Android’s openness has long been a double-edged sword: it makes sideloading apps easy, but also leaves users exposed to malicious software. Google is moving to shrink that risk by imposing new controls on apps installed outside the Play Store.
Starting next year, developers who want to distribute Android apps outside the Play Store will need to register in a new, specialized console, verify their identity, and register the package names they plan to publish. The change aims to make sideloading considerably harder for bad actors while keeping legitimate distribution possible.
How Google’s new sideloading controls will work?
Developers who intend to publish apps outside Google Play must sign up for a separate console, complete identity verification, and declare the exact package names they will use. Developers who prefer to stay inside the Play Store can continue using the existing Play Console, which already requires identity verification since 2023.
Google says the Play Console’s verification steps have already driven a noticeable drop in fraudulent apps, financial scams, and malware on the platform. The new process brings that same principle to sideloading, establishing a higher bar for anyone distributing apps directly to users.
Why Google thinks the change is necessary?
According to Google’s analysis, apps installed via sideloading carry roughly 50 times the risk of malware infection compared with apps installed from the Play Store. That stark security gap is a primary driver behind the policy change.
Google also singled out specific markets where sideloaded apps have been most problematic: Brazil, Indonesia, Singapore, and Thailand. Those countries are in the first rollout wave for the developer verification requirement, which begins in September next year.
Rollout and regional timing
The verification system launches first in the countries listed above in September. Google has not yet published a schedule for wider regional expansion, so it is unclear how quickly the measures will reach other markets.
Where this fits in with broader platform changes?
Apple has implemented a similar approach this year after the European Union required iOS to allow apps to be installed outside the App Store. In Apple’s case, third-party distribution also requires developer verification, reflecting a larger industry shift toward stronger identity checks for off-store app delivery.
Google’s move keeps sideloading alive but aims to make it safer by tying app distribution to verified developer identities and registered package names. For users who value choice, the change preserves alternatives to the Play Store. For everyone else, it should reduce the chance of accidentally installing harmful software.
