Podcast Summary: Hacking Humans – “Sideloading (noun) [Word Notes]”
Podcast: Hacking Humans
Host: N2K Networks
Episode Title: Sideloading (noun) [Word Notes]
Date: December 23, 2025
Theme: Deception, influence, and social engineering in the world of cyber crime.
Episode Overview
This episode focuses on the term “sideloading,” exploring its technical definition, practical application, security implications, and its connection to classic social engineering tactics. The host illustrates how sideloading—installing software from outside official distribution channels—can become a major vector for cyber crime via deception and Trojan horse attacks.
Key Discussion Points & Insights
1. Definition and Everyday Context of Sideloading
- Definition:
- Sideloading is the process of installing applications on a device without the use of official software distribution channels.
- “The word is sideloading. Spelled side as in not from normal channels, and loading as in installing a program.” [01:23]
- Example of Usage:
- “The user enabled sideloading to install a third party app on their Android phone.” [01:39]
2. Official vs. Unofficial App Distribution
- Most software vendors (Google, Apple, Microsoft) provide apps through secure, vetted channels like app stores or portals.
- Vendors vet these apps for security and stability, but sometimes even vetted stores distribute malicious apps by mistake.
- “As a rule, it's generally much safer installing apps from the approved app store than it is installing unvetted apps from third party websites or from Kevin, who lives down the block.” [02:00]
3. Legitimate Uses of Sideloading and Security Risks
- Some devices (e.g., Android) allow users to sideload apps with appropriate warnings.
- iPhones require jailbreaking to sideload, bypassing Apple's strict controls.
- “Android phones, for example, give users the option to download third party software from outside of the Google Play Store, although they warn that there are security risks associated with this.” [02:21]
- “Jailbreaking can be thought of as the process of installing a modified set of kernel patches that allow you to run unsigned code.” [02:38]
4. Sideloading as a Vector for Cyber Attacks
- Hackers abuse sideloading to sneak malicious code into legitimate-looking apps (Trojan horses).
- Attackers gain a foothold, allowing further malware installation and device control.
- Notable Expert Insight:
- Matthew Grayson McMinn, Head of Threat Research, Netassia:
“Clever criminals try to bundle malware with something useful, such as a free PDF to Word Document Converter. The user installs the useful tool, blissfully unaware of the malware running in the background. This background malware creates a backdoor which gives the attacker access to and control of the device.” [02:48]
- Matthew Grayson McMinn, Head of Threat Research, Netassia:
5. Real-World Case Study: Phishing Through Sideloading
- 2021 campaign observed by Mimecast researchers:
- Attackers exploited Windows App Installer through phishing emails and fake PDF links.
- Users prompted to download a “necessary” app, which was, in fact, a trojan.
- “The attacker sent phishing emails containing a phony link to a PDF file. When the user clicked the link, they'd be taken to a webpage that told them they need to install an app in order to view the file. This would bring up a legitimate Windows installation box that asked the user to approve the download, which contained the Trojan.” [03:24]
6. Nerd Reference: The Trojan Horse Parallel
- The podcast draws a historical analogy between sideloading malware and the legendary Trojan horse:
- “So when you hear that sideloading is a kind of a Trojan horse. Now you know what we're talking about.” [04:13]
- Brief summary of the original myth, emphasizing deception and infiltration:
- "The Greeks... built a giant and magnificent wooden horse as a peace offering, left it outside the gates of Troy and sailed away... That night, while the city slept... snuck out of the horse, opened the gates to let the Greek army in, and burned the city of Troy to the ground." [03:50]
Notable Quotes & Memorable Moments
- On Security Risks:
- “It's generally much safer installing apps from the approved app store than it is installing unvetted apps from third party websites or from Kevin, who lives down the block.” [02:00]
- On Android Security Warnings:
- “Android phones... give users the option... although they warn that there are security risks associated with this.” [02:21]
- Expert Commentary (Matthew Grayson McMinn):
- “Clever criminals try to bundle malware with something useful... This background malware creates a backdoor which gives the attacker access to and control of the device.” [02:48]
- On Trojan Horse Analogy:
- “So when you hear that sideloading is a kind of a Trojan horse. Now you know what we're talking about.” [04:13]
Timestamps for Important Segments
- 01:23 – Definition and practical meaning of sideloading
- 02:00 – App store vetting vs. risks from third parties
- 02:21 – Android and iOS approaches to sideloading
- 02:38 – Jailbreaking and unsigned code
- 02:48 – Expert analysis on how attackers leverage sideloading
- 03:24 – Real cyber crime campaign using sideloading techniques
- 03:50–04:13 – Trojan horse myth and its connection to sideloading malware
Language & Tone
The episode blends technical explanation with humor and accessible analogies (“from Kevin, who lives down the block;” references to pop culture and historical epics). The host maintains an engaging, lightly irreverent tone, paired with direct, practical insights into cyber security risks.
Summary
“Sideloading” is more than a technical term; it’s a window into how cyber attackers exploit trust and user habits to deploy malware and gain control of devices—often by hiding threats inside seemingly innocent software, just as the Greeks hid in the Trojan horse. The episode underscores the importance of skepticism and vigilance when installing apps, especially those from unofficial sources.