{"id":13295,"date":"2025-08-28T09:53:40","date_gmt":"2025-08-28T16:53:40","guid":{"rendered":"https:\/\/jasonsblog.ddns.net\/?p=13295"},"modified":"2025-08-28T09:54:45","modified_gmt":"2025-08-28T16:54:45","slug":"google-to-verify-all-android-devs-to-protect-users-from-malware","status":"publish","type":"post","link":"https:\/\/jasonsblog.ddns.net\/index.php\/2025\/08\/28\/google-to-verify-all-android-devs-to-protect-users-from-malware\/","title":{"rendered":"Google to Verify All Android Devs to Protect Users From Malware, Including Sideloaded Apps"},"content":{"rendered":"\n

Big Tech platforms, including Apple and Microsoft<\/a>, are working to make sure any software run on your devices was approved by them, and they know who the developer is. And there is probably a fee to be a verified developer. But this clearly is building towards censorship on what software you can run on your devices, and they’re also moving towards AI agents that will track everything you do, including reading your communications before they go into end to end encryption apps. This is clearly building toward the mark of the beast system and the digital Panopticon.<\/p>\n\n\n\n

https:\/\/www.bleepingcomputer.com\/news\/security\/google-to-verify-all-android-devs-to-protect-users-from-malware\/<\/a><\/p>\n\n\n

<\/div><\/div><\/div>\n\n\n

By Bill Toulas<\/p>\n\n\n\n

\"Google<\/figure>\n\n\n\n

Google is introducing a new defense for Android called \u2018Developer Verification\u2019 to block malware installations from sideloaded apps sourced from outside the official Google Play app store.<\/p>\n\n\n\n

For apps on Google Play, there was already a requirement for publishers to provide a D-U-N-S (Data Universal Numbering System) number, introduced on August 31, 2023<\/a>.<\/p>\n\n\n\n

Google says this has had a notable effect in reducing malware on the platform. However, the system didn\u2019t apply to the vast developer ecosystem outside the app store.<\/p>\n\n\n\n

\u201cWe\u2019ve seen how malicious actors hide behind anonymity to harm users by impersonating developers and using their brand image to create convincing fake apps,\u201d reads Google\u2019s announcement<\/a>.<\/p>\n\n\n\n

\u201cThe scale of this threat is significant: our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.\u201d<\/p>\n\n\n\n

Although the threat is more prevalent outside Google Play, the developer verification requirement applies to both apps on Google Play and apps hosted on third-party app stores.<\/p>\n\n\n\n

Starting in 2026, all apps installed on certified Android devices must come from developers who have verified their identity with Google.<\/p>\n\n\n\n

Early access to the Developer Verification program will begin this year in October, and the system will open to all Android application developers in March 2026.<\/p>\n\n\n\n

In September 2026, the identity verification requirement will become mandatory for Brazil, Indonesia, Singapore, and Thailand, before it rolls out globally in 2027.<\/p>\n\n\n\n

The expected effect is to have sideloading, non-compliant apps blocked by the operating system with a security message on certified devices.<\/p>\n\n\n\n

Certified Android devices are those that have passed Google\u2019s Compatibility Test Suite (CTS) and are approved to ship with Google Play Services, Play Store, and Play Protect.<\/p>\n\n\n\n

In practice, this encompasses all mainstream devices from Samsung, Xiaomi, Motorola, OnePlus, Oppo, Vivo, and the Google Pixel line.<\/p>\n\n\n\n

Non-certified devices are those from Huawei, Amazon Fire tablets, and shady Chinese TV boxes or smartphones that use heavily modified OS images and questionable components<\/a>.<\/p>\n\n\n\n

Those devices are not subject to the new rule enforcement, and their users will be able to continue sideloading APKs from unverified and anonymous developers.<\/p>\n","protected":false},"excerpt":{"rendered":"

Big Tech platforms, including Apple and Microsoft, are working to make sure any software run on your devices was approved by them, and they know who the developer is. And there is probably a fee to be a verified developer. But this clearly is building towards censorship on what software you can run on your […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-13295","post","type-post","status-publish","format-standard","hentry","category-tech"],"blocksy_meta":[],"featured_image_src":null,"author_info":{"display_name":"Jason","author_link":"https:\/\/jasonsblog.ddns.net\/index.php\/author\/jturning\/"},"_links":{"self":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/13295","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/comments?post=13295"}],"version-history":[{"count":2,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/13295\/revisions"}],"predecessor-version":[{"id":13297,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/13295\/revisions\/13297"}],"wp:attachment":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/media?parent=13295"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/categories?post=13295"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/tags?post=13295"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}