Google Play has introduced “Verified” badges for select VPN apps to enhance user trust in privacy and safety. The badges will display on app details pages and in search results, helping users to identify trustworthy VPN services.
Google Play introduces verified badges for trustworthy VPNs
To qualify for the “Verified” badge, VPN apps must adhere to specific criteria. This includes completing a Mobile Application Security Assessment (MASA) Level 2 validation, which ensures the app meets security requirements. Additionally, the VPN must have an Organization developer account, meet target API level requirements, have at least 10,000 installs and 250 reviews, be published on Google Play for a minimum of 90 days, and submit a Data Safety section declaration that includes opting into independent security reviews and ensuring encryption in transit.
Pixel update: Google removes globe icon in Android 15 QPR2 Beta 3
Three VPN apps—Nord, hide.me, and Aloha Browser—are the first to receive the “Verified” badge. These apps will feature the badge prominently on their Google Play pages.
This update arrives at a pertinent time, as demand for VPNs has surged among users seeking access to platforms like TikTok, which is currently unavailable on Google Play or Apple’s App Store. Google previously rolled out privacy labels in 2022 and added features to identify safe apps, such as badges indicating independent security reviews.
To qualify for the badge, your app must meet several technical, security, and operational requirements. Below is a step-by-step guide to ensure your VPN app is badge-ready:
Google requires all VPN apps seeking the “Verified” badge to undergo MASA Level 2 validation, a thorough security assessment designed to identify vulnerabilities and ensure compliance with industry standards.
- Sign up for the MASA program through an accredited assessment provider.
- Undergo penetration testing, code analysis, and security best practice reviews.
- Resolve any security weaknesses identified in the assessment before proceeding.
Once your app passes MASA Level 2, Google considers it compliant with core security and privacy requirements. To be eligible, your app must be published under a Google Play Organization developer account, not an individual account.
- If you currently have an individual account, upgrade it to an Organization developer account.
- Provide valid business registration details to verify your company’s identity.
- Ensure that your developer profile information is up to date in Google Play Console.
- Check Google’s latest target API level policy for VPN apps.
- Update your app to use the latest supported API level required for Google Play.
- Verify that your app passes Google Play’s policy compliance checks.
- VPN app must have at least 10,000 installs on Google Play.
- It must also have at least 250 user reviews, ensuring community feedback and credibility.
- These metrics must be organic, meaning paid installs or fake reviews won’t count.
- This requirement ensures that your app has had time to demonstrate reliability and stability.
- If your app is newly launched, wait until it meets the 90-day threshold before applying.
- Opt into an Independent Security Review under the ‘Additional Badges’ section.
- Ensure that your VPN app enforces encryption in transit, securing user data during transmission.
- Accurately fill out the Data Safety declaration, as any misrepresentation can result in rejection.
- Log into Google Play Console and navigate to the VPN verification section.
- Provide proof of MASA Level 2 certification and confirm compliance with API and policy standards.
- Submit your Data Safety declaration and required app store metadata.
- Google will review your application, which may take several weeks.
Google noted that while there are additional factors influencing the evaluation process, meeting the outlined prerequisites significantly enhances the likelihood of obtaining the verified status.
Featured image credit: Google
