To protect your Play Console account, Google offers many tools and best practices that can help keep your account secure.
As part of the Developer Distribution Agreement, you are responsible for maintaining the safety and privacy of your customers' information.
Here are some ways to protect your developer account:
Create a secure password
When you create a password, use a unique password (a different one than you use on other sites) that has a mix of letters, numbers and symbols. Also, change your password often to help prevent unauthorised access.
For tips on setting up a strong password, go to the Google Accounts Help Centre.
Don't share your password
If you use Gmail or the Google payments centre using the same Google Account that you use for Play Console, sharing your password will also give someone access to your other accounts.
Sharing your password could give others access to your financial information stored in your Google Account and your emails in Gmail, which could contain sensitive information about your customers or business.
If others need access to Play Console, account owners can add users to a developer account.
Manage account access
Rather than sharing an account, account owners can add other users to a developer account. Once they're added to your account, users can sign in to Play Console using their own email address.
It's a good idea for account owners to regularly review who has access to your Google Play developer account. Also, make it your team’s policy to promptly remove users who no longer need access to your developer account.
Use a different account for your developer account
If your developer account is linked to your personal Google Account, consider creating a new account to use for your developer account. This way, if one account is compromised, the other account can still be secure.
If you’ve already registered, our support team can transfer your apps to a new account. To transfer your apps to a different account, register a new developer account, then prepare and request the transfer with our support team.
Note: If you close your old account, we will refund your original $25 registration fee.
Keep your email addresses up to date
In addition to the Google Account that you use to register for your developer account, we recommend using a different email address for customers to contact you about your app. When you use two different accounts, if one account is compromised, the other account can still be secure.
On your app's Store Listing page, under 'Contact details', you can update the email address that's available to users on Google Play.
If needed, Google will use the email address used to register for your developer account to contact you. To make sure that you don't miss any important messages, check your email for your developer account regularly.
Avoid phishing emails
Phishing is an attempt to steal personal information or break into online accounts using deceptive emails, messages, ads or sites that look similar to sites that you already use. For example, a phishing email might look like it's from your bank and request private information about your bank account.
Phishing messages or content may:
- Ask for your personal or financial information.
- Ask you to click links or download software.
- Impersonate a reputable organisation, such as your bank, a social media site that you use, or your workplace.
- Impersonate someone you know, such as a family member, friend or coworker.
- Look exactly like a message from an organisation or person that you trust.
Please be aware that you will only receive account support and policy update emails from an email that ends in @google.com.
If you've provided your Google Account information to any sites linked from a suspicious notification, we recommend changing your password immediately. You can follow the instructions provided in the Google Accounts Help Centre to change your Google Account password.
We recommend visiting the Gmail Help Centre to learn more about avoiding and reporting phishing emails.
Compromised accounts
If you think that your account has been compromised, contact our support team with any information that you have. Our support team will check your account for signs of unauthorised activity.
To help investigate and regain access to your account, go to the Gmail Help Centre for help with compromised accounts.
Note: If your account has been compromised, you should protect it to help prevent future account issues. You can help keep your developer account and users safe by turning on 2-Step Verification.
Username and password issues
If you're having trouble signing in to your account, you can visit the Google Account recovery page for help.
Go to Google Account recoveryAdditional account security
2-Step VerificationAn effective way to help protect your developer account is to turn on 2-Step Verification for all accounts with access to Play Console.
With 2-Step Verification, you use a mobile device or phone number to retrieve a verification code that is required whenever you sign in to your account using a new device. You can authorise multiple devices and set up backup options.
Also, if you're using a Google Apps account, your administrator can set up 2-Step Verification for your domain. For more information, go to the Google Apps Help Centre.
You can monitor activity on your account in many ways:
- Google Dashboard: Review when you last used a Google product.
- For tips on using your Dashboard, go to the Google Accounts Help Centre.
- Recent activity: Review recent activity on your account.
- If you find unusual activity on your account, go to the Google Accounts Help Centre for more information.
- Activity log: Review recent changes to your developer account for unusual activity.
- To view changes that team members have made to your apps and account, open Play Console and go to the Activity log.
Make sure that you enrol in Google Play app signing or back up your keystore in a safe and secure place. Without your keystore, you won't be able to update your apps because you will always need to sign all versions of your app with the same key.
Tip: If you want to back up your keystore (Drive, Gmail, etc.) using a Google Account, use a different Google Account from the one that you use for your developer account. By backing up your keystore using a different account, it can help minimise the risk of losing your keystore if your developer account is hijacked.
Related content
- Learn more about Google Play developer account basics in the Academy for App Success.