Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Clearing away the shadows of AI
Opportunities or challenges? 6 digital trends in the Oil and Gas indus...
Multi-airport cyberattacks disrupt Europe aviation sector, exposing di...
AV-Comparatives Publishes 2025 Endpoint Prevention & Response (EPR...
Cybersecurity tool sprawl: when too many cooks spoil the soup!
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      Clearing away the shadows of AI

      Clearing away the shadows of AI

      Tuesday, September 23, 2025, 5:33 PM Asia/Singapore | Features, Newsletter
    • Featured

      Opportunities or challenges? 6 digital trends in the Oil and Gas industry

      Opportunities or challenges? 6 digital trends in the Oil and Gas industry

      Tuesday, September 23, 2025, 4:55 PM Asia/Singapore | Features, Newsletter, Opinions
    • Featured

      Cybersecurity tool sprawl: when too many cooks spoil the soup!

      Cybersecurity tool sprawl: when too many cooks spoil the soup!

      Monday, September 22, 2025, 5:16 PM Asia/Singapore | Features, Newsletter
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning

Select Page

Opinions

Google tightens Android sideloading

By CybersecAsia editors | Tuesday, September 2, 2025, 3:06 PM Asia/Singapore

Google tightens Android sideloading

Come September 2026, Android users in Singapore, Brazil, Indonesia and Thailand will find it harder to download apps from outside the Play Store. What would that mean for app developers, cybersecurity and consumer experience?

Google announced on 25 August 2025 that all app developers must be verified before their apps can be installed on certified Android devices in Singapore, Brazil, Indonesia and Thailand — a change aimed at curbing malware and scams. The rest of the world follows in 2027.
To help unpack what this means for users and the industry, Alexander Ivanyuk, Senior Director, Threat Research Unit (TRU), Acronis, shares his perspective:

Effectiveness: Will a move like this actually be effective in protecting users from downloading malware by accident, considering that they will need to fiddle with their settings to sideload apps in the first place?

Ivanyuk: This is not a silver bullet (as there is still malware on Play and ways for hackers to get through), but it is an effective safety rail. It moves the security model from relying on a user’s imperfect risk decision to a system-level enforcement based on developer accountability. It will undoubtedly prevent a number of accidental malware installations. 

And yes, this is only for users who know and dare to enable “Unknown Sources” (now more granularly called “Install unknown apps”) which is a simple, one-time toggle for permission.

Openness vs. security: Android has long prided itself as being an open-source platform, in contrast with Apple, which takes a walled garden approach. Does this move actually run contrary to that spirit of freedom and openness?

Ivanyuk: The “open vs. closed” debate is often framed in idealistic terms, but in the real world, it’s about risk management. Goggle was taking steps in “closing” the Android system for years already; it is not something happening now with this new announcement. 

The original definition of Android’s openness was about the ability for OEMs to customize the OS and for users to install software from outside a single curated store. It was never intended to be a free-for-all that enables massive fraud and malware campaigns. Also let’s not forget that Google is not removing the ability to sideload unverified apps entirely (though they are making it harder).

Revenue vs. security: Seeing as there are already restrictions in place for sideloading apps in Singapore, is this simply a move by Google to further curb sideloading apps that may take revenue away from them (eg, Vanced and its slew of modded apps that remove ads). Is it likely that there’ll be very little difference between the two platforms eventually with this shift?

Ivanyuk: This is about security first but of course there is a revenue factor as well. The sheer volume of financial and data-loss malware targeting Android is an existential threat to the platform’s reputation. Google’s biggest customers are OEMs (Samsung, Xiaomi, etc.). If Android becomes synonymous with “unsafe,” OEMs and users flee. Protecting the brand and ecosystem is worth infinitely more to Google than the ad revenue from a subset of users using YouTube Vanced. A secure platform attracts and retains users, which in turn attracts developers and advertisers—that’s the real business.

The original definition of Android’s openness was about the ability for OEMs to customize the OS and for users to install software from outside a single curated store. It was never intended to be a free-for-all that enables massive fraud and malware campaigns. Also let’s not forget that Google is not removing the ability to sideload unverified apps entirely (though they are making it harder).

Revenue vs. security: Seeing as there are already restrictions in place for sideloading apps in Singapore, is this simply a move by Google to further curb sideloading apps that may take revenue away from them (eg, Vanced and its slew of modded apps that remove ads). Is it likely that there’ll be very little difference between the two platforms eventually with this shift?

Ivanyuk: This is about security first but of course there is a revenue factor as well. The sheer volume of financial and data-loss malware targeting Android is an existential threat to the platform’s reputation. Google’s biggest customers are OEMs (Samsung, Xiaomi, etc.). If Android becomes synonymous with “unsafe,” OEMs and users flee. Protecting the brand and ecosystem is worth infinitely more to Google than the ad revenue from a subset of users using YouTube Vanced. A secure platform attracts and retains users, which in turn attracts developers and advertisers—that’s the real business.

It is likely that Android and iOS will continue to converge on security models while remaining divergent on philosophy. To give a statement example:

  1. iOS: “You cannot sideload. We have deemed it unsafe.”
  2. Android: “You can sideload, but we will implement every possible barrier, warning, and now verification check to ensure you know exactly how dangerous it is before you do.”

The ability to sideload will remain, but the path will be increasingly fraught with warnings and roadblocks designed to make the average user think twice. This is the correct balance from a risk-management perspective.

Share:

PreviousThe rise of digital wallets: What businesses in APAC need to know
NextDesilo to Launch “HARVEST™,” Encrypted Data Collaboration Platform for Healthcare, in December

Related Posts

As remote-working practices go viral, a perfect cybersecurity storm erupts

As remote-working practices go viral, a perfect cybersecurity storm erupts

Monday, April 13, 2020

Free reverse engineering tool helps cyber defenders explore malware code easily

Free reverse engineering tool helps cyber defenders explore malware code easily

Thursday, August 13, 2020

Read this before using ChatGPT for software development

Read this before using ChatGPT for software development

Tuesday, May 23, 2023

Why is Office 365 keeping APAC IT decision makers up at night?

Why is Office 365 keeping APAC IT decision makers up at night?

Thursday, April 1, 2021

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • CISOs can navigate emerging risks from autonomous AI with a new security framework

    CISOs can navigate emerging risks from autonomous AI with a new security framework

    See how security leaders can adopt layered strategies addressing intent, governance, and oversight to manage …Read more
  • MoneyMe strengthens fraud prevention and credit decisioning

    MoneyMe strengthens fraud prevention and credit decisioning

    Australian fintech strengthens risk management with SEON to scale lending operations securely and efficiently.Read more
  • PT Kereta Api Indonesia announces nationwide email and communication overhaul

    PT Kereta Api Indonesia announces nationwide email and communication overhaul

    The state railway operator’s upgraded email system improves privacy, operational reliability, and regulatory alignment for …Read more
  • Operationalizing sustainability in cybersecurity: Group-IB’s approach

    Operationalizing sustainability in cybersecurity: Group-IB’s approach

    See how the firm turned malware-group takedowns into measurements of sustainability and resilience gains: by …Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.