Google plans to require all Android app developers who distribute software outside its Play Store to register with their real names and pay a fee, a policy the company calls developer verification. Failure to comply will block those apps from being installed on virtually all Android devices. The policy is expected to debut officially in the coming weeks.
The move marks another step in Android’s gradual drift away from its founding identity. When Google introduced Android nearly 20 years ago, it positioned the platform as the first “truly open” mobile operating system, a direct contrast to Apple’s tightly controlled App Store model. That gap has been narrowing for years, and developer verification may be the most direct challenge yet to Android’s open legacy.
The Security Argument
Google frames the policy as a logical evolution of its security infrastructure. The company says its Play Protect anti-malware system now scans 350 billion Android apps every day, covering both Play Store downloads and sideloaded apps. The argument is that developer verification adds a layer Play Protect cannot: blocking an entire developer profile rather than flagging individual apps after the fact.
Christoph Hebeisen, director of security intelligence research at Lookout, gives Google some credit here. He says there is far less malware inside Google Play than outside it, and that threat actors largely avoid the platform because apps get flagged too quickly to be worth the effort. Blocking a developer account at the identity level, he explains, is structurally more effective than reactive app scanning.
Google has also pointed to cases where users are coached by bad actors to disable Play Protect, arguing that stricter upstream controls are necessary when downstream protections can be turned off.
Critics Push Back
Not everyone accepts the premise. Marc Prud’hommeaux, a board member of F-Droid, a free and open-source software storefront, questioned the evidence behind Google’s claims. “These scenarios seem really implausible to me, but [Google has] not revealed any specific numbers about how many people are affected by this,” he said. “They only quote very vague statistics that say there’s 50 times as much malware outside the Play Store than there is inside the Play Store.”
The concern is not just about data transparency. Requiring real-name registration and a fee from developers outside Google’s own ecosystem effectively raises the barrier for independent and open-source software distribution. F-Droid, which hosts apps that never touch the Play Store, would be directly affected. Smaller developers building niche tools or privacy-focused software could simply walk away.
Apple Envy, by Another Name
Hebeisen offered a candid read on Google’s motivation. “I think Google probably looked at Apple and wondered ‘why has it worked for them?'” he said. “Because from a technical perspective, there isn’t a fundamental security difference. Why has there been more malware reporting around Android than for iOS? And I think they have come around to the conclusion that the developer ecosystem and the ability to actually get an app distributed and installed makes a big difference.”
Android has already moved significantly in Apple’s direction: granular runtime permissions, mandatory incremental security patches for new devices, and progressively harder sideloading. Developer verification accelerates that trajectory.
The platform is measurably safer than it was a decade ago. Whether locking down the developer pipeline outside the Play Store addresses real threats at scale, or mainly disadvantages the independent developers who defined Android’s open character, is a question Google has not yet answered with hard numbers.
Photo by Kelly Sikkema on Unsplash
This article is a curated summary based on third-party sources. Source: Read the original article
