In short, Google is clamping down on how Android deals with sideloaded apps. They have a hard date for these new verifications, but they’re not closing the door on the power user. The first round of enforcement is set for September 30, 2026, with a soft start in places like Brazil, Indonesia, Singapore and Thailand before it becomes universal for all certified Androids in 2027.
Why this is being done now
Google is bringing its various Android app stores in line with one developer verification system. The goal is to stop fraud, not to ban sideloading. One number they like to put out there: an app you pull from the internet has 50 times the malware risk of one from the Play Store.
Then there’s the 2025 GASA report that put the cost of global scams at $442 billion. What you’ll see with the new setup is a way to put the brakes on the kind of hasty installs scammers count on, and at the same time give real developers a level playing field in every store.
Strict rules, but we’re getting there in stages
For the average person, you won’t notice much right off the bat. A system service is coming in via a Google System Update this month to eventually handle developer registration, but it won’t change your install routine for now.
Come July, the Android Developer ID Status API will be available worldwide. That’s also when early access to the Console API and for some limited distribution accounts on the Android Developer Console will open up.
By August, those limited accounts and the new API are live. And before the September 30 deadline, so is the more in-depth flow for putting on apps from unverified sources.
The important dates
A quick rundown of what Google has put out there:
– This month: the new system service makes a quiet appearance
– July: ID Status API is out in the open
– July: you can get at the Console API and limited accounts
– August: limited accounts and the API go global
– September 30, 2026: the new protections are in effect in four countries
– 2027: it’s a full-on rollout for certified devices
What it means if you like to sideload
You can still sideload an app you haven’t registered, but it won’t be as easy. You can do it through ADB or an advanced flow that is meant to add some friction.
With the advanced route, you’ll have to put in a little work. Turn on developer mode, confirm you aren’t being talked into it, reboots and re-authentication, sit through a 24-hour cooling-off period, and pass a biometric or PIN check before you can hit ‘Install Anyway’.
Developers: show your papers or keep it small
Once September 30 hits in the relevant stores, you have to be in the system. But for the student, the tinkerer, or the hobbyist, there are now limited distribution accounts to make things a little easier.
When they come out in August, you can put an app in front of 20 devices with no fee and no need for an ID. We’re seeing early access to that in July, which is a good way to test the waters before the rest of the rules kick in.
Stores that have to play along
This isn’t just about the Play Store. As of September 30, you’ll have to register your app in a number of partner stores as well.
We’re talking about the likes of Samsung’s Galaxy Store, Xiaomi’s GetApps, and others. It’s all to have the same guardrails in place for the typical Android user.
To be clear, here is the list of stores Google is referring to:
– Google Play Store
– Samsung Galaxy Store
– Xiaomi GetApps
– Honor App Market
– Oppo App Market
– vivo V-Appstore
– Transsion Palm Store
Where do we go from here?
As long as you are using the big-name stores, you can carry on as usual until the 30th of next year, and even then only in the first few markets. Anywhere else, an unverified app is going to require the advanced flow or ADB.
It’s a sign of a more controlled Android, but one that doesn’t take away the option for the ones who want it. We’ll see it start in Brazil, Indonesia, Singapore and Thailand, with the rest of the world to follow in 2027.
