Apps loaded with malware have been a problem on Android phones for years, and a key reason behind it is the open nature of the operating system. Unlike iOS, which only allows installation of apps from the App Store on iPhones, you can run apps pulled from virtually any corner of the internet on an Android phone.
What is changing for Android
“Android will require all apps to be registered by verified developers to be installed by users on certified Android devices,”saysthe company. If you have an Android phone in your hands that was purchased from a legitimate brand, it most likely falls in the “certified” device category.
A certified device is one that has been tested for security protocols by Google’s team and ships with theGoogle Play Protect guardrails, such as scanning for viruses. So, what exactly is changing? Well, Google now wants to verify the identity of the developers whose app you are trying to install on your Android phone.
In a nutshell, if the developer is unverified, theapp will be blocked from getting installed. In 2023, Google made it mandatory for all developers to verify their identity or business to list their app on the Google Play Store. That rule left the doors open for developers who distribute their apps independently or through other app stores on the internet.
That meant bad actors often took advantage of this loophole and shipped apps with all kinds of malware, from trackers to information stealers. Now, if you intend to install an app from one of these third-party stores, Google will first verify the identity of the developer or business that is offering the app.
Doing so will ensure that Google at least knows the source of all the apps that are being installed on Android phones. In the future, if an app is flagged as risky or malicious, the developer behind it can be held accountable. Additionally, users can also breathe easy knowing that the app they are about to install comes from a legitimate entity, and not some anonymous individual or shady business.
Why does it matter?
Google says ever since it implemented identity verification for developers listing their app on the Play Store, it has helped stop bad actors from “exploiting anonymity to distribute malware, commit financial fraud, and steal sensitive data.” The same identity check is now being extended to apps (and the developer behind them). Irrespective of the website or store, users are downloading them.
Google notes that it will begin verifying developers starting in March next year, and by September, the rule will be implemented in a bunch of Asian markets. It will continue to expand in more countries in 2027 and beyond. The new rule will hopefully plug the influx of bad apps from independent sources.
The company says apps downloaded from the internet are responsible for “over 50 times more malware” compared to those users download from the Play Store, where they undergo a list of security checks and developers’ identities are verified, as well.
Google has also pushed AI in the battle against shady apps. Since 2017, the company has been using Machine Learning to sniff out harmful applications. The company is also using on-deviceGeminiAI todetect scams in calls and text messageson Android phones, and offersan enhanced layer called Advanced Protectionto safeguard devices.
