GOOGLE is planning major Android security changes for 2026, starting with a new 24-hour gap to bypass verification when sideloading unverified apps, part of a broader “advanced flow” that will be available before verification enforcement begins later this year. Under the revamped process, apps from unverified developers won’t install unless users opt into the bypass, which hides the verification step from plain view and requires multiple steps, including a 24-hour countdown.
To participate in developer verification, creators will need to provide identification, upload signing keys, and pay a $25 fee, while the rollout targets a phased introduction in September across Brazil, Singapore, Indonesia and Thailand, before expanding globally next year. The aim is to curb high‑pressure social engineering and reduce malware risk, with Google noting that there are more than 3 billion active devices and that malware is less likely on Google Play than off it.
The verifier is integrated with Android 16.1, which launched late in 2025, and Google asserts the flow will be consistent across devices while allowing users to choose verification‑free sideloading “indefinitely” after a one‑time setup. According to Sameer Samat, the changes are intended to preserve openness while improving safety, recognising that for many users the phone is their only computer.