In August of last year, Google announced one of the most controversial maneuvers from the history of Android: completely changing the DNA of your operating system. This means that, in the future, any app you want to install on your Android device, wherever it comes from, must be signed by a verified developer.
Now we know the implications of this a little better and there is a group that is not happy: app developers.
In short. With the objective, according to Google, of strengthening the security of ecosystems and in full trial against Epic for the antitrust case which led Android to open up to third-party stores, the company announced a series of measures to make its system and users safer.
In essence, there are critics pointing out that what they really want is more control, but basically what Google is going to start asking for is that developers identify themselves if they want their app to be downloaded. We are not talking about an ID to publish in the Play Store, but in any Android store. According to the company, they will begin by verifying the installations from the following stores:
- Google (Google Play)
- Honor (HONOR App Market)
- OPlus (OPPO App Market)
- Samsung (Galaxy Store)
- Transsión (Palm Store)
- Vivo (V-Appstore)
- Xiaomi (GetApps)
The justification of malware. Google defends the decision in order to strengthen the security of ecosystems and “prevent malicious actors from hiding behind anonymity to launch harmful applications.” In fact, when they took the measure they pointed out that they have detected 50 times more malware in apps downloaded outside the Play Store than in their store.
According to the company, it is the beginning of a deployment that will be an industry-wide effort, but will contribute to creating a safer ecosystem. And, if the question is how they will do it, developers will have access to a new ‘Android Developer Console’ that will be mandatory and in which they will have to provide legal name, address, email and telephone number.
Additionally, organizations will need a corporate website and a DUNS number (like a business ID). Very sensitive data, but which Google promises not to show to anyone but themselves. As if leaks of this kind of thing didn’t exist, wow…
The airport metaphor. In the message from a year ago, Google compared this measure to airport procedures in which travelers renounce rights in order to gain security. “Think of this as an identity check at the airport, which confirms a traveler’s identity, but separates it from the security screening of the bags,” Google commented.
“We will confirm who the developer is, but we will not review the content of their application or where it came from,” they said.
Calendar. That said, the wheel keeps turning for Google and in the post blog of developers have better detailed the calendar:
- June 2026– A new developer authentication service will be installed on most Android devices.
- July 2026– The Developer ID Status API will be launched globally, as well as an account type designed for students and hobbyists to share their apps with up to 20 devices without a country-issued ID, coming in early access.
- August 2026– July early access will be consolidated, but they will also launch an “advanced flow” system for installing apps from unverified developers that will include security checkpoints to resist coercive scams. They assure that it is the method so that advanced users continue to be able to download apps from unverified developers.
- September 30, 2026: the big stuff begins. App registration will be required for participating stores in Brazil, Indonesia, Singapore and Thailand. Unregistered apps can be downloaded with Android Debug Bridge or advanced flow.
- 2027: After receiving feedback from everyone and the first tests in those countries mentioned, they will expand the program worldwide.
Worry. How it will affect us users remains to be seen. Google comments that the majority of developers in the Play Store are already verified and more than 99% of their apps have been registered. Those who distribute outside of Google Play can register from the android developer console and the students have this access to prepare (in case you are interested).
On Reddit, developers have shown concern due to the need to show a national identification, arguing that Google is not an airport or an official institution, but reactions have also been seen positive arguing that anything that involves preventing coercive scam apps (an important group of apps that Google wants to eliminate with these practices) is fine.
The head of Android himself already commented in August of last year that It is a fundamental feature for Androidwhich is not going away and they simply want to protect users from malicious developers, not limit user options. The problem is that it is not so clear what is going to happen with all those apps that are distributed via APK, which do not have to be malware or piracy and that, certain users who have chosen Android, did so precisely when the system was opened.
and reaction. As points out my colleague Iván in Xataka Móvilthe developers have not sat idly by. Despite Google’s pro-security arguments, they see this move as something that simply wants to give them more control over the system and its developers. That is why campaigns such as ‘Keep Android Open’ have emerged, bringing together signatories from around twenty countries, including heavyweights such as EFF, the Free Software Foundation, the Tor Project, Proton, KDE, LineageOS and Nextcloud.
The argument is the following:
“You, the consumer, bought your Android device trusting Google’s promise: an open computing platform on which you could run any software you wanted.
However, starting in September 2026, Google will implement, without your consent, an update to its operating system that will permanently block this right and leave you at the mercy of Google’s discretion about which software you are allowed to trust.
In Xataka | “The biggest mistake of all time”: Bill Gates let slip 400 billion when Microsoft didn’t buy Android
GIPHY App Key not set. Please check settings