Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
Back to intelligence
phishing-campaign-intelligencewidely-deployed-product-advisorysearch-ad-manipulation

Google to Require App Verification for Android Sideloading with Power User Bypass

Updated 2d agoFirst seen Nov 13, 20255 sources

Google has announced a new policy requiring all Android apps installed outside the Google Play Store to undergo developer verification, aiming to curb the rise of malware and scam campaigns exploiting sideloading. The company cited increasingly aggressive online threats and the use of social engineering tactics that prompt users to bypass existing security warnings, leading to the installation of malicious applications. Under the new system, unverified apps will be blocked from installation on Google-certified devices, with the goal of making it harder for threat actors to distribute harmful software.

In response to backlash from users and developers concerned about the impact on Android's openness, Google has stated that it will provide an exemption mechanism for "experienced users" or power users, though the specifics of this bypass have not yet been finalized. The move represents a balancing act between enhancing platform security and maintaining the flexibility that has traditionally set Android apart. Google has previously faced criticism for similar restrictions and appears to be adjusting its approach to address both security and user autonomy concerns.

Share:
Google to Require App Verification for Android Sideloading with Power User Bypass
Stay ahead

Get ahead of threats like this

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.

EVENT TIMELINE

How this story unfolded

4 events from the most recent confirmed update back to the earliest known activity.

4 EVENTS
Mar 31, 20263mo ago

Google announces Android developer verification and app registration rollout

Google announced a developer verification program for all Android developers and an app registration system linking apps to verified developer identities. The company said developers can begin verification immediately, with user-facing protections starting in September 2026 in Brazil, Indonesia, Singapore, and Thailand before expanding globally in 2027.

Android developers just got a new verification layer - Help Net Security
Mar 1, 20264mo ago

Google publishes Android developer verification documentation

Google published official Android Developers documentation for developer verification, indicating a concrete implementation or formalization of verification requirements for Android developers. This represents a later development distinct from the November 2025 registration-rule rollback and sideloading policy changes.

Android developer verification | Android Developers
Nov 14, 20258mo ago

Google reverses course on new Android developer registration rules

Google backtracked on newly introduced Android developer registration requirements after criticism, signaling a rollback or revision of the planned rules. This represented a separate policy response affecting how developers register for Android app distribution.

Nov 13, 20258mo ago

Google announces Android sideloading verification with power-user bypass

Google announced upcoming Android changes that will require verification of sideloaded apps, while also saying advanced users will be able to bypass the new restrictions. The announcement marked a significant policy shift in how Android will handle app installation outside official channels.

LINKED ENTITIES

Related entities

Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.

2 LINKEDOpen in app
Affected products
1 linked
Android
Organizations
1 linked
Google
The operational view lives in Mallory

See the full picture, correlated to your attack surface.

This page covers what’s public. Mallory adds the parts that aren’t — which of your assets are affected, which threat actors are using it right now, which detections to deploy, and what to do next.
Exposure mapping

Map indicators from this story to your assets and identify affected systems in minutes.

Threat actor evidence

Every observed campaign, victim, and pivot linked to actors named in this story.

Associated malware

Malware, exploits, and IOCs connected to the activity described here.

Detection signatures

YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.

Scheduled alerts

Get matching new stories delivered to your team as they break — not the next morning.

AI threads

Ask questions about this story and take action on the answers.