Last year, Google received some backlash for making changes to its sideloading requirement on Android, forcing developers to verify themselves in order to enable this channel of distribution. However, this made it difficult to install apps specifically built for small groups such as family and friends, so the company announced that it is building an "advanced flow" to make it easier for experienced customers to sideload apps from unverified developers. It has now shared the details about this flow.
Google has emphasized that sideloading on Android is here to stay, but it will now follow a three-pronged approach when it comes to user choice. First, sideloading apps from verified developers will continue as-is from a user experience perspective. Secondly, users will still be able to sideload apps from developers they know with "limited distribution accounts" - more on that later. Finally, however, if you want to sideload apps from unverified developer, you"ll need to complete an advanced flow first.
This advanced flow is designed to eliminate the threat of being forced to download malicious software by coercion from scammers. It"s a one-time process that consists of the following steps:
- Enable developer mode from system settings
- Confirm you aren"t being coached by anyone, potentially a scammer
- Restart your phone, which should basically cut off a scammer"s access to the target device
- Wait for a day, this allows you time to think and consult with trusted relations about what you"re about to do. It reduces the "manufactured urgency" typically generated by scammers as pressure tactics
- Install apps from unverified sources, either for a period of seven days, or indefinitely. However, Google will still warn you each time you attempt to sideload an app from an unverified developer.
Google understands that this may not be a perfect solution, but it hopes that it should get rid of at least some cybersecurity threats, while ensuring that the Android ecosystem continues to welcome sideloading. This is also why it is working on limited distribution accounts mentioned earlier, which allow students and hobbyists to share their apps with up to 20 devices without verifying their government identity or paying any sort of fee to Google.