Android Sideloading Gets a New Security Gate. Here’s What Changes in August

Google just made it harder to install apps outside the Play Store. And honestly, the new process is more involved than most people probably expected.

Starting in August, sideloading apps from unverified developers on Android requires jumping through a brand-new multi-step security flow. It’s a one-time setup, but it’s not exactly quick. So if you’ve been casually downloading APKs from random corners of the internet, those days of easy installs are numbered.

The New Sideloading Setup Is a Multi-Step Process

Here’s what the new flow actually looks like. First, you head into settings and enable developer mode. Then you confirm you’re not being pressured by someone into turning off your security protections. Next, you restart your phone, which cuts off any active phone calls. After that, you wait a full day. Finally, you verify your identity using biometrics or a PIN before any installation can happen.

That waiting period is deliberate. Google designed it specifically to break the momentum of social engineering attacks, where someone on a phone call coaches a victim into installing something malicious.

Once you clear all those steps, you can enable sideloading for either seven days or indefinitely. But here’s the catch: regardless of which you choose, you’ll still see a warning every single time you install an app from an unverified developer. Google isn’t letting you skip that reminder.

Hobbyist Developers Get Their Own Workaround

Not everyone who wants to share an app outside the Play Store is a bad actor. Students building class projects, indie developers testing early builds, hobbyists sharing tools with friends — they all have legitimate reasons to distribute apps without going through full verification.

Google thought about this group. The company plans to offer free “limited distribution accounts” that let developers share apps with up to 20 devices. No government-issued ID required. No registration fee either. It’s a genuine carve-out for small-scale, low-stakes distribution that doesn’t rope hobbyists into the same verification process as commercial developers.

That said, even these limited accounts come with their own restrictions. Twenty devices isn’t a lot if you’re hoping to run a meaningful beta test.

Why Google Is Doing This Now

Google frames the developer verification requirement as something similar to an ID check at an airport. The analogy is theirs: it confirms who someone is, but it’s separate from actually screening what’s in their bags. The point is that verification and security aren’t the same thing, but both matter.

This new sideloading policy fits into a bigger picture. Google has been simultaneously tightening what apps can reach Android devices through unverified channels while also cutting Play Store fees and softening its stance toward third-party app stores. It’s a balancing act between locking things down and not completely alienating the developer community.

And that community has been vocal. Several developers and digital rights organizations pushed back hard when Google first announced stricter verification rules in late 2025. The original plan would have required all developers to be verified before distributing apps on Android at all. Google walked that back, creating the hobbyist carve-outs and limited distribution accounts as a compromise.

This Doesn’t Completely Lock Down Sideloading

Worth being clear about what this change actually does and doesn’t do. Installing apps from unverified developers is still possible after August. Google isn’t eliminating sideloading. It’s adding friction to it.

That friction is intentional. A scammer trying to trick someone into installing a malicious app mid-phone-call now faces a 24-hour waiting period and a phone restart as obstacles. Those aren’t insurmountable barriers for a determined bad actor, but they break the social engineering playbook that relies on keeping victims engaged in real time.

For everyday users who never sideload apps anyway, none of this changes anything. For power users who regularly install apps from outside the Play Store, August brings a one-time setup headache and a persistent warning banner. Annoying, yes. But workable.

Developers who want early access to the new verification process can sign up now. The full sideloading workflow goes live in August.

The policy shift clearly signals where Google wants Android to head. More accountability for who distributes software, more friction for unverified installs, and more control over the broader Android ecosystem. Whether that trade-off feels worth it depends a lot on which side of the developer verification process you’re on.