GOOGLE has announced an advanced flow for Android sideloading that introduces a mandatory 24-hour wait before installing apps from unverified developers, in a bid to balance openness with safety. The change forms part of a broader developer verification mandate that requires apps to be registered by verified developers to run on certified Android devices, a move Google says aims to flag bad actors sooner and curb malware distribution.
In practice, the new flow also lets power users sideload via a one‑time process, including enabling developer mode, restarting the phone, and authenticating with biometrics or a device PIN, after which they may install from unverified developers for a period either indefinitely or for seven days.
In the interim, Google plans to offer free “limited distribution accounts” for hobbyists and students to share apps with up to 20 devices, without government ID or registration fees, though the process does not apply to Android Debug Bridge installs. The shift coincides with the emergence of Perseus, a new Android banking malware targeting Turkey and Italy, and follows reports that over four months at least 17 Android malware families have been detected in the wild.
According to Ars Technica, Sameer Samat, Android Ecosystem President, said that the 24-hour period makes it harder for attackers to persist their attacks.