Google is tightening security around Android app installation, moving to end what it described as the “Wild West” era of sideloading. The company is introducing mandatory developer verification and digital signatures for apps installed outside the Play Store, aiming to reduce risks from malicious software. While the rules alter a long-standing feature of Android, Google emphasized in its blog post that sideloading is “absolutely not going away.”
The new system requires every sideloaded app to carry a verified digital signature, effectively functioning as an ID for developers. If harmful activity is detected, Google can revoke the certificate, instantly disabling all associated apps on user devices. The company cited data showing that malware appears 50 times more frequently outside its official marketplace, underscoring the need for stronger safeguards.
The change has sparked concern among alternative app store operators and open-source advocates, who argue that mandatory verification could restrict distribution. Developers who wish to bypass the process will still be able to use Android Studio for testing and tools such as ADB, which provide a workaround for non-verified installations.
Google said the new framework is intended to balance security and flexibility. Once fully implemented, developers distributing apps outside the Play Store will need to apply for verification or guide their users through alternative installation methods.
Source: Android Developers Blog
