Google has made some significant moves to increase security around Android app distribution. Moving forward, any new developer accounts registered as organizations will need to register with a D-U-N-S number that Dun & Bradstreet has assigned as valid for their use. This initiative focuses on increasing user trust and the accountability of developers through their registration on the platform. FULL ENFORCEMENT OF THIS POLICY WILL START IN SEPT 2026, FOCUSING ON MARKETS IN BRAZIL, INDONESIA, SINGAPORE, AND THAILAND.
Beginning in July 2023, Google began to require developers to provide their D-U-N-S number before they can submit an app. This additional security layer aims to provide a uniform level of accountability across the entire Android ecosystem. By introducing these regulations, Google is trying to prevent the harm third-party marketplaces allow malicious apps to cause.
Gradual Rollout of Developer Verification
Google intends to roll out the verification process in phases, beginning to invite organizations in October 2025. The service is to be completely open to all developers by March 2026. This tiered approach provides Google a way to manage the influx of applications at scale. It ensures that private developers live up to the new expectations.
The verification process would cover anyone passing out apps via the Play Store. It will further trickle down to developers not on this platform. This far-reaching provision ensures that each app sideloaded or downloaded on certified Android devices within the defined areas is logged. Now only registered developers are able to register these types of apps.
“Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices,” – Google
Addressing Malicious Apps and Sideloading Risks
It’s true that malicious apps generally hide in third-party app marketplaces. Google’s policy creates some minimum level of accountability for developers to help address this problem. The firm points out that the updated rules will greatly impose effort on bad actors. It will be infinitely more difficult for them to get a bad application back in circulation once one is removed from circulation.
Specifically, Google is eviscerating the sideloading of potentially dangerous apps. This work includes markets such as Singapore, Thailand, Brazil and India. This anti-malware action, described as an important ongoing commitment to user safety that protects devices from harmful software, is the logical conclusion of the previous strategic shift.
“This creates crucial accountability, making it much harder for malicious actors to quickly distribute another harmful app after we take the first one down,” – Google
Enhancing Existing Security Measures
Google’s new verification requirement will work alongside other security measures that should already be adopted. By incorporating this requirement, the tech giant hopes to strengthen the security ecosystem around Android app distribution even more.
With the rapid development of the mobile application ecosystem, Google understands that long-term success hinges on ensuring a trusted and safe experience for users. The move to mandatory verification is the company’s latest effort to maintain a safe space for its users.
“At this point, any app installed on a certified Android device in these regions must be registered by a verified developer,” – Suzanne Frey
