Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
Back to intelligence
phishing-campaign-intelligenceidentity-impersonation-fraudendpoint-software-vulnerability

Google Adds 24-Hour Delay for Sideloading Unverified Android Apps

Updated 2d agoFirst seen Mar 19, 202612 sources

Google detailed a new 24-hour waiting period for Android users who want to install apps from unverified developers, part of a broader sideloading policy change tied to developer identity verification. The new advanced flow requires users to enable Developer Mode and then wait before bypassing app verification, a design Google says is intended to disrupt social engineering scams that pressure victims into installing malicious APKs immediately. Google framed the delay as a safeguard for users whose phones hold sensitive personal and financial data, while still preserving a path for experienced users to take what it calls an informed risk.

Google introduced the exception after backlash to its earlier plan to require verified developer accounts for apps on certified Android devices, including criticism from power users and civil society groups that objected to the identity verification requirement and associated fee. Reporting indicates the bypass can be enabled through a one-time process, and users who want unrestricted sideloading can select an indefinite option rather than waiting each time. The change does not eliminate Google's verification regime, but it creates a compromise that keeps sideloading available while adding friction specifically aimed at malware delivery campaigns that rely on urgency and coercion.

Share:
Google Adds 24-Hour Delay for Sideloading Unverified Android Apps
Stay ahead

Get ahead of threats like this

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.

EVENT TIMELINE

How this story unfolded

5 events from the most recent confirmed update back to the earliest known activity.

5 EVENTS
Jan 1, 2027just now

Google expects broader enforcement of developer verification in 2027

Google's expanded developer verification program is expected to move to broader enforcement in 2027, following the phased rollout described in earlier announcements. This marks the longer-term tightening of identity and trust requirements for Android app distribution.

Sep 1, 2026just now

Google to begin broader developer verification requirements in September

Google said broader developer identity verification requirements for Play developers are set to begin in September 2026. Limited student and hobbyist accounts will remain available for small-scale distribution to up to 20 devices without the standard fee and full verification.

Aug 1, 2026just now

Google schedules Android sideloading changes for August rollout

Google said the new advanced flow for sideloading unverified apps and related options for unverified developer distribution would roll out via Google Play Services in August on Android devices. The company also said these options would be available before stricter developer verification requirements take effect.

Mar 19, 20263mo ago

Google announces new sideloading friction and unverified app install path

Google announced that Android users would still be able to install apps from unverified developers, but only through a high-friction process designed to reduce malware and social-engineering abuse. The process includes enabling developer-related settings, confirming the user is not being coerced, rebooting or reauthenticating, and waiting 24 hours before installing an unverified APK.

Nov 3, 20258mo ago

Google begins phased Play developer identity verification rollout

Google started rolling out expanded developer identity verification in the Play Console in phases, including collection and display of developer information and business verification measures. The rollout was described as continuing through 2026, with broader enforcement later expected in 2027.

LINKED ENTITIES

Related entities

Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.

36 LINKEDOpen in app
Affected products
2 linked
AndroidAndroid Debug Bridge
Organizations
16 linked
GoogleBrave SoftwareEpic GamesProtonF-DroidVivaldi TechnologiesXda-DevelopersHtcThe RegisterPricewaterhouseCoopersAnthropicAppleGlobal Anti-Scam AllianceArs TechnicaHow-To GeekPhandroid
The operational view lives in Mallory

See the full picture, correlated to your attack surface.

This page covers what’s public. Mallory adds the parts that aren’t — which of your assets are affected, which threat actors are using it right now, which detections to deploy, and what to do next.
Exposure mapping

Map indicators from this story to your assets and identify affected systems in minutes.

Threat actor evidence

Every observed campaign, victim, and pivot linked to actors named in this story.

Associated malware

Malware, exploits, and IOCs connected to the activity described here.

Detection signatures

YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.

Scheduled alerts

Get matching new stories delivered to your team as they break — not the next morning.

AI threads

Ask questions about this story and take action on the answers.