When the era of touchscreen smartphones began over twenty years ago, Android's open nature distinguished it from the iPhone. Google has gradually exchanged some of that openness for security, and its upcoming security program may include the largest compromises to date in the name of thwarting malicious apps. Google has declared its intention to start confirming the legitimacy of Android app developers in general, not only those that publish on the Play Store. In the upcoming years, apps without authentication will not function on the majority of Android devices, and Google plans to validate developer identities regardless of where they distribute their content.
Google has long worked to improve the Play Store's reputation as being less secure than the Apple App Store, but it used to undertake virtually little curating of the Play Store (or Android Market, if you go back far enough). In order to obtain root access on phones, you could post real exploits in the official store years ago. However, these days, there are numerous reviews and detection systems to lessen the frequency of malware and prohibited content. Google says apps sideloaded from outside its store are 50 times more likely to contain malware, even though the Play Store is still not flawless.
We are told that this is the reason behind Google's new mechanism for verifying developers. According to the firm, it's similar to a "ID check at the airport." Since implementing identity verification for all Google Play app developers in 2023, malware and fraud have drastically decreased. Since harmful apps were distributed by bad actors using anonymity in Google Play, it makes sense that vetting app creators outside of Google Play may improve security as well.
But in order to do that outside of its app store, Google will need to follow Apple's lead and show off its power in a way that many Android developers and consumers may find invasive. If developers intend to publish their apps outside of the Play Store, they will use Google's streamlined Android Developer Console. Developers will need to register the package name and signing keys of their programs after proving their identities. However, Google won't examine the apps' operation or content.
.jpeg)
