Detecting sideloaded apps on devices

Sideloaded apps represent a potential security threat because they don’t follow the same restrictions or protections as apps distributed through official app stores or deployed internally from

UEM

. The

UEM

server, the

UEM Client

, and

BlackBerry Dynamics

apps can detect the presence of sideloaded apps on users’

iOS

and

Android

devices.

Platform	Description
iOS	The UEM server can detect sideloaded apps on devices with the MDM controls activation type. When you use the management console to view details about the apps installed on the user’s device, a Source column indicates whether the app was installed from the App Store , TestFlight (for beta apps), or UEM , or if the app was sideloaded. The UEM Client and BlackBerry Work can detect sideloaded apps on devices with any activation type.
Android	The UEM Client and BlackBerry Dynamics apps can detect sideloaded apps on devices with any of the following activation types: Android Enterprise Samsung Knox MDM controls User privacy The UEM Client and BlackBerry Dynamics apps can detect whether apps have been installed from trusted sources, including the UEM Client , Google Play , the Amazon Appstore , and the Samsung Galaxy Store (among other trusted sources). If an app was installed from a source that is not trusted, it is considered a sideloaded app.

When a sideloaded app is detected,

UEM

considers the device to be out of compliance. You can configure and assign a compliance profile to users so that

UEM

can take an appropriate management action when a sideloaded app is detected. For example, you can prevent

BlackBerry Dynamics

apps from running on the device until the sideloaded app is removed and the device returns to compliance.

Apps that you upload to the management console and add to the app list are approved automatically (regardless of whether you have deployed the app from

UEM

) and do not cause compliance violations.