Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
AI agent executes end-to-end ransomware attack via development platfor...
ICAC Commissioner attends first IAACA European regional anti-corruptio...
Research: Asian enterprises advancing AI without resilience strategies...
Penta Security Sets the Benchmark for Web Application Security, Earnin...
India bank domain registry exposed sensitive data in security lapse: e...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      S E Asia governments targeted by cyber-espionage group

      S E Asia governments targeted by cyber-espionage group

      Tuesday, June 23, 2026, 8:00 AM Asia/Singapore | Features
    • Featured

      Rethinking network and infrastructure design for resilience

      Rethinking network and infrastructure design for resilience

      Thursday, June 18, 2026, 2:17 PM Asia/Singapore | Features
    • Featured

      Bringing cybercriminals to justice in APAC

      Bringing cybercriminals to justice in APAC

      Thursday, June 11, 2026, 10:30 AM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • AWARDS 2026
  • Directory
  • E-Learning

Select Page

Opinions

Google tightens Android sideloading

By CybersecAsia editors | Tuesday, September 2, 2025, 3:06 PM Asia/Singapore

Google tightens Android sideloading

Come September 2026, Android users in Singapore, Brazil, Indonesia and Thailand will find it harder to download apps from outside the Play Store. What would that mean for app developers, cybersecurity and consumer experience?

Google announced on 25 August 2025 that all app developers must be verified before their apps can be installed on certified Android devices in Singapore, Brazil, Indonesia and Thailand — a change aimed at curbing malware and scams. The rest of the world follows in 2027.
To help unpack what this means for users and the industry, Alexander Ivanyuk, Senior Director, Threat Research Unit (TRU), Acronis, shares his perspective:

Effectiveness: Will a move like this actually be effective in protecting users from downloading malware by accident, considering that they will need to fiddle with their settings to sideload apps in the first place?

Ivanyuk: This is not a silver bullet (as there is still malware on Play and ways for hackers to get through), but it is an effective safety rail. It moves the security model from relying on a user’s imperfect risk decision to a system-level enforcement based on developer accountability. It will undoubtedly prevent a number of accidental malware installations. 

And yes, this is only for users who know and dare to enable “Unknown Sources” (now more granularly called “Install unknown apps”) which is a simple, one-time toggle for permission.

Openness vs. security: Android has long prided itself as being an open-source platform, in contrast with Apple, which takes a walled garden approach. Does this move actually run contrary to that spirit of freedom and openness?

Ivanyuk: The “open vs. closed” debate is often framed in idealistic terms, but in the real world, it’s about risk management. Goggle was taking steps in “closing” the Android system for years already; it is not something happening now with this new announcement. 

The original definition of Android’s openness was about the ability for OEMs to customize the OS and for users to install software from outside a single curated store. It was never intended to be a free-for-all that enables massive fraud and malware campaigns. Also let’s not forget that Google is not removing the ability to sideload unverified apps entirely (though they are making it harder).

Revenue vs. security: Seeing as there are already restrictions in place for sideloading apps in Singapore, is this simply a move by Google to further curb sideloading apps that may take revenue away from them (eg, Vanced and its slew of modded apps that remove ads). Is it likely that there’ll be very little difference between the two platforms eventually with this shift?

Ivanyuk: This is about security first but of course there is a revenue factor as well. The sheer volume of financial and data-loss malware targeting Android is an existential threat to the platform’s reputation. Google’s biggest customers are OEMs (Samsung, Xiaomi, etc.). If Android becomes synonymous with “unsafe,” OEMs and users flee. Protecting the brand and ecosystem is worth infinitely more to Google than the ad revenue from a subset of users using YouTube Vanced. A secure platform attracts and retains users, which in turn attracts developers and advertisers—that’s the real business.

The original definition of Android’s openness was about the ability for OEMs to customize the OS and for users to install software from outside a single curated store. It was never intended to be a free-for-all that enables massive fraud and malware campaigns. Also let’s not forget that Google is not removing the ability to sideload unverified apps entirely (though they are making it harder).

Revenue vs. security: Seeing as there are already restrictions in place for sideloading apps in Singapore, is this simply a move by Google to further curb sideloading apps that may take revenue away from them (eg, Vanced and its slew of modded apps that remove ads). Is it likely that there’ll be very little difference between the two platforms eventually with this shift?

Ivanyuk: This is about security first but of course there is a revenue factor as well. The sheer volume of financial and data-loss malware targeting Android is an existential threat to the platform’s reputation. Google’s biggest customers are OEMs (Samsung, Xiaomi, etc.). If Android becomes synonymous with “unsafe,” OEMs and users flee. Protecting the brand and ecosystem is worth infinitely more to Google than the ad revenue from a subset of users using YouTube Vanced. A secure platform attracts and retains users, which in turn attracts developers and advertisers—that’s the real business.

It is likely that Android and iOS will continue to converge on security models while remaining divergent on philosophy. To give a statement example:

  1. iOS: “You cannot sideload. We have deemed it unsafe.”
  2. Android: “You can sideload, but we will implement every possible barrier, warning, and now verification check to ensure you know exactly how dangerous it is before you do.”

The ability to sideload will remain, but the path will be increasingly fraught with warnings and roadblocks designed to make the average user think twice. This is the correct balance from a risk-management perspective.

Share:

PreviousThe rise of digital wallets: What businesses in APAC need to know
NextDesilo to Launch “HARVEST™,” Encrypted Data Collaboration Platform for Healthcare, in December

Related Posts

When failure is not an option

When failure is not an option

Monday, October 6, 2025

Are IoT and OT networks in the gunsights of ransomware groups?

Are IoT and OT networks in the gunsights of ransomware groups?

Friday, June 3, 2022

Cybercriminals have their eyes on compromising software patches now

Cybercriminals have their eyes on compromising software patches now

Tuesday, July 23, 2024

Discord is a malware disaster waiting to happen

Discord is a malware disaster waiting to happen

Tuesday, October 26, 2021

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Cyber threats have become more frequent and sophisticated, targeting organizations of all sizes across all …Download Whitepaper
  • Zero Trust Made Simple: Why it matters and how to get started

    Zero Trust Made Simple: Why it matters and how to get started

    Data breaches and cyberattacks are no longer limited to large, high-profile organizations.Download Whitepaper
  • Cloud Secure Edge: Remote access, better security

    Cloud Secure Edge: Remote access, better security

    ​SonicWall Cloud Secure Edge™ is a modern, cloud-native Security Service Edge (SSE) solution that addresses …Download Whitepaper
  • Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • How a Vietnamese D2C retailer built its own secure digital infrastructure

    How a Vietnamese D2C retailer built its own secure digital infrastructure

    Would your organization build your own digital infrastructure – including AI governance and cybersecurity – …Read more
  • Cyber protection for medical clinics in Singapore

    Cyber protection for medical clinics in Singapore

    As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
  • India’s WazirX strengthens governance and digital asset security

    India’s WazirX strengthens governance and digital asset security

    Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
  • Bangladesh LGED modernizes communication while addressing data security concerns

    Bangladesh LGED modernizes communication while addressing data security concerns

    To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more

Bottom sidebar

Other News

  • ICAC Commissioner attends first IAACA European regional anti-corruption conference in Hungary

    Friday, July 3, 2026
    BUDAPEST, Hungary, July 2, 2026 …Read More »
  • Penta Security Sets the Benchmark for Web Application Security, Earning Frost & Sullivan’s 2026 South Korea Company of the Year Recognition

    Thursday, July 2, 2026
    By combining intelligent threat detection, …Read More »
  • SK shieldus Receives Frost & Sullivan’s 2026 APAC Customer Value Leadership Recognition for Excellence in Cybersecurity Services

    Monday, June 29, 2026
    The company is recognized for …Read More »
  • Global Tech Shift: Tune Talk Launches World’s First Network-Enforced Child Safety Mobile Plan, Bypassing App-Level Limitations

    Saturday, June 27, 2026
    PETALING JAYA, Malaysia, June 26, …Read More »
  • DJI Enterprise Advances Industry with New Framework for Dock as First Responder (DFR) Deployments

    Thursday, June 25, 2026
    New White Paper Outlines Best …Read More »
  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2026 CybersecAsia All Rights Reserved.