Skip to main content

Reading is great. Tracking makes it stick. Sign up for a free Dashboard to tick off tasks and see your Security Score.

Get my free Dashboard →
CE: Secure Configuration

Sideloading apps: risks you need to know

Sideloading means installing an Android app from outside Google Play by enabling "Install unknown apps". Android allows this, but it comes with significant security risks. This guide explains what sideloading is, why it is risky, and how to do it more safely if you must.

Close-up of mobile app icons displayed on a smartphone screen

What is sideloading?

Sideloading means installing an APK (Android Package) file from a source other than Google Play. By default, Android blocks this to protect you. To sideload, you must go to Settings and allow a specific app (usually your browser or file manager) to install unknown apps.

  • APK stands for Android Package Kit: it is the file format used to install Android apps
  • Sideloading bypasses Google Play Protect's pre-install scan
  • Some legitimate apps are not available on Google Play and require sideloading (e.g. some work tools)

The risks

Sideloading is one of the most common ways malware ends up on Android devices:

  • No automated security scan checks sideloaded APKs before they are installed
  • Attackers distribute modified versions of popular apps (pirated games, cracked apps) packed with malware
  • Phishing messages often link to malicious APK files disguised as legitimate updates
  • Once installed, a malicious APK has the same permissions you grant it, with no Google oversight

If you must sideload: how to reduce risk

Sometimes sideloading is necessary, for example, for enterprise apps or apps only available in other regions. If you must do it:

  • Only download APKs from the developer's official website, never from third-party download sites
  • Verify the APK: reputable developers publish a hash (checksum) of their file so you can confirm it has not been tampered with
  • Enable the "Install unknown apps" permission only for the specific app you are using to install it, and disable it immediately afterwards
  • After installing, run a Play Protect scan: Google Play > Profile > Play Protect > Scan
  • Never sideload cracked or pirated apps: these are a primary malware vector

Disabling sideloading permissions afterwards

After you have finished, always revoke the "Install unknown apps" permission you granted:

  • Go to Settings > Apps > [the app you used to install] > Install unknown apps
  • Toggle off "Allow from this source"
  • Review Settings > Security > Install unknown apps to ensure no app has this permission enabled

Track your Android security progress. Free.

Create a free account to tick off tasks, see your Security Score improve, and know exactly what you've done and what's still to do.

Start your free security check
← Back to Android Security Hub