Google has revised its upcoming Android policy on sideloaded apps, introducing an option that will allow experienced users to install software from developers who are not fully verified. The change follows concerns raised by independent developers and open source advocates after Google announced that all apps installed outside the Play Store on certified Android devices would soon require developer identity verification. That requirement is still planned, but Google said the updated process will give advanced users more control while maintaining safeguards for the wider Android user base.
Under the new approach, most users will still encounter restrictions when attempting to install apps from unverified developers. Google said the verification requirement remains necessary because apps installed from outside the Play Store have historically posed higher security risks. A review conducted by the company found that sideloaded apps are significantly more likely to contain harmful code compared with applications distributed through official channels. The updated policy aims to reduce those risks without removing the sideloading capability that has long been associated with the Android ecosystem.
The company confirmed that an “advanced flow” will be introduced for users who demonstrate enough technical experience or familiarity with alternative app sources. People who qualify for this category will be allowed to proceed with installations from unverified developers after receiving prominent security warnings. Google said the aim is to prevent less experienced users from being pressured into installing insecure apps while still supporting legitimate developer testing and distribution outside the Play Store.
Developer verification and phased rollout
Google’s broader initiative focuses on establishing a standardised identity requirement for developers who distribute apps outside the official store. The verification process will request identifying information that can include legal name, location, and government-issued documentation. The policy is intended to increase accountability for developers who rely on sideloading to distribute their apps, while making it harder for malicious actors to use anonymous channels to target Android devices.
A modified verification route will be offered to students and hobbyist developers. These accounts will have lighter requirements but will be restricted in the number of devices that can install their applications. Google said the option is designed to support early-stage developers without compromising the security goals of the wider policy. The company is continuing to refine this programme before the full rollout begins.
The introduction of developer identity checks will start in September 2026 in several countries, including Brazil, Indonesia, Singapore, and Thailand. The global rollout is scheduled to continue throughout 2027. Google stated that sideloading remains an important part of Android’s design and that the new rules are intended to strengthen safety rather than limit user choice. The company said the revised policy reflects its attempt to balance flexibility for power users with protection for the broader population.
Industry observers noted that the shift followed significant criticism aimed at Google’s original proposal. Developers argued that strict identity requirements could restrict independent distribution and undermine long-established practices within the Android community. Google addressed those concerns by introducing the advanced flow pathway, which preserves the ability to install unverified apps while maintaining strong warnings and guardrails for users who still choose that route.
The company said it will continue consulting with developers and user groups as the policy moves toward final implementation. The revised framework represents one of the most substantial updates to Android’s sideloading rules in recent years. Its progress will be closely watched by users, developers, and security researchers as the shift affects both app distribution models and long-standing expectations around Android device control.