced via FreeDroidWarn that their apps "will no longer work on certified Android devices after that time"
  • Open source app, Kotatsu, shuts down development citing pressure from Google against sideloading among other threats against its operation.[25]

Consumer and user response

Google's Q&A page for the announcement received lots of feedback, including:[26]

  • Users highlighting the hypocrisy of enforcing security on sideloaded apps while Google Play distributes apps classified as scamware, malware, and adware
  • Confusion over whether users would need to pay $25 to install apps on their own devices
  • Concerns about offline device functionality (barcode scanners, kiosks) requiring internet connections for app signing verification
  • Comparisons to Windows, where users noted: "I can install an app onto a Windows computer from any source without verification by Microsoft"[27]
  • Users voiced their opinions through community wiki, keepandroidopen.org criticizing it as an anti-consumer move since a software update irrevocably blocks right to install any software and requires developers to seek permission from Google to develop apps. The users also noted that it harms digital sovereignty of nations as well as raising questions on placing critical infrastructure "at the mercy of distant and unaccountable organization"[28]

The Android community produced numerous critical videos,[29][30][31] with titles like "Google is Locking Down Android" and "Android Is Becoming iOS: The End of Sideloading?"


Google quiere dominar el mundo !

Industry and organizational response

Support

The Developers Alliance stood as the sole organizational voice supporting the change, with co-founder Jake Ward stating it was "a critical step to ensure trust, accountability, and security across the Android ecosystem".[32]

Government support emerged from initial rollout regions:

  • Brazil's Federation of Banks called it a "significant advancement in protecting users"
  • Indonesia's Ministry of Communications praised the "balanced approach that protects users while keeping Android open"
  • Thailand's Ministry of Digital Economy described it as a "positive and proactive measure"[33]

Criticism

Technology publications characterized the change as fundamental to Android's nature:

  • The Daily Security Review called it "a significant philosophical shift for Android, mirroring Apple's tightly curated ecosystem"
  • Cory Doctorow writes that Google is abusing it's duopoly position in mobile ecosystem to lock-in users for monetary profit[34]
  • Many news outlets warn that the ID requirements could end alternative app stores and affirm play store's position as an effective monopoly[35][36]
  • Afam Onyimadu writes for makeuseof, that the move is an overreach of google's position when programs such as Play Protect already exist, calling it "security theatre"[37]
  • It's FOSS warned "this could turn Google into the effective gatekeeper for all apps on 'certified' Android devices"[38]
  • OSnews criticized it as "the death of our digital freedoms"
  • Hackaday noted the timing "coincides with Google's court-mandated opening of Android following Epic Games' antitrust victory"[39]
  • According to Jean-Héon “Android Developer Verification is an absurdity for the free mobile ecosystem.”[23]

Impact on specific use cases

Enterprise and MDM deployments

NomidMDM advised IT managers to "audit application inventory today" & make sure all line-of-business app developers complete verification before deadlines.[40] Affected deployments include:

  • Wall-mounted displays
  • Classroom broadcasting systems
  • Shared device configurations
  • Kiosk applications
  • Industrial control systems

Alternative app stores

F-Droid faces serious challenges with the repository's build-from-source model conflicting with developer verification requirements. Alternative stores must make sure all hosted apps come from verified developers, effectively extending Google's verification to all distribution channels.

Educational development

Educational institutions face challenges as well:

  • Student projects require individual verification for testing
  • Sample code from textbooks becomes unusable without verification
  • Classroom demonstrations need verified developer accounts
  • Research projects face additional identity disclosure requirements

Regulatory context

The announcement arrives during active regulatory scrutiny of Google's platform practices:

European Union

The EU Digital Markets Act investigation issued preliminary findings against Google on March 19, 2025, for self-preferencing and payment system restrictions.[41] Legal experts note potential conflicts with DMA provisions requiring gatekeepers to permit third-party software installation without the gatekeeper's identification services.

United States

The timing coincides with court-mandated changes following Epic Games' antitrust victory. The FTC outlined remedy concerns in an August 2024 amicus brief after the jury found Google illegally monopolized app distribution.[42]

United Kingdom

The UK Competition and Markets Authority continues its Strategic Market Status investigation, with consultation closing on August 20, 2025.[43] No specific response to the verification requirements has been issued.

See also

References

  1. "Elevating Android's security to keep it open and safe". Android Developers. Aug 2025. Archived from the original on 2025-08-25.
  2. "Fortnite maker Epic Games wins its antitrust fight against Google". TechCrunch. 2023-12-11. Archived from the original on 26 Nov 2025. Retrieved 2025-08-29.
  3. "Epic Games wins antitrust lawsuit against Google". The Washington Post. 2023-12-12. Archived from the original on 23 Jul 2025. Retrieved 2025-08-29.
  4. "Android Developers Blog: A new layer of security for certified Android devices". 2025-08-25. Archived from the original on 2025-08-25. Retrieved 2025-08-25.
  5. "Google will require developer verification to install Android apps, including sideloading". 9to5Google. 2025-08-25. Archived from the original on 19 Jan 2026. Retrieved 2025-08-29.
  6. 6.0 6.1 "Android developer verification | Android Developers". 2025-08-25. Archived from the original on 2025-08-25. Retrieved 2025-08-25.
  7. Forsythe, Matthew (12 Nov 2025). "Android developer verification: Early access starts now as we continue to build with your feedback". (Archived)
  8. Schoon, Ben (19 Jan 2026). "Google calls Android's new sideloading flow 'high friction'". (Archived)
  9. "Keep Android Open - TWIF curated on Friday, 20 Feb 2026, Week 8 - f-droid.org". 20 Feb 2026. (Archived)
  10. "An Open Letter to Google regarding Mandatory Developer Registration for Android App Distribution". 24 Feb 2026. Archived from the original on 24 Feb 2026.
  11. "An Open Letter Opposing Android Developer Verification". 24 Feb 2026. Archived from the original on 24 Feb 2026.
  12. Samat, Sameer (4 Mar 2026). "A new era for choice and openness". Archived from the original on 5 Mar 2026.
  13. Hollister, Sean (5 Mar 2026). "Tim Sweeney signed away his right to criticize Google's app store until 2032". Archived from the original on 5 Mar 2026.
  14. Forsythe, Matthew (19 Mar 2026). "Android developer verification: Balancing openness and choice with safety". Archived from the original on 19 March 2026.
  15. "Android Developer Console: Account creation form". Android Developer Console. Retrieved 2025-12-19. (Archived)
  16. "Updates to Play Console for Android developer verification: A first look" (PDF). Android Developers. 2025-08-25. Archived (PDF) from the original on 28 Jan 2026. Retrieved 2025-09-01.
  17. "Resources | Android developer verification | Android Developers". Android Developers. 2025-08-25. Retrieved 2025-08-25. (Archived)
  18. "Uncomfortable Questions About Android Developer Verification". CommonsWare. 2025-08-26. Archived from the original on 21 Nov 2025. Retrieved 2025-08-29.
  19. McSherry, Corynne (2025-11-03). "Application Gatekeeping: An Ever-Expanding Pathway to Internet Censorship". Archived from the original on 2025-11-11.
  20. "Android Security or Vendor Lock-In? Google's New Sideloading Rules Smell Fishy". It's FOSS. 2025-08-29. Archived from the original on 7 Nov 2025. Retrieved 2025-08-29.
  21. Arntz, Pieter (2025-09-17). "224 malicious apps removed from the Google Play Store after ad fraud campaign discovered". malwarebytes. Archived from the original on 2025-10-05.
  22. Thompson, Lain (2025-08-26). "Malware-ridden apps made it into Google's Play Store, scored 19 million downloads". The Register. Archived from the original on 2025-10-05.
  23. 23.0 23.1 "Google restricts the installation of third-party APKs on Android: what this means for Jean-Héon™. (Updated March 21, 2026)".
  24. "FAQ - App Developers | F-Droid - Free and Open Source Android App Repository". F-Droid. Retrieved 2025-08-29. (Archived)
  25. "KotatsuApp/Kotatsu: Manga reader for android". Github. Archived from the original on 5 Nov 2025. Retrieved 16 Nov 2025.
  26. "Q&A: New Android developer verification requirements". Play Console Help. 2025-08-25. Archived from the original on 2025-08-29. Retrieved 2025-08-29.
  27. "Google to restrict Android app sideloading to verified devs". The Register. 2025-08-26. Archived from the original on 19 Jan 2026. Retrieved 2025-08-29.
  28. "Keep Android Open". Keep Android Open. Aug 2025. Archived from the original on 2025-11-09.
  29. Mental Outlaw (2025-08-29). "Google is Locking Down Android". YouTube. Archived from the original on 16 Feb 2026. Retrieved 2025-08-29.
  30. BrenTech (2025-08-26). "Google Will Soon Block Apps from Unverified Developers! Is This The End of Sideloading on Android?". YouTube. Archived from the original on 23 Feb 2026. Retrieved 2025-08-29.
  31. TechLore (2025-08-27). "Android Is Becoming iOS: The End of Sideloading?". YouTube. Archived from the original on 16 Feb 2026. Retrieved 2025-08-29.
  32. "Developers Alliance Applauds Google's New Android Developer Verification". Developers Alliance. 2025-08-25. Archived from the original on 2025-10-29. Retrieved 2025-10-29.
  33. "Google to Verify All Android Developers in 4 Countries to Block Malicious Apps". The Hacker News. 2025-08-25. Archived from the original on 28 Jan 2026. Retrieved 2025-08-29.
  34. Doctorow, Cory (2025-09-01). "Darth Android". Archived from the original on 2025-10-12.
  35. Debasish (30 Sep 2025). "Google's new developer rules could threaten sideloading and F-Droid's future". Archived from the original on 2 Nov 2025.
  36. Mous, Anton (30 Sep 2025). "Google's developer registration 'decree' means the end for alternative app stores". Archived from the original on 11 Nov 2025.
  37. Onyimadu, Afam (11 Oct 2025). "Android's sideloading limits are its most anti-consumer move yet". Archived from the original on 12 Oct 2025.
  38. "Android Security or Vendor Lock-In? Google's New Sideloading Rules Smell Fishy". It's FOSS. 2025-08-29. Archived from the original on 7 Nov 2025. Retrieved 2025-08-29.
  39. "Google Will Require Developer Verification Even For Sideloading". Hackaday. 2025-08-26. Archived from the original on 3 Feb 2026. Retrieved 2025-08-29.
  40. "The Core Change: Mandatory Verification for All Android Apps". NomidMDM. Archived from the original on 9 Dec 2025. Retrieved 2025-08-29.
  41. "Google Search, Play Store falling foul of Digital Markets Act rules, says EU". TechCrunch. 2025-03-19. Archived from the original on 23 Nov 2025. Retrieved 2025-08-29.
  42. "FTC Outlines Remedy Concerns in Amicus Brief After Jury Finds Google Illegally Monopolized App Store". Federal Trade Commission. 2024-08-29. Archived from the original on 16 Jan 2026. Retrieved 2025-08-29.
  43. "SMS investigation into Google's mobile platform". GOV.UK. Archived from the original on 25 Jul 2025. Retrieved 2025-08-29.
Filed under