identity verification Archives

AppWizard

March 23, 2026

Google adds ‘Advanced Flow’ for safe APK sideloading on Android

Google has introduced a new mechanism called Advanced Flow within Android to facilitate the sideloading of APKs from unverified developers for power users while enhancing security. This system will launch in August and aims to balance user flexibility with protection against malware and scams, which caused losses of approximately billion last year. To install APKs from unverified developers, users must complete a one-time process that includes activating Developer Mode, confirming they are not influenced by threat actors, restarting the device, and verifying the legitimacy of modifications after a day. Once completed, users can install applications from unverified developers and choose to enable them for a week or indefinitely, with Android providing a warning about the unverified source. The Advanced Flow process is designed to prevent users from being coerced into installing malicious software during scam attempts. Google emphasizes that this system is a compromise between Android's openness and necessary user protections, leading to upcoming developer verification requirements. All Android app publishers will need to undergo identity verification by Google, with non-compliance resulting in blocked software installations on certified Android devices. This verification initiative is now set for rollout in August 2026.

AppWizard

March 20, 2026

Google slows Android sideloading to trip up scammers

Google is implementing a new flow for installing applications from unverified developers on Android, which includes several steps to reduce risks associated with sideloading. Users must first enable developer mode, followed by a verification check to ensure no external influence is guiding the installation. They then restart their devices and reauthenticate, disrupting any potential remote access. A one-day waiting period is enforced before installation, allowing users time to reconsider. Finally, users must confirm their action using biometric authentication or a device PIN. After successful verification, users can install apps from unverified developers for a limited duration or indefinitely, with warnings about the app's source provided throughout the process.

AppWizard

March 20, 2026

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Google has introduced a new "advanced flow" for Android sideloading, which includes a mandatory 24-hour waiting period for users installing applications from unverified developers. This follows a developer verification mandate requiring all Android applications to be registered by verified developers to help identify malicious actors and reduce malware distribution. The new sideloading protocol aims to mitigate risks from cybercriminals who may deceive users into disabling Play Protect, Google's anti-malware feature. Over 50 app developers and marketplaces, including F-Droid and Brave, have expressed concerns about the registration requirements, arguing they could create barriers and raise privacy issues. Google has outlined a one-time process for sideloading apps, which includes enabling developer mode, confirming voluntary sideloading, restarting the device, waiting 24 hours, and using biometric authentication or a PIN to install apps. Google plans to introduce free "limited distribution accounts" for hobbyist developers and students to share apps with up to 20 devices without needing government-issued IDs or registration fees. This process will not apply to installations via the Android Debug Bridge (ADB) and is set to be available in August 2026, ahead of new developer verification requirements. This announcement comes as a new Android malware, Perseus, targets users in Turkey and Italy, with at least 17 distinct Android malware families identified in the past four months.

AppWizard

March 20, 2026

Google adds 24-hour Android sideloading for unverified apps

Google is revising its approach to Android sideloading by allowing users to install applications from unverified developers while implementing a new 24-hour process to enhance security. Users must activate developer mode, confirm their decision, restart their devices, and re-authenticate before installation. A one-time 24-hour waiting period is also introduced to prevent scams. This change addresses concerns from developers and advocacy groups about the impact of stringent verification policies on smaller developers. Google is also offering limited-distribution accounts for students and hobbyists to share apps without full verification. The updated process includes additional security measures to disrupt scams, while users are encouraged to use dedicated security solutions for better protection against mobile threats.

AppWizard

March 20, 2026

This is Android’s new ‘advanced flow’ for sideloading apps without verification, includes one-day waiting period [Gallery]

Google will introduce a new Android developer verification process later this year to enhance user security and accommodate power users. This will include an "advanced flow" that allows users to disable the verification requirement and install software from unverified developers. Users must activate Developer mode, confirm they are not being guided by a malicious actor, restart their device, and undergo a mandatory one-day "Security wait" period for identity verification through biometric authentication or a device PIN. After this, they can install apps from unverified developers indefinitely, with a temporary option for seven days. Users will still receive a warning when installing apps from unverified developers but can choose to proceed. The rollout is set for August, alongside new developer verification requirements. Additionally, Google will offer limited distribution accounts for developers to share apps with up to 20 users without registration fees or government ID.

Winsage

March 14, 2026

Announcing Windows 11 Insider Preview Build 26220.8062 (Beta Channel)

Windows 11 Insider Preview Build 26220.8062 (KB 5079458) has been released to the Beta Channel, introducing various changes and improvements. 1. Policy-Based Removal of Preinstalled Microsoft Apps: IT administrators can now use a dynamic app removal list to remove MSIX/APPX apps by adding their package family names through Group Policy. The dynamic list is not yet available in Intune CSP. 2. Windows Setup Experience: Users can select a custom name for their user folder during the Windows setup process, which must adhere to standard naming conventions. 3. Windows Driver Policy Update: A new policy removes default trust for cross-signed drivers, allowing third-party drivers from the Windows Hardware Compatibility Program (WHCP) by default. The feature will initially operate in audit mode for at least 100 hours. 4. Point-in-Time Restore Updates: Local administrators will see a settings dialog to view or modify default restore settings, including a list of available restore points. Updated messaging has been added to the restore experience. 5. Drag Tray Rebranding: The Drag Tray has been rebranded as Drop Tray, with settings relocated to System > Multitasking. 6. Pen Settings: Refinements have been made to the Pen settings page, including an option for the pen tail button to launch the same app as the Copilot key. 7. File Explorer and Other Enhancements: Improvements have been made to the reliability of setting the preferred display language, and unexpected errors from the sfc/scannow command have been removed. Updates are gradually rolled out to Insiders who opt in via Settings > Windows Update, and features may evolve or be removed based on feedback.

Winsage

March 13, 2026

Announcing Windows 11 Insider Preview Build 26300.8068 (Dev Channel)

Windows 11 Insider Preview Build 26300.8068 (KB 5079464) has been released to the Dev Channel. Key changes include: - Enhanced policy for removing preinstalled Microsoft Store apps for Windows ENT/EDU, allowing IT administrators to use a dynamic app removal list via Group Policy. - Users can now select a custom name for their user folder during the Windows setup process. - A new policy removes default trust for cross-signed drivers, allowing third-party drivers from the Windows Hardware Compatibility Program (WHCP) by default, initially operating in audit mode. - Point-in-time restore now includes a settings dialog for local administrators and displays available restore points. - Microsoft 365 Family subscribers can upgrade their plan directly from the Accounts page in Settings. - The Drag Tray feature has been rebranded to Drop Tray, with settings relocated. - Updates to Pen settings include a new option for the pen tail button. - Enhanced reliability for preferred display language settings and removal of an unexpected error from sfc/scannow. Updates are gradually rolled out to users who opt in through the Settings menu under Windows Update.

Tech Optimizer

February 27, 2026

Fake Avast Website Steals Users’ Credit Card Information

A phishing scam is targeting French-speaking users in Europe by impersonating Avast antivirus software. Victims are lured to a fraudulent website that mimics Avast's official portal, where they are tricked into providing credit card details due to a fabricated €499.99 charge and promises of a refund. The scam uses realistic branding, dynamic JavaScript for urgency, and live chat features to collect personal information. Users are asked to select refund reasons and submit their personal details, after which they are prompted for credit card information. The scam employs the Luhn algorithm to validate card numbers and displays a fake confirmation message after data submission. Key red flags include dynamic dates, tight deadlines, requests for full card re-entry, and suspicious live chat interactions. Avast has warned users about these scams and encourages reporting to authorities.

AppWizard

February 21, 2026

Unsecured AI apps are leaking personal data of Android users

Many unregulated or inadequately secured AI applications on platforms like the Google Play store pose significant privacy risks to users. A specific Android application, "Video AI Art Generator & Maker," linked to a data leak, compromised 1.5 million user images, over 385,000 videos, and millions of AI-generated media files due to a misconfiguration in a Google Cloud Storage bucket. Another app, IDMerit, exposed sensitive know-your-customer data from users in 25 countries, including full names, addresses, birthdates, IDs, and contact information, totaling a terabyte of data. Both developers addressed the vulnerabilities after being alerted by researchers. However, cybersecurity experts warn that lax security among AI applications is a widespread issue, with 72 percent of analyzed Google Play apps exhibiting security flaws, including the practice of "hardcoding secrets" in their source code.

AppWizard

February 19, 2026

Meta Shuts Down Messenger Standalone Website

Meta has retired Messenger’s standalone website, redirecting users to Facebook’s messaging interface for desktop communication. Users can still access their conversations on Facebook’s platform, but those without a Facebook account must use the Messenger mobile app. Existing chat histories can be restored using an encrypted backup system with a PIN, and recovery options are available with identity verification. The move simplifies Meta’s operations by reducing the number of codebases to manage and aligns with trends showing that approximately 60% of global web traffic comes from mobile devices. Users have expressed frustration over the change, particularly those who deactivated their Facebook accounts. Organizations using the standalone Messenger will need to adjust their internal protocols, and Meta is focusing on enhancing business messaging tools across its platforms. The retirement of the standalone site was initially hinted at by reverse-engineer Alessandro Paluzzi, and users are encouraged to adapt their messaging habits accordingly.