Sideloading is an important capability in the enterprise for installing enterprise-developed apps. Many enterprise apps are not uploaded to the official Google Play store, as they are proprietary apps with important functions for enterprise users. To install enterprise apps on Android, enterprise users have to enable “Unknown sources” under Security tab of Setting app. On iOS, devices have to be jailbroken. This capability, however, can be abused, and often is by attackers to install malicious apps on enterprise mobile phones and invade enterprise systems.
Allowing sideloaded apps also enables enterprise users to download apps from other untrusted sources and unregulated market places. The former includes websites related to gambling, gaming, and adult content, which can be completely controlled by attackers to deliver malicious apps.
Unregulated third-party app markets also lack the security measures present in the official iTunes and Google Play app stores, such as app vetting by Google bouncer as well as manual reviews from Apple. Unlike the official app stores, many malware apps are present in these unregulated market places.
Sideloaded apps from untrusted sources and unregulated app markets represent a substantial risk to enterprises. Potential risks include PII leakage, private data leakage that could result in spear phishing attacks, ransomware, and exfiltration of sensitive corporate data from the device. In some cases, such apps exploit operating system vulnerabilities, root the devices, obtain superuser privileges and escalate attacks, adding further risk to the enterprise.
Therefore, it is important for enterprises to have visibility into sideloaded apps from non-sanctioned sites on their enterprise-managed devices. With better visibility, enterprises can manage sideloaded apps as potentially unwanted apps and remediate them appropriately by alerting employees and/or uninstalling the apps. Without visibility the risks sideloaded apps bring, an enterprise has a sizeable blind spot in its mobile threat landscape.