Google has recently announced they will require application developers to provide additional identity details to be able to proceed with putting their apps on the Play Store. This comes as no surprise since malicious apps have been flooding the Play Store at increasing rates for quite some time now. With the change in requirements, those registering an account are now required to state whether the account is owned by a person or organization as well as provide a contact name, a physical address, and must verify both their phone number and email address. Although an email address and phone number were required before the changes, they were not being verified. Before being allowed to add apps to the Play Store, Google is also making developers add two-factor authentication requirement to log in to their account. This will reduce the likelihood of threat actors being able to access legitimate developers accounts and use them for malicious activity.
Analyst Notes
The official timeline for the changes that Google plans to make is as follows:
• Starting June 28, 2021: Developer account owners will be able to declare their account type and verify their contact details.
• August 2021: All new developer accounts will need to specify their account type and verify their contact information at sign-up. 2FA will also be a requirement for the owners of new developer accounts.
• Later this year: All Play Store dev accounts will need to declare their account type, verify credentials, and enable 2FA.
Threat actors are always changing their tactics and looking for new methods that can help them bypass security measures. While malicious apps will probably still appear on the Play Store, this is a good start to reduce them moving forward.
https://therecord.media/google-to-require-2fa-and-a-physical-address-from-android-app-devs/?web_view=true
