Google adds 24-hour Android sideloading process for unverified apps

Google will let Android users install apps from unverified developers through a new 24-hour sideloading process designed to slow scams and risky installs.

Google revises its Android sideloading plan

Google is softening its stance on Android sideloading by introducing a new process that still allows users to install apps from unverified developers. The change follows criticism from developers, advocacy groups and power users who argued that mandatory developer verification risked undermining Android’s long-standing open stance.

Instead of removing that freedom entirely, Google is now creating an “advanced flow” for people who knowingly want to take that risk. The move preserves sideloading on Android while adding more friction around installs that fall outside Google’s verified developer system.

How the 24-hour Android app install flow works

Under the new process, users must enable developer mode, confirm they are acting without outside pressure, restart the device and then re-authenticate before they can proceed. Google also adds a one-time 24-hour waiting period, a step clearly designed to disrupt scams that rely on urgency and coercion.

Once complete, the device can be set to allow apps from unverified developers either temporarily or indefinitely. In practice, Google is keeping sideloading alive, but adding more deliberate security checks.

Why Google changed its sideloading stance

The compromise appears to reflect growing resistance to Google’s broader developer verification rules, which are set to take effect later in 2026. Critics argued that identity checks and added costs could burden smaller developers, students and hobbyists.

Google is also offering limited-distribution accounts that let students and hobbyists share apps with small groups without full verification. Together, these two changes show Google is trying to balance Android security with the platform’s reputation for flexibility.

Extra protection for Android devices

Google’s updated approach adds more friction to risky app installs. That is clearly a step in the right direction, or at least a better alternative than simply killing sideloading. Delays, reauthentication and stronger checks can help interrupt scams that rely on pressure and urgency. Even so, built-in platform protections are only one layer in a much broader security scenario, especially in a mobile ecosystem as open and diverse as Android.

That is why relying solely on default protections may not be enough for people who regularly install apps, follow links from messages or store sensitive data on their phones. Dedicated solutions like Bitdefender Mobile Security for Android can add an extra layer of defense through features such as malware scanning, web protection, scam alerts and privacy-focused monitoring. Combining Android’s native safeguards with specialized mobile security can be a smarter way to reduce exposure to both malicious apps and everyday mobile threats.