Google Allows Sideloading Apps With New "Advanced Flow" for Experienced Users

Google will now let you install apps from outside the Play Store, but it will take an extra day to do so, making it harder for scammers.
By Newsroom | Technology, Android |

Google, the architect behind the Android mobile operating system, is revising its upcoming developer verification requirements, a move that had previously sparked widespread concern about the complete elimination of app sideloading. The company has confirmed that the ability to install applications from sources outside the official Google Play Store will persist, though with significant alterations aimed at enhancing security. These changes are intended to curb the proliferation of malicious applications, which, according to Google's data, are hosted on third-party sites at a rate 50 times higher than within its own marketplace.

Under the new framework, sideloading will not be entirely eradicated. Instead, Google is implementing an "advanced flow" designed as a distinct, one-time process for users who opt to install apps from outside the Play Store. This process aims to introduce friction, particularly against coercive tactics used by scammers who often create a false sense of urgency to trick users into bypassing security measures. The modified approach requires a valid digital signature on every sideloaded app, and Google reserves the right to revoke a developer's certificate if they are found to be distributing harmful software. The aim is to make it substantially more difficult for malicious developers to repeatedly distribute harmful apps under new identities.

Read More: Reddit May Ask Users to Prove They Are Human to Stop Bots

NEW VERIFICATION SYSTEM INTRODUCED

The forthcoming adjustments will be managed by a new system service called the 'Android Developer Verifier'. Unlike the existing 'Play Protect', which is integrated within the Play Store, this new application will operate independently and will be responsible for validating whether an application package is associated with a developer who has registered through the new 'Android Developer Console'. This means that unverified apps will not install on any Google-certified device once the verification rolls out. Google cites user and developer feedback as a significant factor in its decision to provide an avenue for sideloading without the constant worry of verification status.

"ADVANCED FLOW" AND USER CONTROL

The revised system introduces a specific "advanced flow" for installing apps from unverified developers. This flow includes a protective waiting period, described by Google as a "one-day" delay, intended to give users time to reconsider their decision and ensure they are not acting under duress. After this period, users will be able to confirm their intent, thereby proceeding with the installation of an unverified application. Google emphasizes that this mechanism is specifically designed to resist coercion and prevent users from being tricked into bypassing safety checks. While warnings about potential risks will be clearly displayed, the ultimate choice rests with the user.

Read More: KPMG Study: 4 Ways Workers Use AI Better for Complex Tasks

BACKGROUND AND CONTEXT

The recent shifts in Google's stance on sideloading follow a period of significant user and developer backlash. Initially, Google had announced mandatory developer verification for all Android apps, including those installed via sideloading, on certified devices. This announcement prompted considerable concern, with many viewing it as a move that would severely curtail user freedom and choice in app distribution. Critics argued that such restrictions granted Google excessive control over the Android app ecosystem, potentially stifling innovation and alternative app stores.

The decision to implement the "advanced flow" appears to be a compromise, an effort by Google to navigate the tension between enhancing security and preserving one of Android's core tenets: openness. Google has consistently highlighted data indicating the elevated risk of malware associated with apps sourced outside the Play Store, framing the verification process as a necessary measure to protect its user base. The company stated it has received substantial feedback from users and developers who desire the ability to sideload without constant verification hurdles, recognizing that some users wish to exercise greater control and accept the associated responsibilities. This recalibration aims to preserve the traditional openness of Android while incorporating additional security layers for those who choose to sideload applications.

Read More: Samsung Fold 8 and Wide Fold get 45W charging, Flip 8 stays at 25W

Frequently Asked Questions

Q: Will Google still let people install apps from outside the Play Store on Android?
Yes, Google will still allow users to install apps from outside the Google Play Store. This is called sideloading. It will be available for users who want to do it, but there will be new steps to follow.
Q: What is the new "advanced flow" for installing Android apps from outside the Play Store?
The new "advanced flow" is a special process for installing apps from outside the Play Store. It includes a one-day waiting period. This gives users time to think and makes it harder for scammers to trick people into installing bad apps.
Q: Why is Google changing the rules for installing Android apps?
Google is changing the rules to make Android safer. Apps from outside the Play Store can have more viruses. The new rules help stop bad apps from being installed easily and protect users from scams.
Q: Who is considered an "experienced user" for the new Android app installation rules?
The term "experienced users" refers to people who understand the risks of installing apps from outside the official Google Play Store. The new "advanced flow" is designed for them, allowing them to choose to install these apps after a delay.
Q: When will these new Android app installation rules from Google start?
The article does not state an exact date when these new rules will start. It mentions that Google is revising its upcoming developer verification requirements and will roll out the new system soon.