Unfortunately, malicious Android apps are not uncommon. But you can always take precautionary measures by paying attention to certain indicators and keep malware off your device. This article aims to discuss those indicators.
Play Store Doesn’t Have It
With Android, you have the freedom to install apps from outside Google Play thanks to sideloading. This freedom grants more choices – like being able to install your favorite apps from the Amazon App Store – but it also poses risks. Just as in case of any software, people can write malicious code and piggyback it on seemingly legitimate apps. If you download an app from a dubious source, it shouldn’t take you by surprise if it messes up your device.
Google doesn’t scrutinize application before they can make it to the Play Store, but they do perform automated testing on them to see whether or not they are malicious. If a Play Store app is at any point found to be unsafe, they will remotely remove it from your device. This is why attackers distribute their apps from outside of the Play Store.
Although Android does offer to test apps for malicious code, this isn’t the best solution. Put simply, an app’s unavailability on Play Store is enough of a warning sign. If you do sideload an app anyway, allow your Android to test it for malware as you’re prompted and leave the “Verify apps” setting checked.
Its Permissions are Weird
Some apps ask for too many permissions. For instance, if a simple torch app asks you to allow it to read your phonebook, get location, or connect to the internet, this is appallingly suspicious. The app could transfer this data to an advertising company. If an app asks you for permission to send a text message and isn’t a messaging app, it may send text messages to a premium rate number and put charges on your phone bill.
Permissions are quite a serious thing in Android ecosystem, as there’s no quick fix to apps asking for too many requests unless you root your device.
Be extra cautious with permission when installing apps on your Android. If an app requires too many permissions, which it shouldn’t, this is a warning sign. Apps can request for permissions when they have an update, but you can choose (or not) to agree to the update.
Installs, Reputation and Reviews
Before you let an app into your device, it’s important to take into consideration its reputation and evaluate it. If an app has only a couple tens of installs and negative reviews, it’s certainly not worth your data and may be potentially unsafe.
At the same time, if an app has been installed a couple hundred thousand times and with positive, say four-five reviews at that, the app is more than trustworthy.
A reputation check or two on the developer are also of importance. An app developed by Google, your bank, or university is by far safer than an app by some John Smith.
The permission system again plays the role. For example, if you want to install an app and it doesn’t ask for any permissions, it should be perfectly trustworthy and safe and sound to use.
As with any piece of software, there’s no guaranteed litmus test to know whether an app is malicious. Your best bet is to stick with Google Play, pay close attention to the number of installs, permissions, and the developer.