Android: Sideloading of unverified apps will become more complex
Android apps can apparently also be installed via sideloading without developer verification by Google. But the process may be more complicated than before.
Google Android Bugdroid in front of a castle symbol.
(Image: Primakov/Shutterstock.com)
For months it has been clear that from autumn 2026, in some countries, only applications whose publishers have previously registered with Google and signed the respective application will be allowed to be installed on certified Android devices. After criticism, the company relented somewhat in November regarding sideloading for unverified apps, and the expected process is now becoming apparent.
Installation of unverified apps remains
In November, Google stated that “experienced users” would still be able to install unverified apps. According to the explanation at the time, the company intended to develop a “new, advanced process” that would allow experienced users to “accept the risks of installing unverified software.” This solution was primarily intended for developers and power users.
Android Authority, in collaboration with Android researcher and tinkerer Assemble Debug (Shiv), has uncovered how the whole process is likely to be implemented. The tinkerer discovered assets in Google Play version 49.7.20-29 that relate to verified installations and the option to proceed without verification. Similar code was already discovered in July 2025 in Android's system-wide package installer here. This suggests that Google has been preparing the new developer verification process for some time.
The code contains the following content:
<code>Installation ohne ĂśberprĂĽfung
Wenn Sie eine App ohne Überprüfung installieren, beachten Sie bitte, dass Apps von nicht verifizierten Entwicklern Ihr Gerät und Ihre Daten gefährden können.
App-Entwickler kann nicht verifiziert werden
Kein Internet, App-Entwickler kann nicht verifiziert werden
Die App kann momentan nicht verifiziert werden.</code>While it is still unclear how the messages will be displayed to users, the content already provides insight into what to expect. Among other things, the process includes an active component for which an internet connection is required. If none is available, users will receive a warning that the developer status cannot be verified.
Videos by heise
“Accountability Layer”
In response to the Android Authority article, Matthew Forsythe, Director of Product Management, Google Play Developer Experience & Chief Product Explainer, explained on X that the new system is not a restriction on sideloading unverified apps. Instead, Google is introducing a so-called “Accountability Layer” into Google Play, according to Forsythe. Advanced users can still choose to “Install without verification” for APK files (Android Package Kit). However, Google states that they will have to go through a complex process that is intended to help users understand the risks.
It will likely be some time before users in Europe encounter these new installation hurdles. This is because the sideloading of anonymous apps is scheduled to be made more difficult in Brazil, Indonesia, Singapore, and Thailand in September 2026. The rest of the world will follow gradually from 2027, according to the current schedule. Consequently, the company still has plenty of time to readjust and further modify the already relaxed requirements.
(afl)
