Skip Navigation

Detecting sideloaded apps on devices

Sideloaded apps represent a potential security threat because they don’t follow the same restrictions or protections as apps distributed through official app stores or deployed internally from
UEM
. The
UEM
server, the
UEM Client
, and
BlackBerry Dynamics
apps can detect the presence of sideloaded apps on users’
iOS
and
Android
devices.
Platform
Description
iOS
  • The
    UEM
    server can detect sideloaded apps on devices with the MDM controls activation type. When you use the management console to view details about the apps installed on the user’s device, a Source column indicates whether the app was installed from the
    App Store
    , TestFlight (for beta apps), or
    UEM
    , or if the app was sideloaded.
  • The
    UEM Client
    and
    BlackBerry Work
    can detect sideloaded apps on devices with any activation type.
  • For devices with
    iOS
    17.5 or later and the “User privacy” activation type, sideload detection is not supported.
Android
  • The
    UEM Client
    and
    BlackBerry Dynamics
    apps can detect sideloaded apps on devices with any of the following activation types:
    • Android Enterprise
    • Android Management
    • Samsung Knox
    • MDM controls
    • User privacy
  • The
    UEM Client
    and
    BlackBerry Dynamics
    apps can detect whether apps have been installed from trusted sources, including the
    UEM Client
    ,
    Google Play
    , the
    Amazon Appstore
    , and the
    Samsung Galaxy
    Store (among other trusted sources). If an app was installed from a source that is not trusted, it is considered a sideloaded app.
When a sideloaded app is detected,
UEM
considers the device to be out of compliance. You can configure and assign a compliance profile to users so that
UEM
can take an appropriate management action when a sideloaded app is detected. For example, you can prevent
BlackBerry Dynamics
apps from running on the device until the sideloaded app is removed and the device returns to compliance.
Apps that you upload to the management console and add to the app list are approved automatically (regardless of whether you have deployed the app from
UEM
) and do not cause compliance violations.