Zimperium, Inc. a global leader in mobile device and app security has warned device users against sideloading apps onto their Android and iOS devices.
Cyber threat analyst at Zimperium Juan Francisco Bertona said, “Sideloaded Apps are 80% more likely to have malware running on their devices compared to those who do not.
“In fact, sideloading is a great contributor to malware risk; in 38.5% of cases where malware was detected, the source can be traced back to a sideloaded application,”
“Our research indicates that 18.3% of mobile users globally engage in sideloading. In some regions, such as the Asia Pacific, the impact is as high as 43%.” said Bertona
Sideloading refers to installing an application onto a device from a source outside of the manufacturer’s official app stores, granting users greater control and flexibility.
The app installation method is often used by users who want to access apps that are unavailable in their region, aren’t approved by the official app stores, perform illegal activities, such as bypassing DRM, or gain access to advanced features that might otherwise be restricted.
Developers also benefit from this practice. It facilitates faster development cycles by allowing them to distribute pre-release versions directly to testers, bypassing the official app store’s approval process. This enables quicker feedback loops and iterative development before a public release.
Developers can gather feedback on their apps from a targeted group of testers before submitting them to the official store. Additionally, sideloading allows a device owner to install an application when internet connectivity is not available.
For years, Android has supported freedom of choice, allowing the device owner to override the default installation process. To enable this option, device owners just needed to follow a few simple steps.
Distribution and installation of Android applications is done using an APK (Android Package Kit) file. APKs are executable files that contain everything necessary to install and run an application on an Android device.
The files can be obtained from the official app store or from sources commonly known as 3rd party sources. Examples of 3rd party app sources include:
● 3rd Party app downloader apps
● Internet hosted sites
● File Sharing services
● Enterprise application stores
Once an application has been downloaded, the device owner can either install it directly (direct sideloading) or have another application do the installation.
The second method involves using a third-party app that requests the REQUEST_INSTALL_PACKAGE permission. The most common apps in this category are browsers, file managers and non-official third party-app stores. An example of this process is shown in the following figure.
The most common apps in this category are browsers, file managers and non-official third party-app stores. An example of this process is shown in the following figure.
In order to comply with the European Union regulations, starting March 2024, Apple has had to allow third-party app stores for the EU.
Despite having a set of safeguards on how these app stores are set up, the applications offered will not have the same level of scrutiny as those obtained from the official app store. This reduces user friction and opens the door to similar risks Android users are exposed to when sideloading.
Some examples of recently released third-party App Stores are:
● AltStore
● Aptoide
● Setapp
An additional but limited “sideloading” method is the installation and authorisation of an application with its associated Developer Certificate. This method is more common during application development and testing and is also used during a limited beta release cycle of known and trusted devices.
Prior to Apple officially supporting the use of third-party app stores, device owners used unofficial and very risky methods, such as jailbreaking the device or installing risky configuration profiles to bypass the Apple notarization process.
Looking into our global threat intelligence data, Telegram is the largest third-party source for “sideloading” iOS applications. Several channels distribute fake, modified, or cracked apps. The most popular unofficial third-party app store on iOS is AppValley.
