To stop scams and malware, Google is previewing a new safeguard for Android that’ll force users to go through a one-time 24-hour wait before they can sideload apps from unverified developers.
The safeguard is part of a new “advanced flow for sideloading” that Google is preparing, months after the company pulled back from requiring that all app installs on certified Android devices come from verified developers.
Back in November, Google mentioned that an upcoming “advanced flow that allows experienced users to accept the risks of installing software that isn’t verified” was in the works. On Thursday, the company finally revealed details all the while saying, “Sideloading is here to stay.”
But the program is already starting to face some backlash over concerns the guardrails go too far. The company has published a video, showing the advanced flow requires users to go through several steps before they can begin sideloading unverified apps. The first requires enabling developer mode in system settings to permit the sideloading from unverified sources. Users will then see a window that says “Is someone asking you to do this?” and warns about potential scams, like for example, a hacker tricking the user into installing a banking app that is actually malware.
This Tweet is currently unavailable. It might be loading or has been removed.
A user can click through the warning by tapping “No one is instructing me.” The second step will require the Android phone to be restarted in an effort to cut off the possibility that a hacker is calling the user to coerce them into installing malware.
However, crossing the fourth step involves waiting out a one-time 24-hour “security delay” before any Android apps from unverified developers can be installed. In a blog post, Google explained: “Scammers rely on manufactured urgency, so this breaks their spell and gives you time to think.”
(Google)
In a statement, Google also told PCMag: “This 24-hour period only applies to sideloading apps from developers who have not gone through the verification process. Users will remain free to sideload apps from verified developers without this cool down period.”
“It’s worth noting that every developer on Google Play has already gone through verification,” the company added.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy
Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Still, the process is already facing criticism. “The 24h delay ‘to protect from scammers’ is just an excuse to inhibit user choice, it’s common for scammers to call back the next day,” tweeted one software developer, who expects the restriction to discourage users from installing open-source apps outside the Google Play Store.
“This is a step in the wrong direction, but you will learn like BlackBerry and Nokia,” tweeted another user, alluding to two major smartphone brands that later declined.
However, Google’s Android team has also been on social media to explain and defend the safeguards. “Platforms need to be open and safe. Android has 3b+ (3 billion plus) users, many of which are targeted. For users who want to take the step to disable verification it’s a one-time step,” tweeted Google President for the Android ecosystem Sameer Samat.
Recommended by Our Editors
In the blog post, the company notes, “advanced flow for users will be available in August.” That said, the company plans on only enforcing the new verification requirements for Android apps and developers first in Brazil, Indonesia, Singapore, and Thailand this September. Google then plans on expanding the requirements globally in “2027 and beyond.”
In the meantime, the free Android store F-Droid has been opposing the verification requirements, criticizing it as “corporate surveillance,” since individual software developers need to submit an official ID, address, phone number, and pay $25 fee.
“Google does not own your phone. You own your phone. You have the right to decide who to trust, and where you can get your software from,” F-Droid said last year.
But in response to some of the criticism, Google is preparing free, limited distribution accounts for students and hobbyists, allowing them to share Android apps “with a small group (up to 20 devices) without needing to provide a government-issued ID or pay a registration fee.”
About Our Expert
Michael Kan
Senior Reporter
Experience
I’ve been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I’m currently based in San Francisco, but previously spent over five years in China, covering the country’s technology sector.
Since 2020, I’ve covered the launch and explosive growth of SpaceX’s Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I’ve combed through FCC filings for the latest news and driven to remote corners of California to test Starlink’s cellular service.
I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. Earlier this year, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.
I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I’m now following how President Trump’s tariffs will affect the industry. I’m always eager to learn more, so please jump in the comments with feedback and send me tips.
Read Full Bio
/https://i.s3.glbimg.com/v1/AUTH_08fbf48bc0524877943fe86e43087e7a/internal_photos/bs/2026/N/o/1svZTBRimGx0WVEg9FMA/the-rise-of-a-new-rivalry.-esports-nations-cup-1-.jpeg?w=1024&resize=1024,1024&ssl=1 "Esports Nations Cup: tudo o que já sabemos sobre a 'Copa do Mundo dos games'")
:strip_icc()/i.s3.glbimg.com/v1/AUTH_08fbf48bc0524877943fe86e43087e7a/internal_photos/bs/2023/5/T/fB2u9TRA2hRbTJiLxaCA/techtudo-31-m.jpg?w=1024&resize=1024,1024&ssl=1 "Steam fora do ar? Plataforma apresenta falha global nesta terça (7)")
