Post preview
Request a Personalized DerScanner Demo

Why Android Users Should Not Install Apps from Unreliable Sources

Paid mobile apps often offer more functionalities than free ones. Moreover, some apps are only available as paid versions, which is why many Android users look for pirate copies on the Internet and install them on their devices. Daniil Chernov, Chief Technical Officer at DerSecur LTD, recently talked about vulnerabilities associated with installing apps from unreliable sources and why users not planning to download pirate software are at risk as well.

He notes that cybercriminals are the main distributors of free software copies: "For a mass user, this is an attractive option in which hackers wrap malware, including ransomware code that encrypts all data on a device or blocks access to files and demands a ransom for restoring. Other common threats are Trojans and keyloggers that inconspicuously transfer user data, including logins and passwords, to a third-party server, remote access software, etc."

The most typical distribution scenario is as follows: a user finds out that the desired software is available from the official app store for a fee and thus deliberately looks for a free copy on the Internet. In this case, users take risks consciously. Cybercriminals intentionally monitor popular search queries related to pirate software in order to inject a malicious code into on-demand apps.

A less common scenario for downloading software with malicious bonuses is conversely related to an unconscious installation of insecure software. Instead of choosing Google Play Store, users opt for another official store offering Android apps which does not scrutinize apps for security or checks them insufficiently. In this case, it is recommended to study information available on the net, choose an app store which uses high quality security check algorithms, and only then install the software.

The third most typical scenario is that an app is unavailable on Google Play Store and is offered for downloading directly from an official website. Many official service providers offer apps for downloading from their websites but may include infected software. You need to figure out whether this is a trusted company and this is indeed its official website. Pay attention to which files and features the app needs to access. Obviously, a food delivery app does not need access to your device's camera and microphone. If an app refuses to run without these access rights and does not specify why it requires them, you should uninstall it.


Request a Personalized DerScanner Demo
Building a secure development process for a retailer. Part 4 Summary of a major project
Interview at GISEC 2023
SDLC, or How to Make Development More Secure?