Starting from 30 September 2026, certified Android devices in Brazil, Indonesia, Singapore and Thailand will begin blocking standard installation of apps whose developers have not been identified by Google. The restriction applies not only to Google Play, but also to the app stores of Samsung, Xiaomi, OPPO, vivo, Honor and Transsion. This is the first phase of the Android Developer Verification program, announced by Google back in August 2025, with plans for global rollout in 2027. For developers distributing apps through any channels, this means they must complete registration before the deadline — otherwise their products will no longer be available for new installations on the vast majority of Android devices in the specified regions.
Key requirements and timelines
The program sets several strict timelines:
- March 2026 — registration opens for all developers. According to Google, it already covers almost all installations via Google Play and a significant share of installations from third-party sources.
- July 2026 — launch of APIs for bulk registration (Android Developer ID Status API and Android Developer Console API) with OAuth delegation support for third-party stores.
- August 2026 — global launch of the more complex installation path for unverified apps and release of limited free accounts for students and hobbyists.
- 30 September 2026 — the start of mandatory enforcement in the four initial countries.
- 2027 — planned global rollout.
To complete verification, a developer must provide Google with their legal name, address and contact details, and in some cases upload a government-issued ID document. Ownership of each app is confirmed by submitting an APK signed with the developer’s private key. A standard account costs a one-time fee of 25 USD.
Technical implementation
Verification is performed directly on the device. Starting in June 2026, Google is rolling out a new system service — Android Developer Verifier — to phones running Android 8 and newer, which confirms that an app belongs to a verified developer before installation.
Once activated in the initial regions, an unregistered app will not install via the standard path. Two workaround options remain:
- Android Debug Bridge (ADB) — installation via command line, available to technically proficient users.
- Complex route — a deliberately cumbersome procedure: enabling Developer mode, rebooting the device, a 24‑hour waiting period, and re-authentication before installing an unverified app.
Certified devices are those that ship with Google services and Play Protect. This covers the overwhelming majority of Android devices outside China, although the exact share is a matter of debate.
Conflict with the free software ecosystem
Google justifies the initiative as a way to combat malware: the company claims that apps from third-party sources contain significantly more malware than those on Google Play, and that scammers are increasingly persuading victims to install a malicious APK immediately. According to Google, the choice of the four initial countries is driven by high levels of app-based fraud, including by repeat offenders.
However, the reaction from the open-source community has been sharply negative. The F-Droid repository stated that the verification requirement will effectively destroy the project, since it builds and signs apps from many pseudonymous contributors who do not intend to disclose their legal identity to Google. F-Droid’s model, under which the repository itself signs builds, is fundamentally incompatible with the requirement to confirm ownership of each app via an individual developer’s key.
The Keep Android Open campaign, reportedly backed by organizations in many countries, has called on Google to drop identification requirements for apps distributed outside the Play Store. Google’s concessions — the more complex installation route and limited accounts for up to 20 devices without ID — defuse accusations of completely killing sideloading, but do not resolve the fundamental issue: a single private company is obtaining control over the app installation path on practically all Android devices outside China.
Impact assessment
For mainstream users, the changes will be largely invisible — apps from verified developers will continue to install as before. The main impact will fall on several categories:
- Independent developers in the initial regions who do not complete registration before the deadline — their apps will become unavailable for new installations.
- Free software repositories (F-Droid and similar), whose distribution architecture does not associate each app with a specific verified individual or entity.
- Organizations distributing internal apps outside app stores — they will need either verification or the use of the complex installation route.
Three critical questions remain unanswered ahead of global rollout: the mechanism for appealing erroneous blocks, the data retention policy for the identification registry, and the availability of an alternative path for repositories that cannot verify ownership of each app without fundamentally restructuring their operations.
Recommendations
For developers distributing apps in Brazil, Indonesia, Singapore and Thailand: complete registration in the verification program by 30 September 2026. Prepare your legal information and signed APKs in advance — the process may require uploading an ID document.
For operators of third-party app stores: integrate the APIs for checking developer status (available from July 2026) and use OAuth delegation to simplify registration for your developers.
For students and hobbyists: wait for the launch of limited free accounts in August 2026 — they will allow you to distribute apps to up to 20 devices without ID verification or payment.
For all Android app developers: regardless of your current distribution region, take into account the planned global rollout in 2027 and start the verification process in advance. The practical deadline is to complete registration in the coming months instead of waiting for the program to expand to new markets.
