Google has announced the introduction of Advanced Flow, designed to let Android users install apps from unverified developers more safely than before.
This process is known as sideloading. It means installing an app on your device from somewhere other than the Google Play store, usually by downloading and opening its installation file yourself.
Right now, that typically involves:
- Downloading an app file (an APK on Android) from a website, email, or another source instead of Google Play.
- Manually installing it, often after turning on a setting that allows apps from “unknown” or “unverified” developers.
From Google’s point of view, this has been a security weak spot. Scammers regularly abuse sideloading to trick victims into installing malware while bypassing built‑in protections.
They often pressure victims into installing apps that turn out to be infostealers or other malware. According to research by the Global Anti-Scam Alliance (GASA), scams caused an estimated $442 billion in losses last year.
So anything that helps reduce that risk is welcome.
What Google is changing isn’t dramatic, but it does make the process of installing an app from outside the official Play Store more secure. In simple terms, Advanced Flow adds extra steps and delays so scammers can’t rush people into disabling protections and installing their malware.
How Advanced Flow works
To sideload apps using Advanced Flow, users will need to go through a series of steps:
- Enable developer mode in system settings. This is easy enough, and helps prevent accidental or one-tap bypasses often used in high-pressure scams.
- Complete a quick safety check to make sure that no one is talking you into turning off your security. Scammers often pressure victims into disabling protections.
- Restart your device, which cuts off any remote access or active phone calls a scammer might be using to guide you.
- Wait one day, then you can confirm the change using biometrics (like fingerprint or face unlock) or your device PIN. This one-time, one-day delay breaks the urgency scammers rely on, giving you time to think.
Once you’ve confirmed you understand the risks, you’re all set to install apps from unverified developers. You can allow this for seven days or indefinitely. For safety, you’ll still see a warning that the app is from an unverified developer, but you can just tap “Install Anyway.”
In addition to the Advanced Flow, Google is introducing free, limited distribution accounts for students and hobbyists. These let developers share apps with a small group (up to 20 devices) without needing ID verification or a registration fee.
What this means for users
So after these changes, these will be the options for users that have “developer mode” enabled on their Android device.
- Sideloading directly from verified developers
- Sideloading from developers with limited distribution accounts
- Sideloading from unverified developers with Advanced Flow
Advanced Flow is expected to roll out in August 2026.
Overall, it seems a reasonable compromise. Sideloading isn’t going away, so this keeps that ability but adds meaningful barriers against scam‑driven installs, thwarting social‑engineering campaigns without outright killing power‑user workflows. The one-day delay could turn out to be frustrating though, even if it’s only a one-time event.
We don’t just report on phone security—we provide it
Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.
