Google’s New Android Developer Verification Will Increase Device Security Risk for Power Users

Google’s upcoming Android Developer Verification Program (ADVP), which launches fully in 2026, requires all developers to register and verify their identities before their applications can be installed on certified Android devices.

The ADVP mandates developers to create an account in the new Android Developer Console and submit extensive personal information. Developers must provide their legal name, physical address, email, and phone number. Many must also supply government-issued identification, which supports verification. Organizations face additional requirements, such as providing a DUNS (Data Universal Numbering System) number. Once verified, developers must register the unique identifiers for all their applications. This process links each app’s cryptographic signature to a verified real-world entity, establishing a traceable chain of custody for all software distributed on certified devices.

Google says that this constitutes a necessary step to combat the rising tide of malware and financial fraud, citing internal research. The research suggests that apps sideloaded from the internet are over 50 times more likely to contain malware than those from the Google Play Store. The company argues that this verification process is akin to an “ID check at the airport,” aimed at making it more difficult for malicious actors to operate anonymously.

However, what Google claims to do for the sake of security will, in fact, result in less security overall for power users who want to continue using unverified apps.