Google has unveiled an innovative mechanism within Android known as Advanced Flow, designed to facilitate the sideloading of APKs from unverified developers for power users, all while enhancing security measures. This new system, set to launch in August, aims to strike a balance between user flexibility and protection against the rising tide of malware infections and scams, which the Global Anti-Scam Alliance (GASA) estimates resulted in losses of approximately 2 billion last year.
Source: Google
For those power users eager to install APKs on their devices, a one-time process will be required, consisting of the following steps:
- Activate Developer Mode from the system settings.
- Confirm that they are not being influenced by threat actors.
- Restart the device and reauthenticate.
- Wait a full day and then verify the legitimacy of the modifications.
Upon completion of these steps, users will be able to install applications from unverified developers and can choose to enable them for a week or indefinitely. Android will provide a warning indicating that the app originates from an unverified developer.
Source: Google
This carefully crafted process introduces a layer of friction intended to disrupt common scamming tactics that prey on users’ urgency. Google elaborates, “This flow is a one-time process for power users – it was designed carefully to prevent those in the midst of a scam attempt from being coerced by high-pressure tactics to install malicious software.”
Scammers often exploit fear, employing threats of financial ruin, legal issues, or harm to loved ones to create a sense of urgency that can cloud judgment. They may remain on the line with victims, coaching them to bypass security warnings and disable protective settings before the individual has the opportunity to pause and seek assistance.
Google positions the Advanced Flow system as a prudent compromise between the inherent openness of Android and the necessary user protections, paving the way for the upcoming developer verification requirements scheme first announced last August. This verification process is intended as a robust anti-malware measure, mandating that all Android app publishers, irrespective of their distribution methods, undergo identity verification by Google; failure to comply will result in the blocking of their software installations on certified Android devices.
While Google initially faced backlash that led to a retraction of the original timeline for implementing this rule, the company remains committed to the identity verification initiative, which is now slated for rollout in August 2026. App developers are encouraged to visit a designated webpage for further details.
As the landscape of malware continues to evolve, the Red Report 2026 highlights how emerging threats utilize sophisticated techniques to evade detection. For those interested in a deeper understanding of these challenges, a comprehensive analysis of 1.1 million malicious samples is available, revealing the top ten techniques and assessing potential vulnerabilities in existing security frameworks.
