If you have an Android phone, you may have, at some point, installed an app from an unknown, third-party source outside the Google Play Store. Although this privilege isn’t available to iPhone users, it has a major caveat that most of us ignore. When you’re installing from unknown sources, you’re skipping all the security checks that Google puts on apps before they are uploaded and distributed to over two billion people using the Android operating system.
Downloading and installing apps from unknown sources on your Android phone risks almost all your data, including personal information such as email IDs, passwords, banking information, and whatnot. Now, you must be wondering how an app designed to edit a picture or edit a PDF can put your privacy at risk, but that could be true for some, if not all, the apps you install from unknown sources. The app could be created by bad actors, designed to fool you into believing it’s legitimate when it is actually doing something else.
More often than not, such apps are unavailable on the Play Store, and there could be two reasons for it: Either they were published and removed later after someone reported them, or they did not make it to the store in the first place. Once installed, these apps could gain access to your system resources and execute commands without your consent, which is something that you would never want.
Apps from unknown sources can be dangerous
Every day, developers push more than 3,700 apps on the Google Play Store, which already has over 3.4 million apps. However, this does not mean you can find all the apps on the Play Store. For instance, Google kicked out AnTuTu, one of the most popular Android benchmarking apps, from the Play Store in 2020. However, the benchmarking app is still available to download from its website, which still counts as an unknown source for Android phones as every other app that is not installed via the Play Store does.
While AnTuTu is one example, there are other apps that aren’t available on the Play Store, and users end up downloading them from third-party sources. Since they are coming straight from the developer to your smartphone, they could contain such things as unnecessary bloatware, ransomware, data-stealing spyware, key loggers, and other harmful types of malware (via Kaspersky).
Malicious apps use sophisticated techniques to hide and access your device’s RAM, storage, Bluetooth, cellular and Wi-Fi data transmitters, etc. Once bad actors have access to these resources, they can use your Android phone as they like. After an infected app lands on your Android phone, it can quickly deploy a load of malware, and you might not even be aware. Such apps are often referred to as potentially harmful applications, or PHAs, and could be used to initiate device-based cyber attacks (via Bayton).
How can you keep malicious apps away from your Android device?
In 2021, a third-party app store called APKPure caught malware and started infecting users’ devices by dropping Trojan viruses with apps. Similarly, when “Cyberpunk 2077” came out for gaming consoles and Windows devices, bad actors came up with an innovative idea of floating an infected mobile version of the game through a website. There have also been cases where users ended up downloading adult content apps by clicking on ad banners and inviting malware to their Android smartphones (via Kaspersky). In all the mentioned instances, bad actors have used different mediums to infect Android devices, which are categorized as unknown sources.
By default, Android does not allow you to install such apps and warns you that the file could harm your device. While that would be the first line of defense between a harmful app and your smartphone, many users bypass it by installing the app anyway, which is not wise. If you don’t want to risk your device and every piece of information on it, simply do not download apps from unknown sources. For reinforcements, install an anti-virus app from the Google Play Store, such as Norton or Avast. Last but not least, avoid clicking on random links and banner ads that you see on the internet. If you are trying to download something and the website starts pushing random APKs your way, delete those files and block the website for good.
What measures does Google Play Store have in place?
We have already talked about how Google reviews an app once it is turned in. During the review, if Google determines that an app could harm users, it rejects the app. Further, the Play Store now asks developers to share an elaborate list of permissions their apps demand from the user. You can review the list of permissions before downloading apps as well — Head over to the Play Store, search for the app, click to open its page, and scroll down to view the “Data safety” section. Further, you can send unknown apps to Google by enabling the “Improve harmful app detection.”
Google Play Protect is enabled by default. On the official support page, Google mentions that it runs a safety check on apps before you install them via Google Play Protect. Further, Play Protect checks your device for harmful apps and can deactivate or remove them upon detection. Google also informs users about apps that violate its Unwanted Software Policy and sends privacy alerts. To check whether Play Protect is enabled on your device, open the Play Store app, tap the profile icon on the top right, tap “Play Protect,” and open “Settings.” Then, check whether the “Scan apps with Play Protect” is on or off (via Google). To sum it all up, installing apps from the Play Store is always better than installing them from third-party sources.