To improve developer security on the Play Store, Google is requiring those that develop for Android to abide by 2-Step Verification and new identity requirements later this year.
The first requirement is 2-Step Verification (2SV) when signing into the Play Console. This is a way to prevent account and app hijacking, thus keeping end users safe. It follows Google’s broad push to encourage 2FA adoption. Besides your username and password, you have to verify it’s really you signing in with either a prompt sent to your phone or a physical security key.
New Google Play developer accounts will need to enable 2-Step Verification in August, with the requirement enforced on existing ones “later this year.”
Meanwhile, Google is introducing “Developer identification requirements” to “help us better understand your needs.” In addition to providing your email address and phone number, the following information will also be required:
- Your account type — whether it’s personal or belongs to an organization
- A contact name
- Your physical address
- Verification of your email address and phone number
This information will not be listed publicly, and just meant to help confirm who you are and communicate:
Your contact information allows us to share important information and updates about your app. It also helps us make sure that every account is created by a real person with real contact details, which helps us keep the Play Store safe for all users.
Starting today, developers can specify their account type and verify contact details. This is optional for now but will be a requirement for new users in August. Existing accounts will be required to submit this year. Google also offers the following best practices:
- Keep your contact information active and up to date. We may occasionally check if your account is active by emailing or calling the account owner using the details provided, so it is important that they are accurate.
- Consider using a contact email address different from the one that you use to create your Google account, especially if your developer account will have multiple users or is for an organization or business. You might want to consider setting up a dedicated shared inbox for this purpose so that the right set of people within your team or organization can access these important messages. We encourage you to use an email address from your own domain if you have one.
- The contact email address for an organization or business account should not be a generic or personal email address. Make sure to use an email address associated with your organization.
Author: Abner Li
Source: 9TO5Google