Android Chief on Sideloading and Registration: "The warnings are insufficient"

Since August 2025, it has been clear that from autumn 2026, only applications on certified Android devices will be installable in the first countries, provided their publishers have previously registered with Google and signed the respective application. Sameer Samat, head of Google's Android ecosystem, explains in an interview the reasons for the upcoming registration requirement for all app developers and how important sideloading is for Android, on the other hand.

Samat spoke on the sidelines of the Mobile World Congress (MWC) in Barcelona with Adamya Sharma from Android Authority. The conversation initially revolves around Android 17 and the integration of agentic functions into the operating system, which are intended to handle multi-stage tasks. However, Google had already explained this extensively before.

Samat also spoke about Google's decision, controversial in the developer community, to require all app developers to register. He also addressed the topic of sideloading, i.e., the ability to install apps directly from websites onto Android devices.

Sideloading remains

On the one hand, Samat reiterated that Google has no plans to remove sideloading. The company has been saying this for months, but clarifies that the process is primarily intended for experienced users. Furthermore, it is intended to become more complex to protect inexperienced users.

However, the head of the Android ecosystem noted that governments worldwide are increasingly pressuring Google to address the problem of malicious apps. The upcoming changes regarding sideloading are intended to counteract a growing wave of fraud attempts targeting less experienced users.

“Sideloading is really important. It's not going away, and it's always been a critical part of Android,” Samat said. “I think if you talk to any government in Southeast Asia, in Latin America, or in a number of places, this is a huge topic for their citizens,” he added.

Samat admitted, however, that the warning systems used in Android are not always effective when fraudsters pressure vulnerable users into installing malicious apps. “The warnings we currently have are insufficient,” Samat said.

To better protect users from such threats, the company has proposed verifying the identity of developers, including those who distribute their applications outside the Play Store. In the first countries, such as Brazil, Indonesia, Singapore, and Thailand, Google plans to introduce this registration requirement in September 2026, and in Europe, not until 2027.

Google is in a difficult position, as the company must balance two core principles of Android – openness and security – as the Android chief explains: “If the platform doesn't protect vulnerable users, it won't be successful.” “And if it doesn't honor openness, it also won't be successful,” he adds.

Matthew Forsythe, Director of Product Management, Google Play Developer Experience & Chief Product Explainer, describes Google's approach on LinkedIn as “responsible openness.” “A user should be able to sideload an app and know, at minimum, that the developer is a real entity who has been held to a standard of accountability.”

Independent developers not satisfied

Independent developers, especially the operators of the alternative Android app store F-Droid, are not satisfied with Google's approach of “responsible openness” and the associated registration requirement. They have been campaigning against Google's proposal for months.

In an open letter, opponents of the new strategy accuse Google of making itself the gatekeeper of third-party distribution channels with developer verification. Those who distribute their apps via their websites, alternative third-party app stores, company distribution systems, or similar channels must also obtain Google's approval through a mandatory verification process. This includes agreeing to the terms and conditions, paying a fee, and uploading an official ID. Among the over 50 co-signatories of the letter are the Chaos Computer Club, the Free Software Foundation, the email provider Tuta, the creators of the Vivaldi browser, and Codeberg.

Furthermore, the authors of the letter criticize that artificial barriers to entry are being created and fear data protection risks due to a central database of Android developers in the company's hands. Moreover, competition distortions could occur if Google collects data through such registration on who offers which apps.

Empfohlener redaktioneller Inhalt

Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.

Preisvergleiche immer laden Preisvergleich jetzt laden

Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.

(afl)