Google has started the rollout of a new Android developer verification system designed to reduce malicious apps and improve platform security, with global enforcement planned in the coming years.

The system, outlined by the tech giant in a blog post, requires developers to verify their identity and register their apps, particularly if they distribute software outside the official Google Play marketplace.

Developers who already distribute apps through Google Play and have completed identity verification may not need to take additional steps, as eligible apps will be automatically registered. Those distributing apps independently, however, will need to create an account in the Android Developer Console to confirm their identity.

For most users, the app installation experience will remain unchanged. However, installing unregistered apps in the future will require an advanced installation process or the use of Android Debug Bridge (ADB), a move intended to reduce scams that rely on convincing users to install malicious software.

Phased Rollout and Implementation Timeline

The verification requirement will be introduced gradually, beginning in selected markets before expanding globally. Google said the timeline is intended to give developers sufficient time to complete verification before user-facing changes begin.

Key milestones include:

• April 2026: Android Developer Verifier appears in system settings

• June 2026: Early access, limited distribution accounts for students and hobbyists

• August 2026: Limited distribution accounts and advanced sideloading flow launch globally

• September 30, 2026: Verification required in Brazil, Indonesia, Singapore and Thailand

• 2027 onward: Global rollout

Read more on Android security: Android 17 Beta Introduces Secure-By-Default Architecture

Developers using Android Studio will also be able to see their app registration status directly within the development environment when generating signed app files, integrating the verification process into existing workflows.

Balancing Security With Openness

Google said the new system is intended to balance Android's open ecosystem with stronger security protections.

The company reported that internal analysis found that malware appears more than 90 times as frequently in apps installed from sideloaded sources than in those from Google Play.

However, the policy has drawn criticism from open-source advocates and digital rights groups. An open letter coordinated by the Keep Android Open movement warns that mandatory central registration threatens innovation, competition, privacy and user freedom by extending Google's control beyond its own marketplace into all app distribution channels.

Signatories, including privacy and free-software organizations, argued that the requirement could create barriers for individual developers, small teams and volunteer projects by imposing fees, identity checks and terms that may not align with the principles of an open ecosystem.

The debate highlights ongoing tensions in the Android ecosystem between enhancing security and preserving the platform's historical openness.

Image credit: quietbits / Shutterstock.com