Google Adds 24-Hour Delay for Sideloading Unverified Android Apps
Google detailed a new 24-hour waiting period for Android users who want to install apps from unverified developers, part of a broader sideloading policy change tied to developer identity verification. The new advanced flow requires users to enable Developer Mode and then wait before bypassing app verification, a design Google says is intended to disrupt social engineering scams that pressure victims into installing malicious APKs immediately. Google framed the delay as a safeguard for users whose phones hold sensitive personal and financial data, while still preserving a path for experienced users to take what it calls an informed risk.
Google introduced the exception after backlash to its earlier plan to require verified developer accounts for apps on certified Android devices, including criticism from power users and civil society groups that objected to the identity verification requirement and associated fee. Reporting indicates the bypass can be enabled through a one-time process, and users who want unrestricted sideloading can select an indefinite option rather than waiting each time. The change does not eliminate Google's verification regime, but it creates a compromise that keeps sideloading available while adding friction specifically aimed at malware delivery campaigns that rely on urgency and coercion.

Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Google expects broader enforcement of developer verification in 2027
Google's expanded developer verification program is expected to move to broader enforcement in 2027, following the phased rollout described in earlier announcements. This marks the longer-term tightening of identity and trust requirements for Android app distribution.
Google to begin broader developer verification requirements in September
Google said broader developer identity verification requirements for Play developers are set to begin in September 2026. Limited student and hobbyist accounts will remain available for small-scale distribution to up to 20 devices without the standard fee and full verification.
Google schedules Android sideloading changes for August rollout
Google said the new advanced flow for sideloading unverified apps and related options for unverified developer distribution would roll out via Google Play Services in August on Android devices. The company also said these options would be available before stricter developer verification requirements take effect.
Google announces new sideloading friction and unverified app install path
Google announced that Android users would still be able to install apps from unverified developers, but only through a high-friction process designed to reduce malware and social-engineering abuse. The process includes enabling developer-related settings, confirming the user is not being coerced, rebooting or reauthenticating, and waiting 24 hours before installing an unverified APK.
Google begins phased Play developer identity verification rollout
Google started rolling out expanded developer identity verification in the Play Console in phases, including collection and display of developer information and business verification measures. The rollout was described as continuing through 2026, with broader enforcement later expected in 2027.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
12 references tracked. Mallory keeps watching after this page renders.
Google Reinvents Android Sideloading to Thwart Scammers
techrepublic.com
Open sourceGoogle adds ‘Advanced Flow’ for safe APK sideloading on Android
bleepingcomputer.com
Open sourceGoogle reverses Android developer verification requirement amidst user backlash | brief | SC Media
scworld.com
Open sourceGoogle Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
thehackernews.com
Open sourceGoogle will make you wait 24 hours to sideload Android apps
howtogeek.com
Open sourceGoogle details new 24-hour process to sideload unverified Android apps - Ars Technica
arstechnica.com
Open sourceGoogle creates installation path for unverified Android apps • The Register
go.theregister.com
Open sourceGoogle ����������� ����� ������� ��������� ��������� ���������� � Android
opennet.me
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.


