How to Install APK, XAPK, Split APK, and OBB Files on Android in 2026

A quick and easy step-by-step guide on how to open and install APK, XAPK, and OBB data files on Android devices.

By Farzan Hussain
-
Updated on May 13, 2026 EDT
-
Fact checked by Steven

Sideloading apps on Android is still legal and still useful in 2026, particularly for open source clients, regional builds that never reached your Play Store, app betas, and apps that simply moved to a self-hosted release. The format zoo has stabilized around four shapes, single APK, XAPK, split APK bundle, and APK plus OBB, and the installer landscape has consolidated around two or three tools.

This guide covers all four formats, the modern Android 15 and 16 sideload flow with per-source install permission, signature verification, and the safety hygiene that separates a clean install from a malware infection.

TL;DR

The pick: The pick: Use the system package installer on Android 16 for single APKs, and Split APKs Installer for XAPK and split bundles. Both are free and require no root.

Runner-up: Runner-up: APKMirror Installer if you are pulling everything from APKMirror, because it autodetects splits for your device profile.

Skip if: Skip if: You are about to sideload a paid app for free, that is piracy and almost always a malware vector. Buy it on Play or skip it.

The four formats and what each one is

A plain APK is a single zipped Android package, the legacy format and still the most common for small apps. An XAPK is a zip of an APK plus extra assets, used by APKPure and some independent distributors when a single APK is impractical. A split APK bundle is a set of files, one base plus several configuration APKs, that match a specific device profile. APK plus OBB is older, a single APK plus a large data blob, mostly seen on games predating the Play Asset Delivery transition.

Modern Play Store deliveries are split APKs under the hood. When you download a single APK from a mirror like APKMirror, you may receive any of the four formats depending on what the developer publishes.

The install permission you need first

On Android 15 and 16 the install permission is granted per source, not globally. The first time a given app, your browser, file manager, or installer, tries to install an APK, Android intercepts and asks you to grant Install unknown apps for that specific source. Once granted, that source can install future APKs without re-prompting until you revoke it.

Revoke regularly. Open Settings, Apps, Special access, Install unknown apps, and turn off the permission for any source that does not need it anymore. This is the single biggest safety lever for sideloading.

Installing a single APK

Download the APK, open your file manager, tap the file. Android prompts for the install-unknown-apps permission if your file manager does not yet have it, then shows the standard install screen with the requested permission list. Tap Install, wait, tap Open.

Verify the publisher signature where possible. Reputable mirrors like APKMirror show the SHA-256 of the signing certificate alongside the download, which you can cross-check against the developer’s known cert. This catches repackaged builds carrying injected ads or trackers.

Installing an XAPK or split APK bundle

Single APK installers will not handle XAPK or split bundles. Install Split APKs Installer from Google Play, open it, point it at the XAPK or the folder of split files, and tap Install. The app unpacks the assets, registers the base APK plus splits with the system installer in one transaction, and completes the install.

If the split bundle is for a different ABI or device profile than yours, the system rejects it with a Package appears to be invalid error. The fix is to download the matching profile from the mirror, almost every mirror lets you filter by ABI, screen DPI, and Android version.

APK plus OBB, the legacy path

OBB files are large data blobs that live in Android/obb// on internal storage. Install the APK first, then copy the OBB folder into Android/obb// before launching the app. Scoped storage on Android 11 and newer blocks direct write into Android/obb/, so use a file manager with the Files by Google or Solid Explorer scoped-storage flow, or push from a connected computer over MTP.

Most modern games have moved to Play Asset Delivery and no longer ship OBB files. You will mostly hit this format with older titles or specific regional builds.

Which installer should you use?

  • Single APK: System package installer, no extra app needed.
  • XAPK: Split APKs Installer, it unpacks the zip and runs splits in one transaction.
  • Split APK bundle: Split APKs Installer or APKMirror Installer if the bundle came from APKMirror.
  • APK plus OBB: System installer for the APK plus a scoped-storage capable file manager for the OBB folder.
Important: Never sideload a paid app for free, never sideload an APK named after a popular game or app from a forum, and never sideload anything if the SHA-256 of the signing cert does not match the developer’s known cert. Repackaged builds are the dominant Android malware vector in 2026.

FAQ

Is sideloading APKs safe on Android 16?

Yes, if the source is reputable and the signing certificate matches. Sideloading is a built-in Android capability and is used legitimately for app betas, open source clients, and regional builds. The risk comes from repackaged APKs from forum drops, not from the act of sideloading itself.

What is the difference between APK and XAPK?

An APK is a single Android package. An XAPK is a zip containing an APK plus extra assets, usually the OBB or split config files bundled together. XAPK is a mirror-site convenience format and requires a specialized installer to unpack.

Why does Android say my APK is invalid?

Most often because the APK is built for a different ABI, screen density, or Android version than your device profile. Re-download the matching profile from the mirror. A second cause is a corrupted download, redownload and retry.

Should I disable Play Protect to sideload?

No. Play Protect performs cloud-side malware scanning on every sideloaded app. Disabling it removes a real safety layer. The only time you might whitelist Play Protect is for a legitimate developer build of your own app, never for a forum-drop APK.

Bottom line

Sideloading on Android is straightforward once you understand the four formats. Use the system installer for single APKs, Split APKs Installer for XAPK and split bundles, and a scoped-storage capable file manager for OBB folders. Keep Install unknown apps revoked for sources that do not need it, verify signing certificates from reputable mirrors, and never sideload paid apps for free. Follow those rules and sideloading remains a clean, useful corner of the Android ecosystem.

How we put this guide together

The picks and steps in this guide reflect what works on current Android builds in 2026. Our editors test apps on Pixel 8a and Galaxy S24 hardware running Android 15 and Android 16, cross-check against vendor documentation, and update each guide when behavior changes.

More From BestForAndroid
15+ Free Apps to Watch Movies & TV Shows (Legal & Unofficial) 15+ Free Apps to Watch Movies & TV Shows (Legal & Unofficial) Best Free Ad Blocking Solutions for Android in 2026 (No Root Required) Best Free Ad Blocking Solutions for Android in 2026 (No Root Required) The Best Productivity Apps for Android in 2026 That Actually Save Time The Best Productivity Apps for Android in 2026 That Actually Save Time How to Increase Your Snapchat Score in 2026 (The Legitimate Way, No Bots) How to Increase Your Snapchat Score in 2026 (The Legitimate Way, No Bots) Fix: Unfortunately, System UI Has Stopped Working on Android (2026 Guide) Fix: Unfortunately, System UI Has Stopped Working on Android (2026 Guide) Android 13 | Everything You Need to Know About Android 13 | Everything You Need to Know About 10 Best eSIM Apps for Android and iOS 10 Best eSIM Apps for Android and iOS Best Free VPN Options for Android/iOS: What’s Worth Downloading and What Isn’t Best Free VPN Options for Android/iOS: What’s Worth Downloading and What Isn’t 7 Best eSIM Providers for International Travel You Can Actually Trust 7 Best eSIM Providers for International Travel You Can Actually Trust How to Secure Your Digital Life: Best Data Backup Strategies How to Secure Your Digital Life: Best Data Backup Strategies Best Android data recovery apps: free and paid options for photos, videos, and SMS Best Android data recovery apps: free and paid options for photos, videos, and SMS Cache Cleaning Apps for Android in 2026: What Works, What to Skip Cache Cleaning Apps for Android in 2026: What Works, What to Skip The Best File Manager Apps for Android in 2026 The Best File Manager Apps for Android in 2026 Spotify Mod App Known Issues, Fixes, and FAQs Spotify Mod App Known Issues, Fixes, and FAQs Fix Google Play Store and Services Stopped Working in 2026 Fix Google Play Store and Services Stopped Working in 2026 How to Protect Your Business from Cyberattacks: The Best Cybersecurity Strategies How to Protect Your Business from Cyberattacks: The Best Cybersecurity Strategies How to Transfer Files Between Android and Mac How to Transfer Files Between Android and Mac