Unknown Sources Detection
| Plan | Platforms | MASVS |
|---|---|---|
| Team | Android, iOS | MASVS-RESILIENCE-2 |
Overview
Unknown Sources Detection identifies when the app appears to have been installed from an untrusted, unexpected, or unauthorized distribution channel. Apps installed outside official stores or approved enterprise channels are more likely to be repackaged, tampered with, or distributed as part of phishing and malware campaigns.
When an untrusted install source is detected, AppTego applies your configured response.
When To Use It
Use this control when:
- Your app should only run when installed from official stores or approved enterprise channels.
- Repackaging, piracy, sideloading, or unauthorized beta distribution creates risk.
- You need telemetry about unofficial install channels.
- Compliance policy requires distribution-source controls.
How It Works
The protected app evaluates platform install-source and distribution-state signals to determine whether the current app instance appears to come from an expected channel. Android and iOS expose different distribution metadata, so behavior is platform-specific.
Public documentation does not publish exact installer allowlists, receipt checks, provisioning indicators, sideloading-tool checks, or execution order.
How to Enable the Control
Navigate to Detection & Response from the AppTego portal, and expand the Device Policy Detection section. Under this section you will find the Unknown Source Detection control. Click Enable Configuration, choose the response action, and save the configuration for the next build or for it to be applied with a live push (if enabled).
API Configuration Example
{
"UnknownSourcesDetectionResponse": {
"detection": true,
"action": "alert",
"title": "Untrusted Installation Source",
"message": "This app was not installed from an approved source. Please reinstall the official version.",
"buttons": ["OK"],
"actions": ["close"],
"redirects": [""]
}
}| Field | Purpose |
|---|---|
detection | Enables or disables unknown source detection. |
action | Selects the response style, such as alert, close, log, or warn. |
title / message | User-facing text shown when a response is displayed. |
buttons / actions / redirects | Defines the available response buttons and their outcomes. |
Compatibility Notes
- TestFlight, internal app sharing, beta tracks, enterprise distribution, and MDM deployment can be legitimate. Use environment-specific configuration for those channels.
- B2B and enterprise apps may need customer-specific approved installers or distribution channels.
- Pair this control with App Tamper Detection and attestation controls to distinguish distribution-source risk from package-integrity risk.