Toggle sidebar

Android Android 17 OS will unfortunately block APKs from being installed, but there's a way around it

  • Thread starter Thread starter Marc_LFD
  • Start date Start date
  • Views Views 1,535
  • Replies Replies 22
  • Likes Likes 1
Marc_LFD

Marc_LFD

Well-Known Member
Member
Level 24
Joined
Nov 3, 2021
Messages
8,616
Reaction score
9,420
Trophies
2
Age
36
XP
14,328
Country
United Kingdom
From what I read, it's installing via ADB. I don't even want to call it "side loading" as that sounds so stupid.

Screenshot_20260506-042027.png


Well, blocking Android 17 OS update is an option too, though it seems the 17 update is really good in other ways.

Google needs to clean their trash app store instead of targeting users who want to install apps independently.
 
  • Wow
  • Like
Reactions: L0w and console
So they haven't technically disabled unsigned APKs from being installed on the device, but a good reason could be that it could end up as a closed-source platform if they blocked ADB, and more people would resort to installing custom ROMs with huge risks involved.
 
  • Like
Reactions: console
Had been everywhere, including on the temp. Google plans to block sideloading unverified apps on Android in the future. This is the first time I read that this is limited to Android 17+. More likely they will push this restriction to all existing devices.

Because the underestimated the backlash, Google announced their "Advanced Flow" allowing sideloading without ADB after some scary warnings and waiting 24h to silence critics.

Security™ is the reasoning behind any restrictions. You know where the journey will go to in the future…

They do have a point with accessibility privileges. This is the most dangerous permission an app can have, and more often than not this is abused for something that isn't related to accessibility (not necessarily malware). If an app ask for accessibility this is 🐟fishy🐟
 
  • Like
Reactions: console and Marc_LFD
KleinesSinchen said:
Had been everywhere, including on the temp. Google plans to block sideloading unverified apps on Android in the future. This is the first time I read that this is limited to Android 17+. More likely they will push this restriction to all existing devices.

Because the underestimated the backlash, Google announced their "Advanced Flow" allowing sideloading without ADB after some scary warnings and waiting 24h to silence critics.

Security™ is the reasoning behind any restrictions. You know where the journey will go to in the future…

They do have a point with accessibility privileges. This is the most dangerous permission an app can have, and more often than not this is abused for something that isn't related to accessibility (not necessarily malware). If an app ask for accessibility this is 🐟fishy🐟
Click to expand...
Google just needs to add a prompt before APK can be installed, requiring human interaction to proceed with installation. Like a Capcha for Android. That would take the burden of responsibility off Google, and also make it nearly impossible for rogue apps to silently install rubbish or infected apps. (Looking at YOU, Samsung OTA updates!)
 
  • Like
Reactions: L0w, console and Marc_LFD
Jayro said:
Google just needs to add a prompt before APK can be installed, requiring human interaction to proceed with installation. Like a Capcha for Android. That would take the burden of responsibility off Google, and also make it nearly impossible for rogue apps to silently install rubbish or infected apps. (Looking at YOU, Samsung OTA updates!)
Click to expand...

The 'official' reason for the 24 hour wait is to reduce pressure tactics from scammers trying to get victims to install malware.

https://arstechnica.com/gadgets/202...-process-to-sideload-unverified-android-apps/

That said, I've not heard of any scams like this, usually it's gift card sales.

Edit:

As for Samsung, I think you can stop that after updates by disabling "appbox".
 
  • Like
Reactions: console, Marc_LFD and RikuCrafter
tech3475 said:
The 'official' reason for the 24 hour wait is to reduce pressure tactics from scammers trying to get victims to install malware.

https://arstechnica.com/gadgets/202...-process-to-sideload-unverified-android-apps/

That said, I've not heard of any scams like this, usually it's gift card sales.

Edit:

As for Samsung, I think you can stop that after updates by disabling "appbox".
Click to expand...
The gift card scams usually rely on some form of urgency, like the scammer threating being raided by the FBI unless a fine is paid ASAP. However with online banking becoming easier another scam is trying to get the elderly to install a remote desktop app so the scammer can "help" them make the payment properly.

My grandma for example got hit with that where a scammer got her to install a remote desktop app on her phone to get her to "join" a fake investment site. They also hid the screen behind an overlay during those session, likely looking for banking credentials and similar. Thankfully I caught it early enough and managed to get her the money back she "invested" so no harm done, but yeah.

Honestly instead of a 24h waiting period those warning boxes should have an explanation of basic scam tactics and the big bokd warning to call your god damn IT person first to double check whatever it is they're trying to do. And if you're the IT person they should have an option somewhere in the Google account to disable that warning permanently.
 
  • Like
Reactions: console and tech3475
RAHelllord said:
The gift card scams usually rely on some form of urgency, like the scammer threating being raided by the FBI unless a fine is paid ASAP. However with online banking becoming easier another scam is trying to get the elderly to install a remote desktop app so the scammer can "help" them make the payment properly.

My grandma for example got hit with that where a scammer got her to install a remote desktop app on her phone to get her to "join" a fake investment site. They also hid the screen behind an overlay during those session, likely looking for banking credentials and similar. Thankfully I caught it early enough and managed to get her the money back she "invested" so no harm done, but yeah.

Honestly instead of a 24h waiting period those warning boxes should have an explanation of basic scam tactics and the big bokd warning to call your god damn IT person first to double check whatever it is they're trying to do. And if you're the IT person they should have an option somewhere in the Google account to disable that warning permanently.
Click to expand...

Going off of your post, the only problem I have with 'just put up a warning' is that I work retail and it's shocking how many people can't be arsed to read what's on screen.

I've literally had situations where a customer asked a question and all I had to do was read what was on the screen or maybe scroll down a little.

There are times when I feel like one of the adults on Sesame Street.

That's ignoring that the scammer will also likely try and push the victim to just press accept without reading.

That said, in the case of remote desktop apps, Google's solution may not actually solve the issue if they're using third parties who likely have registered as Devs.

I do wonder if there may be alternative options, for example, make it easier for family members to monitor vulnerable family members e.g. alerts for new app installations, monitor unknown calls or suspected fraudulent calls, etc. although I could also see these open to abuse.
 
  • Like
Reactions: console
I don't think this will deter most people who use """sideloading""" to install what they want via means like F-Droid, Obtainium, manual APK downloads, etc. However, I recall that Advanced Protection Program/Play Protect doesn't like when you do this... so it will probably break banking apps.

Banking apps are the biggest evil on mobile platforms. Many don't integrate Google's centralised, proprietary "security" solution that prevents you from running applications on devices you bought and paid for and work without issues, but some possibly maliciously choose to do so anyway. A part of that have to be international laws that mandate banking security, which also ties into location tracking and other spooky shit...

All these mandatory security/safety policies pave the road to eroding ownership and freedom as a whole. Offline, non-rented tech is becoming so much more interesting by the day.
 
Last edited by lightwo,
  • Like
Reactions: console, Marc_LFD and KleinesSinchen
Thankfully, there are already methods to use adb entirely on device, no need for a PC or anything, it just requires one time setup. So this wouldn't be that big of an obstacle for those that have a regular need for sideloading.
Jayro said:
Google just needs to add a prompt before APK can be installed, requiring human interaction to proceed with installation. Like a Capcha for Android. That would take the burden of responsibility off Google, and also make it nearly impossible for rogue apps to silently install rubbish or infected apps. (Looking at YOU, Samsung OTA updates!)
Click to expand...
There is already a prompt, and there has been for about as long as Android has existed. The only way to bypass this prompt is with root or adb.
They could certainly add a disclaimer to the prompt though, to warn (less technologically inclined) users about the potential risks of sideloading.
As it is now, before it will let you sideload you have to do the whole settings thing to enable sideloading per app, which I do believe contains warnings. But you'll only see that when you first enable sideloading, and after that you get no warnings when you install apps.
KleinesSinchen said:
Had been everywhere, including on the temp. Google plans to block sideloading unverified apps on Android in the future. This is the first time I read that this is limited to Android 17+. More likely they will push this restriction to all existing devices.

Because the underestimated the backlash, Google announced their "Advanced Flow" allowing sideloading without ADB after some scary warnings and waiting 24h to silence critics.

Security™ is the reasoning behind any restrictions. You know where the journey will go to in the future…

They do have a point with accessibility privileges. This is the most dangerous permission an app can have, and more often than not this is abused for something that isn't related to accessibility (not necessarily malware). If an app ask for accessibility this is 🐟fishy🐟
Click to expand...
They probably can't, as much as they might wish they could. The functionality is built in to the OS, and OEMs are famously terrible when it comes to Android updates, so getting an OS update pushed through to every existing device, even if you limit it to for example devices made in the last 3 years (the ones people are most likely to still be using), is likely an impossible task.

They could try to limit it at the app level rather than at the OS level, to get around this, but apps don't have the same permissions as the OS, so it would likely not be that effective (it would be easy for users to work around, or simply not grant the permissions needed... )
 
  • Like
Reactions: console and KleinesSinchen
The Real Jdbye said:
They could try to limit it at the app level rather than at the OS level, to get around this, but apps don't have the same permissions as the OS, so it would likely not be that effective (it would be easy for users to work around, or simply not grant the permissions needed... )
Click to expand...
Don't underestimate the privileged access Google Play Services has by default. It can disable sideloading right now on a phone running stock OS.
Just switch on Advanced Protection Program and sideloading should be gone -- ADB could(?) still work. It's a shame since some of the functions of Advanced Protection Program are great -- all or nothing.
 
  • Like
Reactions: console and lightwo
orangy57 said:
This isn't even true, they backpedaled on the decision a few months ago. Now you'll just need to enable some setting and wait 24 hours to be able to sideload.

https://android-developers.googleblog.com/2026/03/android-developer-verification.html

Don't read google's stupid AI summary it cant even get information on their own OS right
Click to expand...
That's true and it's already been mentioned previously in the thread. This has also been heavily criticised. While it's much better than no user-friendly method at all, it relies on Google Play Services. So much of Android is actually handled by the proprietary G.P.S. and some essential "AOSP" applications are no longer open source, so it's one of many ways enshittification has come for your freedom and ownership. :sleep:
 
  • Love
  • Like
Reactions: orangy57 and KleinesSinchen
orangy57 said:
This isn't even true, they backpedaled on the decision a few months ago. Now you'll just need to enable some setting and wait 24 hours to be able to sideload.

https://android-developers.googleblog.com/2026/03/android-developer-verification.html

Don't read google's stupid AI summary it cant even get information on their own OS right
Click to expand...
Oh, back to install as usual but wait 24hrs? Better than nothing. I didn't want Android to be locked like IOS.

It's bad enough phones don't have SD card slots anymore.
 
Marc_LFD said:
Oh, back to install as usual but wait 24hrs? Better than nothing. I didn't want Android to be locked like IOS.

It's bad enough phones don't have SD card slots anymore.
Click to expand...
Not an issue for degoogled phones, but the entire point of even having Google bloat installed nowadays is to have banking applications work (and push notifs maybe). Since this is handled by Google Play Services, it will almost certainly have strings attached one way or another.
 
  • Like
Reactions: Marc_LFD
lightwo said:
Not an issue for degoogled phones, but the entire point of even having Google bloat installed nowadays is to have banking applications work (and push notifs maybe). Since this is handled by Google Play Services, it will almost certainly have strings attached one way or another.
Click to expand...
Before the Play Store didn't show non-Play Store apps installed and now it does, it simply says the app name and "Couldn't update".

Yeah, Google is making it harder for people to install the apps they want, unfortunately.
 
  • Like
Reactions: console

Site & Scene News

Go to forum More news

Popular threads in this forum

Android  Android 17 OS will unfortunately block APKs from being installed, but there's a way around it

Gaming  SEGA has delisted some games so they're ad-free now

R36S ArkOS

12.9-inch Apple iPad Pro (2018) 512GB Stuck on Apple screen