Android will block sideloading of unverified apps starting next year

Google has just announced an extra security feature for Android that will require all apps installed outside of Google Play to be registered by a verified developer. This new “developer verification” requirement will be enforced in September 2026 on certified Android devices — devices that ship with Play Protect. Google says this is to fight malware, as a recent analysis it conducted shows that users are 50 times more likely to install malware when they install apps from internet-sideloaded sources.

For verification, developers will have to complete a two-step process. The first step involves verifying their identity by providing personal or organizational IDs, such as legal name, email address, address, phone number, and website verification. For the second steps, developers will prove ownership of their apps by providing the apps' unique package name and signing keys.

Google says this change does not abolish the practice of sideloading, as “developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer.” Google likens it to “ID check at an airport,” which confirms a traveler's identity, but it is separate from a security screening of the traveler's luggage.

The new requirement will first go live in Brazil, Indonesia, Singapore, and Thailand in September next year, with a global expansion set for 2027 and beyond. Google has created a new Android Developer Console to onboard developers who do not distribute through Google Play. Google is also working on a new type of Android Developer Console for hobbyist developers and students.

Buy the Samsung Galaxy S25 Ultra on Amazon (curr. $1,170).