Google representatives announced that starting in 2026, only apps from verified developers can be installed on certified Android devices. This measure is aimed at combating malware and financial fraud, and will apply to apps installed from third-party sources.
The requirement will apply to all “certified Android devices,” that is, devices on which Play Protect is enabled and Google apps are preinstalled.
Back in 2023, similar requirements appeared in the Google Play Store, and the company claims this led to a sharp decrease in the number of malicious apps and fraud cases. Therefore, these requirements will now become mandatory for any apps, including those distributed through third-party app stores and via sideloading, that is, installation from external sources (when the user manually installs an APK file on the device).
Google likens the new requirements to an ID check at the airport.
“Think of it as an ID check at the airport — it confirms the traveler’s identity but is separate from screening their baggage. We will verify the developer’s identity, but we will not inspect the contents of their app or its origin,” the company writes.
In this way, Google wants to combat “convincing fake apps” and make it harder for attackers who start distributing another piece of malware shortly after Google removes the previous one.
It is reported that a recent analysis found that third-party sources, from which apps are installed via sideloading, contain 50 times more malware than apps available on the Google Play store.
At the same time, Google emphasizes that “developers will retain the same freedom to distribute their apps directly to users via third-party sources or to use any app store they prefer.”
To implement the new initiative, a separate, streamlined Android Developer Console will be created, intended for developers who distribute their apps outside the Google Play Store. After verifying their identity, developers will need to register their apps’ package name and signing keys.
Those who distribute apps through the Google Play store “likely already meet verification requirements through the existing Play Console process,” where organizations are required to provide a D-U-N-S number (Data Universal Numbering System — a unique nine-digit identification number for legal entities).
Testing of the new verification system will start in October of this year, and the first Android developers will gain access to it. It will become available to everyone in March 2026.
The verification requirement will first take effect in September 2026 in Brazil, Indonesia, Singapore, and Thailand. Google explains that these countries are “particularly affected by such forms of fraudulent apps.” Then, in 2027, developer verification will be applied worldwide.
2025.03.26 — Cloudflare to block all unencrypted traffic to its APIs
According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed. The purpose of this decision…
Full article →
2025.04.15 — Hackers exploit authentication bypass bug in OttoKit WordPress plugin
Hackers exploit an authentication bypass vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin used by more than 100,000 websites. First attacks were recorded just…
Full article →
2025.04.04 — Privilege escalation vulnerability in Google Cloud resulting in sensitive data leaks finally patched
Tenable Research revealed details of a recently patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run enabling an attacker to gain access to container images…
Full article →
2025.03.10 — Nearly a million Windows computers impacted by a malvertising campaign
According to Microsoft, nearly 1 million Windows devices fell victim to a sophisticated malvertising campaign in recent months. Cybercriminals were able to steal credentials, cryptocurrency, and sensitive…
Full article →
2025.03.05 — Polish Space Agency disconnects its network due to hacker attack
Last weekend, the Polish Space Agency (POLSA) had to disconnect all of its systems from the Internet to localize an attack targeting its IT infrastructure. After discovering the intrusion,…
Full article →
2025.01.24 — Hundreds of websites impersonating Reddit and WeTransfer spread Lumma Stealer
Sekoia researcher crep1x discovered that hackers are currently using some 1,000 pages impersonating Reddit and WeTransfer. Victims visiting these sites are tricked into…
Full article →
2025.04.25 — Asus patches vulnerability in AMI's MegaRAC enabling attackers to brick servers
Asus released patches for the CVE-2024-54085 vulnerability that allows attackers to seize and disable servers. The security hole affects the American Megatrends International (AMI) MegaRAC Baseboard Management…
Full article →
2025.02.23 — New JavaScript obfuscation technique uses invisible Unicode characters
According to Juniper Threat Labs , a new JavaScript obfuscation technique that uses invisible Unicode characters was used in a phishing attack targeting Political Action…
Full article →
2025.04.12 — Hackers compromised a bureau within the U.S. Department of the Treasury and spent months in hacked systems
The Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury, reported a major cybersecurity incident. Unknown attackers had…
Full article →
2025.02.25 — More than 100,000 users downloaded SpyLend malware from Google Play Store
According to Cyfirma, a malicious Android app called SpyLend was available on the official Google Play Store for some time and has been downloaded from there…
Full article →