Google is locking down Android sideloading, and my feelings are mixed

Google has announced plans to phase out the ability to install applications on Android directly from unverified developers. Also known as sideloading, users of the platform have traditionally been able to download APK app files onto their Android phone or tablet from anywhere and everywhere with impunity — that is, until now.

According to the company, this sweeping move is meant to improve the security profile of the Android platform as a whole, by making it much more difficult for bad actors to distribute malicious software onto users’ devices. Installing apps from the web or from third-party storefronts will still be possible, though an Apple-like notarization process will be implemented within the stack.

“Starting next year, Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices. This creates crucial accountability, making it much harder for malicious actors to quickly distribute another harmful app after we take the first one down. Think of it like an ID check at the airport, which confirms a traveler’s identity but is separate from the security screening of their bags; we will be confirming who the developer is, not reviewing the content of their app or where it came from,” says Suzanne Frey – VP, Product, Trust & Growth for Android in a blog post.

Google says this new Android developer verification scheme will first roll out in early access in October 2025, on an invitational basis. Verification will open up for all developers in March 2026, with the new requirements going into full effect in the select markets of Brazil, Indonesia, SIngapore, and Thailand in September 2026. In 2027 and beyond, the roll out will continue globally.

Striking a balance between freedom and security

I’m worried whether Google’s clamp down might set a bad precedent for the future

Pocket-lint / Google

On its surface, Android app notarization sounds like a great idea. Not dissimilar to the way in which macOS works (or, indeed, iOS and iPadOS within the European Economic Area), the process of verifying the integrity of developers is sure to neutralize many a malicious software threat.

However, I have my concerns. The Android ethos has always been about openness, and the ability to download and install APK files from any source is deeply embedded within the operating system’s DNA. For hobbyists and independent developers, this additional verification process might prove to be one massive headache-inducing hurdle to contend with — even if there’s no cost associated with accruing verification.

More importantly, it sets a new precedent, and it’s one without particularly clear borders delineating what Google can or can’t consider to be a “consistent, common sense baseline of developer accountability across the ecosystem.” The search giant says it isn’t screening app content itself with this new protective measure, but who’s to say how this might evolve over time. What if a certain developer is blacklisted due to its publishing of an app or service that Google deems offensive or to be a threat to its market position?

I have a problem with the framing of Android sideloading as a whole. Sideloading is a loaded term that insinuates a software package being external or beyond the pale, when, in reality, it’s no different from installing an app onto a Windows or Mac-based PC directly from the web. The term sideloading doesn’t spring to mind when downloading Google’s own Chrome browser for Windows 11 or macOS, and Google knows it.