Prerequisites to support sideload detection on Android devices
Android
devices- Install theUEM Clientand/orBlackBerry Dynamicsapps on users’ devices (see the software requirements). Whether sideload detection is initiated by theUEM Clientor a specificBlackBerry Dynamicsapp depends on the device activation type and the authentication delegate configured in theBlackBerry Dynamicsprofile.
- The following settings are recommended based on device activation types:Activation typeRecommended settingsAndroid EnterpriseIn theBlackBerry Dynamicsprofile that is assigned to users:
- Enable "EnableUEM Clientto enroll inBlackBerry Dynamics." This setting is enabled by default in newBlackBerry Dynamicsprofiles that you create.
- Enable “Do not require password” forAndroiddevices. This allows theUEM Clientto run activities in the background without prompting the user for aBlackBerry Dynamicspassword.
- Configure theUEM Clientas the authentication delegate. If a sideloaded app is detected and the configured compliance action is to preventBlackBerry Dynamicsapps from running, theUEM Clientcan block allBlackBerry Dynamicsapps until compliance is restored.
Note that for this activation type, sideload detection is always performed by theUEM Client.Samsung KnoxIn theBlackBerry Dynamicsprofile that is assigned to users, configure aBlackBerry Dynamicsapp that runs in the work space as the authentication delegate. This enables oneBlackBerry Dynamicsapp to manage authentication, sideload detection, and compliance enforcement on behalf of allBlackBerry Dynamicsapps.MDM controlsIn theBlackBerry Dynamicsprofile that is assigned to users:- Enable "EnableUEM Clientto enroll inBlackBerry Dynamics." This setting is enabled by default in newBlackBerry Dynamicsprofiles that you create.
- In theBlackBerry Dynamicsprofile that is assigned to users, configure theUEM Clientas the authentication delegate. This enables theUEM Clientto manage sideload detection and compliance enforcement on behalf of allBlackBerry Dynamicsapps. This configuration is not required if noBlackBerry Dynamicsapps (aside from theUEM Client) are installed on a device.
Note that with this activation type, device-level compliance actions (for example, Untrust) are not applicable. Compliance actions forBlackBerry Dynamicsapps are applicable.User privacyIn theBlackBerry Dynamicsprofile that is assigned to users:- Enable "EnableUEM Clientto enroll inBlackBerry Dynamics." This setting is enabled by default in newBlackBerry Dynamicsprofiles that you create.
- Verify that “Do not require password” forAndroiddevices is not enabled, for security purposes. Notify users that they will have to specify aBlackBerry Dynamicspassword when prompted.
- Configure theUEM Clientor a specificBlackBerry Dynamicsapp as the authentication delegate. TheUEM Clientis recommended because it can run in the background. The authentication delegate can authenticate anyBlackBerry Dynamicsapp on the device and will manage sideload detection on behalf of allBlackBerry Dynamicsapps. If a sideloaded app is detected and the configured compliance action is to preventBlackBerry Dynamicsapps from running, the authentication delegate can block allBlackBerry Dynamicsapps until compliance is restored.
- If you do not configure an authentication delegate, malware scanning will be performed by theUEM Clientand eachBlackBerry Dynamicsapp, which can consume device resources.
Device registration forBlackBerry 2FAonlySideload detection is not applicable to this activation type.