Google says Android’s upcoming developer verification rules will still allow sideloading, introducing a new “advanced flow” that lets users install apps from unverified developers after completing a series of anti-scam safeguards.
In an announcement by Matthew Forsythe, Director of Product Management for Android App Safety, Google outlined how it plans to balance tighter app safety controls with Android’s longstanding openness. The announcement comes as Google prepares to enforce new developer verification requirements, a move intended to make it harder for malicious actors to abuse the platform while still preserving flexibility for experienced users and small-scale developers.
The key point of the announcement is “advanced flow,” a new system designed for users who knowingly want to sideload apps from developers that have not been verified by Google. Rather than allowing a simple bypass, Google built the process to slow users down and make it more difficult for scammers to coerce them. The company says scammers often pressure victims over the phone or through remote access tools, pushing them to disable Android’s protections and install malicious software under false pretenses.
To counter that, the new sideloading flow requires users to first enable Developer Mode, confirm they are not being coached into changing security settings, restart the device, and then wait one full day before completing biometric or PIN-based reauthentication. After that, users can choose to allow installs from unverified developers for seven days or indefinitely, though Android will still display a warning before installation.
Google framed the feature as a direct response to both community feedback and the growing scale of online fraud. Citing a 2025 Global Anti-Scam Alliance report, the company said 57% of surveyed adults encountered a scam over the past year, contributing to an estimated $442 billion in consumer losses worldwide. By introducing delays and additional confirmation steps, Google aims to break the “urgency” scammers rely on to manipulate targets into overriding built-in protections.
As the world’s largest mobile operating system, Android supports an open app distribution model that allows installations outside the Play Store, a capability favored by developers, researchers, and power users but also frequently abused in malware campaigns.
Alongside the user-facing sideloading changes, Google announced free, limited-distribution accounts that let students and hobbyists share apps with up to 20 devices without paying a registration fee or submitting government-issued identification. Google said both the advanced flow and the limited-distribution option will launch in August, before the new verification rules take effect.
Users are advised to only sideload apps when absolutely necessary, verify the source independently, and treat any urgent request to disable security features as a likely scam.
If you liked this article, be sure to follow us on X/Twitter and also LinkedIn for more exclusive content.
