I’m a huge fan of open source, and that’s one of the reasons I’m drawn to Android. However, new requirements surrounding sideloaded apps, which will start rolling out in October 2025, may be the most anti-consumer move yet by Google. Mandatory enforcement of the requirement will begin in September 2026 (starting with specific countries), marking a turning point where the freedom to install any app comes with conditions set by Google.
I’ve used apps like NewPipe (a media/YouTube client) and Blokada (an ad blocker) for years now. However, these apps aren’t available on the Google Play Store, so I have to obtain them from third-party sources, such as F-Droid. With Google tightening the rules around sideloaded apps, I fear I may lose access to some of the apps I love most on Android because they aren’t verified. Sideloading isn’t going away, but people may seek alternatives because it may feel like the gates are narrowing.
What Google actually changed
The rules, the timeline, and what “certified” really means
Google’s talk around “verified developers” sounds harmless and, in some ways, helpful. As reported on the Android Developer Blog, it is like “an ID check at the airport which confirms a traveler’s identity but is separate from the security screening of their bags.” Google’s analogy, however, may be oversimplified. When this is enforced, the only way a developer’s app will be installable on devices that include Google Mobile Services (GMS) — which typically provide access to the Play Store — is by completing ID verification using government-issued documents or contact information. This will be rolled out globally in 2027.
Apps will be blocked from installing on most mainstream phones if their developer can’t complete this verification. However, there are certain devices that will remain unaffected, even though they are just a tiny fraction of the total devices. These categories include all devices that do not pass Google’s certification test, primarily custom ROMs or de-Googled phones.
Strictly speaking, Google is not removing sideloading, but it is redefining and limiting participation in the Android ecosystem by creating a mandatory Google-controlled choke point. While this may be a subtle shift, it clearly takes an open source project from anyone being able to participate (including anonymous or pseudonymous distribution) to only those whom Google allows to participate (via centralized developer identity verification).
Security theater or real gain?
Testing Google’s justification
There is a rational justification for tightening rules around sideloaded apps. It could be framed as user protection against malicious apps or against bad actors who cloak themselves with fake identities. While this is reasonable, the real question is whether it adds significant security for everyday users.
This is a valid question because security checks already exist. Google Play Protect makes Android secure by scanning sideloaded apps. Android flags unsafe installs, and it’s always given us the choice of blocking apps from unknown sources. Even if these are imperfect, they’re defenses that already exist.
Google’s new move almost feels like it’s based on the assumption that identity equals integrity. Does a verified government-issued identification equate to user safety? This logic is flawed: historically, we’ve seen malware slip through the Play Store—signed and “verified”—several times. However, what the new rule does is shift the basis of trust away from existing on-device security warnings and your best judgment.
Critics may even contend that this new rule erodes your right to make informed decisions about your own devices, and that feels more like selective control. Ultimately, many people may view this as Google’s way of shielding itself from criticism over sideloaded malware and protecting the integrity of its ecosystem.
There will be collateral damage
The ecosystems that depend on openness
This may be the most significant anti-consumer move, simply due to its profound impact. It could hit big developers or commercial apps, as well as entire ecosystems built around freely distributed APKs without verification. F-Droid hosts an incredible number of apps not available on the Play Store. Many of these tools exist because they see a need to operate outside the long, controlling arm of Google. This sideloading rule may make them unavailable on mainstream devices even though they’re safe.
This is a risk that also affects indie developers and hobbyists. Certain apps can no longer justify the time, effort, or privacy trade-offs required for identity verification. Many one-off projects and apps for niche communities may fall under this category. Ultimately, what we may end up with is a shrunken ecosystem, and if this happens, it will hurt all of us.
However, innovation may be the biggest casualty in all of this. Android is great because of its flexibility. It is an ecosystem for everyone. The imposition of a single, centralized gatekeeper will stifle grassroots innovation, as not everyone will be willing or able to contribute, and this will invariably impact the pace and extent of innovation we see on Android.
The new reality for Android users
Although Google would argue that the intentions behind the new rules for sideloading apps are to protect and secure users, it will likely feel limiting to many Android users, let alone removing the sense of autonomy on our devices. Of course, sideloading will still be possible, but it creates friction for people who use or make apps that aren’t officially available on the Play Store. The fear is that it may be the beginning of the end for independent developers, hobbyists, and niche app communities.
Of course, there are workarounds: using non-certified devices, backing up APKs, or exploring alternative app stores. Sadly, the trade-offs for each workaround may range from technical complexity to potential security risks. You should be careful when sideloading apps on Android. However, one thing is clear: Android’s openness is closing. What we don’t know is if it will become a completely closed ecosystem someday.
