Android isn't killing sideloading, but it's making it a lot harder

[Alfonso Maruccia]

A hot potato: A year after announcing the most significant change to Android in a long time, Google is now introducing a new process aimed at making the mobile platform "open" again. Mountain View says the move is intended to balance openness with safety, but some users are expressing strong frustration nonetheless.

Google has confirmed that Android will not retire app sideloading, but the company is implementing measures that make the process cumbersome – something only "power users" are likely to attempt. According to Matthew Forsythe, the newly introduced advanced flow is designed to protect users from potential coercion, scams, or malicious software.

In 2025, Mountain View announced that app developers would be required to register with Google using a standard, government-issued ID. Some third-party developers and alternative app stores, such as F-Droid, opposed the change, prompting Google to retract its original plan. The advanced flow was ultimately introduced to address concerns from the open-source community.

"Android is built on choice. That is why we've developed the advanced flow - an approach that allows power users to maintain the ability to sideload apps from unverified developers," Forsythe said in a post on the Android Developers Blog.

The one-time process is based on the assumption that only power users will permanently re-enable sideloading on their devices. The advanced flow has been carefully designed to prevent successful scams or coercion, requiring both an explicit user choice and a one-day enforced delay before sideloading can be completed.

The process is straightforward but involves four distinct phases, beginning with the activation of developer mode in Android's system settings. Users must also confirm that no external party is "coaching" them to bypass security measures. Next, the phone must be restarted, followed by a 24-hour "protective waiting" period.

Finally, users must provide another confirmation that they genuinely wish to enable full app sideloading – either for seven days or indefinitely. The system continues to warn against sideloading but will ultimately allow the installation to proceed. Advanced flow activation is only required for apps from unverified developers, while apps from newly registered developers follow a separate installation process.

Forsythe acknowledged that developer identification could pose a significant barrier for new Android apps but said the advanced flow technology should give users sufficient freedom to join the ecosystem. The new process is expected to roll out in August, while the ID-based developer regime is slated for a global launch in 2027.

Permalink to story:

Android isn't killing sideloading, but it's making it a lot harder

 

[Theinsanegamer]

Users already had sufficient freedom. This newspeak is just disgusting. All you've done here is annoy anyone who wants to actually control their device.

I have no faith they won't make this process worse over time.

 

[yRaz]

Side loading? You mean "installing software"

What kind of psy-op is "side loading?"

 

[GeoffreyA]

Speechless.

 

[Buhaj]

Google is trying to protect its revenue streams, conveniently dressing it up as "user protection" - maybe let the user decide what apps he wants to INSTALL on his phone. The moment this possibility disappears, there is no good reason to pick Android over iOS other than habit.

 

[Hecate91]

The moment this possibility disappears, there is no good reason to pick Android over iOS other than habit

Other than side loading still exists, not to mention device cost, repairability, game emulators, file drag and drop on Windows, browsers not all just being a fork of the same browser like they are with iOS.

 

[tomkaten]

Yeah, we need to end the plague of side-loading (AKA installing apps on the hardware device you paid for), because having everything installed via Google's infallible Play Store 100% guarantees your safety, right ? /s

 

[Theinsanegamer]

Other than side loading still exists,

The comment you are replying to didnt say it doesnt. It says that once Google finally nixes sideloading, its all over.

Which, if you are at all familiar with Google and how they treated things like SD cards, you know it is inevitable.

not to mention device cost,

If you want anything close to the iphone in software lifetime and hardware support, you are going to be paying iphone prices.

The $600 iphone gets 8 years of support, most cheap androids are lucky to get 3.

repairability,

Iphones are quite repairable. the 17e just scores a 7/10.

The pixels and samsung phones score 4-5/10.

So......

game emulators,

Delta4iOS can emulate most 8 and 16 bit systems and portables like the GBA. The more powerful emulators rely on sideloading, see point 1.

file drag and drop on Windows, browsers not all just being a fork of the same browser like they are with iOS.

There are areas where Android is indeed better, although now with the alt store you are not just restricted to Safari. Nobody has bothered to port a browser over though.

 

[Hecate91]

Which, if you are at all familiar with Google and how they treated things like SD cards, you know it is inevitable.

Well you can thank Apple for that one, same with 3.5mm headphone jacks.

If you want anything close to the iphone in software lifetime and hardware support, you are going to be paying iphone prices.

The $600 iphone gets 8 years of support, most cheap androids are lucky to get 3.

The Pixel 9a sells for less than $500 and has 7 years of OS updates, apps still get updates after that.

Iphones are quite repairable. the 17e just scores a 7/10.

The pixels and samsung phones score 4-5/10.

So......

The ease of taking the phone apart isn't the same as being able to buy replacement parts, only Apple sells parts, and you still have to be blessed by Apple to pair those parts to the phone.

Delta4iOS can emulate most 8 and 16 bit systems and portables like the GBA. The more powerful emulators rely on sideloading, see point 1.

That pales in comparison to the flexibility Android has with emulators, if Google blocks sideloading, there's always GrapheneOS.

There are areas where Android is indeed better, although now with the alt store you are not just restricted to Safari. Nobody has bothered to port a browser over though.

What I meant is every browser on iOS is Safari with a different skin, on Android you can get browsers besides Chrome and have the ability to use adblockers and other extensions.

 

[p51d007]

Here's what it SHOULD say: A year after announcing the most ANNOYING update to Android in a long time...
It's MY phone. If I want to side load something outside the google sphere, all I should have to do is
click a box that says I ASSUME the risk.
Google just wants to go all "apple walled garden".

 

[trparky]

Seriously, can we all take a step back for a second?

Instead of looking at this from the perspective of people who read sites like TechSpot, try looking at it from the perspective of someone less tech-savvy... like your mom or grandmother.

Because that’s what changes like this are really aimed at.

Most of us here understand what sideloading is, what the risks are, and how to avoid obvious scams. But a lot of people don’t. They get tricked into installing things because a website tells them to, or because someone walks them through it step by step.

From that angle, adding friction to the process isn’t about “taking away freedom”, it’s about making it harder for bad actors to exploit people who don’t know any better.

And importantly, sideloading isn’t being removed. If you really want to do it, you still can... you just have to be a bit more deliberate about it.

That extra friction is kind of the point. It’s there to make it harder for someone’s mom or grandmother to be walked through installing malware by a scammer.

You don’t have to love how Google is doing this, but the goal—namely protecting less tech-savvy users from being tricked—isn’t exactly unreasonable.

 

[Homerlovesbeer]

Does anyone know how to download apps in a country when travelling in it when Google lock out the actual Play Store and tell me the app is not available in my country?

Bloody ridiculous. I travel to the USA weekly and when I try to download the app from the store I'm constantly refused because my account was created in another country. Wth? I'm literally in the country yet still can't download it?

Ticket apps, basic stuff, heck I can't even download BestBuy app.

So frustrating!

 

[trparky]

Listen, I’m always going to advocate for stronger security and that comes from personal experience.

Many years ago I worked as a Geek Squad agent (don't laugh), and I saw firsthand the kinds of messes malware can cause. I've seen people cry over lost family photos because of either hardware failure or malware. Believe me, I've seen it all. I've been in the trenches.

With that being said, those experiences have given me a pretty clear perspective on how the average person actually uses their devices.

Most people here know how to avoid that but a lot of others don’t and they’re the ones who end up dealing with the fallout.

So yeah, I understand why people don’t like added friction. But I also understand why companies try to put guardrails in place, even if it’s a bit inconvenient for the rest of us.

 

[Theinsanegamer]

Well you can thank Apple for that one, same with 3.5mm headphone jacks.

Ummmm.....no? Apple did not force anyone to get rid of the headphone jack, and never had SD cards to begin with. Google is responsible for Google neutering SD cards in the name of "security" after swearing they wouldnt do that. Google is responsible for Google following trends and removing useful ports instead of making smart decisions.

The Pixel 9a sells for less than $500 and has 7 years of OS updates, apps still get updates after that.

The iphone 17e is less then $600 and has 8 years of OS updates, apps still get updates after that.

The ease of taking the phone apart isn't the same as being able to buy replacement parts, only Apple sells parts, and you still have to be blessed by Apple to pair those parts to the phone.

It's not easy to find genuine parts for several year android phones at all. Everything is third party and the quality is questionable.

99% of people will take their phone...to a STORE to get it fixed. Apple parts are not significantly more expensive then their Android counterparts at a similar quality level.

That pales in comparison to the flexibility Android has with emulators,

The point there is that android's emulator variety requires sideloading.

if Google blocks sideloading, there's always GrapheneOS.

Bootloaders are increasingly locked down and alternative OSes are not guaranteed to be supported by things like banking or medical apps.

What I meant is every browser on iOS is Safari with a different skin, on Android you can get browsers besides Chrome and have the ability to use adblockers and other extensions.

I wasnt confused by what you said at all. Re read my comment.

iOS has had OS level adblockers for YEARS now.

Seriously, can we all take a step back for a second?

Instead of looking at this from the perspective of people who read sites like TechSpot, try looking at it from the perspective of someone less tech-savvy... like your mom or grandmother.

Because that’s what changes like this are really aimed at.

Gramma doesnt know what a developer mdoe is and isnt using it. If someone is gullible enough to listen to "DO NOT REDEEEM SAR" and go through the steps to install malware on their phone from sketchy callers or emails, a 24 hour hold wont stop them. These scammers play the long game.

Non tech people dont bother reading anything anyway. a 24 hour hold, multiple windows warning them? Useless, they'll just click yes and keep going, while inconveniencing those of us that know how to install software. The overwhelming majority of users never sideload anything.

This isnt about security. This is about Google locking down their garden to exploit its users further while locking out developers that make software they dont like (adguard, newpipe, ece).

 

[trparky]

This isn't about security. This is about Google locking down their garden to exploit its users further while locking out developers that make software they dont like (adguard, newpipe, ece).

There might be some truth to that. AdGuard is arguably one of the biggest threats to Google’s advertising ecosystem, so it wouldn’t be surprising at all if Google is trying to limit what apps like it can do.

At the same time, though—how did anyone not see this coming? This is Google we’re talking about here. The company has been moving in this direction for years. The old image of Google as the champion of an open Internet, the one that leaned on “Don’t be evil,” just doesn’t really match reality anymore.

I switched to iPhone a long time ago because of Google’s constant need to collect data on just about everything you do. And honestly, it’s the same reason I’m planning to move to a Mac eventually. Microslop has been heading down the same path as Google with all their tracking and data collection in Windows 11.

At a certain point, it just gets exhausting feeling like the product instead of the user.

 

[GeoffreyA]

There might be some truth to that. AdGuard is arguably one of the biggest threats to Google’s advertising ecosystem, so it wouldn’t be surprising at all if Google is trying to limit what apps like it can do.

At the same time, though—how did anyone not see this coming? This is Google we’re talking about here. The company has been moving in this direction for years. The old image of Google as the champion of an open Internet, the one that leaned on “Don’t be evil,” just doesn’t really match reality anymore.

I switched to iPhone a long time ago because of Google’s constant need to collect data on just about everything you do. And honestly, it’s the same reason I’m planning to move to a Mac eventually. Microslop has been heading down the same path as Google with all their tracking and data collection in Windows 11.

At a certain point, it just gets exhausting feeling like the product instead of the user.

Samsung's Auto Blocker is a balanced approach, asking the user for a PIN or fingerprint when disabling. Most non-enthusiasts, like a grandparent, are not going to get past that. Google is ostensibly improving security; the real aim is, plausibly, less benign.

When I was a youngster, Google was indeed the icon of "Don't be evil." My younger self would be shocked to learn how far they've fallen. And whereas with Microsoft, we see incompetence, Google possesses a cunning competence to further their interests.

On a lighter note, what most companies do reminds me of a relationship or marriage. Instead of both partners or spouses discussing a matter and coming to a decision that satisfies both, one just does his or her own thing, much to the frustration of the other. The problem we're having, for example, with Google and Microsoft is exactly that: we have got no input.

 

[Nobina]

You should be your own security, that's the natural way, and most effective. How do you accidentally go to a website, download an app, install it, run it, go through some steps in the app and then get hacked?

 

[toooooot]

One of the things I hate about Apple the most is inability to install non store apps.
Sadly, Dontbeevil dreams to do the same. If they did not strongly rely on ability to do
so to begin with, they would probably lock this feature long ago.
Locking people to their playstore is not just money. It is a lot of control.
They can even score points with government by deciding some
apps are "unwanted" for users this way.

 

[Plutoisaplanet]

One of the things I hate about Apple the most is inability to install non store apps.
Sadly, Dontbeevil dreams to do the same. If they did not strongly rely on ability to do
so to begin with, they would probably lock this feature long ago.
Locking people to their playstore is not just money. It is a lot of control.
They can even score points with government by deciding some
apps are "unwanted" for users this way.

You can side-load on an iPhone lol. How do you think developers test apps? Side-loading for end-users relies on a streamlined variation of that process.

See altstore.io for a long-standing example of a 3rd party app store. It requires a PC to host your own sideloading app store, unless you live in Europe or Japan where side-loading regulations have passed to make it a native experience.

I’ve been posting about AltStore for years on TechSpot. Side-loading on iOS is not like gaming consoles at all because anyone can build a mobile app.

 

[Che Cazzo]

Side loading? You mean "installing software"

What kind of psy-op is "side loading?"

Shhhhhhh!

Don't burst the Android Boys cool bubble!!

 

[acrossthestars]

Users must also confirm that no external party is "coaching" them to bypass security measures. Next, the phone must be restarted, followed by a 24-hour "protective waiting" period.

I've got so many questions about how any of this works, but I can boil all of it down to the one, which is, "what makes any of this "safer" than the somehow less-safe system that 'sideloading' supposed was before?" You can no more conclusively prove someone wasn't "coached" from a prompt, than an under-18 answered "yes" to "are you old enough to watch this content?"

If this is all in the service of feigning "protection", as in "welp, we tried", then just don't even bother. I'm so tired of politicians playing this game, where they demand people "draw" locks on doors and "pretend" they just hardened some defenses. It's the TSA for your digital life: security theatre disguised as comfort.

 

[Tantor]

I wonder if these restrictions work for de-googled Android devices. Rooting may let you bypass them entirely. One can only hope.

 

[Hecate91]

Ummmm.....no? Apple did not force anyone to get rid of the headphone jack, and never had SD cards to begin with. Google is responsible for Google neutering SD cards in the name of "security" after swearing they wouldnt do that. Google is responsible for Google following trends and removing useful ports instead of making smart decisions.

Google follows Apple trends, and this is just a step further to compete with the locked down iOS store, because Google would rather you buy apps than find free alternatives.

The iphone 17e is less then $600 and has 8 years of OS updates, apps still get updates after that.

A "cheap" iphone with only a single camera, and 60Hz display.
But a whole extra year is just e-peen measuring, heck bragging about anything more than 3 years is e-peen waving, the average person replaces their phone every few years anyway.

It's not easy to find genuine parts for several year android phones at all. Everything is third party and the quality is questionable.

99% of people will take their phone...to a STORE to get it fixed. Apple parts are not significantly more expensive then their Android counterparts at a similar quality level.

I can easily buy a battery or replacement screen for a Google Pixel or Samsung from iFixit, and it doesn't require pairing the phone with a new battery.
Those who take their phone to a store to get it fixed aren't going to care about sideloading to play retro games.

The point there is that android's emulator variety requires sideloading.

Sideloading isn't dead, it just has an extra security measure thanks to the average person tapping on things they shouldn't be ruining it for everyone else.

Bootloaders are increasingly locked down and alternative OSes are not guaranteed to be supported by things like banking or medical apps.

Again those who care probably aren't sideloading.

I wasnt confused by what you said at all. Re read my comment.

iOS has had OS level adblockers for YEARS now.

That isn't a true system wide ad block like an additional DNS is.

This isnt about security. This is about Google locking down their garden to exploit its users further while locking out developers that make software they dont like (adguard, newpipe, ece).

If Google really cared about people using sideloaded apps like adguard or newpipe they would've blocked them already, as well as blocked the whole Youtube platform from using adblockers.

 

[Vixiy]

WTF is sideloading?
I install programs to my Android device from a package I downloaded the same as any other computer.

 

[disinfect8280]

Side loading? You mean "installing software"

What kind of psy-op is "side loading?"

A psy-op to slowly take away your freedom...