Google to block apps from all unverified developers, S’pore users among first to be affected
Sign up now: Get ST's newsletters delivered to your inbox
Google said the move is meant to protect users from bad actors spreading malware and scams.
PHOTO: AFP
Follow topic:
SINGAPORE – Come September 2026, Android smartphone users in Singapore will find it more difficult to download apps from outside the Google Play Store – a process known as sideloading.
In an Aug 25 post on the Android Developers Blog, the operating system’s developer Google said that it will require all app developers to be verified for their apps to be installed on certified Android devices.
Since 2024, Play Store app developers have had to be verified to offer their apps.
The new rule essentially forces third-party app developers to also register with Google, which said it is meant to protect users from repeat bad actors spreading malware and scams.
“This change will start in a few select countries specifically impacted by these forms of fraudulent app scams, often from repeat perpetrators,” said Google in the blog post.
“The scale of this threat is significant: Our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.”
The new requirement will kick in first in Singapore, Brazil, Indonesia and Thailand in September 2026. A worldwide roll-out will then take place from 2027 onwards, said Google.
“This creates crucial accountability, making it much harder for malicious actors to quickly distribute another harmful app after we take the first one down,” according to the blog post.
“Think of it like an ID check at the airport, which confirms a traveller’s identity but is separate from the security screening of their bags; we will be confirming who the developer is, not reviewing the content of their app or where it came from.”
In February 2024, Singapore was the first country in the world to trial a new feature that blocks Android users from installing apps from unverified sources
The enhanced Google Play Protect feature works in the background to block the installation of unofficial apps that require suspicious permissions, such as to read text messages.
Despite the roll-out of the feature, Android users in Singapore continue to fall for malware scams.
Between February and August 2024, Google found more than 900,000 attempts
Currently, Android users can sideload apps from the internet, as well as third-party application stores like F-Droid. However, doing so is not available by default, and requires users to fiddle with settings on their phones.
When asked why Google is implementing this measure, considering the hoops already put in place, a spokesperson said that this would be a foundational layer of security that “makes it significantly harder” for malicious actors to operate, while making it easier for the tech giant to take them down.
“It removes their ability to operate anonymously, introducing a powerful deterrent that disrupts their business model and protects our users,” the spokesperson said, adding that sideloading would remain a fundamental aspect of Android.
Some popular sideloaded apps include modified versions of existing ones, such as YouTube, to unlock premium content or remove advertisements.
Discontinued apps that can no longer be found on the Play Store, as well as open-source apps that allow modifications, are also often available on third-party sites for sideloading.
Describing the move as an effective safety rail, Mr Alexander Ivanyuk, senior director at cyber-security firm Acronis’ Threat Research Unit, said it will prevent accidental malware installations.
Android and its competitor iOS, developed by Apple, seem to converge in their security approach, he said.
“The ability to sideload will remain, but the path will be increasingly fraught with warnings and roadblocks designed to make the average user think twice. This is the correct balance from a risk-management perspective.”
