Detecting malware on 

Android

 devices

CylancePROTECT

 enables the 

UEM Client

 and 

BlackBerry Dynamics

 apps to detect malware on 

Android

 devices and to enforce a compliance action until the malware is removed. For example, 

UEM

 can prevent all 

BlackBerry Dynamics

 apps on the device from running until the malicious app is removed from the user’s device.

The 

UEM Client

 and 

BlackBerry Dynamics

 apps include the 

BlackBerry Dynamics SDK

 and the 

CylancePROTECT

 library. These apps use these technologies to scan the work and personal apps on a user’s 

Android

 device and upload the app files to the CylanceINFINITY cloud service. Whether the scan is initiated by the 

UEM Client

 or a specific 

BlackBerry Dynamics

 app depends on the device activation type and authentication delegate configured in the 

BlackBerry Dynamics

 profile. 

CylanceINFINITY

 uses AI and machine learning to analyze the app package and produce a confidence score that it returns to the 

UEM Client

 or the 

BlackBerry Dynamics

 app. The confidence score indicates whether the app is safe or potentially malicious.

If the device has one or more malicious apps and "Malicious app package detected" is enabled in the compliance profile, 

UEM

 considers the device to be out of compliance, and the 

UEM Client

 or 

BlackBerry Dynamics

 app take the management action that is configured in the user’s compliance profile.

An app is uploaded to 

CylanceINFINITY

 if it has a hash that 

CylanceINFINITY

 has not processed previously. Whenever an app has a new hash (for example, for a new version) the app is uploaded to 

CylanceINFINITY

 for analysis and scoring (if it has not already been uploaded from another device).

This feature applies to the 

Android Enterprise

, 

Samsung Knox

, MDM controls, and User privacy activation types.