Google Tightens Android Security with New Dev ID, Keeps Sideloading

Google announced the launch of an early beta program for Android developer authentication, confirming that it will retain sideloading and third–party store distribution mechanisms in the future. The company plans to design two different usage paths for students and advanced users, aiming to strike a balance between preventing fraud and maintaining openness. Compared to only explaining the policy direction in August of this year, Google listened to the community’s opinions and fine-tuned the method this time, beginning to implement it gradually.

Google said in August that in the future, apps installed on officially certified Android devices must be registered by authenticated developers. Regardless of whether the source is Google Play, third-party stores, or APK sideloading, Google plans to open verification to all developers in March 2026, first in Brazil, Indonesia, Singapore, and Thailand in September 2026, and gradually expand globally in 2027.

According to Google’s latest explanation, the core goal of the new system remains to combat fraud and malware. Officials mentioned that in a common scenario in Southeast Asia, attackers ask victims to load fake authentication apps under the guise of bank customer service. Still, in fact, they are malicious programs that intercept one-time passwords in text messages and notifications.

Google believes that even with Play Protect and various alerts, as long as developers can anonymously and repeatedly change their names to publish programs, it is still difficult to eliminate such attacks, so it is necessary to bind the application to the identity of a verified developer to reduce the space for attackers to change shells constantly.

For students and amateur developers, Google announced that it is designing a dedicated account type that allows such developers to publish their work to a limited number of devices without undergoing the complete verification process. The official did not elaborate on the qualifications and restrictions in this announcement, only emphasizing that this is a design in response to the need for sharing works in a small circle, aiming to avoid impacting beginners and experimental projects.

On the other hand, Google also responded to the expectations of advanced users for sideloading freedom by confirming that it will design a new installation process that allows unverified applications to be installed after a clear understanding of the risks. The process will be designed with clearer warning text and interactions, reducing the chance of users being bypassed by step-by-step instructions under the high-pressure instructions of scammers, while leaving room for judgment users to make their own decisions. This process is still in the design stage, and Google has stated that it will continue to collect community opinions before announcing the details.