September 30, 2026: certified Android phones in Brazil, Indonesia, Singapore and Thailand will block normal installs of apps whose developers have not registered an identity with Google.
Android Developer Verifier and the advanced flow
Google will begin enforcing developer verification on September 30, 2026, in four launch markets by pushing a new system service called the Android Developer Verifier to phones running Android 8 and newer starting in June 2026. The verifier runs on the device and confirms that an app is registered to a verified developer before the app installs. On certified devices — the phones that ship with Google's services and Play Protect — an unregistered app will not install through the normal path in the four countries after the deadline.
Google retains two escape routes for sideloading. Unregistered apps can still be installed over Android Debug Bridge (ADB) or through an “advanced flow” that Google built earlier in 2026. That advanced flow is deliberately high-friction: it requires the user to turn on developer mode, restart, wait 24 hours, and reauthenticate before sideloading an unverified app. Google plans to make that advanced flow available globally in August 2026.
Developer registration, new APIs, and the 20-device lane
Registration opened to all developers in March 2026. To register, a developer supplies a legal name, address, and contact details, may have to upload a government ID, and proves ownership of each app by submitting an APK signed with their private key. Google says registration already covers nearly all installs on Google Play and a large majority of installs from outside it.
Google is adding two interfaces in July 2026: an Android Developer ID Status API and an Android Developer Console API, plus OAuth delegation so a third‑party store can run parts of the process for developers. Separately, a free limited-distribution account will enter early access in July and launch globally in August; it lets students and hobbyists share apps with up to 20 devices with no government ID and no fee. The standard full developer account carries a one-time $25 fee.
F‑Droid, Keep Android Open, and the open-source objections
Pushback has been immediate from free‑software and open‑source repositories. F‑Droid says the requirement would end its project because it builds and signs apps from many pseudonymous contributors who will not hand Google a legal identity. A Keep Android Open campaign, backed by more than 70 organizations in 23 countries, has asked Google to drop the ID checks for apps shipped outside Play.
Google frames the change as an anti‑malware measure: it says sideloaded sources carry far more malware than Google Play and that scams increasingly work by persuading victims to install a malicious APK on the spot. The identity check and the 24‑hour wait are intended to blunt that vector. Google also says it chose Brazil, Indonesia, Singapore, and Thailand because those markets are hit hard by app scams, often from repeat offenders.
How certified-device users, device-makers, and open-source maintainers will be affected
- Certified-device users: Most users will not notice day‑to‑day changes because apps from verified developers continue to install as before. Where friction appears, it will be with apps from developers Google has not verified; those installs require ADB or the advanced flow.
- Device-makers (Samsung, Xiaomi, OPPO, vivo, Honor, Transsion): The major device‑maker app stores named by Google are participating from the start, so apps delivered through those vendor stores will be subject to the same verification check on certified devices in the launch markets.
- Open-source maintainers and repositories (F‑Droid): Projects built on pseudonymous contribution and multi‑maintainer signing face the hardest choice. F‑Droid says its current model — building and signing apps from many contributors — collides with per‑app ownership checks that require an APK signed with a single developer’s private key and an associated legal identity.
Unanswered system design questions before global rollout
Google’s technical changes do not resolve three policy and governance questions that the community has highlighted ahead of a global rollout in 2027: whether Google will spell out an appeals process for developers it flags by mistake; what it will store in the identity registry and for how long; and whether it will offer any path for repositories like F‑Droid that cannot meet the per‑app ownership check without changing how they work. Critics also point to a broader concern: even with concessions such as the advanced flow and 20‑device accounts, a single company would sit at the installation path for nearly every Android device outside China and decide who gets the smooth lane.
The clock is now visible: APIs arrive in July, the advanced flow goes global in August, and verification enforcement begins September 30 in four countries. The technical controls and the concessions Google has announced reduce some immediate disruption, but the unresolved governance questions will determine whether independent and community distribution channels can survive the transition.
