Skip to main content

Google beefs up Play Store developer verification in response to scams

Google beefs up Play Store developer verification in response to scams


It’s also requiring developers to use two-step verification

Share this story

The Google logo on a colorful, geometric background
Illustration by Alex Castro / The Verge

Google is working to enhance the integrity of the Play Store by adding new restrictions and safeguards to developer accounts.

Google Play Store developers will soon have to verify their email address and phone number and provide extra details like a physical address in an attempt to increase security and ensure that accounts are being created by ‘real people,’ the company has announced. Developers will also be required to use two-step verification. The search giant says it’s making the changes “to keep Google Play safe and secure and to better serve our developer community,” and to “make sure that every account is created by a real person with real contact details.”

The Record reports that the announcement coincides with the emergence of a cottage industry of sellers who’ll create large amounts of developer accounts for others to use to upload malware and other scammy apps to the Play Store. A screenshot of a cybercrime forum post published by The Record shows these accounts being sold for $89 each. 

“To keep Google Play safe and secure and to better serve our developer community”

Meanwhile, the two-step verification requirement should make it harder for scammers to break into and steal legitimate developers accounts. It mirrors a similar change the search giant announced for regular Google accounts earlier this year, where it will now enable two-factor authentication by default. 

The changes are significant compared to Google’s current developer account policies that only require new signups to provide an email address and phone number. Details like a physical address “will not be public-facing,” the company says, and are solely to “to help us confirm your identity and communicate.”

Google is introducing the new requirements in stages. It says that, from today, account owners will have the option of setting their account type as personal or business and verifying their contact details. Then, in August, all new signups will be required to follow these same steps when they create their accounts, and to use two-step verification. “Later this year” the changes will be fully implemented for all existing accounts.

The changes come amidst a wider crackdown on scammy apps on the Play Store, which will prohibit developers from using cheap tactics in their listings to incentivize installs. App listings will no longer be able to use eye-catching features like all-caps or emoji in their titles, or include phrases like “download now.”