On Google Ending Unsigned App Sideloading
2025-08-26
---
Google announced yesterday that Play Protect-certified Android devices will soon require verification for all developers--even for sideloaded apps.^ Devs will need to register inside the Android Developer Console and sign their apps with keys verified by Google. Essentially, even if you distribute your app outside the Play Store, you will still need Google to whitelist your app before it can be installed on any device with Play Protect. The measure is being rolled out in Brazil, Indonesia, Singapore and Thailand in September 2026, and it will be introduced globally in 2027, though Google does not provide a specific global timeline yet.
Google claims the measure is being done for security, and if the SANS newsletters I read are any indication, sideloading is indeed a major avenue for installing malware on smartphones. However, Google is making the new measure mandatory. Users will have no option to opt out, even if their use case requires sideloaded apps. It's doubtful that even dev builds of apps from (say) GitHub will work without going through the Developer Console. This seems to go a lot further than simply increasing security.
To me, it's clear what Google really wants to do here. If all apps have to be whitelisted, even if they are distributed outside the Play Store, Google becomes the single, uncontested gatekeeper for all apps that run on (Play Protect-certified) Android devices. It's only a small step from there to remove sideloading completely and simply require that all apps are distributed through the Play Store. There, they can exert total control over what any app--and therefore your entire smartphone--is or isn't allowed to do.
I suspect Google's initiative is also aimed at fighting app piracy. If one knows where to find them, it's incredibly easy to download and install cracked versions of paid apps onto an Android device. Apple devices, on the other hand, require jailbreaking. That's probably why Play Protect is requiring not only the app name and developer information, but a Google-verified key: cracked apps can't be signed with the same key, and thus Google can detect tampered apps more easily.
This announcement genuinely worries me. It effectively kills my use case not only for Android as an OS, but for smartphones in their entirety. The majority of the apps I use, even for communication, are installed from F-Droid. Some, like Privacy Browser, are created by single developers that either can't use or don't want to bother with Google Play. Some, like NewPipe, are designed to block ads or enhance user privacy in ways that would violate the Play Store's terms of use. Some, like Termux, require certain target SDK levels and can no longer be updated via Google Play. And others, like jmcs's excellent fork of the deedum Gemini client,^^ are simply hobby projects that involve nothing more than building an APK for fun. If those apps aren't verified by Google in the Developer Console, they disappear--and ninety percent of the things I do on mobile disappear with them.
More broadly, this kills the primary market advantage Google had over Apple. Many people have been lamenting the convergent evolution of Android and iOS for years: UIs are becoming indistinguishable, the same apps are dominating both markets, and Android phone makers are removing power-user features like the stylus and expandable storage. But the one aspect of Android that has always placed it above iOS for me is the fact that I can load whatever apps I wanted. It allows me to work around the phone's limitations: I can debloat, remove ads and tracking, set default apps, control storage settings, and much more. All of that is likely about to go away, and only the functionality that has Google's explicit blessing will remain.
To reiterate, app verification will only apply to devices that are Play Protect-certified. Many Android devices are not certified, and these restrictions will presumably not apply to them. LineageOS and GrapheneOS, for example, should be unaffected. I would guess many Chinese phones will also still support unsigned app sideloading.
But if, like me, you're stuck on a Samsung or Motorola device that can't load custom ROMs, you may want to start shopping around now for a phone that can. It's going to be particularly tough for people in America, where locked bootloaders and radio frequency distributions often severely limit one's choice of smartphone. For instance, my F(x)tec Pro1 X running LineageOS 22 with no GApps would be the perfect solution, but it lacks a key frequency that is used heavily in my area, and that renders it almost unusable as a cellular device.
If it isn't clear by now, we all need to assert every digital freedom we have left. Google's move here is yet another attempt to control every aspect of our digital lives. We must fight back by exercising the full power of open systems, and we must do it now. Otherwise, it's only a matter of time before companies take away every privilege we don't nail down in the public space. Always remember: a right unused is a right conceded.
---
[Last updated: 2025-08-26]