Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries

Google has set September 30, 2026, as the day it begins enforcing Android developer verification in the first four countries, and the major device-maker app stores are in from the start. On that date, certified Android phones in Brazil, Indonesia, Singapore, and Thailand will block normal installs of apps whose developers have not registered an identity with Google, whether the app

The article reports that from September 30, 2026, Android will enforce developer identity verification in Brazil, Indonesia, Singapore, and Thailand, and certified Android devices in those markets will block normal installs and updates of apps from unverified developers across major OEM app stores.[3][4][5] This is intended to reduce malware and fraud by ensuring apps on certified devices can be traced to verified entities.[2][6] From a CyberSE.AI perspective, this materially changes the mobile and AI application supply chain: organizations embedding or relying on Android apps (including AI-powered clients, SDKs, or agents) must treat developer verification as a critical supply-chain control, ensure all internal and third-party Android components are published by verified developers, and update SBOMs and vendor risk processes accordingly. Security teams should also plan for the residual risk channel via sideloading/ADB paths, which remain available for unverified apps and may become a higher-value vector for malicious AI-enabled software.[3][5]