Google to Allow Easier Installation of Apps From Unverified Developers
Google announced today it is developing a new system allowing experienced Android users to install applications from developers who haven’t been verified, reversing course on a previously announced policy that sparked significant backlash.
The company detailed plans for an “advanced flow” designed for developers and power users who understand the risks associated with software from unverified sources. This new process aims to provide clear warnings about potential security vulnerabilities while still granting users the choice to proceed with installation. Previously, the only method for installing apps from unverified developers required using the Android Debug Bridge (ADB), a more complex process. This change is significant as it addresses concerns that the initial policy would stifle independent development and sideloading.
Google emphasized its commitment to user safety, stating the new flow will be “designed specifically to resist coercion” and prevent users from being tricked into bypassing security checks by scammers. The company cited a growing trend of attacks, particularly in Southeast Asia, where malicious apps are used to steal sensitive information like two-factor authentication codes. For more information on mobile security threats, see the Federal Trade Commission’s guidance. Developers distributing apps outside of the Google Play Store are already receiving invitations to participate in an early access program for developer verification, with wider access planned for Play Store developers starting November 25, 2025.
While Google maintains that developer verification is crucial for combating fraud, it also acknowledged the need to accommodate hobbyist and student developers. A special account type with reduced verification requirements is currently under development, though it will limit the number of devices apps can be distributed to. You can learn more about Android developer policies on the official Android Developers website. Google says it will continue to gather feedback and refine the system before the new requirements take effect next year.
Mishaal Rahman / Android Authority
TL;DR
- Google is working to make it easier for ‘experienced users’ to install apps made by unverified developers.
- The company is building a new ‘advanced flow’ that allows these users to accept the risks of installing unverified apps.
- Previously, the only permitted method for experienced users to install apps from unverified developers was to use ADB.
Back in late August, Google announced a major change to Android that angered many enthusiasts and independent developers. Starting next year, Android will block users from installing apps made by unverified developers. The announcement spurred backlash from power users who felt that the new restrictions would effectively kill sideloading. Today, Google announced a major concession to appease these users. The company says it is building a new “advanced flow” that will allow “experienced users to accept the risks of installing software that isn’t verified.”
Don’t want to miss the best from Android Authority?
An easier way to install unverified apps…hopefully
In a blog post, Google says this new advanced flow is intended for developers and power users who “have a higher risk tolerance and want the ability to download unverified apps.” The company says it is “designing this flow specifically to resist coercion” to ensure that “users aren’t tricked into bypassing these safety checks while under pressure from scammer.” The flow will include “clear warnings” to ensure that users “fully understand the risks involved” with installing apps made by unverified developers, but ultimately, it puts the choice to do so in the user’s hands. Google says it is currently gathering early feedback on the design of this feature and will share more details in the coming months.
1/6 Keeping users safe on Android is our top priority. Today, we’re sharing an update on our new developer verification requirements – why they are critical to fighting modern scams, and how we’re adjusting our approach based on community feedback. 👇
Google also announced today that it is inviting developers who distribute apps exclusively outside of the Play Store to join the early access program for developer verification. These developers will be able to enroll in the Android Developer Console to verify their identity ahead of the enforcement of the verification requirements next year. Invites have been rolling out to these developers since November 3. Meanwhile, developers who distribute apps through the Play Store will receive invites to enroll starting November 25, 2025.
Google’s justification for its new developer verification requirements
Lastly, Google’s blog post reiterated its reasoning for implementing these new developer verification requirements: safety and security. The company wants to protect users from scammers and fraudsters, who often use social engineering tactics to trick users into installing malicious software from outside of a trusted app store. It cites a growing trend in Southeast Asia of attackers calling victims claiming their bank accounts have been compromised, who in turn are directed to install a malicious “verification app” to secure their funds. The attackers then direct victims to grant the malicious app notification access, which alllows it to intercept two-factor authentication codes and other sensitive information.
Requiring developers to verify their identities will make it more difficult for bad actors to spin up new malicious apps after their previous ones have been taken down. This is because bad actors will have to use a real identity before they’re allowed to distribute software, making it harder for them to scale their attacks. How effective this will be in practice remains to be seen, but the philosophy behind it seems sound.
On the other hand, imposing verification requirements increases the barrier to entry for hobbyists and student developers, so Google will allow them to create a special type of account with fewer verification requirements and that doesn’t have to pay the $25 USD registration fee. However, this account type will only be able to distribute apps to a limited number of devices, so it can’t be used to publish apps on an app store. Google says it is still working on this account type and that it is using community input to help shape it, so things could change before the verification requirements go into effect.
Thank you for being part of our community. Read our Comment Policy before posting.
