Google tries to calm backlash over Android developer verification

Google is trying to defuse one of the sharpest criticisms of its new Android developer verification regime. The company announced it is creating a formal path for users to keep sideloading apps from unverified developers while also carving out a lighter-touch option for students and hobbyists who do not want to go through the full identity verification process.

The move is Google’s latest attempt to argue that Android can remain open while tightening controls meant to curb scam and malware distribution.

Under the new approach, Android users who want to install apps from unverified developers will be able to use what Google calls an “advanced flow,” a one-time process designed to slow down coercive scam attempts rather than eliminate sideloading outright.

Google says the flow will require users to enable developer mode, confirm they are not being coached by someone else, restart the phone, and then wait one day before reauthenticating with biometrics such as fingerprint or face unlock or with the device PIN.

After that, users can choose to install apps from unverified developers for seven days or indefinitely, though Android will continue to show a warning that the app comes from an unverified source.

Google is framing the change as a direct response to feedback from “power users” who want the freedom to take calculated risks outside the Play Store, even as the company expands identity checks for developers distributing apps on certified Android devices.

In the same announcement, Google said it will introduce free “limited distribution” accounts for students and hobbyists, allowing them to share apps with up to 20 explicitly authorized devices without providing a government-issued ID or paying a registration fee.

Both the advanced flow for users and the limited distribution option are scheduled to be available in August, ahead of the broader enforcement phase of the verification rules.

Google’s verification policy has become a flashpoint in a broader fight over whether Android is drifting away from its long-standing open distribution model.

According to Google’s developer verification page, the company’s system will require developers in covered regions to verify personal details such as legal name, address, email address, and phone number, and in some cases provide official government ID.

Organizations will also need a D-U-N-S number and website verification, while developers distributing apps outside Google Play will need to register package names by proving ownership of their APKs.

Google says the requirement will begin taking effect in September 2026 in Brazil, Indonesia, Singapore, and Thailand, with broader global rollout to follow in 2027 and beyond.

Google has justified the policy as an accountability measure aimed at making it harder for repeat bad actors to distribute malicious software through sideloaded apps and then reappear under new identities.

The company links the advanced flow design to scam prevention, arguing that criminals often pressure victims over the phone to disable protections and that a waiting period can interrupt that coercive cycle.

Google cited a 2025 Global Anti-Scam Alliance report saying 57 percent of surveyed adults experienced a scam in the past year, with global consumer losses totaling $442 billion.

A coalition of civil rights groups, open source advocates, and digital rights organizations had warned that Google’s plan would require developers who want their apps installable on certified Android devices to register with Google and undergo identity verification even if they distribute software outside the Play Store through alternative marketplaces, websites, direct transfers, or enterprise systems.

Google is signaling that sideloading will survive, but under more friction, more identity checks, and more centralized oversight than Android developers have traditionally accepted.

Whether that balance satisfies critics will depend on how the advanced flow works in practice, how accessible the limited distribution path really is, and how much discretion Google ultimately exercises over who counts as a trusted developer in the certified Android world.

Article Topics

Android  |  digital identity  |  Google  |  identity verification  |  mobile app  |  research and development