No more apk - Google will block the installation of unknown apps at the system level from 2027
Google reports that starting from 2027, all certified Android devices (those with Play Protect and pre-installed Google apps) will not be able to install applications from developers that have not passed additional verification. The system will block the installation of an apk file downloaded from the Internet or even from the app store if the information about the developer and this application is not in Google's centralised database.
Google is positioning this as passport control at the airport and intends to fight malware, which is usually distributed on pirated websites in the form of apk files, in this way. According to Google, the number of hacks through APKs from third-party sites is 50 times higher than through apps in the official Play Store.
The company promises to create a simplified authorisation system for students and developers who are engaged in programming as a hobby and do not register in the Play Store because it costs $25.
What are certified Android devices?
These are devices officially released by a manufacturer with a global version of Android. Such devices have the Google Play Store pre-installed, and often many other Google branded applications - Chrome, Youtube, Wallet, etc. This category does not include devices released with a different operating system, with a local (for example, Chinese) version of the system, or simply flashed with unofficial firmware, even if the device now has Google services installed.
What it means for developers
In general, it doesn't matter if you distribute your app through a website, an alternative app store, or even the Play Store - if you don't provide additional personal data to Google, your app will be automatically blocked in 2027. What you will need to tell Google:
- Personal information: name, address of residence, phone number and email address
- Legal entities must provide the DUNS number and website of the organisation
- Upload a scan or photo of a state-issued identity document
- Confirm the ownership of the application by specifying the names of the packages and adding a signature key (applications distributed in the Play Market have already passed this stage)
How restrictions will be implemented
The changes will be implemented in several stages
- October 2025: early access for developers who want to update data as soon as possible
- March 2026: verification will be open to all developers
- September 2026: the first stage of blocking applications from unauthorised developers. The blocking will take place depending on the region - Brazil, Indonesia, Singapore, and Thailand will be the first to be affected.
- 2027: blocking will be implemented for all regions
What it all means
Android is no longer an open platform. Gradual work in this direction has been going on for a long time. Google has introduced authentication of applications through the Play Store and limited the capabilities of some APIs. Nowadays, European and even American laws allow installing any app store on Android, and Google cannot prevent this. So the company decided to use another tool of influence. Right after losing the arbitration against Epic Games, the company decided to take care of user safety.
Over the years, a huge amount of specific software has appeared for Android that the Play Store does not know about. From really suspicious apps that are downloaded via a QR code on a box of Chinese headphones to professional software for collectors, meter readers, or sales representatives who don't even need to be on the Play Store for free. And they won't allow software that violates privacy. All this software baggage needs to be updated by 2027. It seems like a lot of time, but some of this software is no longer being actively developed. If it is no longer possible to find the source code or even the contractor, this software will simply stop working. Who needs to update the app of Chinese headphones bought in 2015 if there are serious doubts that car diagnostic manufacturers will update the apps for models that are no longer sold? All of these devices could end up as rubbish.
Increased power makes it possible to exert pressure. At one time, Google already found a way to put pressure on the developers of the popular alternative Youtube client Vanced. Back then, some of the developers started other projects, such as ReVanced. It's unlikely that Google will coolly watch the development of an application that allows you to watch their YouTube without ads, it's a violation of privacy, the application has access to your Google account! Now the company will be able to block unwanted apps in a few seconds.
Many specific apps cannot get into the Play Market due to the limitations of this store. It is not known whether Google will block developers who develop content that is not allowed in the Play Market, for example, erotic apps. After all, now the company will be able to block such a developer on all devices at any time.
Not all developers are interested in cooperation with Google. Chinese app stores have thousands of apps that are not available outside of them. The likelihood that they will update the data in Google is negligible, and they will most likely stop working on global phones.
But don't focus on the negative aspects, because there are definitely positive ones. Indeed, the biggest threat (and not only on Android, by the way) is hacked pirated software or applications from unscrupulous developers. Do you want to play Minecraft without spending money, or watch Youtube without ads? Who doesn't? But the application running on your smartphone has powerful tools and can be harmful. Yes, modern Android has an advanced system of access rights, but who can be sure that there is no zero-day vulnerability that Google does not know about? It can be even simpler - the application can simply DDoS the resources set by the hacker in the background, and then the provider will block you and constantly check if you are not a bot. Or it can mine cryptocurrency in the background - no additional permissions are required. Suspicious apps are simply not worth installing, and Google will help many compliant people make this decision.
One way or another, Android has now made a big step towards iOS. The only thing left to do is to restrict access to the file system and block Bluetooth, and the only difference will be in the design style, which is now so easy to change.
Source: developer.android.com
