Enable Unknown Sources On Android – A Complete How To Guide

Android blocks app installations from outside the Google Play Store by default. If you have ever tried to install an APK file you downloaded from a browser or received from a teammate, you have probably seen a warning about "unknown sources" or "install unknown apps." This is a security feature, not a bug. But when you need to sideload an app for testing, beta distribution, or using a trusted tool that is not on the Play Store, you need to know how to enable it safely.

This guide covers every Android version from 7.0 (Nougat) through 15, including the Restricted Settings introduced in Android 13 and the Enhanced Confirmation Mode added in Android 15.

Why Android Blocks Unknown Sources

Apps distributed outside the Play Store do not go through Google's automated security scanning (Play Protect) before they reach your device. Malware, ransomware, and phishing apps often arrive as APK files shared through messaging apps, email attachments, or sketchy download sites. By blocking unknown sources, Android adds a layer of protection that prevents accidental installation of malicious software.

That said, there are plenty of legitimate reasons to sideload apps: internal beta testing, enterprise distribution, using alternative app stores, or installing builds from a CI/CD pipeline. The key is to only enable the permission for sources you trust, and to disable it when you are done.

Android 7 and Earlier: The Global Toggle

On Android 7.0 (Nougat) and earlier versions, there is a single system-wide toggle that allows or blocks all installations from outside the Play Store.

1. Open Settings.
2. Tap Security (on some devices, this is labeled Lock Screen and Security).
3. Find the Unknown Sources option and toggle it on.
4. Tap OK on the confirmation prompt.

Once enabled, any app on your device can install APK files. This is the main drawback of the old approach: it is all-or-nothing. After you finish installing, go back and toggle Unknown Sources off again.

Android 8 to 11: Per-App Permissions

Starting with Android 8.0 (Oreo), Google replaced the global toggle with a per-app permission system. Instead of allowing all apps to install APKs, you grant the permission only to specific apps you trust, like your file manager or browser.

Method 1: Grant Permission During Installation

1. Download or transfer the APK file to your device.
2. Tap the APK file to begin installation.
3. Android will show a prompt saying the app is not allowed to install unknown apps.
4. Tap Settings on the prompt. This takes you directly to the permission screen for that app.
5. Toggle on Allow from this source.
6. Go back and tap Install.

Method 2: Grant Permission Ahead of Time

1. Open Settings.
2. Tap Apps & notifications (or Apps on some devices).
3. Tap Special app access (you may need to tap Advanced first).
4. Tap Install unknown apps.
5. Select the app you want to grant permission to (for example, Chrome, Files, or your file manager).
6. Toggle on Allow from this source.

This per-app model is a big improvement over the old global toggle. You can allow your file manager to install APKs while keeping every other app locked down.

Android 12 and 13: Same Per-App Model, Updated UI

Android 12 and 13 use the same per-app permission system introduced in Android 8, but the Settings UI has been reorganized on many devices. The exact path depends on your manufacturer (Samsung, Pixel, OnePlus, etc.), but the most common path is:

1. Open Settings.
2. Tap Apps.
3. Tap Special app access (on some devices, scroll to the bottom of the Apps list to find it).
4. Tap Install unknown apps.
5. Select the app you want to grant permission to.
6. Toggle on Allow from this source.

Restricted Settings (Android 13+)

Android 13 introduced a new security layer called Restricted Settings. If an app is sideloaded (installed via an APK rather than through the Play Store or a recognized app store), Android blocks it from accessing certain sensitive permissions, including Accessibility Services and Notification Listener access.

This does not block the APK installation itself. You can still install the app normally. But if the sideloaded app requests Accessibility or Notification Listener permissions, you will see a "Restricted setting" dialog. To allow it:

1. Dismiss the "Restricted setting" dialog by tapping OK.
2. Open Settings > Apps and find the app.
3. Tap the three-dot menu (top-right corner) on the app's info page.
4. Tap Allow restricted settings.
5. Authenticate with your fingerprint, PIN, or pattern.
6. Go back to the app and grant the permission it requested.

Android 14: Minimum SDK Requirement

Android 14 keeps the same per-app "Install unknown apps" permission and the Restricted Settings feature from Android 13. The Settings path is the same: Settings > Apps > Special app access > Install unknown apps.

The notable change in Android 14 is a minimum SDK requirement. Apps that target Android SDK version 23 (Android 6.0) or lower cannot be installed at all. If you try to install an APK that targets a very old API level, Android 14 will reject it outright.

For most users and developers, this will not be an issue. Modern apps target much higher API levels. But if you are working with a legacy app, you have two options:

• Update the app's targetSdkVersion to at least 24 (the recommended approach).
• Use ADB to bypass the restriction: adb install --bypass-low-target-sdk-block app.apk

Android 15: Enhanced Confirmation Mode

Android 15 takes Restricted Settings further with Enhanced Confirmation Mode (ECM). This builds on the Android 13 restrictions but closes some of the workarounds.

The basic installation flow remains the same. You still grant per-app permission through Settings > Apps > Special app access > Install unknown apps. APK installation itself is not blocked.

What changes is how Android handles sensitive permissions for sideloaded apps:

• ECM uses a system-level allowlist (baked into the device firmware) to decide which installers and packages are "trusted."
• Apps installed through the Play Store or recognized app stores are trusted automatically.
• Apps sideloaded via a browser, file manager, or messaging app are not on the allowlist. These apps face restrictions on Accessibility Services, Notification Listener, SMS permissions, Device Admin, and Draw Over Other Apps.
• Unlike Android 13/14's Restricted Settings, ECM cannot always be overridden through the Settings menu. The behavior depends on your device manufacturer and firmware.

Android 15 also raises the minimum SDK floor. Apps targeting SDK versions below 24 (Android 7.0) are blocked from installation.

Quick Reference Table

Security Best Practices

Sideloading is safe when done responsibly. Follow these guidelines to protect your device:

• Only enable "Install unknown apps" for apps you trust. Grant the permission to your file manager or browser, not to every app on your device.
• Disable the permission after installing. Go back to Settings > Apps > Special app access > Install unknown apps and toggle it off for the app you used.
• Verify the APK source. Only download APK files from the developer's official website, a trusted distribution platform, or your team's internal build system.
• Keep Play Protect enabled. Even when sideloading, Google Play Protect scans installed apps for malware. Do not disable it.
• Check the APK hash. If the developer provides a SHA-256 hash, verify it before installing. This confirms the file has not been tampered with.
• Avoid APKs from messaging apps and social media. These are common vectors for malware. If a colleague sends you a build, ask them to use a proper distribution tool instead.

How TestApp.io Simplifies This for Testers

If you are distributing Android builds to testers, asking every tester to manually navigate these Settings menus is not ideal. Different Android versions, different manufacturer UIs, and Restricted Settings on newer devices all add friction. This is exactly the kind of problem TestApp.io solves.

When you upload an APK to TestApp.io and share the install link with your testers, here is what happens:

• Testers get a direct install link. No APK files floating around in email threads or Slack channels. Each release has a unique URL.
• The TestApp.io app guides them through permissions. On first install, the app walks testers through enabling "Install unknown apps" for the TestApp.io app specifically. No guessing which Settings menu to open.
• Builds are scanned and verified. You know the APK is exactly what your CI/CD pipeline produced. Testers know the source is trusted.
• Testers can submit feedback directly from the app, including screenshots and device info. No separate bug tracker setup needed.

You can automate the entire upload process using ta-cli in your CI/CD pipeline with tools like GitHub Actions, Bitrise, CircleCI, or Fastlane.

Looking Ahead: Developer Verification in 2026

Google has announced that starting in late 2026, apps installed on certified Android devices (those with Play Protect and Google apps preloaded) will need to come from verified developers. This applies to all installation methods, including sideloading.

Developers will need to register through the Android Developer Console (a one-time $25 fee) and verify their identity. The rollout begins in September 2026 for select countries (Brazil, Indonesia, Singapore, Thailand) and expands globally in 2027. Apps installed via ADB will be exempt.

For teams using distribution platforms like TestApp.io, this change should be seamless since the platform handles the distribution pipeline. But if your team currently shares raw APK files via email or cloud storage, plan ahead.

Troubleshooting Common Issues

"There was a problem parsing the package"

This error usually means the APK file is corrupted, incomplete, or incompatible with your device. Check that the download completed fully, that the APK supports your device's CPU architecture (arm64-v8a, armeabi-v7a, x86_64), and that it targets a compatible SDK version. For a deeper dive, see our troubleshooting guide for parsing errors.

"Install unknown apps" toggle is grayed out

This typically happens on managed devices (work profiles, MDM-enrolled devices). Your organization's IT policy may block sideloading entirely. Contact your IT administrator for exceptions.

"App not installed" with no further details

This can be caused by conflicting signatures (a different version of the same app is already installed with a different signing key), insufficient storage, or the APK targeting an SDK version that is too old for your Android version. Uninstall the existing version and try again.

Further Reading

• Troubles installing APKs on Android (Help Center)
• How to create a release on TestApp.io (Help Center)
• Getting started with the TestApp.io mobile app (Help Center)
• Troubleshooting: "There was a problem parsing the package" (Blog)

Ship Mobile Apps Faster with TestApp.io

TestApp.io helps mobile teams distribute builds to testers, collect feedback, and manage releases, all in one place. Support for iOS (IPA) and Android (APK), with integrations for Slack, Microsoft Teams, Jira, Linear, and 10+ CI/CD platforms.

👉 Get started free or explore the Help Center to learn more.