Google’s new app sideloading process is slow and tedious by design
Google is introducing fundamental changes to the process of installing apps that are coming from outside its Play Store. The company says in a blog post that it is intentionally making the process slow, tedious, and impossible to rush. Its idea is to introduce an installation flow that’s difficult enough to protect the average Android users from scammers using high-pressure tactics to coerce users into installing malicious apps in an emergency rush. Meanwhile, advanced users will have a one-time process that will still allow them to freely sideload apps whenever they want.
You’ll need to wait 24 hours before installing Android apps from unverified developers
The most tedious part of the new process is that it includes a 24-hour lock before you can install an app from an unverified developer. The full process has six steps, each of which has a specific role in protecting potential scam victims. Here are all the steps with details on how each of them protects users:
- Enable Developer Mode: You need to manually and intentionally enable developer options before starting the install process without seeing an automatic pop-up.
- Confirm you’re not being coerced: You’ll need to explicitly confirm nobody is pressuring you into disabling your device’s protections.
- Restart your phone: This step is designed to cut off active calls, remote access, or screen sharing, which are often used by scammers.
- Wait 24 hours and reauthenticate: Google’s “protective waiting period” is a one-time measure to give you time to think over the manufactured urgency of scammers.
- Install apps: Before the installation you’ll see one more warning about the app being from an unidentified developer, but you can just tap “Install anyway.”
During the new process, you’ll be able to choose whether installing apps from unidentified sources should remain active for 7 days or indefinitely. That would allow you to freely install as many APKs from different developers as you may want for the time you have selected. That step is the reason Google says this is a one-time process for advanced users.
What is a verified developer?
The most important element of the new process is that it will be required for installing apps from unverified developers. Those will be developers who haven’t passed Google’s new Android developer verification requirements, which the company announced last year. The new rules will require developers to provide details such as their legal name, address, email address, and phone number, and in some cases a copy of a government-issued ID to Google or pay a registration fee.
There will be some exceptions to this process, though. Google will provide students and hobbyists with limited distribution accounts. Those will allow sharing apps with up to 20 people without providing a government-issued ID or paying a registration fee.
The change is coming soon, but you probably shouldn’t fret about it
Both the limited distribution accounts and the new installation flow will be rolled out to users in August. Then, the new developer verification requirements will take effect in Brazil, Indonesia, Singapore, and Thailand, followed by a global rollout sometime in 2027. While the changes may sound very drastic, for the vast majority of Android users almost nothing will change. As long as you stick to Play Store apps, you won’t need to do anything different. However, if you’re using third-party app stores and sideloading apps regularly, you’ll need to jump through some hoops.
One thing we have yet to see is how developers react to the change. If there’s a mass boycott of Google’s new system, more users may be forced to clash with this process. I doubt that will be the case because there are very few reasons for legitimate developers to avoid Google’s verification. If that helps fewer users get scammed through malicious apps, I think it’s a good move on Google’s part.
