Introduction

If you are a Windows 11 user who enjoys experimenting with advanced features like the Windows Subsystem for Android™ (WSA), it's important to prepare your system for upcoming changes and security requirements. Microsoft has announced that as of March 5, 2025, the Windows Subsystem for Android and the Amazon Appstore will no longer be available in the Microsoft Store. Until then, you can still run Android apps on your PC using WSA — but with a crucial caveat: you must have Control Flow Guard (CFG) enabled on your system.

This article delves into what Control Flow Guard is, why it matters for WSA, how to enable it step-by-step, and the broader implications of these changes on the Windows ecosystem.

What Is Control Flow Guard (CFG)?

Control Flow Guard (CFG) is a security technology built into Windows designed to mitigate memory corruption vulnerabilities and thwart exploit attacks. In simple terms, CFG acts like a vigilant security guard that monitors the execution flow of applications, ensuring that code only follows legitimate and pre-authorized paths.

Technically, CFG prevents indirect calls—especially those made through function pointers—from jumping to invalid or malicious memory locations. If an attacker attempts to hijack application control by inserting malicious code paths, CFG detects and blocks these unauthorized attempts, thereby protecting your system from code injection and related exploit techniques.

Why Is CFG Important for Windows Subsystem for Android (WSA)?

WSA allows you to run Android apps natively on Windows 11 by creating a lightweight virtualized environment replicating the Android OS. Since Android apps typically run outside the Windows ecosystem, enabling WSA introduces additional security concerns due to differences in app design and execution.

Microsoft requires CFG for WSA because Android apps might otherwise expose vulnerabilities that traditional Windows applications do not. Without CFG, malicious or poorly designed Android apps could misuse memory, execute rogue code, or bypass Windows’ security measures.

Enabling CFG ensures these apps are running in a hardened environment, enhancing your protection against potential attacks stemming from this subsystem.

How to Enable Control Flow Guard for Windows Subsystem for Android

Don't worry! Enabling CFG is straightforward using Windows Security. Follow these steps:

  1. Open Windows Security:
  • Click the Start menu or press the Windows key.
  • Type INLINECODE0 and open the app.
  1. Navigate to Exploit Protection:
  • In Windows Security, select INLINECODE1 from the left menu.
  • Scroll down and click on INLINECODE2 .
  1. Enable Control Flow Guard:
  • In the Exploit protection settings window, find the "Control flow guard (CFG)" option.
  • Expand the CFG option.
  • Set it to INLINECODE3 and ensure that it is turned on.
  1. Restart your computer:
  • Restarting is necessary for the changes to take effect.

After reboot, CFG will be active, securing the runtime environment for Android apps via WSA.

Additional Tips and Considerations

  • To verify your Windows version, press INLINECODE4 , type INLINECODE5 , and press Enter. Instructions to enable CFG apply to Windows 11 builds 25266 and earlier.
  • Even if you aren't using WSA, enabling CFG is highly recommended because it protects your system from a broad range of memory-based exploits.
  • If you encounter connectivity or app-launch issues related to WSA, verify CFG is enabled, and check firewall or GPU assignment settings in WSA resource configurations.
  • Windows Subsystem for Android relies on virtualization features like the Virtual Machine Platform and Windows Hypervisor Platform. Ensure these features are enabled in Windows Features.

Implications of WSA Sunset in 2025

Microsoft's decision to remove WSA and the Amazon Appstore support from the Microsoft Store as of March 5, 2025, marks a significant shift. While Microsoft hasn't publicly explained the reasons, it may involve resource reallocation or strategic shifts toward native Android integration in Windows or partnerships with other app platforms.

For users and developers who rely on Android apps on Windows, it is a call to explore available alternatives, backup necessary applications, or prepare for changes in how Android apps will be supported on Windows 11 in the future.

Conclusion

Control Flow Guard is a powerful but often overlooked security feature that plays a critical role in maintaining system integrity, especially when running complex subsystems like WSA on Windows 11. By enabling CFG today, you are not only preparing for the upcoming changes but also enhancing your PC's overall security against a wide array of cyber threats.

Take a few minutes to enable CFG now and explore the remarkable fusion of Android apps and Windows computing while it lasts.