Maintaining platform integrity has become increasingly critical, with a global footprint of over 3 billion active devices, Samat said.
Google will begin rolling out its updated sideloading restrictions in September 2026
Photo Credit: Google
Google on Thursday announced its new sideloading flow for Android devices, aimed at curbing malware across its ecosystem. As per the Mountain View-based tech giant, the changes include stricter controls on app sideloading, requiring developers to verify their identity before distributing apps outside the Play Store. In addition, Google is adding an advanced flow option. This is said to allow experienced users to bypass the new restrictions.
In a blog post, Google announced that it will only allow installation of apps from verified developers on Android devices. This means developers distributing apps outside the Play Store will need to submit identification, upload signing keys, and pay a $25 (roughly Rs. 2,322) fee to complete verification.
Meanwhile, the Mountain View-based tech giant confirmed that apps originating from unverified developers will be blocked by default. For users who intend to sideload such apps, a bypass remains available in Developer Settings. However, it is said to be different from the previous Unknown Sources toggle and requires more steps to access. It does not surface during installation prompts, either.
The tech giant also published a video detailing how this advanced flow works.
The process begins by enabling Developer Mode, after which users are shown a warning screen asking, "Is someone asking you to do this?" The prompt highlights risks, such as scammers tricking users into installing malicious apps disguised as legitimate services. Users can proceed by selecting No one is instructing me, but the process doesn't end there. The next step requires a device restart to disrupt any real-time coercion attempts, such as a scammer guiding the user over a call.
After completing these steps, they must wait a one-time 24-hour security delay before sideloading unverified apps.
According to Android Ecosystem President Sameer Samat, the 24-hour security delay is specifically engineered to mitigate social engineering attacks. The Mountain View-based tech giant aims to prevent bad actors from coercing users into installing malicious software immediately, providing a necessary window for verification.
The official noted that with a global footprint of over 3 billion active devices, maintaining platform integrity has become increasingly critical. Simultaneously, Google is attempting to uphold Android's open nature by retaining sideloading capabilities through the new Advanced Flow.
Google will begin rolling out its updated sideloading restrictions in September 2026. It will initially be introduced in Brazil, Singapore, Indonesia, and Thailand. The company said that these regions have been prioritised due to a higher frequency of impersonation scams and malware-related incidents. It also plans to expand the system globally in phases, using the verification framework integrated into Android 16.1 since its release in late 2025.
Additionally, the new Advanced Flow bypass will be accessible to users before the formal enforcement period begins.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.