drop ios/android installed app list + url handlers · detect malicious deeplink takeover · runs locally
drop ios/android installed app list + url handlers · local only
heuristic screener · vendor schema varies · not definitive proof