Google is fundamentally changing how app sideloading works on Android. In an effort to curb malware and social engineering scams, the firm is introducing what it calls an "Advanced flow" that makes installing apps from unverified developers slightly harder.
Sideloading on Android Is Harder but It’s a One-Time Process
Rolling out in August 2026, Android's new security measure called Advanced flow will introduce a 24-hour waiting period for those who want to install apps from unverified developers. This is aimed at scammers who use high-pressure tactics to make users give in to manually installing APKs containing malicious software.
By introducing this initial friction, Google hopes to break the urgency these attacks rely on. As for how the new workflow works, to sideload an unverified app, users must navigate a six-step process:
- Firstly, users must manually enable Developer Options.
- Next, Android will prompt the user to confirm they are not being coached of forced by a third-party.
- Then, the system will force a phone restart, which should discard any active phone calls or screen recording sessions controlled by scammers
- After the reboot, an invisible countdown timer begins, called "Protective waiting period". Users cannot sideload any unverified apps until a full day has passed.
- After 24 hours, users must re-authenticate using biometrics or a PIN.
- Then, they can choose to allow unverified installs temporarily for seven days or indefinitely.
However, it's worth noting that this flow only applies to apps from developers who refuse to fail or complete Google's new identity verification requirements.
These requirements will take effect in select markets starting September 2025. Apps from developers, students and hobbyists will bypass this flow. However, for power users, ADB sideloading via the Android Debug Bridge will not follow the 24-hour rule, allowing users to install unverified apps at any time by connecting their smartphones to computers.
-356w.webp "Oppo A6s 5G front and back in Plum Purple")
