Failing to come up with unique package names will come with a new risk on Android from 2026, when Google will start giving preference to dominant developers outside of the Play Store.

Google on Monday announced details of its planned implementation of developer verification, with uncertified apps due to be blocked on all certified devices in at least some countries from September 2026.

Those distributing via the Google Play Store may already have passed the necessary checks, with Google estimating 98% of current apps there will be automatically verified. But Google has carefully not made its use mandatory, insisting it will not follow iOS to become a closed ecosystem.

"To be clear, developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer," said Google.

New verification rules

But the use of other Google products will become mandatory for developers. Registration via the new Android Developer Console will require a Google payments profile as well as a Google Search Console account (to verify financial information and an official website) before you can pay a $25 registration fee.

Organisations must designate an individual responsible for their packages, and so must provide corporate registration documents as well as at least one government-issued ID.

App verification will be via the signing key

Google's documentation suggests it does not intend to interrogate the content of packages intended for sideloading as part of its new security measures, but it does want to "minimise" the duplication of package names.

See also: Are CISOs overlooking mobile security?

That will see a complex set of rules to deal with package names.

For starters, any developer with over 50% of the known installs of a package will automatically own its name, though others can submit requests to duplicate it.

Where the install base is more fractured, any verified developer with more than 50 installs will be able to use the name. 

Below that threshold of 50 installs, names will be first-come-first-served. "As soon as one developer registers the package name, other developers would need to submit a request to use the package name," says Google.

Google Play apps benefit

For developers on Google Play, auto-registration is due to be complete before March 2026, using the same naming rules. That suggests Play-distributed apps will benefit from the first-come-first-served rule for obscure packages, but will lose naming rights if a sideload competitor has more than 50 installs by that time.

In all cases, it seems, developers will be able to motivate a request to use duplicate names, though Google recommends renaming unless there is a dire need not to.

The September 2026 deadline for developer verification is currently due to apply only in Brazil, Indonesia, Singapore, and Thailand, but other countries are due to follow on a rolling basis.

An early-access waitlist for Android developer access is live here.

The link has been copied!