Google Confirms Sideloading APKs Still Works, Now With Extra Developer Verification
Google has officially reassured Android users and developers that sideloading apps via APK files will continue to work as usual, despite growing concerns about possible restrictions. The only major change is a new layer of developer identity verification aimed at improving security and reducing malware risks from apps distributed outside the Play Store.
According to Google, the updated policy requires developers to verify their identity through the Android Developer Console and register their package names with signing keys. This ensures each APK has a verifiable digital signature. If the signature is missing, the installation will be blocked. Importantly, Google will not review the app’s content or features, focusing solely on developer verification.
The move follows internal data showing that sideloaded apps are up to 50 times more likely to carry malware compared to those from the Play Store. By enforcing verified developer requirements, Google aims to protect users and hold developers accountable, revoking verification if malware is discovered. However, sideloading and distribution through third-party app stores remain fully supported.
For advanced users and developers testing apps, Google will offer a bypass option using Android Debug Bridge (ADB) to install unverified APKs. Play Protect will continue scanning all apps for malware, regardless of installation source.
While the policy might make sideloading slightly more complicated for regular users, as they will need to download apps from verified developers or use advanced methods like ADB, Google believes it will significantly reduce fake app installations. Early access to the new system begins in October 2025, with full rollout to all developers by March 2026.
Some open-source communities, like F-Droid, have voiced concerns that the policy could pose challenges for independent developers and smaller projects, particularly in regions like Southeast Asia. Google has promised special workflows for students and hobbyists but has yet to release detailed guidelines.
Ultimately, sideloading remains a core feature of Android, now safer and more secure. Users are encouraged to download APKs from trusted sources and always verify digital signatures. The policy will first take effect in September 2026 across Brazil, Indonesia, Singapore, and Southeast Asia before expanding globally in 2027, balancing Android’s open nature with stronger security measures.
