> For the complete documentation index, see [llms.txt](https://docs.talsec.app/appsec-articles/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.talsec.app/appsec-articles/glossary/sideloading.md). # Sideloading The Talsec SDK evaluates an application's source to verify whether it was delivered through a trusted, official channel or sideloaded. Because Android and iOS handle app distribution fundamentally differently, the SDK utilizes platform-specific detection mechanisms. *** ## What is Sideloading In the context of Talsec threat evaluation, sideloading refers to any application installation that bypasses a trusted, official store. * **Android**: Encompasses APKs launched manually via file managers, browsers, or chat applications; installations pushed via ADB commands (`adb install`); emulator drag-and-drop; and third-party unofficial repositories. * **iOS**: Encompasses applications installed via Xcode, AltStore, Enterprise MDM distribution, or any external tool that modifies the binary or its provisioning profile outside of the official Apple ecosystem. {% hint style="info" %} **The Trusted Baseline: Google Play, Huawei AppGallery, Apple App Store, TestFlight** Talsec natively recognizes **Google Play** and **Huawei AppGallery** as the default trusted sources for Android (with support for custom configurations), while the **Apple App Store** and **TestFlight** serve as the strict, non-configurable trusted baseline for iOS. {% endhint %} *** ## Application Distribution Domains The Talsec SDK encounters four distinct categories when evaluating installation sources, each with different trust implications. ### System Apps Apps bundled with the Android OS image itself and installed by the OS vendor. They are present before first boot, cannot be uninstalled without root access, and typically report no installer. {% hint style="info" %} System apps are inherently trustworthy as part of the device's security baseline. {% endhint %} ### OEM Preloaded Apps Applications bundled by the device manufacturer on top of the base OS—the OEM's extras (sometimes referred to as "bloatware")—are similar to system apps. They arrive out of the box and typically have no installer attribution. The distinction matters because a single OEM preload can serve multiple roles: the Samsung Galaxy Store and Xiaomi GetApps are both OEM preloads and official stores simultaneously. {% hint style="info" %} * **Preinstalled stores** (e.g., Samsung Galaxy Store, Xiaomi GetApps) can act as installers. When such a store is in your trusted sources, Talsec SDK treats apps it delivered as officially distributed. * **Other OEM preloads** are ordinary preinstalled apps. They are not installers and play no role in installation source evaluation. {% endhint %} ### Store-Distributed Apps These are applications delivered through a dedicated store client running on the device. The store client is the initiating package, and the Talsec SDK identifies it as the installer. This domain is evaluated from two distinct perspectives: * **RASP:** Validates the store origin of your own protected app. * **Malware Detection:** Evaluates the store origin of every other app residing on the user's device. The core classification logic is identical; only the subject differs. In both modules, whether an application is considered officially delivered or triggers a detection is entirely dictated by your trusted source configuration. ### Sideloaded Apps These are applications installed outside the official store flow. In these cases, the OS attributes the installation to the installer package — the app that performed the install, typically a browser, messenger, file manager, or migration tool (e.g., Chrome, Telegram, Smart Switch). {% hint style="info" %} By default, Talsec flags these as unofficial. If you add a sideload installer to your trusted sources, the SDK will accept every app installed through that channel. {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.talsec.app/appsec-articles/glossary/sideloading.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.