Connect with us

Hi, what are you looking for?


Application Security

New Security Measures Announced for Google Play Developer Accounts

Google on Monday announced new security measures for developer accounts on Google Play, meant to ensure that each account is created by a real person.

Google on Monday announced new security measures for developer accounts on Google Play, meant to ensure that each account is created by a real person.

Google Play, which provides access to millions of Android applications and games, has been abused by threat actors for the distribution of malware, and Google is looking for new ways to strengthen the security of both developers and users.

Newly announced steps in this direction include asking for more information from the owners of developer accounts, including a contact name and a physical address.

Furthermore, developers are required to say whether the account is personal or if it belongs to an organization, and to verify their email and phone number. For new accounts, a phone number and email address will be required at creation.

“Your contact information allows us to share important information and updates about your app. It also helps us make sure that every account is created by a real person with real contact details, which helps us keep the Play Store safe for all users,” Google says.

On top of that, the Internet search giant is making 2-Step Verification mandatory for all developer accounts when they sign into Google Play Console.

Android developers can already verify their contact details and declare the account type. Optional for the time being, declaring the account type will be required when updating contact details.

Advertisement. Scroll to continue reading.

Starting August, developers will have to specify the account type for all new accounts. Verification of contact details and the use of 2-Step Verification will also be mandatory.

Before the end of the year, both declaring the account type and signing in using 2-Step Verification will be a requirement for all existing developer account owners.

Further steps developers can take to ensure the security of their accounts include keeping contact information active and up to date and using a different contact email address than the one used to create the Google account. For business accounts, the contact email address should be associated with the organization rather than being a generic or personal address.

Related: Android App Developers Required by Google to Share More Info on Data Handling

Related: Google Unveils New Encryption Features for Android Developers

Related: Google Play Protect Scans 100 Billion Android Apps Daily

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.