Google has clarified its stance on upcoming developer verification requirements for Android apps following criticism from independent app stores like F-Droid, stating that sideloading is fundamental to Android and will continue.
The tech giant explained in a blog post titled “Let’s talk security: Answering your top questions about Android developer verification” that the new rules aim to enhance safety by linking every Android app to a verified developer identity. According to Google, this measure will make it more challenging for malicious actors to impersonate developers or distribute malware through applications. The company emphasized that the new developer identity requirements are designed to protect users and developers from bad actors, not to limit choice. Google also confirmed that verified developers will remain free to distribute their apps through any method, including direct downloads and third-party app stores.
To accommodate hobbyists and small-scale creators, Google is introducing a free developer account option. This will allow them to distribute apps to a limited number of devices without undergoing the full verification process that requires submitting a government ID. To utilize this option, an end-user must share a device identifier with the application developer, who then enters that identifier into Google’s console and provides the user with instructions for downloading the app. This system enables Google to limit the number of devices that can install applications from an unverified developer. Any developer wishing to distribute their app to a broader audience must still complete the full identity verification process.
However, the announcement did not address the primary concern raised by F-Droid regarding the control of developer identities and signing keys. F-Droid noted that under the new rules, all Android apps—even those distributed outside the Play Store—will need to be associated with a Google-verified developer account. The organization argues that this effectively makes Google the central authority for all Android app distribution, threatening the viability of alternative app stores. F-Droid also stated that it cannot take over app identities for its open-source contributors, and as a result, many community-built apps could be removed if their developers cannot or will not register with Google. While the technical function of sideloading will continue to exist, the ecosystem of independent app stores that depends on it could be impeded.
