New Report Highlights Dangers of Sideloading
In America, at least, debates around sideloading have faded from the foreground of technology policy. The European Union’s Digital Markets Act requires operating systems to allow sideloading, which is the practice of downloading applications from third-party app stores. Stateside, similar proposals have lost their traction. However, these attempts have proven themselves to have a nasty habit of resurging time and time again, and users should remain aware of the threats they pose to cybersecurity.
A new report from Jamf Threat Labs highlights these threats. Sideloading creates opportunities for cybercriminals to distribute malicious software through websites or app stores with less exacting safety protocols than those of Apple’s App Store or Google Play.
“Attackers can modify the behavior of apps before installation, without the need to jailbreak the device,” the report states. “This means a seemingly familiar app, like Outlook or WhatsApp, could be altered to steal personal information if sideloaded improperly.”
The average user lacks the technical expertise and tools to identify malicious apps. By rooting out malicious apps, the App Store and Google Play provides users reasonable assurance that the apps appearing on their digital shelves are safe for use. This is not true of other sources of apps. “Such apps may appear legitimate but could be programmed to spy on your photos, send them to a remote server, or worse,” the report says.
One way malicious apps could gain access to users’ information is through access to users’ photos, Jamf Threat Labs argues. Users who allow apps access to all pictures, instead of a selection — and especially if those pictures include images of sensitive documents, such as an ID card — could put their privacy in grave danger.
Staying a step ahead of nefarious actors requires users to remain vigilant and tech companies to continue innovating defensive security features. However, if policymakers insist on enacting regulation that weakens cybersecurity safeguards, it would be a tremendous gift to cybercriminals.
Published on October 22, 2024