2 Sources
[1]
Google is moving to protect your Android phone from anonymous apps
Apps loaded with malware have been a problem on Android phones for years, and a key reason behind it is the open nature of the operating system. Unlike iOS, which only allows installation of apps from the App Store on iPhones, you can run apps pulled from virtually any corner of the internet on an Android phone. What is changing for Android "Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices," says the company. If you have an Android phone in your hands that was purchased from a legitimate brand, it most likely falls in the "certified" device category. Recommended Videos A certified device is one that has been tested for security protocols by Google's team and ships with the Google Play Protect guardrails, such as scanning for viruses. So, what exactly is changing? Well, Google now wants to verify the identity of the developers whose app you are trying to install on your Android phone. In a nutshell, if the developer is unverified, the app will be blocked from getting installed. In 2023, Google made it mandatory for all developers to verify their identity or business in order to list their app on the Google Play Store. That rule left the doors open for developers who distribute their apps independently or through other app stores on the internet. That meant bad actors often took advantage of this loophole and shipped apps with all kinds of malware, from trackers to information stealers. Now, if you intend to install an app from one of these third-party stores, Google will first verify the identity of the developer or business that is offering the app. Doing so will ensure that Google at least knows the source of all the apps that are being installed on Android phones. In the future, if an app is flagged as risky or malicious, the developer behind it can be held accountable. Additionally, users can also breathe easy knowing that the app they are about to install comes from a legitimate entity, and not some anonymous individual or shady business. Why does it matter? Google says ever since it implemented identity verification for developers listing their app on the Play Store, it has helped stop bad actors from "exploiting anonymity to distribute malware, commit financial fraud, and steal sensitive data." The same identity check is now being extended to apps (and the developer behind them). Irrespective of the website or store, users are downloading them. Google notes that it will begin verifying developers starting in March next year, and by September, the rule will be implemented in a bunch of Asian markets. It will continue to expand in more countries in 2027 and beyond. The new rule will hopefully plug the influx of bad apps from independent sources. The company says apps downloaded from the internet are responsible for "over 50 times more malware" compared to those users download from the Play Store, where they undergo a list of security checks and developers' identities are verified, as well. Google has also pushed AI in the battle against shady apps. Since 2017, the company has been using Machine Learning to sniff out harmful applications. The company is also using on-device Gemini AI to detect scams in calls and text messages on Android phones, and offers an enhanced layer called Advanced Protection to safeguard devices.
[2]
Google to block unverified Android apps starting in 2025
Google will initiate a system to block the sideloading of unverified Android applications, a move impacting how apps are installed on certified Android devices. This initiative, slated to begin its rollout next year, aims to enhance security by verifying the identities of Android app developers, regardless of whether they distribute their apps through the Google Play Store or other channels. Android, known for its open ecosystem compared to iOS, has gradually incorporated more security measures. This new verification system represents a significant step, potentially altering the app distribution landscape. Google's rationale stems from its aim to improve the platform's security reputation, addressing concerns about malware and fraudulent applications. In the past, the Google Play Store, formerly known as the Android Market, had limited curation. This resulted in instances of exploits being published that could grant root access to devices. Over time, Google implemented various review and detection mechanisms to mitigate the prevalence of malware and prohibited content. Despite these improvements, Google asserts that applications sideloaded from sources outside the Play Store are statistically more prone to containing malware. According to Google's data, sideloaded apps have a 50 times greater likelihood of harboring malware compared to those obtained through the Play Store. This statistic serves as the primary justification for the implementation of the developer verification system. Google likens the process to an "ID check at the airport," emphasizing the security benefits of confirming developer identities. Google's experience with requiring identity verification for Google Play app developers in 2023 has reportedly led to a substantial reduction in malware and fraudulent activities. The anonymity afforded to malicious actors facilitated the distribution of harmful applications. Therefore, extending identity verification to developers distributing apps outside the Play Store is expected to bolster overall security. Implementing this verification system for apps distributed outside the Play Store will require Google to adopt a strategy similar to Apple's approach, potentially impacting Android users and developers. Google plans to introduce a dedicated Android Developer Console designed for developers intending to distribute applications independently of the Play Store. This console will serve as the primary tool for developer verification. Developers will be required to undergo an identity verification process within the new Android Developer Console. Upon successful verification, they must register the package name and signing keys associated with their applications. Google clarified that this process will not involve a review of the app's content or functionality, focusing solely on verifying the developer's identity. Google specifies that only applications with verified identities will be installable on certified Android devices. Certified Android devices encompass the vast majority of Android devices that include Google services. Devices running non-Google builds of Android will not be subject to these restrictions, though this represents a small portion of the overall Android ecosystem outside of regions like China. The rollout of the new verification system is planned in phases. Google intends to initiate early access testing in October 2025. By March 2026, the Android Developer Console will be accessible to all developers, enabling them to undergo the verification process. The feature is scheduled to launch in Brazil, Indonesia, Singapore, and Thailand in September 2026. Google aims to expand the verification requirements globally by 2027. One of the most significant real-world examples of a major company that will be directly impacted by this policy is Huawei. Due to ongoing US restrictions, Huawei's newer devices do not ship with Google Mobile Services (GMS), forcing the company to develop its own ecosystem centered around the AppGallery storefront. However, Huawei's strategy extends beyond its own hardware. To ensure its popular accessories -- such as FreeBuds headphones, smartwatches, and bands -- are fully functional with the broader Android market, Huawei relies heavily on sideloading. The primary application for managing these devices, providing crucial firmware and driver updates, is the 'AI Life' app. To get the latest version with full feature support on non-Huawei phones, users are often required to download the APK directly from Huawei, as the version on the Google Play Store can be outdated or limited. Similarly, for a user of another Android brand to access Huawei's app ecosystem, they must sideload the AppGallery APK. Under Google's new verification system, these essential APKs from Huawei would need to be signed by a developer identity that has been verified through Google's new console. This places Huawei in a unique position. To maintain the viability of its hardware ecosystem for the vast majority of Android users, it will likely need to register and comply with the verification processes of a US company, despite the very restrictions that compelled it to create a parallel ecosystem in the first place.
Share
Copy Link
Google plans to enhance Android security by requiring all app developers to verify their identities, even for apps distributed outside the Play Store. This move aims to combat malware and protect users from anonymous, potentially harmful applications.
Google is set to implement a significant change in its Android ecosystem, requiring all app developers to verify their identities before their apps can be installed on certified Android devices. This move, scheduled to begin rollout in 2025, aims to enhance security and combat the persistent issue of malware-laden applications 1.
Source: Digital Trends
The new system will extend beyond the Google Play Store, affecting apps distributed through third-party channels as well. Google plans to introduce a dedicated Android Developer Console for developers who wish to distribute their apps independently. This console will serve as the primary tool for identity verification, focusing solely on confirming the developer's identity without reviewing the app's content or functionality 2.
Google's decision is driven by alarming statistics: apps downloaded from sources outside the Play Store are reportedly over 50 times more likely to contain malware compared to those from the official store. By implementing this verification system, Google aims to hold developers accountable and provide users with greater assurance about the legitimacy of the apps they install 1.
The rollout of this new security measure will occur in phases:
Source: Dataconomy
This change represents a significant shift in Android's traditionally open ecosystem. While it may enhance security, it could also affect how users and developers interact with the platform. The new policy will particularly impact companies like Huawei, which rely heavily on sideloading for their app ecosystem due to US restrictions 2.
This initiative is part of Google's broader efforts to improve Android security. The company has been using machine learning to detect harmful applications since 2017 and has recently implemented on-device Gemini AI to identify scams in calls and text messages. These measures, combined with the new verification system, aim to create a more secure Android environment 1.
For users, this change promises enhanced protection against malicious apps. However, it may also limit access to apps from unverified sources. Developers, especially those operating outside the Play Store, will need to adapt to the new verification requirements to ensure their apps remain accessible to Android users 2.
As Google moves forward with this significant policy change, it marks a new chapter in the ongoing battle against mobile malware and fraudulent applications in the Android ecosystem.
Mount Sinai researchers develop an AI model that provides individualized treatment recommendations for atrial fibrillation patients, potentially transforming the standard approach to anticoagulation therapy.
3 Sources
Health
22 hrs ago
3 Sources
Health
22 hrs ago
TSMC achieves unprecedented 70.2% market share in Q2 2025, driven by AI, smartphone, and PC chip demand. The company's revenue hits $30.24 billion, showcasing its technological leadership and market dominance.
3 Sources
Business
23 hrs ago
3 Sources
Business
23 hrs ago
UCLA researchers develop a non-invasive brain-computer interface system with AI assistance, significantly improving performance for users, including those with paralysis, in controlling robotic arms and computer cursors.
5 Sources
Technology
22 hrs ago
5 Sources
Technology
22 hrs ago
Gartner predicts AI-capable PCs will make up 31% of the global PC market by 2025, with shipments reaching 77.8 million units. Despite temporary slowdowns due to tariffs, AI PCs are expected to become the norm by 2029.
2 Sources
Technology
23 hrs ago
2 Sources
Technology
23 hrs ago
AI tools are being used to create hyper-realistic, sexist content featuring bikini-clad women, flooding social media platforms and blurring the line between fiction and reality.
2 Sources
Technology
23 hrs ago
2 Sources
Technology
23 hrs ago