Google Requires App Developers to Verify Their Address and Use 2FA
The Security Measures Will Help Keep Google Play Safe and Secure While Better Serving Their Developer Community.
After revealing its intention to execute a new Google Play policy that will allow users to see what personal information is being collected by app developers and what for, new measures for the Play Store, including 2-Step Verification (2SV) and additional identification requirements have been announced on Monday by Luke Jefferson, Product Manager at Google Play and Raz Lev, Product Manager at Google Play Trust and Safety.
According to the Google Play Trust and Safety team, these two requirements are a step towards strengthening account security and ensuring a safe and secure app marketplace.
Image Source: Android Developers Blog
As part of the changes, individual users and businesses in possession of Google Play developer accounts will be asked to specify:
- The account type — whether it’s personal or belongs to an organization;
- A contact name;
- A physical address;
- Verification of email address and phone number;
As stated by the two Product Managers,
Your contact information allows us to share important information and updates about your app. It also helps us make sure that every account is created by a real person with real contact details, which helps us keep the Play Store safe for all users. This information will not be public-facing and is just to help us confirm your identity and communicate.
Additionally, to prevent account takeover attacks the search giant is also mandating Google Play Console users to sign in using Google’s 2-Step Verification.
Developer account owners will be able to communicate their account type and verify their contact details starting June 28th. By August, in addition to enabling 2SV, all new developer accounts will have to specify their account type and verify their contact information at sign-up.
Later this year, all existing developer account owners will be required to declare their account type, provide the required information, and verify their contact details. We will also require developers to sign in using 2-Step Verification.
These measures come as part of Google’s efforts to combat scams and fraudulent developer accounts that have been previously sold on underground forums to disguise malware as legitimate apps.
Apart from these changes, the researchers recommended some best practices to help keep your account in good health and make sure you don’t miss important information.
- Keep your contact information active and up to date.
- Consider using a contact email address different from the one that you use to create your Google account, especially if your developer account will have multiple users or is for an organization or business.
- The contact email address for an organization or business account should not be a generic or personal email address, but one associated with your organization.