Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Google tightens Android sideloading
The rise of digital wallets: What businesses in APAC need to know
Malvertising campaign targets Android users with advanced crypto-steal...
How are people in 15 countries leveraging AI for travel planning?
Insider threats cited alongside external attacks in terms of severity:...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      The rise of digital wallets: What businesses in APAC need to know

      The rise of digital wallets: What businesses in APAC need to know

      Tuesday, September 2, 2025, 1:59 PM Asia/Singapore | Features
    • Featured

      Resilience the true benchmark for smart infrastructure

      Resilience the true benchmark for smart infrastructure

      Wednesday, August 27, 2025, 8:21 PM Asia/Singapore | Features, IoT Security
    • Featured

      Deepfake a crisis of trust, not just technology

      Deepfake a crisis of trust, not just technology

      Tuesday, August 19, 2025, 10:06 AM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning

Select Page

Opinions

Google tightens Android sideloading

By CybersecAsia editors | Tuesday, September 2, 2025, 3:06 PM Asia/Singapore

Google tightens Android sideloading

Come September 2026, Android users in Singapore, Brazil, Indonesia and Thailand will find it harder to download apps from outside the Play Store. What would that mean for app developers, cybersecurity and consumer experience?

Google announced on 25 August 2025 that all app developers must be verified before their apps can be installed on certified Android devices in Singapore, Brazil, Indonesia and Thailand — a change aimed at curbing malware and scams. The rest of the world follows in 2027.
To help unpack what this means for users and the industry, Alexander Ivanyuk, Senior Director, Threat Research Unit (TRU), Acronis, shares his perspective:

Effectiveness: Will a move like this actually be effective in protecting users from downloading malware by accident, considering that they will need to fiddle with their settings to sideload apps in the first place?

Ivanyuk: This is not a silver bullet (as there is still malware on Play and ways for hackers to get through), but it is an effective safety rail. It moves the security model from relying on a user’s imperfect risk decision to a system-level enforcement based on developer accountability. It will undoubtedly prevent a number of accidental malware installations. 

And yes, this is only for users who know and dare to enable “Unknown Sources” (now more granularly called “Install unknown apps”) which is a simple, one-time toggle for permission.

Openness vs. security: Android has long prided itself as being an open-source platform, in contrast with Apple, which takes a walled garden approach. Does this move actually run contrary to that spirit of freedom and openness?

Ivanyuk: The “open vs. closed” debate is often framed in idealistic terms, but in the real world, it’s about risk management. Goggle was taking steps in “closing” the Android system for years already; it is not something happening now with this new announcement. 

The original definition of Android’s openness was about the ability for OEMs to customize the OS and for users to install software from outside a single curated store. It was never intended to be a free-for-all that enables massive fraud and malware campaigns. Also let’s not forget that Google is not removing the ability to sideload unverified apps entirely (though they are making it harder).

Revenue vs. security: Seeing as there are already restrictions in place for sideloading apps in Singapore, is this simply a move by Google to further curb sideloading apps that may take revenue away from them (eg, Vanced and its slew of modded apps that remove ads). Is it likely that there’ll be very little difference between the two platforms eventually with this shift?

Ivanyuk: This is about security first but of course there is a revenue factor as well. The sheer volume of financial and data-loss malware targeting Android is an existential threat to the platform’s reputation. Google’s biggest customers are OEMs (Samsung, Xiaomi, etc.). If Android becomes synonymous with “unsafe,” OEMs and users flee. Protecting the brand and ecosystem is worth infinitely more to Google than the ad revenue from a subset of users using YouTube Vanced. A secure platform attracts and retains users, which in turn attracts developers and advertisers—that’s the real business.

The original definition of Android’s openness was about the ability for OEMs to customize the OS and for users to install software from outside a single curated store. It was never intended to be a free-for-all that enables massive fraud and malware campaigns. Also let’s not forget that Google is not removing the ability to sideload unverified apps entirely (though they are making it harder).

Revenue vs. security: Seeing as there are already restrictions in place for sideloading apps in Singapore, is this simply a move by Google to further curb sideloading apps that may take revenue away from them (eg, Vanced and its slew of modded apps that remove ads). Is it likely that there’ll be very little difference between the two platforms eventually with this shift?

Ivanyuk: This is about security first but of course there is a revenue factor as well. The sheer volume of financial and data-loss malware targeting Android is an existential threat to the platform’s reputation. Google’s biggest customers are OEMs (Samsung, Xiaomi, etc.). If Android becomes synonymous with “unsafe,” OEMs and users flee. Protecting the brand and ecosystem is worth infinitely more to Google than the ad revenue from a subset of users using YouTube Vanced. A secure platform attracts and retains users, which in turn attracts developers and advertisers—that’s the real business.

It is likely that Android and iOS will continue to converge on security models while remaining divergent on philosophy. To give a statement example:

  1. iOS: “You cannot sideload. We have deemed it unsafe.”
  2. Android: “You can sideload, but we will implement every possible barrier, warning, and now verification check to ensure you know exactly how dangerous it is before you do.”

The ability to sideload will remain, but the path will be increasingly fraught with warnings and roadblocks designed to make the average user think twice. This is the correct balance from a risk-management perspective.

Share:

PreviousThe rise of digital wallets: What businesses in APAC need to know

Related Posts

What 900 APJ respondents thought of their large organizations’ cybersecurity posture

What 900 APJ respondents thought of their large organizations’ cybersecurity posture

Wednesday, April 6, 2022

Malvertising or Scareware risks and how to avoid it

Malvertising or Scareware risks and how to avoid it

Friday, September 11, 2020

Did Elon Musk and Obama really drag Twitter users into Bitcoin scams?

Did Elon Musk and Obama really drag Twitter users into Bitcoin scams?

Thursday, September 10, 2020

Attack of the Botnet Drones: they hail from Singapore!

Attack of the Botnet Drones: they hail from Singapore!

Friday, July 9, 2021

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • CISOs can navigate emerging risks from autonomous AI with a new security framework

    CISOs can navigate emerging risks from autonomous AI with a new security framework

    See how security leaders can adopt layered strategies addressing intent, governance, and oversight to manage …Read more
  • MoneyMe strengthens fraud prevention and credit decisioning

    MoneyMe strengthens fraud prevention and credit decisioning

    Australian fintech strengthens risk management with SEON to scale lending operations securely and efficiently.Read more
  • PT Kereta Api Indonesia announces nationwide email and communication overhaul

    PT Kereta Api Indonesia announces nationwide email and communication overhaul

    The state railway operator’s upgraded email system improves privacy, operational reliability, and regulatory alignment for …Read more
  • Operationalizing sustainability in cybersecurity: Group-IB’s approach

    Operationalizing sustainability in cybersecurity: Group-IB’s approach

    See how the firm turned malware-group takedowns into measurements of sustainability and resilience gains: by …Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.