Google adds ‘Advanced Flow’ for safe APK sideloading on Android

News

Featured
Latest

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

Microsoft Azure Monitor alerts abused for callback phishing attacks

Musician admits to $10M streaming royalty fraud using AI bots

FBI links Signal phishing attacks to Russian intelligence services

Varonis Atlas: Securing AI and the Data That Powers It

Microsoft Exchange Online service change causes email access issues

Block ads and trackers on 9 devices for only $16 in this deal

FBI warns of Handala hackers using Telegram in malware attacks

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsSecurityGoogle adds ‘Advanced Flow’ for safe APK sideloading on Android

Google adds ‘Advanced Flow’ for safe APK sideloading on Android

By Bill Toulas

March 21, 2026
10:18 AM
0

Google has announced a new mechanism in Android called Advanced Flow, which will allow sideloading APKs from unverified developers for power users in a more secure manner.
The new system, scheduled to roll out this August, aims to allow installing Android apps from unverified developers while minimizing the risk of malware infections and scams, which caused an estimated $442 billion in losses last year, according to the Global Anti-Scam Alliance (GASA).

Distinct APK sideloading pathwaysSource: Google
Power users who want to install APKs on their devices will have to go through a one-time process involving the following steps:
Turn on Developer Mode from system settings
Confirm they are not being coached by threat actors
Restart the phone and reauthenticate
Wait one day and then confirm that the modifications are legitimate
Then users can install apps from unverified developers and enable them for a week or indefinitely. Android will display a warning that the app is from an unverified developer.

Overview of the Advanced Flow procedureSource: Google
The process is designed to add friction and disrupt typical scamming tactics that trick people into installing unsafe apps on their devices by playing on the urgency of the operation.
“This flow is a one-time process for power users - it was designed carefully to prevent those in the midst of a scam attempt from being coerced by high-pressure tactics to install malicious software,” explains Google.
“In these scenarios, scammers exploit fear - using threats of financial ruin, legal trouble, or harm to a loved one – to create a sense of extreme urgency.”
“They stay on the phone with victims, coaching them to bypass security warnings and disable security settings before the victim has a chance to think or seek help.”
Google frames the Advanced Flow system as a safe compromise between Android’s openness and user protection, needed for a smooth transition to the new developer verification requirements scheme, first announced last August.
Developer verification is meant as an anti-malware measure, requiring all Android app publishers, regardless of the distribution method they use, to have their identity verified by Google; otherwise, the installation of their software on certified Android devices will be blocked.
Although Google retracted the original timeline for applying the new rule after backlash from the community, it didn’t abandon plans to implement the identity verification system.
This is still coming in August 2026, according to the latest announcement, and app developers are urged to visit this webpage for more information.

Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
Download The Report

Related Articles:
New ‘Perseus’ Android malware checks user notes for secretsNew BeatBanker Android malware poses as Starlink app to hijack devicesNew Keenadu backdoor found in Android firmware, Google Play appsZeroDayRAT malware grants full access to Android, iOS devicesHugging Face abused to spread thousands of Android malware variants

Android
APK
Google
Identity Verification
Malware
Mobile

Bill Toulas
Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Previous Article
Next Article

Post a Comment Community Rules

You need to login in order to post a comment
Not a member yet? Register Now

You may also like:

Popular Stories

Microsoft: March Windows updates break Teams, OneDrive sign-ins

CISA orders feds to patch max-severity Cisco flaw by Sunday

Microsoft Azure Monitor alerts abused for callback phishing attacks

Sponsor Posts

Secure your AI agents without sacrificing speed.

Overdue a password health-check? Audit your Active Directory for free

AI is a data-breach time bomb: Read the new report

Are refund fraud methods targeting your brand? You can monitor the underground for these threats.

Cyber resilience without the complexity. Join Zero Networks to stop lateral movement fast.

Follow us:

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure

Copyright @ 2003 - 2026 Bleeping Computer® LLC - All Rights Reserved

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

Google has introduced “Advanced Flow,” a new security mechanism within the Android operating system designed to facilitate the safe sideloading of applications from unverified developers. This initiative, slated for release in August 2026, directly addresses concerns surrounding malware and scams associated with the increasingly common practice of sideloading APK files. The core rationale behind Advanced Flow stems from a reported $442 billion in global losses attributed to scams last year, according to the Global Anti-Scam Alliance (GASA).

The Advanced Flow process represents a multi-step system intended to disrupt typical scamming tactics. It begins with a power user enabling Developer Mode on their device, followed by a confirmation step to explicitly reject coercion from threat actors. This is then coupled with a device restart and reauthentication. Crucially, the user must wait 24 hours and then confirm the legitimacy of the modifications made, adding a layer of friction to the typical, high-pressure tactics employed by malicious actors. Upon successful completion, users can install applications from unverified developers, accompanied by a clear warning displayed by Android, marking the source as untrusted.

This implementation is framed by Google as a strategic compromise between the openness inherent in Android and the imperative for user protection. It is specifically designed to support the upcoming rollout of a new developer verification requirements scheme initially announced in August 2025, which mandates identity verification for all Android app publishers, regardless of their distribution method. Failure to comply will result in app installation being blocked on certified Android devices. Google initially planned for this stricter verification to begin earlier but postponed the timeline after receiving significant community feedback. This revised schedule still anticipates implementation in August 2026.

The Advanced Flow system is intended to mitigate risk by creating a deliberate bottleneck in the process, making it considerably more challenging for scammers to rapidly deploy malicious software through deceptive methods. This addresses the issue of urgent, coercive tactics used to manipulate users into bypassing standard security warnings. The complexity of the verification process—requiring a 24-hour delay—significantly reduces the effectiveness of these high-pressure approaches.

This development aligns with broader efforts by Google to reinforce security protocols within Android. The company acknowledges the delicate balance between allowing innovation and protecting users from harm. The Advanced Flow system represents a concrete step to address the vulnerabilities associated with sideloading while accommodating the continued development of applications by independent developers. Ultimately, Google aims to provide a safer environment for both developers and users alike, solidifying Android's position as a robust and trustworthy mobile platform.