admin
Google has set September 30, 2026, as the day it begins enforcing Android developer verification in the first four countries, and the major device-maker app stores are in from the start.
On that date, certified Android phones in Brazil, Indonesia, Singapore, and Thailand will block normal installs of apps whose developers have not registered an identity with Google, whether the app comes from Google Play or the stores run by Samsung, Xiaomi, OPPO, vivo, Honor, and Transsion.
Certified devices are the ones that ship with Google’s services and Play Protect, which, by F-Droid’s count, is more than 95 percent of Android devices outside China.
Most users will not notice, which is the point. Apps from verified developers keep installing as before. The friction lands on apps from developers Google has not verified, and is hardest on the independent and open-source channels, built on not needing Google’s permission to ship.
Developers distributing through those stores need to verify and register before the deadline. Google says apps that miss it will be unavailable for new installation on certified devices in the four countries.
What flips on September 30
The check runs on the device. Google is pushing a new system service, the Android Developer Verifier, to phones on Android 8 and newer starting in June 2026, and it confirms an app is registered to a verified developer before the app installs.
After September 30, in the four launch markets, an unregistered app will not install through the normal path. It can still be installed over Android Debug Bridge (ADB) or through the advanced flow, the deliberately high-friction route Google built earlier this year. That route makes the user turn on developer mode, restart, wait 24 hours, and reauthenticate before sideloading an unverified app, and it goes global in August.
Registration opened to all developers in March, and Google says it already covers nearly all installs on Google Play and a large majority of those from outside it.
To register, a developer gives Google a legal name, address, and contact details, may have to upload a government ID, and proves ownership of each app by submitting an APK signed with their private key.
Google is also adding APIs for bulk registration and package-name checks, with OAuth delegation so a third-party store can run parts of the process for developers. The two interfaces, an Android Developer ID Status API and an Android Developer Console API, arrive in July.
A separate lane for free limited-distribution accounts enters early access in July and launches globally in August; it lets students and hobbyists share apps with up to 20 devices, with no government ID and no fee. The standard full developer account carries a one-time $25 fee.
Why the open-source camp is fighting it
Google’s case is malware. It says sideloaded sources carry far more of it than Google Play, and that scams increasingly work by talking a victim into installing a malicious APK on the spot.
An identity check and a 24-hour wait are meant to break that. Google says it chose the four launch countries because they are hit hard by app scams, often from repeat offenders.
The pushback has been loud since the program was announced in August 2025. F-Droid, the free-software app repository, says the requirement would end its project, because it builds and signs apps from many pseudonymous contributors who will not hand Google a legal identity.
A Keep Android Open campaign backed by more than 70 organizations in 23 countries has asked Google to drop the ID checks for apps shipped outside Play. Google’s concessions, the advanced flow, and the 20-device accounts answer the complaint that sideloading was being killed. They do not touch the deeper one: a single company would sit at the installation path for nearly every Android device outside China and decide who gets the smooth lane.
Three questions stay open before the global rollout in 2027: whether Google spells out an appeals process for developers it flags by mistake, what it keeps in the identity registry and for how long, and whether it offers any path for repositories like F-Droid that cannot meet the per-app ownership check without changing how they work.
