We recently announced New developer verification requirements serve as an additional layer of protection in our ongoing effort to keep Android users safe. We know security works best when it takes into account the different ways people use our tools. That’s why we announced this change in the first place: to gather input and make sure our solutions are balanced. We appreciate the community’s involvement and have heard early feedback – particularly from students and hobbyists who need an accessible way to learn, and from power users who are more comfortable with the safety risks. We are making changes to meet the needs of both groups.
To understand how these updates fit into our broader mission, it’s important to first look at the specific threats we are dealing with.
Why is validation important
Keeping users safe on Android is our top priority. Fighting scams and digital fraud is nothing new to us – it has been a central focus of our work for years. From scam detection in Google Messages to Google Play Protect and real-time alerts for scam calls, we have Worked continuously to protect our ecosystem,
However, online scams and malware campaigns are becoming more aggressive. At the global level of Android, this translates to Real harm to people around the world – Especially in areas with rapid digitalization where many people are coming online for the first time. Technical security measures are important, but they cannot address every scenario where a user is compromised. Scammers use high-pressure social engineering tactics to trick users into bypassing warnings designed to protect them.
For example, a common attack we track in Southeast Asia clearly illustrates this threat. A scammer calls the victim claiming that their bank account has been compromised and uses fear and urgency to direct them to sideload a “verification app” to secure their funds, often coaching them to ignore standard security warnings. Once installed, this app – actually malware – intercepts the victim’s information. When the user logs into their actual banking app, the malware captures their two-factor authentication code, giving the scammer everything they need to drain the account.
While we have advanced security measures in place to detect and remove bad apps, without verification, bad actors can quickly create new harmful apps. It becomes an endless game of Whack-a-Mole. Verification changes the math by forcing them to use real identities to distribute malware, making attacks significantly harder and more expensive to scale. We’ve already seen how effective this is on Google Play, and now we’re applying those lessons to the broader Android ecosystem to ensure there’s a real, accountable identity behind the software you install.
Supporting students and hobbyists
We’ve heard from developers who were concerned about the barrier to entry when building apps just for a small group like family or friends. We’re using your input to shape a dedicated account type for students and hobbyists. This will allow you to distribute your creations to a limited number of devices without going through full verification requirements.
Empowering Experienced Users
Although security is important, we’ve also heard from developers and power users who have a higher risk tolerance and want the ability to download unverified apps.
Based on this feedback and our ongoing conversations with the community, We’re creating a new advanced flow that allows experienced users to acknowledge the risks of installing software that isn’t verified. We are designing this flow specifically to resist coercion, ensuring that users do not bypass these security checks by succumbing to pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands. We’re currently gathering early feedback on the design of this feature and will share more details in the coming months.
Getting started with early access
Today, we’re excited to begin inviting developers for early access to Developer Verification in the Android Developer Console for developers who exclusively distribute outside of Play, and will soon share invitations to the Play Console experience for Play developers. We look forward to your questions and feedback on streamlining the experience for all developers.
For full details on the new Android Developer Console experience, watch our video below guide For more information and FAQs.
We are committed to working with you to protect the ecosystem while getting this right.