How to block and delete sideloaded apps on iOS and Android

How to prevent sideloading on Android devices

Users and organizations can take several steps to prevent sideloading on Android devices. In fact, protection against Android sideloading begins with developers. During development, one of the best ways to ensure that an app only runs in the intended app marketplaces is with the Google Play Integrity API. This API can help restrict an app so that it's only available through the Google Play Store.

While many third-party apps are harmless, some request sensitive permissions, contain malware or present other threats.

Although sideloading is usually a concern for IT management, security-minded users might also want to avoid unintentional interactions with third-party apps. With the wrong settings, it's possible to download a malicious app accidentally.

To avoid this scenario, users should make sure they're running the latest version of the Android OS and have the correct settings to block sideloading, which is the default on most Android devices. Changing settings can vary depending on the device manufacturer and Android version. On the most recent version, users can return to the default settings for sideloaded apps through the following process:

1. Open Settings.
2. Click Apps.
3. Click Special App Access.
4. Open Install Unknown Apps, then make sure Allow from this source is deselected for each of the listed apps.

Organizations can use their enterprise mobility management (EMM) platform to prevent sideloading on fully managed devices. Administrators can easily disable installation from unknown sources through standard restrictions.

There are a few options for organizations that support BYOD deployments. Most EMM platforms have work profile features. For devices with work profiles set up, IT can prevent installation on the work profile itself with the Disallow_Install_Unknown_Sources restriction. Naturally, this still allows users to sideload apps on their personal profile, but corporate apps and data remain secure.

It can still be risky to have sideloaded apps on the device, even if the work profile keeps enterprise data encrypted. Thankfully, Google added a device-wide restriction for Android 8.0 and later with the Google Play app through a managed configuration. More recently, the vendor introduced new sideloading restrictions in Android 15.

How to prevent sideloading on iPhones

By default, iOS has always restricted sideloading. A user would have to jailbreak their device or find other complex workarounds to download a third-party app onto an iPhone.

For users in the EU, that changed with the release of iOS 17.4 in March 2024. As of that release, users can install apps from third-party app stores and sideload apps directly onto their devices in the EU. This change was made in response to the passing of the Digital Markets Act, which aims to improve competition and fairness in the tech sector.

Outside of the EU, sideloading still requires users to break down software restrictions. As with Android, to avoid unintentional security circumvention, users should make sure their device's OS is up to date.

Organizations can also use EMM and MDM to help restrict app sideloading in iOS. Apple has numerous settings to prevent sideloading that admins can enable through their management platform. The primary setting for this is "Allow app installation from an alternative marketplace."

How to delete sideloaded apps

For Android and iOS users, uninstalling and deleting a sideloaded app is no different from deleting any other app. This usually means finding the icon of the application they want to delete on the home screen, pressing it until a prompt appears and selecting the option to remove it.

Work profile features are also important for organizations to handle sideloaded apps after installation. If a sideloaded app was installed in a managed work profile, mobile management platforms provide options to uninstall it. IT won't have the same visibility or control of the personal profile in this scenario, but the work profile should still be separate and secure enough to guard corporate data.

There are fewer options when IT hasn't implemented work profiles for end-user devices. Instead, admins must ensure these endpoints have device-wide security protections to stop sideloading in the first place.

Limited management control? Detection is still an option

If an organization supports BYOD smartphones and can't require MDM enrollment, IT can still keep an eye on what apps users are downloading with mobile security tools. Many mobile threat defense (MTD) vendors offer detection services. These tools can alert IT through a dashboard when a device downloads -- or attempts to download -- a sideloaded app.

While MTD tools can inform IT about the installation of third-party apps, they cannot stop it. Organizations still need to have an EMM or MDM in place. The only other means of prevention are end-user security training and a clear mobile device policy that bans sideloaded apps.

Editor's note: This article was originally published in 2019 and was updated in 2025 to improve the reader experience.

Sean Michael Kerner is an IT consultant, technology enthusiast and tinkerer. He has pulled Token Ring, configured NetWare and been known to compile his own Linux kernel. He consults with industry and media organizations on technology issues.

Kyle Johnson is technology editor for Informa TechTarget's SearchSecurity site.