The Draw and Dangers of 3rd Party App Stores

Smartphones and tablets have become commonplace in today’s home and work life.  Mobile applications for these devices have taken off right alongside them.  You can find an app for just about any purpose these days.  You also have multiple sources to download apps aside from the “official” app stores.  However, caution should be taken on any platform.  For Android in particular, you have several different app stores you can use as alternate sources for mobile applications.  Why would you want to stray from the official app store, and are there any risks to downloading apps from these alternate sources?

The main draw for alternate app stores is the daily or weekly deals.  Often you can get premium apps for free or at a large discount.  Nearly everyone is trying to save money, so downloading an app that normally costs $5 for free can catch the eye of many people.  Some apps that normally range in the $10-$15 range are discounted to just a couple bucks, or there are bundle deals to get several apps all at a discounted price.  There are even occasional contests for prizes including phones, tablets, credits to the store, etc.

The other draw is the indie applications, specifically games, that may not be approved or quite ready for Google Play.  Most of these games are in a beta state, but still allow consumers to download them and play, provide feedback, and just feel like part of the development process.  There might also be cracked versions of certain applications that normally require a fee or unlock code.

One last reason someone might want to use a 3rd party app store, is regional access.  There are app stores that cater to specific countries or regions.  These often carry localized apps or apps that have been modified for that region.

While free is always good, you have to be cautious when downloading anything from ANY app store, even Google Play.  To download and install an app from one of the alternate app stores, you have to allow your phone to install software from “unknown sources.”  This is a setting under the Security menu in Android settings, one that everyone has access to.  If it sounds scary, it certainly can be if you don’t know what you’re doing.  Basically, you’re opening your phone up to applications from unapproved and untested sources.  When you consider that, in almost all cases, the malware that is created and circulated for Android is only spread by apps uploaded to 3rd party alternate app stores; you take a huge risk downloading anything from these sources.

Examples of a 3rd Party App Store includes, but are not limited to: Amazon Appstore, GetJar, F-Droid, or Slide ME.  While some of these are more controlled, perform quality checks, and scan for malicious content, there will always be a greater risk from these sources.

So what can you do to make sure the apps you are installing are safe, regardless of where you are shopping for them?  Here are a few simple tips to keep in mind when looking for new mobile apps:

Avoid Unknown Sources

The best line of defense is to not open yourself up to attack to begin with.  Installing apps from other sources (also known as sideloading) puts you directly in the line of fire for malware.  Making sure you only download and install apps from the Google Play dramatically decreases the chance of infection.  While nothing is 100%, you are far less likely to get infected from an app on the official app store.

Check Ratings and Reviews

Each application is accompanied with a rating and (hopefully) hundreds of reviews.  Often you can find out plenty of information about an application by reading the reviews.  Does it have any major bugs, is it not compatible with certain phones, does it have too many ads, and has anybody found it to contain malicious code?  This is important for not only the initial installation of the app, but for any updates to applications as well.  Checking the reviews before installing any updates may prevent installing a broken or malicious version.

Pay Attention to Permissions

When you first install an app or install an update that changes the required permissions, you get a window asking you to confirm you understand the permissions required for this app and allow access.  If the permissions look like it’s trying to get access it shouldn’t have, you can deny the installation.  For example, a simple puzzle game that wants access to your microphone, camera, contacts, and SMS data is probably not just “a simple puzzle game.”  Newer versions of Android allow you to deny specific permissions instead of the all-or-nothing approach, but generally it’s a good idea just to not install these types of applications.

Use Common Sense

If you’ve looked over all the above and it just doesn’t seem right, chances are, it isn’t.  Even if you don’t follow the above suggestions, apps you should avoid can be easy to avoid.  Little to no information provided on the app, large number of typos or in a different language altogether, no reviews, and no other apps by the same author.  These are usually telltale signs that the app shouldn’t be trusted.

Install a Security App

Lastly, if you want a little extra protection just in case you have a brief lapse in judgement, you can always download one of the many security applications available for Android.  These work just like the antivirus/antimalware on your desktop and often scan each new app as you are downloading and installing it.  Some of the top security apps available include: Avast! Mobile Security, 360 Security, and Avira Antivirus Security.  Of course, this doesn’t give you free reign to install whatever you want.  You should still use caution and common sense when installing any app.  No one method is 100%, and no one security app will catch everything.