Sideloading Detection Implemented

Sideloading Detection Implemented

Risk: secure

Description

The application verified its installation source and detected that it had been sideloaded from an unofficial channel rather than the store it was published through, responding by terminating or displaying a security warning.

This indicates the app performs installer-source verification, raising the bar against repackaged builds distributed through third-party stores or direct APK installs that strip out security controls or inject malicious code.

Recommendation

The implementation is secure, no recommendation applies.

Links

• OWASP MASVS - MASVS-RESILIENCE-2
• Android Developers - Play Integrity API overview

Standards

• OWASP_MASVS_RESILIENCE:
  • MSTG_RESILIENCE_3
• OWASP_MASVS_v2_1:
  • MASVS_RESILIENCE_2
• PCI_STANDARDS:
  • REQ_6_2
  • REQ_6_3
• SOC2_CONTROLS:
  • CC_7_1
  • CC_7_2
• HIPAA_CONTROLS:
  • SECURITY212
  • SECURITY213
• OWASP_MOBILE_TOP_10:
  • M7_2024