Keeping your account secure

As a Google Play developer, you have invested a lot into building your brand. That is why it is extremely important that you take steps to protect your Google Play Developer account. Google offers a variety of tools and best practices to help make your Developer account secure.

Protect your account with a strong password

  1. Create a strong, unique password, and change it frequently. Your password is the first line of defense against cyber criminals. Learn how to create passwords that are hard to crack from experts on the Gmail team.
  2. Don’t share the password to your account. If you use your Gmail, Google Wallet, or Google Wallet Merchant account in addition to the Google Play Developer Console, sharing your password will enable other people to have access to not just your Developer Console, but also to your financial information stored in Google Wallet and your emails in Gmail, which may contain sensitive information about your customers or business.

    Per the Developer Distribution Agreement, you are fully responsible for ensuring that the safety and privacy of your customers’ information is maintained.

    We strongly recommend that you never share your password. If others need access to the Google Play Developer Console, you should use the account management features in the Developer Console to safely share access. You will also want to refer anyone you invite to follow these safety tips.

Manage your account access wisely

  1. Instead of sharing a single email address with your team, let every person who needs access to your Google Play Developer account log into it with their own email by granting them account access by using the account management feature.

    Currently we offer two levels of account access: one that grants users the ability to access financial data and one that restricts them from accessing it. We are working on creating more account access levels, so stay tuned!
  2. Regularly check the list of users who have access to your Google Play Developer account, and adjust access levels as needed. Make it your standard company policy to promptly remove users who no longer need access (due to leaving the company, etc.).
  3. If your Google Play developer account is tied to your personal Gmail account, consider creating new account with your business email, so that if one account is compromised, the other remains secure.

    The Google Play support team can easily transfer your apps to your new account -- you just need to register a new developer account and request the transfer online. Please allow several business days for processing. If you choose to close your old account, we will refund your original $25 developer registration fee.

Be proactive about your account security

  1. Another effective step to protect your account is to enable 2-step authentication for all accounts that have access to the Google Play Developer Console. This means you will use your mobile device or phone number to retrieve a verification code that will be required when you login to the Developer Console from a new device. Note that you can authorize multiple devices and set up backup plans.
  2. Google Apps For Your Domain supports enabling 2-step authentication on the domain level. Go to Google Apps Help Center to learn more.
  3. Enable & check Account Activity to look for unexpected logins to your Google account. You can also sign up to receive email or SMS alerts when suspicious activity is detected.
  4. Protect your keystore. Back up your keystore -- you won’t be able to update apps if you lose it -- but never store it in the same Google account (e.g., Google Drive or Gmail) that you use for the Developer Console. This will minimize the risk of your apps being compromised if your account becomes hijacked.

Keep your emails current

  1. We recommend that you provide your users with a contact email address that is different from the one you used to register for your developer account. You can set a support email address for each app on the ‘Store listing’ page in the Developer Console.
  2. If necessary, Google will use the email address that the Developer Console is registered to to contact you. Please make sure that someone checks this email address regularly.
For more account security tips, follow Google’s best practices for account security, such as the Gmail security checklist and Google security checklist.

I think my account may have been compromised. What can I do?

  1. Please let us know about your suspicions by contacting support. We will check your account for signs of unauthorized activity and get back to you with our findings.
  2. Follow the Gmail checklist to regain access to your account.