Google clarifies: Sideloading on Android remains intact

Google has published a post on the Android Developers blog in which the company emphasizes that sideloading will continue to be possible on Android. However, the company did not address the concerns raised a few days ago by independent app platforms such as F-Droid about the upcoming introduction of developer verification.

In the article entitled “Let's talk security: Answering your top questions about Android developer verification,” Google makes it clear that the developer verification requirements coming in autumn 2026 are primarily intended to improve security but not to restrict users' freedoms. The new system, which will link every Android app in Google's ecosystem to a verified developer identity, aims to make it more difficult for malicious actors to impersonate developers or spread malware via apps. “We want to make sure that an app you download really comes from the developer listed as the publisher, regardless of where you got the app,” says Google.

Google goes on to say that verified developers will still be able to distribute their apps directly to users, either by sideloading or via an app store of their choice. The company is thus making it clear that sideloading—i.e., the installation of an application file (APK) directly on the device without the detour via an app store—will remain available for Android. “Sideloading is a fundamental component of Android and will continue to exist.”

Development in Android Studio without registration

Google is also continuing to work to ensure that the upcoming changes will not affect the daily workflow of developers “so that they can continue to create their apps as smoothly as possible.” It also states that participation in the developer review will not affect work in the Android Studio development environment. Developers can continue to create and run apps even if their identity has not been verified.

Google is introducing free developer accounts for hobbyists and small developers. This allows them to distribute apps on a limited number of devices without having to go through the developer verification process, where an official ID must be presented.

However, if the current testing process is based on distributing APKs to testers for installation using methods besides adb, developers must provide their identity to Google and register the package. This also applies if developers make their apps available to test teams via “Google Play Internal Testing,” “Firebase App Distribution,” or similar solutions via other distribution partners.

Google does not address F-Droid's concerns

What Google does not address in the article, however, is the essential question that the operators of the Play Store alternative F-Droid recently asked: namely, who controls the identities of the developers and the signature keys.

F-Droid wrote in a post on Monday that Google's new rules would bind all Android apps, including those distributed outside the Play Store, to a developer account verified by Google. This would make Google, similar to Apple with iOS and iPadOS, the “central authority” for the distribution of Android apps, including those that are not offered in the Play Store. These changes would jeopardize the existence of alternative app stores.

F-Droid explained that it could not take over the identities of apps on behalf of open-source developers. This means that many apps developed by the community or by independent developers could disappear if they refuse or are unable to register. As things stand, Google is accepting this in favor of greater control. However, Google still has time until the deadline to change its mind if necessary.

The operator of the alternative app store is calling on regulators and competition authorities to check whether Google's new measures to improve security could be misused to “consolidate its monopoly position.” “We urge regulators to ensure the free operation of alternative app stores and open-source projects and to protect developers who cannot or will not comply with exclusionary registration procedures and personal data requirements.”

(afl)