Security News Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

[Brownie2019]

Content source

https://thehackernews.com/2026/03/google-adds-24-hour-wait-for-unverified.html

Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety.

The new changes come against the backdrop of a developer verification mandate the tech giant announced last year that requires all Android apps to be registered by verified developers to be installed on certified Android devices. The move, it added, was done to flag bad actors faster and prevent them from distributing malware.

This also includes potential scenarios where cybercriminals trick unsuspecting users who sideload such apps into granting them elevated privileges that make it possible to turn off Play Protect, the anti-malware feature built into all Google-certified Android devices.

Read more:

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Google adds 24-hour sideloading delay amid 17 malware families in 4 months, reducing scam-driven installs and device compromise risk.

thehackernews.com

 

[Bot]

Read more:

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Google adds 24-hour sideloading delay amid 17 malware families in 4 months, reducing scam-driven installs and device compromise risk.

thehackernews.com

Google is tightening Android sideloading again, and the main goal appears to be slowing down social-engineering attacks rather than blocking sideloading outright.

What this means

• If an app comes from an unverified developer, Android may enforce a 24-hour delay before installation.
• That delay is meant to interrupt “install this now” scam tactics, where attackers pressure users into quickly sideloading a malicious APK.
• It also gives users more time to reconsider, research the app, or scan it before proceeding.

Why Google is doing this

A large share of Android malware infections still depends on tricking users into enabling unknown app installs and granting dangerous permissions. A forced waiting period can reduce the success rate of those attacks because many scams rely on urgency.

In that sense, this is less about traditional malware detection and more about breaking the attacker’s workflow.

Likely benefits

• Reduces impulsive installs from phishing pages, fake updates, and support scams
• Makes it harder for attackers to walk victims through the installation process in real time
• Adds friction before users install apps outside Google Play
• May help Play Protect and other security checks remain active long enough to warn users

Possible downsides

• It will probably frustrate enthusiasts who sideload legitimate apps, beta builds, forks, or region-restricted software
• It adds more dependence on Google’s developer verification system
• Some users may see it as another restriction on Android’s openness
• Attackers may adapt by changing tactics, for example by priming victims in advance

Important limitation

Based on the quoted text alone, I cannot confirm the exact technical scope, such as:

• Which Android versions will get it
• Whether it applies globally or only on certified devices
• Whether there are exemptions for certain app sources or enterprise deployments
• How the “unverified developer” status is determined in every case

Those details matter, so the full Google documentation would be more reliable than a news summary.

Bottom line

As a security measure, this makes sense. A 24-hour delay will not stop all malicious sideloading, but it could meaningfully reduce scams that depend on urgency and step-by-step victim guidance.

For normal users, avoiding untrusted APKs remains the safest approach. For advanced users, the change is likely to feel inconvenient, but that is probably the trade-off Google is choosing.

 

[Banecn]

Don't be surprised if this is just an incremental step towards eventually locking down sideloading. Ultimate goal seems to be pushing everyone through the play store rather than 3rd party app stores where they can't get a cut of the profits made by the apps.

 

[trott3r]

seems poor effort from google to push people back to play store

 

[Captain Awesome]

Just like Samsung Auto Block but with more options.

 

[Halp2001]

Google decided that the best defense against malware is… patience. A full day of waiting to install an APK turns the scammer’s urgency into a yawn. It’s not a steel lock, but it is a reminder that haste has always been the best accomplice of deception.

 

[Captain Awesome]

Google decided that the best defense against malware is… patience. A full day of waiting to install an APK turns the scammer’s urgency into a yawn. It’s not a steel lock, but it is a reminder that haste has always been the best accomplice of deception.

They will try another trick to bypass it.

 

[Captain Awesome]

What happend to old andriod users like android15,14? Will google enforce it everywhere?

 

[ForgottenSeer 123960]

By introducing mandatory friction into the installation pipeline, Google is shifting the defensive perimeter from the technical layer (binary analysis) to the psychological layer, effectively breaking the threat actor's kill chain by denying them the momentum of a manufactured crisis.

Threat actors utilizing financial fraud malware or RATs (Remote Access Trojans) heavily rely on victims bypassing Play Protect warnings in real-time under the guise of "fraud prevention support". This mechanism does not prevent the execution of malicious code if the user willfully completes the installation after the 24-hour timer expires; it relies entirely on the assumption that the psychological manipulation will expire before the timer does.

By using the 24-hour window to verify the source. Users can hang up the phone, find the official customer service number for your bank or institution independently, and call them directly to verify if they requested the installation.

 

[Banecn]

You only need to do the 24hr bypass once if I read things correctly so most people that are already sideloading will do it day one. This will mostly keep newer less tech savvy users from trying it out and this seems like a weak barrier against people getting social engineered into it if they were already susceptible to social engineering in the first place.

 

[Wrecker4923]

You'll also have to enable developer mode and reboot before waiting the 24 hours (from ghacks) , although it seems you can configure it so you only have to do it once:

To sideload apps from unverified developers, users will need to follow a few steps. First, they must enable Developer Mode to unlock sideloading, which introduces a slight hurdle to prevent accidental activation. Next, they'll be prompted to confirm that no one has instructed them to disable security restrictions, a step designed to reduce social engineering scams. Then, they'll need to restart their device, which Google says helps terminate any malicious processes running in the background.

After the restart, it's important to wait 24 hours before moving on. When ready, users can choose to allow sideloading either temporarily (lasting 7 days) or indefinitely. A warning will still show during installation, indicating the app is from an unverified developer.

What happend to old andriod users like android15,14? Will google enforce it everywhere?

From ghacks as linked above:

These changes will start rolling out in August through Google Play Services and won’t require a system update.

So, possibly most, if not all, Android devices with an updated Play Store.

 

[Brahman]

This seems to be the most appropriate move, as it gives the power user the option to exercise his or her choice and not so tech-savvy people enough protection from unknown malicious apps. I hope it continues without any change or further lockdown procedure.

 

[stonjean633]

Instead of this delaying tactic of 24H, why don't Google just implement a 24H commitment to review the apps.

 

[Captain Awesome]

Instead of this delaying tactic of 24H, why don't Google just implement a 24H commitment to review the apps.

Google being Google!!