Sideloading, the process of installing apps from sources outside of the official Google Play Store, is about to get a significant security upgrade on Android. Google has outlined a new, more rigorous process for installing apps from unverified developers, aiming to protect users from potentially harmful software while still allowing advanced users and hobbyist developers the freedom to experiment.

Originally, Google considered requiring all developers to undergo a verification process to distribute their apps on Android. However, recognizing the importance of sideloading for certain segments of its user base, the company revised its approach in November 2025. The new system introduces a multi-step, one-time process designed to deter casual users from accidentally installing malicious apps while providing a pathway for those who understand the risks.

So, what does this new process entail? First, users will need to enable “developer mode” within their Android device's settings. This action alone signals that the user is aware of the potential risks associated with installing software from untrusted sources. Then, users must actively confirm that they are not being coerced into disabling security features, adding another layer of assurance that the action is intentional.

But the process doesn't stop there. To further mitigate the risk of immediate exploitation, the user will be prompted to restart their phone. This measure is designed to interrupt any ongoing remote access or phone calls that might be attempting to manipulate the user. Following the restart, a waiting period of one day is imposed before the user can proceed with the installation. This delay provides an opportunity for the user to reconsider their decision and research the app they intend to install.

Finally, before the app can be installed, the user will be required to confirm their identity using biometric authentication (such as a fingerprint or facial scan) or a PIN. This step adds a crucial layer of security, ensuring that only the device owner can authorize the installation of the app.

Once these steps are completed, users will be granted the ability to install apps from unverified developers. Google states that this permission can be enabled for either a seven-day period or indefinitely, depending on the user's preference. Regardless of the chosen duration, users will still encounter a warning message each time they attempt to install an app from an unverified source, reminding them of the potential risks involved.

This new security process represents a significant shift in how Android handles sideloading. By introducing a more complex and deliberate process, Google aims to strike a balance between protecting users from malware and preserving the freedom and flexibility that sideloading offers to developers and power users. While some may find the new process cumbersome, it is a necessary step to enhance the security of the Android ecosystem and protect users from the growing threat of malicious apps.