Google is bringing significant changes to installing Android applications from sources other than Google's official Play Store. According to the advertising giant, the goal is to improve user security and combat malware - but at the same time, the lives of technically savvy users will become more difficult.
The changes specifically concern situations where users install applications from alternative sources, and the applications are not available for download through official app stores. Previously, Android's openness allowed applications to be installed freely, but at the same time, it also exposed users to malware.
App developers will henceforth be required to verify their identity when registering as app distributors, which is expected to reduce the spread of scam and malware. The developer must provide Google with their name, address, email, and phone number, among other things, and pay a one-time fee of 25 dollars (approximately 20 euros).
Starting in September 2026, Google will gradually introduce a new so-called advanced flow practice, which specifically concerns more technically proficient users. If a user absolutely wants an application on their phone or tablet that has not been verified by Google, the installation must go through a new, rather complex-looking process. The process includes several steps designed to ensure that the user understands the risks - and is not, for example, acting on the instructions of a scammer.
To install a Google-unapproved application, the phone user must first activate developer mode in their phone's settings and acknowledge the warning that appears, assuring that they are not a victim of fraud or manipulation. After this, the phone must be restarted - and once again assured that nothing suspicious is happening.
But perhaps the most friction-causing aspect occurs after the phone restarts, as after that, a mandatory 24-hour wait begins before the desired application can be installed on the device. Finally, the changes are confirmed with biometric authentication (fingerprint or facial recognition) or a PIN code.
The purpose of this series of precautions is specifically to slow down and complicate the activities of cybercriminals and scammers, as they will not be able to exploit quick scam attempts, for example, by threatening immediate financial loss. The user can choose for the mode that slows down the installation of applications from external sources to be active for either seven days or permanently.
Google has scheduled the update in phases: the developer verification process will become more widely available in spring 2026, and the advanced flow process will be rolled out to users by August. In certain countries, such as Brazil, Indonesia, Singapore, and Thailand, the changes will become mandatory as early as September 2026, and in other countries during 2027.
Alongside the update, Google also enables limited distribution developer accounts, aimed at, for example, students and home coders, who can, if they wish, have their applications approved without verification requirements and fees - but in this case, the application can be installed on a maximum of 20 Android devices.
In addition, Google, together with Epic Games, plans to bring "registered app stores" to Android by the end of 2026, which will henceforth be treated the same as Google's own Play Store, meaning apps installed from them will be trusted by default.
App developers will henceforth be required to verify their identity when registering as app distributors, which is expected to reduce the spread of scam and malware. The developer must provide Google with their name, address, email, and phone number, among other things, and pay a one-time fee of 25 dollars (approximately 20 euros).
Starting in September 2026, Google will gradually introduce a new so-called advanced flow practice, which specifically concerns more technically proficient users. If a user absolutely wants an application on their phone or tablet that has not been verified by Google, the installation must go through a new, rather complex-looking process. The process includes several steps designed to ensure that the user understands the risks - and is not, for example, acting on the instructions of a scammer.
To install a Google-unapproved application, the phone user must first activate developer mode in their phone's settings and acknowledge the warning that appears, assuring that they are not a victim of fraud or manipulation. After this, the phone must be restarted - and once again assured that nothing suspicious is happening.
But perhaps the most friction-causing aspect occurs after the phone restarts, as after that, a mandatory 24-hour wait begins before the desired application can be installed on the device. Finally, the changes are confirmed with biometric authentication (fingerprint or facial recognition) or a PIN code.
The purpose of this series of precautions is specifically to slow down and complicate the activities of cybercriminals and scammers, as they will not be able to exploit quick scam attempts, for example, by threatening immediate financial loss. The user can choose for the mode that slows down the installation of applications from external sources to be active for either seven days or permanently.
Google has scheduled the update in phases: the developer verification process will become more widely available in spring 2026, and the advanced flow process will be rolled out to users by August. In certain countries, such as Brazil, Indonesia, Singapore, and Thailand, the changes will become mandatory as early as September 2026, and in other countries during 2027.
Alongside the update, Google also enables limited distribution developer accounts, aimed at, for example, students and home coders, who can, if they wish, have their applications approved without verification requirements and fees - but in this case, the application can be installed on a maximum of 20 Android devices.
In addition, Google, together with Epic Games, plans to bring "registered app stores" to Android by the end of 2026, which will henceforth be treated the same as Google's own Play Store, meaning apps installed from them will be trusted by default.
