Google is implementing an advanced flow for Android that significantly alters the process for installing applications from unverified developers. This new feature introduces additional steps designed to mitigate the risks associated with scam-driven sideloading, particularly for users who may be less familiar with the potential dangers.
Advanced flow for power users to sideload apps from unverified developers
Matthew Forsythe, Director of Product Management for Android App Safety, emphasized the importance of a tailored approach: “We know a ‘one size fits all’ approach doesn’t work for our ecosystem. We want to ensure that identity verification isn’t a barrier to entry, so we’re providing different paths to fit specific needs.”
How the advanced flow works
The process begins with users enabling developer mode within their system settings. This initial step requires intentional action, thereby reducing the likelihood of accidental triggers that scammers often exploit.
Following this, the system prompts a verification check to ensure that no external party is guiding the user through the installation. This measure aims to identify scenarios where a scammer might be pressuring the individual to disable security features.
Next, users are required to restart their devices and reauthenticate. This interruption serves to disrupt any remote access or ongoing calls that could potentially monitor the user’s activity.
After the restart, a one-day waiting period is enforced before the installation can proceed. This delay is a strategic move to counteract the urgency often instilled by scammers, providing users with ample time to reconsider their decisions.
Once the waiting period concludes, users must confirm their action using biometric authentication or a device PIN. This final verification step ensures that the user is making a conscious choice to proceed with the installation.
Upon successful verification, users gain the ability to install apps from unverified developers. They can choose to enable this access for a limited duration, such as seven days, or keep it active indefinitely. A warning will appear to indicate the app’s source, accompanied by an option to continue with the installation, ensuring that users remain informed throughout the process.
