While Google plans to severely restrict Android users’ ability to download apps from sources other than the Google Play Store, the company is introducing a new process that will allow sideloading after a mandatory 24-hour waiting period. This new “Advanced Flow” setting The aim is to prevent users from installing malware distributed by bad actors through unverified sources, while allowing sideloading from legitimate developers.
Sideloading restrictions are coming to Android
last year, Google announced Sideloading on Android will ultimately be limited to verified third-party app stores and developers. The change has a clear goal: to crack down on malicious apps impersonating real apps found on the Google Play Store. The restrictions—which will go into effect for Brazil, Indonesia, Singapore and Thailand later this year, and globally in 2027—will eventually require developers to register certain details with Google to distribute their apps as well as pay fees. (Students and hobbyists will still be able to share apps with up to 20 devices without having to register or go through a new solution for users.)
The move faced significant criticism from both developers and users, ranging from privacy violations (developers are now required to share details they didn’t previously) to increased difficulty accessing modified or downgraded versions of apps. As such, Google is rolling out a compromise that it thinks will protect most users from malware, while allowing power users to sideload whenever they want.
Google is introducing a sideloading workaround
The new advanced flow setting will add multiple points of friction to unverified app installation, cutting the sense of urgency scammers often use to distribute malware. Users will go through a one-time process to disable security protection—meaning you won’t have to repeat it every time you want to sideload—but you’ll see a warning when you try to install an app from an unverified developer.
What do you think so far?
If you are interested in this solution, you will need this first Enable developer mode in your device’s Settings app and confirm that you are not being forced to disable security protections on your device (a common scam tactic). Next, you’ll need to restart your phone, which stops calls and remote access tools that scammers can use to communicate with you or control your device. From here, you’ll have to wait 24 hours before you can go back and authenticate changes to settings using biometrics or your device PIN. Finally, you’ll make sure you understand the risks, which then allow you to install apps from unverified developers for seven days or indefinitely.
This workaround will begin in August, before developer registration requirements begin.
