Google Admits Android Sideloading Is Now ‘High Friction’
▼ Summary
– Google initially announced a 2025 Android update requiring developer verification for all sideloaded apps, but later added an option for “experienced users” to bypass this.
– Recent code in the Google Play Store reveals work on this “Install without verifying” flow, which Google internally describes as a “high friction” process.
– Google’s Matthew Forsythe clarified the change is an “Accountability Layer,” not a restriction, designed to ensure users understand the risks of unverified apps.
– The new flow will include clear warnings and is specifically designed to resist coercion by scammers trying to trick users into bypassing safety checks.
– Google’s goal is to reduce sideloading scams by adding deliberate friction to the installation process while ultimately leaving the choice with the user.
Google is preparing to implement a new process for installing apps from outside the official Play Store, a method it openly describes as “high friction.” This approach follows announcements made last year regarding mandatory developer verification for sideloaded applications. While initially framed as a safety requirement, Google later clarified that an option would exist for knowledgeable users to bypass this verification. Recent discoveries within the Play Store’s code reveal the company is actively developing this alternative installation path, which includes prominent warnings about potential security risks.
The journey to this point began in August 2025, when Google stated that Android would require developer verification for all app installations, including manual sideloading by users. By November, the company adjusted its stance, confirming a special installation flow for “experienced users” that would not need verification. Early work on this system has now been spotted in the Play Store app’s code strings. These text snippets, which actually predate the August announcement, include messages like, “If you install without verifying, keep in mind apps from unverified developers may put your device and data at risk.” Other hints suggest an internet connection might be required for the verification step itself.
While the code strings offer limited detail, they prompted a public explanation from a Google executive. Matthew Forsythe, Google Play’s Chief Product Explainer, emphasized on social media that the upcoming changes are not a restriction but an “Accountability Layer.” He explicitly stated the new sideloading process is intentionally designed to be “high friction,” aiming to ensure users comprehend the dangers of installing software not vetted by Google’s systems.
The company’s earlier November description outlined a flow filled with “clear warnings” that ultimately leaves “the choice in their hands.” Google’s stated objective is to help prevent users from being deceived into circumventing safety protocols, especially under pressure from malicious actors. The design specifically aims to resist coercion attempts by scammers who might try to trick people into skipping crucial security steps during installation.
This move is part of a broader effort to combat scams facilitated by sideloaded applications, particularly in certain regions where such issues are prevalent. While adding more steps to the installation process may seem like a minor hurdle, it represents a strategic barrier against social engineering attacks. Scams involving sideloading will exist as long as the process does, but Google is evidently committed to implementing as many protective measures as possible to safeguard users who choose this installation method. The balance between user freedom and platform security continues to be a central challenge for the Android ecosystem.
(Source: 9to5 Google)
