In This Article
Installing an APK on Android is still the same idea it was a decade ago: download the file, give your file manager permission to install unknown apps, tap the file. What changed is the variety of file formats (APK, XAPK, Split APK, APKM, OBB), the security checks Android runs (Play Protect, signature verification), and the increasing number of apps that use the Play Integrity API to refuse to run when installed outside Play.
The file formats split cleanly. A plain APK is a single self-contained installer. A Split APK is multiple APK files that install together (base APK plus per-architecture or per-language splits). An XAPK is a Zip wrapper containing multiple Split APKs plus OBB data files. APKM is APKMirror’s installer format that handles Split APKs natively.
This guide walks the install procedure for each format, names the tools that handle them correctly, and covers the Play Integrity caveat that affects some banking and gaming apps installed outside Play.
TL;DR
Best fit: For plain APK files, tap the file in your Downloads folder and Android installs it after granting the source permission. For XAPK and Split APK files, use the APKMirror Installer app or Split APKs Installer; both are free and Play Protect-friendly.
Good alternative: On a desktop, install APKs via adb (Android Debug Bridge) for full control: adb install file.apk for single APKs, adb install-multiple file1.apk file2.apk… for Split APKs.
Skip if: You are installing a banking app, a gaming title, or any app that uses the Play Integrity API for fraud detection. Sideloaded installs of these apps may run but refuse to authenticate. Stay on Play Store for these categories.
What each file format actually is
An APK (Android Package Kit) is the standard installer file: a Zip archive with the app’s compiled code, resources, and manifest. Most pre-2020 apps shipped as single APK files. Modern apps often ship as Split APKs to keep download size small per device.
A Split APK is a collection of separate APK files: one base.apk plus one architecture split (split_config.arm64_v8a.apk) plus optional language splits (split_config.en.apk). When you install via Play Store, the Store selects the right splits for your device and installs them together. Sideloading requires installing all the relevant splits in a single transaction.
An XAPK is a Zip archive that wraps multiple Split APKs plus the OBB (game data) files. The format is popular on APKPure, Aptoide, and APKCombo. An OBB file is the extra game-data file that ships separately from the APK for large games; it lives in /sdcard/Android/obb/ after install.
Installing a plain APK on Android
Download the APK to your phone. Open your file manager (Files by Google is the default on most phones), navigate to Downloads, tap the APK file. The first time you do this, Android asks you to grant the file manager permission to Install unknown apps. Tap the prompt, toggle Allow from this source on, return to the install screen.
Android then offers to install the APK with the standard install confirmation. Tap Install. Play Protect scans the APK before the install; if it flags the file as harmful, the install is blocked and the file is moved to quarantine. If Play Protect is happy, the install completes in seconds.
After install, the app appears in your app drawer. The Install unknown apps permission stays granted for that file manager; future installs from the same manager do not need to repeat the grant. Each file manager (browser, separate downloader app) has its own permission setting.
Installing XAPK and Split APK files
XAPK files do not install through the default file manager. The file manager treats them as Zip archives; double-tapping shows the contents rather than installing them. The fix is a dedicated installer.
APKMirror Installer (free from APKMirror’s website) is the most polished pick. Download and install it as a regular APK first. Then open APKMirror Installer, browse to the XAPK file, tap it. The installer extracts the Split APKs, installs them together via a transaction, and copies the OBB file to /sdcard/Android/obb/.
Split APKs Installer (Aefyr, open-source on F-Droid) is the alternative. Same functionality, different UI. Both apps work for XAPK, APKM, and direct Split APK collections. the update to both apps added the new Android 14+ multi-file selection so you can install a Split APK set from individual files.
Quick take
For plain APKs: tap the file in your file manager, grant the install permission, install. For XAPK or Split APKs: use APKMirror Installer or Split APKs Installer (both free). For full control on desktop: adb install.
Play Integrity API affects banking, payment, and gaming apps. Sideloaded versions may install but will not authenticate. Stay on Play Store for those categories.
The Play Integrity caveat
Some apps use the Play Integrity API (formerly SafetyNet) to detect whether they are running on a Google-certified device with a Play-Store install. The API returns three verdicts: device integrity, basic integrity, and strong integrity. Banking apps, payment apps, gaming apps with anti-cheat, and some streaming apps refuse to function when the device fails the integrity check.
A sideloaded APK installation fails the device-integrity verdict in many cases. The app may install and even launch but refuses to authenticate or to run its core functionality. This is intentional fraud protection by the app developer; there is no legitimate workaround.
The Play Integrity bypass tools (Magisk modules, GMS bypass apps) exist but require a rooted phone and break with every Google Play services update. They are not a stable workaround. The honest answer is to install Play-Integrity-dependent apps from the Play Store, not sideloaded.
At a glance
| File type | What it contains | How to install | When you see it |
|---|---|---|---|
| APK | Single installer file | Tap in file manager | Most pre-2020 apps |
| Split APK | Base + arch + language splits | APKMirror Installer or Split APKs Installer | Most modern apps via APKMirror |
| XAPK | Zip wrapper around splits + OBB | APKMirror Installer | Common on APKPure and APKCombo |
| APKM | APKMirror multi-file format | APKMirror Installer | APKMirror exclusive |
| OBB | Extra game data file | Copied to /sdcard/Android/obb/ | Large games (Asphalt, PUBG, etc.) |
| adb sideload | Recovery-mode install | From desktop via adb | OS-image installs |
The setup, step by step
Step 1: Verify the source before downloading
Only download APKs from sources you trust. APKMirror, F-Droid, Aptoide, and the developer’s official website are the safe picks. Avoid random APK aggregator sites; many trojanize popular apps.
Step 2: Grant install-from-unknown-sources permission
When prompted, tap Settings, find the file manager or browser you are installing from, toggle Allow from this source on. This is per-source; you only do it once per app that hands off APK files.
Step 3: Install via the right tool for the file format
Plain APK: tap the file. Split APK or XAPK: use APKMirror Installer or Split APKs Installer. The right tool handles the multi-file transaction correctly.
Step 4: Watch the Play Protect scan
Play Protect scans every APK before install. If it flags the file as harmful, the install is blocked. Pay attention to the prompt and do not bypass it.
Step 5: Verify the app launches and authenticates
After install, open the app. If it refuses to authenticate or shows a Play Integrity failure, the app cannot run sideloaded. Either install it from Play Store or accept that this app is not available outside Play.
FAQ
Is sideloading APKs safe?
Safe when the source is trusted (APKMirror, F-Droid, official developer site). Unsafe when the source is a random aggregator or a torrent. Play Protect scans every APK before install but cannot catch every trojan; trust the source.
Can I install an XAPK without an installer app?
Manually, yes. Unzip the XAPK, you get multiple APK files plus an OBB file. Install each APK as Split APKs (which requires a tool anyway), copy the OBB to /sdcard/Android/obb//. In practice, just use APKMirror Installer; it does this automatically.
Why does my banking app refuse to run after sideloading?
It uses the Play Integrity API. Banking apps detect that the install did not come from Play Store and refuse to authenticate as a fraud-protection measure. There is no legitimate workaround; install from Play Store.
Will Google ban my account for sideloading apps?
No. Sideloading is a legitimate Android capability. Google does not ban accounts for installing APKs outside Play. The only ban risk is around modded apps that violate the original app’s terms of service (modded WhatsApp, modded Spotify), which is separate from sideloading the legitimate APK.
Can I update sideloaded apps automatically?
Not through Play Store. APKMirror Installer can check for updates against APKMirror’s catalog and prompt to install the new version. F-Droid has its own auto-update system for open-source apps. Manual update is the default for sideloaded apps.
What is the difference between OBB and APK?
An APK is the installer with the app’s code and basic resources. An OBB is the additional data file (textures, music, large assets) that ships separately for large games. The Play Store downloads both transparently; sideloading requires you to copy the OBB to /sdcard/Android/obb// manually.
The verdict
APK installation on Android is a solved problem for plain APK and Split APK files. The right tool (file manager for plain APKs, APKMirror Installer or Split APKs Installer for Split and XAPK) handles every legitimate install case in seconds. Play Protect adds a useful safety check without blocking the workflow.
The Play Integrity API is the real constraint. Banking, payment, and many gaming apps refuse to authenticate when sideloaded. This is intentional fraud protection and the workarounds (root, GMS bypass) are unstable. Install these categories from Play Store; sideload the rest.
Trust the source. APKMirror, F-Droid, and the developer’s official website are safe. Random APK aggregators are not. The five seconds it takes to verify the source before installing pays back permanently in malware-avoidance.
How we put this guide together
We tested every install procedure on Pixel 8a running Android 16 and Galaxy S24 running One UI 7 in May 2026. APKs were sourced from APKMirror, F-Droid, and the official developer pages for verification. Play Integrity behavior was verified on five major banking apps and three gaming apps. We refresh this guide when Google updates the install-unknown-apps flow or when Play Integrity changes the device-integrity criteria.
