Ctrlk
HomePremium ProductsCustomer Portal
For the complete documentation index, see llms.txt. This page is also available as Markdown.
ChatGPT

Sideloading

The Talsec SDK evaluates an application's source to verify whether it was delivered through a trusted, official channel or sideloaded. Because Android and iOS handle app distribution fundamentally differently, the SDK utilizes platform-specific detection mechanisms.

What is Sideloading

In the context of Talsec threat evaluation, sideloading refers to any application installation that bypasses a trusted, official store.

  • Android: Encompasses APKs launched manually via file managers, browsers, or chat applications; installations pushed via ADB commands (adb install); emulator drag-and-drop; and third-party unofficial repositories.

  • iOS: Encompasses applications installed via Xcode, AltStore, Enterprise MDM distribution, or any external tool that modifies the binary or its provisioning profile outside of the official Apple ecosystem.

The Trusted Baseline: Google Play, Huawei AppGallery, Apple App Store, TestFlight

Talsec natively recognizes Google Play and Huawei AppGallery as the default trusted sources for Android (with support for custom configurations), while the Apple App Store and TestFlight serve as the strict, non-configurable trusted baseline for iOS.

Application Distribution Domains

The Talsec SDK encounters four distinct categories when evaluating installation sources, each with different trust implications.

System Apps

Apps bundled with the Android OS image itself and installed by the OS vendor. They are present before first boot, cannot be uninstalled without root access, and typically report no installer.

System apps are inherently trustworthy as part of the device's security baseline.

OEM Preloaded Apps

Applications bundled by the device manufacturer on top of the base OS—the OEM's extras (sometimes referred to as "bloatware")—are similar to system apps. They arrive out of the box and typically have no installer attribution. The distinction matters because a single OEM preload can serve multiple roles: the Samsung Galaxy Store and Xiaomi GetApps are both OEM preloads and official stores simultaneously.

  • Preinstalled stores (e.g., Samsung Galaxy Store, Xiaomi GetApps) can act as installers. When such a store is in your trusted sources, Talsec SDK treats apps it delivered as officially distributed.

  • Other OEM preloads are ordinary preinstalled apps. They are not installers and play no role in installation source evaluation.

Store-Distributed Apps

These are applications delivered through a dedicated store client running on the device. The store client is the initiating package, and the Talsec SDK identifies it as the installer.

This domain is evaluated from two distinct perspectives:

  • RASP: Validates the store origin of your own protected app.

  • Malware Detection: Evaluates the store origin of every other app residing on the user's device.

The core classification logic is identical; only the subject differs. In both modules, whether an application is considered officially delivered or triggers a detection is entirely dictated by your trusted source configuration.

Sideloaded Apps

These are applications installed outside the official store flow. In these cases, the OS attributes the installation to the installer package — the app that performed the install, typically a browser, messenger, file manager, or migration tool (e.g., Chrome, Telegram, Smart Switch).

By default, Talsec flags these as unofficial. If you add a sideload installer to your trusted sources, the SDK will accept every app installed through that channel.

PreviousVideo InjectionNextInstallation Sources Cookbook

Last updated

Was this helpful?