Google is rolling out a new line of defense to protect Android users and certified devices. As reported by Bleeping Computer, a new program called Developer Verification will help block malware installations from sideloaded apps that have been downloaded from outside of the official Google Play store.
Apps that were in the Play store were already covered under a requirement established in August 2023 called D-U-N-S (Data Universal Numbering System).
Google has said that the D-U-N-S program saw a notable change in the amount of malware on the platform but because it didn’t apply to the developers and apps that existed outside of the official Play store, users were still seeing malware infections on their devices. Threat actors would spread malware by impersonating legitimate developers and creating convincing fakes of real apps in order to trick users into downloading their malicious versions of real apps.
Recent analysis by Google found that this method has been particularly successful: sideloaded apps contained more than 50 times more malware than the apps available in the Google Play store. Google anticipates that widespread adoption of this program will help by blocking non-compliant apps with a security message.
The new verification requirement applies to apps on the Play store and on third-party app stores; starting in 2026 all apps installed on certified Android devices must come from verified developers who have been certified through the new program. A certified Android device is a device that has passed Google’s Compatibility Test Suite (CTS) and is approved to ship with Google Play Services, the Play Store and Play Protect. This includes mainstream devices from Samsung, Motorola, OnePlus, Oppo, Vivo, Xiaomi and the Google Pixel line.
Devices that are not considered to be compliant include those from Huawei, Amazon Fire tablets, and any TV boxes or smartphones that use modified OS images or questionable components. These devices would not be subject to the new enforcements and their users would continue to be able to sideload apps (leaving them open to malware as well).
Early access to the program will open in October of this year, and will be available to all Android application developers by March of 2026. Starting in September 2026, the identity verification requirement will become a mandatory requirement for those app developers in Brazil, Indonesia, Singapore and Thailand then it will roll out globally in 2027.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
