Google to block sideloading of apps from unverified developers
Downloading apps from an official app store helps to avoid dodgy software. The obstacles that can stand in the way of developers getting their apps into the likes of the Google Play Store, however, means that sideloading remains incredibly popular.
Sideloaded apps – those downloaded from unofficial sources – can be safe, but it is something of a minefield. And this is why Google has announced plans to block the sideloading of apps from developers that it has not been able to verify.
This is just the last step in the dance between app developers and Google, which the company is pitching as “a new layer of security for certified Android devices”. Google is now largely accepting that sideloading is not a phenomenon that is going to go away, so it is now seeking a way to allow the practice to continue in as safe a way as possible.
Announcing its plans – which will roll out slowly, starting in a small number of countries initially – Google says:
Starting next year, Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices. This creates crucial accountability, making it much harder for malicious actors to quickly distribute another harmful app after we take the first one down. Think of it like an ID check at the airport, which confirms a traveler's identity but is separate from the security screening of their bags; we will be confirming who the developer is, not reviewing the content of their app or where it came from. This change will start in a few select countries specifically impacted by these forms of fraudulent app scams, often from repeat perpetrators.
Curated sideloading
Google has not yet finalized all of the details of how the verification process works, so it is difficult to predict how successful it will be. Providing some more information about what is going to happen, Google adds:
To make this process as streamlined as possible, we are building a new Android Developer Console just for developers who only distribute outside of Google Play, so they can easily complete their verification; get an early look at how it works. A note for student and hobbyist developers: we know your needs are different from commercial developers, so we’re creating a separate type of Android Developer Console account for you.
If you distribute apps on Google Play, you’ve likely already met these verification requirements through the existing Play Console process. You can find more information about how these requirements apply to you in our guides.
To be clear, developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer. We believe this is how an open system should work—by preserving choice while enhancing security for everyone. Android continues to show that with the right design and security principles, open and secure can go hand in hand. For more details on the specific requirements, visit our website. We'll share more information in the coming months.
The company has a rough timetable in mind, which sees early access to the new system starting in October this year. When March 2026 rolls around, Google plans to have the verification system open to all devlopers. In September, any app installed on a certified Android device in Brazil, Indonesia, Singapore, and Thailand.must be registered by a verified developer. The current plan is to have the ssystem of verification fully implemented on a global basis some time in 2027.
Does this seems ike a sensible system to you? Are yo ua developed who has strong feelings one way or the other about the need to be verified? Share your thoughts in the comments.