Do Son 
Google announced its Android developer verification program in 2025. The plan requires a valid developer signature, even on sideloaded apps. Critics quickly warned that this would damage Android’s open ecosystem. So the policy drew heavy pushback. Even so, Google pressed ahead to fight fraud. The target is scammers who trick victims into installing phishing apps disguised as banking or utility tools to steal data.
After the backlash, Google tuned the program to balance openness and safety. Users can still install unsigned apps, for example. However, a forced 24-hour wait now applies. Developers can also request a limited distribution account. That account needs no verification or fee, and it can share apps to 20 devices.
The Rollout Timeline Is Now Public
Starting this month, Google began pushing a new system service to most devices with GMS. The service installs automatically. Later this year, it will check developer registration. It forms the base for the install limits and the verification mechanism to come. For now, this is only an early push. The final verification rules take effect first on September 30 in Brazil, Indonesia, Singapore, and Thailand.
Month-by-Month Schedule
- June 2026: Google pushes the new system service to prepare devices for sideload verification.
- July 2026: The Developer ID Status API launches globally. Early access to the Android Developer Console API also opens.
- July 2026: Limited distribution accounts enter early access for students, hobbyists, and learners. These accounts need no fee and support 20 devices.
- August 2026: Google plans the global launch of limited distribution accounts and the new Android Developer Console API.
- August 2026: Google rolls out the advanced flow for power users, which allows sideloading without verification.
- September 2026: From September 30, enforcement begins in Brazil, Indonesia, Singapore, and Thailand. There, users can only sideload verified apps.
How to Install Unverified Apps
To keep some flexibility for experienced users, Google built a 24-hour safeguard. Users can enable “allow sideloading of unverified apps” in settings ahead of time. The process then requires a 24-hour wait. Only after that delay can a user install an app with no developer ID.
The benefit is clear. When a scammer pushes a victim to install an unverified app, the system blocks the quick path. The 24-hour gap should give the victim time to notice the trick.
A One-Time Setting, for Now
The 24-hour safeguard is a one-time setup. After you enable it, future installs of unverified apps need no repeat step. Google may still adjust this based on telemetry, though. If the one-time setting fails to stop scammers, the company could switch to a timed shutoff. The next sideload would then need another 24-hour wait. That last part is only our guess.
ADB Sideloading Skips Verification
Developers and power users have a faster route. Through the Android Debug Bridge (ADB), users can still install any unverified app from the command line. This path needs no 24-hour wait. The app installs and runs right away. Google likely assumes that few scammers can talk a victim into connecting a phone to a PC for ADB. So ADB stays a fairly open interface.
Global Expansion Arrives in 2027
By 2027, Android developer verification will reach the whole world. At that point, certified GMS devices will require a verified developer for standard sideload installs. The system will block unverified apps outright. Users will then face two choices. They can enable the verification-free path and wait 24 hours, or they can use ADB. Google laid out the full plan in its developer blog post.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
