What is BlackBerry Protect Mobile?
- What do the BlackBerry cloud services do?
- Architecture: BlackBerry Protect Mobile
BlackBerry Protect Mobile use cases
Steps to set up BlackBerry Protect Mobile
- Software requirements: BlackBerry Protect Mobile
- Enable BlackBerry Protect Mobile in your UEM domain
Detecting malware when deploying Android apps from BlackBerry UEM
- Upload apps that you want to deploy using BlackBerry UEM
- Add an app or signing certificate to the approved app list
Detecting malware on Android devices
Detecting sideloaded apps on devices
Safe browsing with BlackBerry Dynamics apps
Scanning URLs in text messages
- Enable and configure text message scanning
- Configure compliance actions to take on Android devices when an unsafe text message is detected
Protecting devices from network threats
- Enable network protection
- Configure compliance actions to take when network threats are detected
Checking the integrity of BlackBerry Dynamics apps for iOS
Using security patch compliance and hardware certificate attestation for Android devices
BlackBerry Protect Mobile anonymous data collection
- Enable or disable anonymous data collection

Detecting sideloaded apps on devices

Sideloaded apps represent a potential security threat because they don’t follow the same restrictions or protections as apps distributed through official app stores or deployed internally from

UEM

. The

UEM

server, the

UEM Client

, and

BlackBerry Dynamics

apps can detect the presence of sideloaded apps on users’

iOS

and

Android

devices.

Platform	Description
iOS	The UEM server can detect sideloaded apps on devices with the MDM controls activation type. When you use the management console to view details about the apps installed on the user’s device, a Source column indicates whether the app was installed from the App Store , TestFlight (for beta apps), or UEM , or if the app was sideloaded. The UEM Client and BlackBerry Work can detect sideloaded apps on devices with any activation type. For devices with iOS 17.5 or later and the “User privacy” activation type, sideload detection is not supported.
Android	The UEM Client and BlackBerry Dynamics apps can detect sideloaded apps on devices with any of the following activation types: Android Enterprise Android Management Samsung Knox MDM controls User privacy The UEM Client and BlackBerry Dynamics apps can detect whether apps have been installed from trusted sources, including the UEM Client , Google Play , the Amazon Appstore , and the Samsung Galaxy Store (among other trusted sources). If an app was installed from a source that is not trusted, it is considered a sideloaded app.

Platform

Description

iOS

The

UEM

server can detect sideloaded apps on devices with the MDM controls activation type. When you use the management console to view details about the apps installed on the user’s device, a Source column indicates whether the app was installed from the

App Store

, TestFlight (for beta apps), or

UEM

, or if the app was sideloaded.

The

UEM Client

and

BlackBerry Work

can detect sideloaded apps on devices with any activation type.

For devices with

iOS

17.5 or later and the “User privacy” activation type, sideload detection is not supported.

Android

The

UEM Client

and

BlackBerry Dynamics

apps can detect sideloaded apps on devices with any of the following activation types:

Android Enterprise

Android Management

Samsung Knox

MDM controls

User privacy

The

UEM Client

and

BlackBerry Dynamics

apps can detect whether apps have been installed from trusted sources, including the

UEM Client

Google Play

, the

Amazon Appstore

, and the

Samsung Galaxy

Store (among other trusted sources). If an app was installed from a source that is not trusted, it is considered a sideloaded app.

When a sideloaded app is detected,

UEM

considers the device to be out of compliance. You can configure and assign a compliance profile to users so that

UEM

can take an appropriate management action when a sideloaded app is detected. For example, you can prevent

BlackBerry Dynamics

apps from running on the device until the sideloaded app is removed and the device returns to compliance.

Apps that you upload to the management console and add to the app list are approved automatically (regardless of whether you have deployed the app from

UEM

) and do not cause compliance violations.

Android sideload detection: Behavior by activation type

Prerequisites to support sideload detection on Android devices

Enable sideload detection

Add an app or signing certificate to the approved app list

Configure compliance actions to take when a sideloaded app is detected