Google is changing how Android users install apps from outside the Play Store, introducing a new process that aims to preserve the platform’s sideloading feature, while making it more difficult for scammers to exploit it.
The company recently detailed what it calls an “advanced flow,” a multi-step process that will allow users to install apps from unverified developers even as Google rolls out stricter developer verification requirements. The change follows the settlement of a lengthy antitrust dispute over Android’s app ecosystem.
New verification rules keep sideloading alive
Under the new rules, Google will require developers to verify their identities for their apps to run normally on certified Android devices.
The verification process includes providing personal or business information such as legal names, contact details, and, in some cases, government identification, along with a $25 registration fee. The requirement is expected to become mandatory in phases, starting in September, in markets including Brazil, Indonesia, Singapore, and Thailand, with global expansion to follow later.
However, in response to criticism that these requirements could effectively eliminate sideloading, Google has created a workaround for experienced users who still want the freedom to install unverified software. The catch is that it is intentionally complex.
For users who still want full control over their devices, the advanced flow allows them to continue installing unverified apps. It seems sideloading is no longer meant for casual users, but rather for what Google describes as “power users” who understand the risks involved.
Purposefully designed to slow down scams
The new installation process requires several steps that go far beyond a change in
“settings”. Users must first enable developer mode, a hidden feature typically used by programmers and advanced users that requires navigating deep into system settings and performing specific actions that most everyday users would never encounter.
From there, users must confirm they are not being pressured by someone else to disable security protections, then comes a required device restart and reauthentication step, which Google says is meant to cut off remote access tools or active calls that scammers might be using to monitor victims in real time.
The next step is the mandatory 24-hour waiting period, which Google says is meant to protect users against one of scammers’ most effective psychological tactics, the use of urgency. By forcing users to wait a full day before completing the process, the company hopes people will have time to reconsider decisions they might otherwise make under pressure.
After the waiting period, users must reauthenticate, a measure intended to block remote access sessions or active scam calls that could influence their actions.
Changes driven by security concerns
Once the process is completed, users can choose whether to allow installations from unverified developers for seven days or indefinitely. Even then, Android will continue displaying warnings before each installation, though users will be able to bypass them.
Google maintains that the changes are necessary as scams continue to rise globally. According to data cited by the company, more than half of adults worldwide reported encountering scams in 2025.
Developer concerns and industry criticism
Not everyone is convinced that Google has found the right way to counter these scams. Some argue that mandatory verification could create new barriers for small creators, open-source developers, and privacy-focused projects that may not want to submit personal identification.
Critics have also warned that the policies could reduce competition and increase Google’s control over Android software distribution, potentially undermining the platform’s reputation as an open alternative to more tightly controlled mobile ecosystems.
To address some of these concerns, Google is introducing free “limited distribution” accounts. These will allow students and hobbyists to share apps with up to 20 devices without completing full identity verification or paying registration fees. The company says this option is intended to preserve experimentation and learning opportunities while maintaining broader safety standards.
Part of broader Play Store changes
The sideloading changes are also tied to the wave of adjustments in Google’s app marketplace policies following its legal battle with Epic Games. Google has agreed to various changes, including reduced Play Store commissions and potential support for alternative app stores.
Ultimately, the new sideloading framework is part of Google’s strategy to preserve Android’s openness in principle while introducing more guardrails in practice.
Also read: Phone scams increasingly rely on real-time pressure, and family scam protection is becoming another way mobile apps try to interrupt that playbook.
