Google's new Android sideloading process requires restart and wait time

Google has taken the next step in changing sideloading on Android devices, outlining the upcoming process for installing apps from unverified developers outside the Play Store. In addition to the usual activation of Android developer options, a restart and a 24-hour waiting period will be required in the future. This is primarily aimed against scam attempts via phone, where fraudsters try to force victims to install malware under pressure.

Back in August 2025, Google announced it would ban anonymous Android apps. From autumn 2026, only applications whose publishers have previously registered with Google and signed the respective application will be allowed to be installed on certified Android devices. Following concerns from alternative app stores like F-Droid, Google immediately clarified that sideloading on Android will remain. Shortly thereafter, Google slightly relaxed the strict registration requirement for app developers and partially relented on app sideloading. Experienced users will be able to sideload unverified apps in the future.

More complex sideloading permission

That this sideloading of unverified Android apps will become more complex had already become apparent at the beginning of this year. Now Google has presented the new process for the first time in its blog for Android developers. For app sideloading by Google-verified developers, nothing changes; only when installing apps from unverified developers. For power users, this is only necessary once; the new procedure is intended to make sideloading more difficult, especially on Android devices of inexperienced users.

After the usual activation of developer options in the system settings (tap the build number seven times), the system requires confirmation that no other people have led the user to do so. The device must then be restarted, so that the user has to log in again. After a one-time waiting period of 24 hours, confirmation must be given again via authentication that this setting is desired. Sideloading can then be activated for a limited period of seven days or indefinitely, accompanied by further warnings.

Against fraud attempts and malware

The restart and waiting period are specifically intended to counteract scam attempts. Fraudsters would put potential victims under pressure, for example, by phone, by misrepresenting facts. For instance, they might warn of a compromised bank account or that a family member has been arrested. Users are prompted to install an app to solve the alleged problems, which can only be used via sideloading. This often involves malware that steals sensitive information such as login credentials for bank accounts. The mandatory 24-hour waiting period gives those affected an opportunity to investigate the alleged problems themselves.

Google had only hinted at the more complex process last week when the head of Android described the warnings about sideloading and registration as insufficient. In the future, the protection of inexperienced users is to become more complex. Governments worldwide are increasingly pressing Google to address the issue of malicious apps, which primarily target less experienced users. This particularly impacts countries in Southeast Asia and Latin America, where smartphones are the only computer for many users, meaning all important data is stored there.

Probably for this reason too, Google will begin introducing the app developer registration requirement and stricter sideloading activation in the first countries such as Brazil, Indonesia, Singapore, and Thailand in September 2026. In Europe, this will not be implemented until 2027.

(fds)