Google will block sideloading of unverified Android apps

Google will implement a new safety feature that would require developers to verify their identity if they want Android users to be able to sideload their apps. The company said that it made the decision after recent analysis found “over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.” By verifying a developer’s identify first, it hopes to better protect users from “bad actors spreading malware and scams.”

In its announcement, Google said that apps need to be registered by verified developers in order to be installed on certified Android devices. Pretty much all Android phones in the US and Europe are certified if they come with Google Play. The company is now building a new Android Developer Console, specifically for developers that distribute outside its app store, so they can quickly authenticate their identities. Developers will be able to go through the verification process in the console, as well as register their package names.

Google likened the process to “an ID check at the airport” in that it will only confirm the identity of an app’s developer but will not be reviewing the content of the app. The company also clarified that the verification process will not prevent developers from distributing their apps wherever they want, including app stores other than Google Play.

The developer verification requirement will start rolling out in late 2026 in Brazil, Singapore, Indonesia, and Thailand. A global rollout will follow at a later date.