Google is tightening the rules around sideloaded apps. Starting in 2026, Android will require all apps on certified devices — whether from third-party app stores or direct downloads — to come from verified developers. The Android Developers Blog says the move is meant to curb malware and scams that often hit users who install apps outside Google Play.
A key upgrade under the hood
Verified creators mean better security
Soon, Google will be able to tell you who this is (hypothetically).
The change won’t kill sideloading, but it does mean anonymous distribution is ending. Think of it as an ID check. Google won’t scan the contents of every app you install, but it will require the publisher (whether an individual or a company) to have a verified identity tied to their account. That way, when a malicious app gets pulled, the same actor can’t return under a new name the next day.
Google cites some stark numbers to justify the shift. Its analysis shows malware is over 50 times more common in apps sideloaded from the open internet than in Play Store apps. Banks and government agencies in Brazil, Indonesia, and Thailand have already backed the move as a way to reduce fraud.
The rollout starts small. Early access to the verification process opens in October 2025 (and you can already sign up), with wider availability in March 2026. By September 2026, verified registration will be mandatory for sideloaded apps in Brazil, Indonesia, Singapore, and Thailand. Google plans to expand to more regions in 2027 and beyond.
For developers, little changes if you already publish through Google Play, since you’re verified through Play Console. But if you distribute apps independently, you’ll need to register through a new Android Developer Console built for non-Play developers. Google says hobbyists and students will have lighter requirements than commercial developers, though details remain unclear.
For Android users, the experience won’t look different at first. You can still sideload APKs or install apps from alternative stores like Droid-ify or the Samsung Galaxy Store. The difference is that behind the scenes, the developer must pass Google’s identity check.
That detail matters. Google frames this as a balance between openness and safety. Whether you buy that depends on how much you trust Google to act as the gatekeeper of developer identity for Android. Either way, sideloading isn’t going away — it’s just about to get more official.