Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams Ravie LakshmananMar 20, 2026Data Privacy / Mobile Security Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against the backdrop of a developer verification mandate the tech giant announced last year that requires all Android apps to be registered by verified developers to be installed on certified Android devices. The move, it added, was done to flag bad actors faster and prevent them from distributing malware. This also includes potential scenarios where cybercriminals trick unsuspecting users who sideload such apps into granting them elevated privileges that make it possible to turn off Play Protect, the anti-malware feature built into all Google-certified Android devices. However, the mandatory registration requirements have been met with criticism from over 50 app developers and marketplaces, including F-Droid, Brave, The Electronic Frontier Foundation, Proton, The Tor Project, Vivaldi, who say they risk creating friction and barriers to entry, and raise privacy and surveillance concerns in the absence of clarity about what personal information developers must provide, how this data will be stored, secured, and used, and if it could be subject to government requests or legal processes. As a way of quelling some of these thorny issues, Google has emphasized that the newly developed advanced flow allows power users to maintain the ability to sideload apps from unverified developers with a one-time process that requires them to follow the steps below - Enable developer mode in system settings. Confirm that they are taking this step of their own volition and are not being coached. Restart the phone and re-authenticate so as to prevent a scammer from monitoring what actions a user is taking. Wait for a 24-hour period and confirm that they are really making this change with biometric authentication or device PIN. Install apps from unverified developers once users understand the risks, either indefinitely or for a period of seven days. "In that 24-hour period, we think it becomes much harder for attackers to persist their attack," Android Ecosystem President, Sameer Samat, was quoted as saying to Ars Technica. "In that time, you can probably find out that your loved one isn’t really being held in jail or that your bank account isn’t really under attack." Google also said it plans to offer free "limited distribution accounts" that let hobbyist developers and students share apps with up to 20 devices without having to "provide a government-issued ID or pay a registration fee." It's worth noting that the aforementioned process does not apply to installs via the Android Debug Bridge (ADB). Limited distribution accounts for students and hobbyists, as well as advanced flow for users, will be available in August 2026, before the new developer verification requirements take effect the month after. "We know a 'one size fits all' approach doesn't work for our diverse ecosystem," Google said. "We want to ensure that identity verification isn't a barrier to entry, so we’re providing different paths to fit your specific needs." The development coincides with the emergence of a new Android malware called Perseus that's actively targeting users in Turkey and Italy with an aim to conduct device takeover (DTO) and financial fraud. Over the four months, at least 17 Android malware families have been detected in the wild. They include FvncBot, SeedSnatcher, ClayRat, Wonderland, Cellik, Frogblight, NexusRoute, ZeroDayRAT, Arsink (and its improved variant SURXRAT), deVixor, Phantom, Massiv, PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Oblivion RAT. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  Android, cybersecurity, data privacy, Google, Malware, mobile security, Threat Intelligence Trending News ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack and More ⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents and More Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026 Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8 Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit Veeam Patches 7 Critical Backup and Replication Flaws Allowing Remote Code Execution Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets Popular Resources Guide - Discover How to Validate AI Risks With Adversarial Testing Get the 2026 ASV Report to Benchmark Top Validation Tools Webinar - Identify Key Attack Paths to Your Crown Jewels with CSMA Fix Security Noise by Focusing Only on Validated Exposures