“Sideloaded: The Dominance of APK-Based Android Threats”

Zero-day and zero-click exploits often dominate headlines, but they are not the primary method used by most threat actors.

On Android, attackers frequently rely on social engineering and malicious APK delivery as a scalable, low-risk path to compromise. In many cases, user-consented installation is more practical than deploying costly exploit chains.

In this session, you’ll learn:

• How smishing, phishing, and social engineering drive malicious installs

• Why accessibility abuse, overlays, and SMS interception enable device control

• Real-world examples of advanced actors using sideloaded payloads

• The economics behind exploit preservation and capability tiering

• Detection strategies based on behavior and capability, not signatures

About the Speaker

David Gillies, Lead Threat Researcher, iVerify

David Gillies specializes in Android malware detection and mobile threat analysis, with over 15 years of experience across law enforcement, government, and financial sectors. His work focuses on uncovering real-world attack techniques and translating them into practical detection strategies.