Google will initiate a system to block the sideloading of unverified Android applications, a move impacting how apps are installed on certified Android devices. This initiative, slated to begin its rollout next year, aims to enhance security by verifying the identities of Android app developers, regardless of whether they distribute their apps through the Google Play Store or other channels.
Android, known for its open ecosystem compared to iOS, has gradually incorporated more security measures. This new verification system represents a significant step, potentially altering the app distribution landscape. Google’s rationale stems from its aim to improve the platform’s security reputation, addressing concerns about malware and fraudulent applications.
In the past, the Google Play Store, formerly known as the Android Market, had limited curation. This resulted in instances of exploits being published that could grant root access to devices. Over time, Google implemented various review and detection mechanisms to mitigate the prevalence of malware and prohibited content. Despite these improvements, Google asserts that applications sideloaded from sources outside the Play Store are statistically more prone to containing malware.
According to Google’s data, sideloaded apps have a 50 times greater likelihood of harboring malware compared to those obtained through the Play Store. This statistic serves as the primary justification for the implementation of the developer verification system. Google likens the process to an “ID check at the airport,” emphasizing the security benefits of confirming developer identities.
Google’s experience with requiring identity verification for Google Play app developers in 2023 has reportedly led to a substantial reduction in malware and fraudulent activities. The anonymity afforded to malicious actors facilitated the distribution of harmful applications. Therefore, extending identity verification to developers distributing apps outside the Play Store is expected to bolster overall security.
Implementing this verification system for apps distributed outside the Play Store will require Google to adopt a strategy similar to Apple’s approach, potentially impacting Android users and developers. Google plans to introduce a dedicated Android Developer Console designed for developers intending to distribute applications independently of the Play Store. This console will serve as the primary tool for developer verification.
Developers will be required to undergo an identity verification process within the new Android Developer Console. Upon successful verification, they must register the package name and signing keys associated with their applications. Google clarified that this process will not involve a review of the app’s content or functionality, focusing solely on verifying the developer’s identity.
Google specifies that only applications with verified identities will be installable on certified Android devices. Certified Android devices encompass the vast majority of Android devices that include Google services. Devices running non-Google builds of Android will not be subject to these restrictions, though this represents a small portion of the overall Android ecosystem outside of regions like China.
The rollout of the new verification system is planned in phases. Google intends to initiate early access testing in October 2025. By March 2026, the Android Developer Console will be accessible to all developers, enabling them to undergo the verification process. The feature is scheduled to launch in Brazil, Indonesia, Singapore, and Thailand in September 2026. Google aims to expand the verification requirements globally by 2027.
One of the most significant real-world examples of a major company that will be directly impacted by this policy is Huawei. Due to ongoing US restrictions, Huawei’s newer devices do not ship with Google Mobile Services (GMS), forcing the company to develop its own ecosystem centered around the AppGallery storefront. However, Huawei’s strategy extends beyond its own hardware.
To ensure its popular accessories—such as FreeBuds headphones, smartwatches, and bands—are fully functional with the broader Android market, Huawei relies heavily on sideloading. The primary application for managing these devices, providing crucial firmware and driver updates, is the ‘AI Life’ app. To get the latest version with full feature support on non-Huawei phones, users are often required to download the APK directly from Huawei, as the version on the Google Play Store can be outdated or limited. Similarly, for a user of another Android brand to access Huawei’s app ecosystem, they must sideload the AppGallery APK.
Under Google’s new verification system, these essential APKs from Huawei would need to be signed by a developer identity that has been verified through Google’s new console. This places Huawei in a unique position. To maintain the viability of its hardware ecosystem for the vast majority of Android users, it will likely need to register and comply with the verification processes of a US company, despite the very restrictions that compelled it to create a parallel ecosystem in the first place.
