Google is set to implement a sweeping change to its Android ecosystem, introducing mandatory developer verification for apps. The initiative will first roll out on **September 30, 2026**, in Brazil, Indonesia, Singapore, and Thailand, with major device manufacturers like **Samsung**, **Xiaomi**, **OPPO**, **vivo**, **Honor**, and **Transsion** onboard. Certified Android devices – those equipped with **Google** services and **Play Protect**, representing over 95% of Android devices outside China – will block installations of apps from unverified developers. This applies whether the app originates from **Google Play** or third-party app stores. Most users are unlikely to notice, as apps from verified developers will install seamlessly. The primary impact will be felt by developers whose identities are not registered with Google, particularly those within independent and open-source channels that traditionally operate without requiring Google's explicit permission. Developers distributing through these channels must complete the verification process before the deadline, or their apps will be unavailable for new installations on certified devices in the initial four countries. ## What Activates on September 30? The enforcement mechanism involves a new system service, the **Android Developer Verifier**, which will be pushed to phones running **Android 8** and newer starting in June 2026. This service will confirm a developer's verification status before an app can be installed. After September 30, unregistered apps in the launch markets will not install via the normal process. They can still be installed using **Android Debug Bridge (ADB)** or through an 'advanced flow' introduced earlier this year. This advanced route, which becomes global in August, requires users to enable developer mode, restart their device, wait 24 hours, and reauthenticate before sideloading an unverified app. Developer registration opened globally in March 2026, with Google reporting that it already covers almost all installs on Google Play and a significant majority from external sources.  To register, developers must provide their legal name, address, and contact details, potentially upload a government ID, and prove ownership of each app by submitting an APK signed with their private key. Google is also introducing new APIs in July: an **Android Developer ID Status API** and an **Android Developer Console API**. These will facilitate bulk registration and package-name checks, with **OAuth** delegation enabling third-party stores to manage parts of the verification process for developers. Additionally, a separate lane for free, limited-distribution accounts will enter early access in July and launch globally in August. This allows students and hobbyists to share apps with up to 20 devices without requiring government ID or a fee. The standard full developer account carries a one-time fee of $25. ## The Open-Source Community's Concerns Google frames this initiative as a critical measure against malware, citing that sideloaded apps are a primary vector for malicious software and scams. The identity check and 24-hour waiting period are intended to disrupt these attack chains, with the initial launch countries chosen due to their high rates of app-related scams. However, the program, first announced in August 2025, has met with significant resistance. **F-Droid**, a prominent free-software app repository, has stated that the requirement could lead to the project's demise. F-Droid relies on building and signing apps from numerous pseudonymous contributors who may be unwilling to provide Google with a legal identity. The **Keep Android Open** campaign, supported by over 70 organizations across 23 countries, has called on Google to exempt apps distributed outside Google Play from the ID verification requirements. While Google's concessions—the advanced sideloading flow and the 20-device accounts—address concerns about completely eliminating sideloading, they do not resolve the fundamental issue for critics: the consolidation of power in a single company to gatekeep app installation for nearly all Android devices outside China. Key questions remain unanswered ahead of the global rollout in 2027: Will Google establish a clear appeals process for developers mistakenly flagged? What data will be retained in the identity registry, and for how long? And will there be a viable path for repositories like F-Droid, which cannot meet the per-app ownership check without fundamentally altering their operational model?