Google is taking steps to secure one of Android's core features: the ability to install apps outside the official Play Store. While the practice of sideloading remains fundamental to the OS—and Google assures the public it is "absolutely not going away"—the "Wild West" era of unverified app installation on Android is officially ending soon. Now, the company is offering some additional details about Android’s new developer verification system.
Android app sideloading is "absolutely not going away," Google claims
Google has sought to address some concerns regarding the change. Recently, those behind F-Droid, a popular open-source-focused alternative Android app store, said that the new rules “will end the F-Droid project and other free/open-source app distribution sources as we know them today.” These statements by voices with authority generated concern in the community.
In the blog post, Google discloses that the move centers on a new mandate: developer verification for all sideloaded applications. This change introduces a critical security layer aimed at protecting the average user from malicious software. However, it could also complicate things for those users who like to install APKs that aren't typically available on the Play Store.
But there's a catch: developer verification is needed
For years, users who ventured outside the Play Store faced a high level of risk. Google cites data showing that sources outside the store host malware at a rate 50 times higher than its official marketplace.To close this gap, Google now requires a valid digital signature on every sideloaded app. Think of this signature as a digital ID card attached to the software. If a certified Android device attempts to install an app lacking this verified signature, the installation simply fails.
This digital ID brings accountability. If a developer is caught distributing harmful software, Google can immediately revoke their certificate. This action instantly disables all their associated apps on users’ devices, making it much harder for "bad actors" to operate.
ADB will allow you to bypass verification
The blog post reminds that developers can continue to use Android Studio to build, debug, and test apps locally without ever needing to go through the verification process. Tools like ADB will also serve as a “workaround” to bypass verification.
Overall, while it's true that app sideloading isn't going away completely, it's definitely going to change. Once the measure is implemented, anyone who wants to offer an Android app will have to either submit a verification request or instruct their community on how to use ADB for installation.