Downloading unverified APKs will soon be a very tedious task

by · Android Police

Sideloading on Android is a simple process, but that's set to change now. Downloading apps from the Google Play Store is the safest, as Google ensures the apps that it lists are verified and traceable.

Then, there are alternatives like APKMirror, which host apps that are technically identical to the Play Store. Said APKs are more often than not verified.

Related

Google to verify non-Play Store app developers, ending anonymous distribution

Putting verified names to APKs

Posts 2
By  Chris Thomas

On Android, this means that app publishers, regardless of where they're publishing their apps, need to have a verified identity tied to their account.

This is a fairly recent development, and although Google is sticking with it, it is also introducing a significant update for power users.

The tech giant understands that power users might want to take educated risks and install software from unverified or anonymous developers. For said users, Google is introducing a new "Advanced Flow."

"Android is built on choice. That is why we’ve developed the advanced flow – an approach that allows power users to maintain the ability to sideload apps from unverified developers," wrote the tech giant.

It is meant to be tedious, and that is to prevent those being scammed from being coerced by high-pressure tactics to install malicious software. "Because the consequences of these scams that use sophisticated social engineering tactics are so severe, we have carefully engineered the advanced flow to provide the critical time and space needed to break the cycle of coercion," wrote the tech giant.

Here's how Advanced Flow works:

  • You first need to enable developer mode in your Android's system settings.
  • You then need to manually confirm that you aren't being coached or being told what to do by a potential scammer.
  • The system then restarts your device and asks you to reauthenticate. This essentially cuts off "any remote access or active phone calls a scammer might be using to watch what you’re doing."
  • You then have to wait for a full day. This is a protective warning period. Once the period is over, you can confirm that this is really you who’s making this change with biometric or PIN authentication. "Scammers rely on manufactured urgency, so this breaks their spell and gives you time to think."
  • You should now be ready to install apps from unverified developers. You can enable the bypass for a week or indefinitely.

This is a one-time process if you choose to enable the bypass indefinitely.

The change is expected to rollout in August. The company added that it will have more to share in the coming days and weeks.