Google on Monday said it is officially rolling out Android Developer Verification to all developers to tackle the problem of bad actors distributing harmful apps “while hiding behind anonymity.”
The development comes ahead of a planned verification mandate that will go into effect in Brazil, Indonesia, Singapore and Thailand this September, before expanding globally next year.
As part of this effort, Google requires app developers who distribute apps outside of Google Play to create an account in the Android Developer Console to verify their identity. People who distribute apps through Android’s official app marketplace and have verified their identities may be “already set up,” the tech giant said.
“For most users, the experience of installing apps will remain exactly the same,” said Matthew Forsythe, director of product management for Android app security. “This only happens if a user attempts to install an unregistered app that would require them to have ADB or Advanced Flow, helping us keep the broader community safe while preserving flexibility for our power users.”
Android Studio developers can expect to see the registration status of their apps from within the integrated development environment (IDE) over the next two months when they generate a signed app bundle or APK.
Developers who have met the Play Console’s developer verification requirements will have eligible Play apps automatically registered. If an app cannot be registered, developers are requested to follow the manual app claim process.
As announced a few weeks ago, power users always have the option to sideload unregistered APK files through an advanced flow, which requires an authentication step to confirm they are taking this step of their own free will and a one-time, 24-hour waiting period to deter scammers.
“This flow is a one-time process for power users – but it was carefully designed to prevent those in the middle of a scam attempt from being forced by high pressure tactics to install malicious software,” Forsythe said.
The development comes as Apple has amended its Developer Program License Agreement to enforce privacy rules regarding access to live activities and information of third-party wearable devices.
Apple explicitly notes that third parties “may not use forwarding information for advertising, profiling, training models, or location monitoring,” adding that they may not “disseminate forwarding information to any application, or to any other device, other than your authorized target accessory.”
The newly added section also emphasizes that developers cannot remotely store any forwarding information on a cloud service, make modifications that “materially” change the meaning of the content, or decrypt the data anywhere other than the accessory.
