What Android sideload changes are coming?

Google adds a 24-hour wait for Android sideloading

Google has outlined a stricter sideloading flow for Android apps from unverified developers, adding friction meant to reduce malware risk.

The core change is a mandatory delay: users must wait roughly 24 hours and go through a “cooling-off” process before installing apps that bypass normal verification rules. Google also described an “advanced flow” that sits behind this policy so users still have a pathway to install apps outside the verified ecosystem, but not instantly.

Separately, Google has been tightening the process in stages: it also introduced a new requirement for a one-time security step (described in reporting as a process that aims to prevent impulsive or unsafe installs). Together, these measures are designed to give users time to reconsider—especially when a sideload is unexpected or prompted by social engineering.

Why it matters: sideloading has always been a major attack surface on mobile, because malicious apps often arrive through social links, fake downloads, and “security update” scams. By slowing down installs from unverified sources, Google is trying to reduce the chance that users install something dangerous under time pressure.

For developers and power users, the policy is a trade-off. It preserves flexibility, but makes it harder to quickly test or deploy non-store apps. For enterprises, it also affects device management workflows if teams rely on sideloading.

The direction is clear: Android remains open, but Google is increasing safety guardrails around the least-controlled part of the app ecosystem.