Google is fundamentally changing how sideloading works on Android. In a new policy announced for 2026, the company will require all app developers to verify their identity, regardless of where they distribute their apps.
The New Rules
Starting in 2026, all apps installed on certified Android devices must come from a developer who has registered their identity with the company. This includes apps from third-party app stores and those downloaded via sideloading.
To comply, developers who do not use the Play Store must register on a new Android Developer Console. The process requires submitting personal details like a name, address, and in some cases, a government-issued ID.
Google’s Rationale
The company claims this is a critical security measure. A company analysis found that apps from sideloaded sources have 50 times more malware than those from the Play Store. By requiring identity verification, Google aims to:
- Increase accountability: Link a real-world identity to every app.
- Deter malicious actors: Make it harder for bad actors to operate anonymously and re-release harmful apps.
The Developer Pushback
While security is a valid concern, many in the developer community are worried about the loss of Android’s core openness. The new policy eliminates the anonymity that many independent and hobbyist developers rely on. Critics argue this gives Google too much control and could stifle innovation outside of its official app store.
Timeline and Rollout
The new policy will be implemented in phases:
- October 2025: Early access to the new developer console begins.
- March 2026: Verification opens to all developers.
- September 2026: The rules are enforced first in Brazil, Indonesia, Singapore, and Thailand.
- 2027 and beyond: A global rollout is planned.
Do you think this is a fair trade-off to stop malicious actors?
Let us know!
If you liked this article, check out our other articles on Google.