Android 15’s new sideloading restrictions could signal a shift for the Android ecosystem, challenging its historically open nature. These tighter security measures protect average users from malicious apps but risk alienating power users, amateur developers, modders, and enthusiasts who depend on Android’s flexibility. With Android 15 rolling out to the newest Google Pixel phones and more manufacturers following, the backlash to these changes quickly becomes apparent.
Android’s openness was a key selling point for me. Experimenting and learning on a customizable and open platform shaped my early years in Android development. I still remember bricking my first device within months of buying it, but figuring out how to unbrick it got me interested in development. While Google’s efforts to enhance user safety are understandable, stripping away the features that make Android fun and unique could alienate the community that contributed to its success.
Watch our review
What are the new restrictions on Android 15?
Sensitive permissions
Some sensitive permissions requested by sideloaded apps in Android 15 will now be restricted by default. When users install apps from outside the Google Play Store or approved third-party stores, the system flags each permission on the Restricted Settings list that is being requested. These permissions must be manually activated one by one through the Settings menu. Unlike previous versions of Android, there isn’t a way to universally allow apps from any unknown source to bypass these restrictions.
Google’s device implementation rules require the following Restricted Settings to be implemented by default:
- Accessibility
- Notification listener
- Device admin apps
- Display over other apps
- Usage access
- Dialer
- SMS
- SMS runtime
Other permissions are not required to be restricted but are strongly recommended. Google advises against allowing users to turn off Restricted Settings for all apps. Instead, the user must confirm each permission request. The rules apply to installed apps that were downloaded from browsers, messaging apps, cloud storage, and any local APK installed through apps like file managers.
Play Store Integrity
Enhanced AI-based security features and the Play Store Integrity API introduce another layer of control. Developers can now block apps from being sideloaded if they weren’t installed through approved channels. This API checks the app’s metadata during installation, determining whether it was downloaded from a trusted source. If it detects the app was sideloaded, the developer’s integrity policy can keep it from functioning correctly. These measures protect apps from tampering and ensure they operate as the developers intended.
Why is Google making it harder to sideload apps?
As Android’s user base surpasses 3 billion users worldwide, the need for stronger security measures has grown. Sideloading has long been a convenient way to install apps from sites like APKMirror, but it also presents significant risks. Malicious apps are often used for phishing attacks or to spread malware. The harsh reality is that scamming and fraud are a rapidly growing 1 trillion dollar global shadow economy.
The Zimperium 2024 Global Mobile Threat Report found that users who engage in sideloading are 200% more likely to have malware running on their devices. Even official app stores can contain apps with malware. Zscaler ThreatLabz security research found over 200 apps, with over 8 million installations from Google’s Play Store. Mobile apps are a powerful tool scammers use to exploit victims.
Users who engage in sideloading are 200% more likely to have malware running on their devices.
The new sideloading restrictions enhance security but limit legitimate use cases. Many people sideload apps for beta testing, customization, or accessing features unavailable in official versions. Android has long stood out as the mobile OS that allows users to take control and customize it how they like, a departure from the iPhone’s tightly restricted iOS. These restrictions disproportionately affect users who prefer to control how they use their devices, chipping away at one of the defining reasons many choose Android.
Challenges for power users and depreciated devices
Development and modding on Android often require a combination of trial and error and a significant amount of patience. Manually enabling individual permissions for every sideloaded app might be inconvenient, but it adds up over time. Apps blocked by the Play Integrity API have a wider impact, making it harder to modify apps and continue using apps their developers no longer support.
This sounds like it will make modding some apps impossible. I recall working on Amlogic AML8726-MX tablets many years ago, where modifying and sideloading apps was often essential to deal with manufacturer-related issues. Many devices also lacked preinstalled app stores, requiring manual sideloading of the Google Play Store or other third-party stores to get started.
Related
One thing I’ve always appreciated about Android is its ability to extend the life of older devices. You aren’t forced to abandon a device, even when official support ends. For instance, my ASUS Nexus 7 from 2013 still runs on LineageOS just fine, which works perfectly for comics and e-books. However, some devices eventually lose support, even from custom ROMs, making it necessary to find and sideload older compatible APKs to keep them functional. It would be a problem if a developer locked one of those apps with the Play Store Integrity API and later abandoned it.
Balancing security with personal control
Android’s openness, flexibility, and customization have always been its biggest draws. For many users, the new sideloading restrictions may feel like another minor annoyance, but to me, each update makes Android feel a little more closed. At its core, this change frustrates users because it adds extra steps and makes things harder. Updates should make life easier, not add roadblocks to things users want to do.
Still, these restrictions offer protection for less experienced users who are more vulnerable to scams and malware. Not everyone enjoys tweaking and customizing their device. Even seasoned users can fall victim to security threats. The heightened focus on an increasing number of mobile scams highlights the risks.
However, taking away user choice contradicts what Android has always stood for. Instead of discouraging developers from offering ways to bypass Restricted Settings, Google could have buried the option in Developer Options. It’s hard not to worry about where Android is heading if these trends continue.
Related
How to customize your Google Pixel 9 home screen
Make your Google Pixel 9 phone look and feel like yours
Fewer reasons to choose Android
I use both Android and Apple devices and appreciate each for different reasons. My MacBook, iPhone, and iPad work together seamlessly and are easy to maintain. I update them, and they just work. However, Android has always felt like a creative playground, offering unmatched control over almost every aspect of the user experience.
That freedom has drawn many people to Android, and it makes me wonder how many of the great Google Play Store alternatives and the apps on them will survive. If Google makes Android as restricted as iOS, it risks narrowing the gap between the two ecosystems, giving users fewer reasons to choose one over the other.
