SaasToStore
Deploy now

NEWS & POLICY

Google Play policy changes 2026: what every app publisher needs to know

2026-06-12· 9 min read
Google Play policy changes 2026 summary
Google Play updated its developer policies significantly in 2025–2026. Higher target API level requirements, stricter identity verification, a new Play Integrity API, tighter enforcement of policy 4.3 on webview apps — the rules for publishing an Android app just got stricter. Here's exactly what changed and what you need to do.

1. Target API level: you must target Android 15 (API 35)

Every year, Google raises the minimum target API level Android apps must declare to be published or updated on the Play Store. In 2026, the bar is API level 35 (Android 15).

What this means practically:

  • New apps submitted to Google Play must target API 35
  • Existing app updates must also target API 35 — you cannot push an update to an older targetSdkVersion and expect it to go live
  • Apps that fall below the floor are hidden from new users on newer Android versions

For apps built with SaasToStore, this is handled automatically. The Android App Bundle we generate targets the current required API level — no configuration needed on your end.

API level timeline

API 33 (Android 13)

Required 2023

API 34 (Android 14)

Required 2024

API 35 (Android 15)

Required 2025–2026 ← current

2. SafetyNet is gone — Play Integrity API is the standard

Google retired the SafetyNet Attestation API in June 2024. Any app that still calls SafetyNet will receive no response. The replacement is the Play Integrity API, which provides more granular device integrity signals:

  • Device integrity — whether the device is certified and running a genuine Android OS
  • App integrity — whether the APK was downloaded from Google Play or sideloaded
  • Account details — whether the user has a valid Google account on the device

For most no-code apps and SaaS wrappers, this change is invisible — you typically don't call SafetyNet or Play Integrity directly. It matters most if your app involves payments, sensitive data, or anti-fraud logic. Still worth knowing if you're building a fintech or identity product.

3. Identity verification is now mandatory — and stricter

Google began requiring government-issued ID verification for all new individual developer accounts in 2023. In 2025, they extended this requirement and added tighter enforcement:

  • New accounts: Government-issued ID upload is mandatory before you can publish any app
  • Existing accounts: Google can require re-verification at any time; unverified accounts may be suspended
  • Organization accounts: D-U-N-S number or equivalent business registration is required for business developer accounts
  • Time to verify: 24–48 hours for individuals; up to 5 business days for organizations

The practical impact: plan your account setup before your build is ready. Getting locked on verification when you're eager to ship is avoidable with a one-day head start.

4. Policy 4.3 enforcement is tighter on webview apps

Policy 4.3 (Minimum Functionality) has been Google Play's biggest source of rejections for website-wrapped apps. In 2026, the automated enforcement is sharper:

What gets rejected under 4.3

  • Raw WebView apps that load a URL without any native chrome removal
  • Apps that crash, show blank screens, or fail to load offline without explanation
  • Apps whose only function is to open a single external web page in a browser tab
  • Apps that duplicate content already freely available on Google Play
  • TWA apps where the underlying website fails basic PWA checks

What passes policy 4.3

  • TWA wrapping a valid PWA (service worker + manifest + HTTPS) — Google's official recommended approach
  • Capacitor build wrapping any HTTPS URL — passes by construction, SaasToStore V2
  • Apps with genuine native functionality added on top of a web view
  • Lovable, Bubble, Webflow apps built as PWAs and wrapped with TWA or Capacitor

5. Data Safety form: complete it accurately or face suspension

Google Play's Data Safety section (in the Play Console, under your app's Store listing) requires you to declare:

  • What data your app collects (location, contacts, email address, usage data…)
  • Whether data is shared with third parties and who
  • Whether data is encrypted in transit and at rest
  • Whether users can request data deletion

This form must be consistent with your privacy policy. If you use analytics (Google Analytics, Mixpanel, etc.) or push notifications (Firebase), those data flows must be declared. Google cross-checks declarations and has been suspending apps with significant discrepancies since 2024.

For SaasToStore-built apps: your app itself only collects what your website collects. Declare based on your website's privacy policy. If you use SaasToStore push notifications (Firebase-backed), that means declaring device identifiers and notification interaction data.

6. Billing compliance: what's new in 2026

Following the antitrust settlements in multiple jurisdictions, Google updated its billing policies:

  • Play Billing mandatory — for digital goods and in-app purchases, Google Play Billing must be offered as a payment option, regardless of region (with some exceptions)
  • User Choice Billing — in certain regions, apps may offer an alternative payment method alongside Play Billing
  • No restrictions on external links — since 2024, apps may include links to external websites for purchases without risking removal (ending a years-long restriction)

For SaaS products wrapped with SaasToStore: if your web app already handles payments via Stripe or another gateway, you're in a gray zone — technically, digital goods sold via in-app flows require Play Billing. The practical enforcement is mostly against high-revenue consumer apps. For B2B SaaS with web-based checkout, most publishers operate without issue.

7. New listing requirements you may have missed

Several Play Console listing requirements were added or tightened:

RequirementDetails
Feature graphic1024 × 500 px PNG/JPG — mandatory for every app, no exceptions
High-res icon512 × 512 px PNG — mandatory, must not include the Google Play logo or Android robot
ScreenshotsMinimum 2 screenshots required; 8 maximum. At least one must match the submitted device type
Short description80 characters max. Indexed by Play Search — include your main keyword
Privacy Policy URLRequired for every app. Must be a live URL, not a document download link
App content ratingMust complete the IARC questionnaire in Play Console before first publish
Contact emailMust be a real, monitored address — Play uses this to contact you about policy issues

What to do before your next submission

Whether you're submitting for the first time or pushing an update, run through this checklist:

  • Build targets API level 35 — SaasToStore handles this automatically
  • Developer account identity is verified — don't wait until submission day
  • Data Safety form is filled out and consistent with your privacy policy
  • Feature graphic (1024×500) and high-res icon (512×512) are in place
  • Privacy policy URL is live on your website
  • App content rating questionnaire is completed in Play Console
  • If using TWA: PWA checker confirms your site passes policy 4.3
  • If using Capacitor: confirm your site loads over HTTPS on a custom domain

Check if your site is ready for Google Play

Our free PWA checker audits your URL in 10 seconds — service worker, manifest, HTTPS, policy 4.3 compatibility.

Check my site →

Frequently asked questions

What API level does Google Play require in 2026?+

Google Play requires apps to target API level 35 (Android 15) for new app submissions from August 2025, and for all existing app updates from November 2025. Apps that do not meet this requirement cannot be submitted or updated.

Is SafetyNet still supported on Google Play?+

No. SafetyNet Attestation API was deprecated in June 2024 and is no longer supported. Google replaced it with the Play Integrity API, which provides stronger device integrity signals and is required for apps that check for a trusted environment.

Do I need to verify my identity for a Google Play developer account?+

Yes. Since 2023, Google requires government-issued ID verification for all individual developer accounts. In 2025, they tightened this further with additional checks. The process takes 24 to 48 hours and must be completed before you can submit any app.

How does policy 4.3 affect webview apps in 2026?+

Policy 4.3 (Minimum Functionality) is now enforced more strictly. Raw WebView apps that simply mirror a website without added app-specific value are rejected. Using a Trusted Web Activity (TWA) on a proper PWA, or a Capacitor build, is the compliant approach — both are what SaasToStore produces.

Does the target API level affect no-code apps built with SaasToStore?+

No — SaasToStore always generates builds targeting the latest required API level. You do not need to update configuration manually. Each build produced by the platform meets Google Play's current requirements automatically.

What is the Play Data Safety policy?+

Google Play now requires every app to complete a Data Safety form declaring what user data is collected, how it is used, and whether it is shared with third parties. This must match what your privacy policy says. Failure to complete it accurately can lead to suspension.

Ready to publish your app?

Paste your URL. We build the signed Android App Bundle. You upload to the Play Store.

Deploy now

Keep reading