How to ensure downloading Android apps is safe for users

John Brandon
Jul 1, 2019 · 10 min read
Image Source- sdasia.co

Rapid evolution in cybercrime has threatened our lives in millions of ways. Especially when our lives revolve around the smart device in our hand, be it a smartphone or a tablet.

During the last decade, the enormous impact that smart devices made on our lives couldn’t be ignored. More than 2.5 billion smartphones are currently used in the world. It is quite obvious that the smartphone is the closest friend in peoples’ lives, therefore, Smartphone is the most essential marketing tool to approach the targeted customers.

As a result of this never-ending hype about smartphones in the world, cyber criminals’ put their undivided focus on the smartphone as it seems like the best tool to penetrate into lives of billions of smartphone users all over the globe.

It is a fact that your device is always at the risk of a malicious malware attack or any sort of cyber attack. More than 85% of the phone market is owned by Android devices. Android OS is an open source platform, therefore, modifying it to meet needs is a quite hassle-free process and this flexible nature of Android OS has led itself to become the most favourite OS for cybercriminals.

Cybercriminals all over the world are expecting to make a new record every year by introducing a larger number of malware apps to the world. Every day they launch almost 12000 malware apps. Your Android device is at constant risk.

Even though these cyber attacks active in virtual reality, the victims have to compromise their money and information when being attacked.

Android Security Threats Due to Unsafe Apps

1. Ransomware

As the name suggests, the particular malware that infects your device demands for a ransom Google play gift card in order to regain the full functionality and full access to your information. Ransomware is a very common malware type that can attack your smartphone.

It can penetrate your smartphone via malvertising and malspam. Ransomware uses social engineering techniques to enter your smartphone.

2. Malicious apps

Due to the openness of the Android OS platform, launching malware on this platform is hassle-free for cybercriminals. Nowadays the most popular malware that could infect your device is Trojan SMS spyware.

Following are the expected outcomes when your phone is infected with malware.

1. They will collect your GPS coordinates and contact list, credit card information, and will be sent to third parties.

2. Infected phones will be automatically get subscribed to premium services.

3. Phone conversations will be automatically recorded and will be sent to the third party

Unsafe device

Sometimes, the brand new device that you haven’t unboxed yet might be already infected with malware. Yes! You heard it right. this is possible as the device manufacture presents the device with few apps for free which are already installed onto your device.

Due to the faulty configuration is another way to make your device an unsafe one.

Information Leakage

There are better-looking apps which looks trustworthy as well but your most trustworthy app may be extracting your personal data, photos, and much other confidential information under your nose.

These kinda data breaches are quite common now days even though, highly advanced technical walls are built to give the highest possible protection to your device.

In order to prevent your device from being targeted to a cyber attack, you must download your favourite apps from a secured and trustworthy source.

Google PlayStore

This is one of the most legitimate app stores that are available for Android users all over the world. It is your responsibility to take action to keep your Android device safe. And the first step to making it happen is downloading your favourite apps from a standard legitimate and trustworthy app store such as Google play store.

Google play store doesn’t allow any ingenuine apps to occupy the space in the google play store. It takes highly effective and advances security measures to keep malicious apps away from the google play store.

Google play store’s ultimate goal is to achieve the most secure and safe environment for its users.

Let’s have a look at what security measures that google play store has taken to make it cyberthreat-free app store.

Google Play store has two main must-required processes to go through for app developers who are interested in launching their app for the public.

1. Developers must sign up with the app store. This digitally signing up is a must requirement, in order to guarantee that identity of the developer of the app and to make sure it is not modified. This step is basically to check the legitimacy of the app and its developer.

2. The second requirement is the vetting process, in which Appstore checks for the violation of privacy and security made by its developers.

But unlike Apple store, vetting process on the Google platform is quite lenient and developers can issue self-signing certificates without actually being monitored by Google play store, which seems like a huge loophole in the vetting process in Google Play store.

This is one of the major drawbacks which cyberattackers used to infect millions of Android users all over the world. As this loophole allows them to launch their malicious app under the name of a well-reputed developer. Google play store’s vetting process is conducted by bots, therefore, its shallowness in the vetting process is far greater than Apple stores.

This has been the major reason behind the security breaches and more than 12000 new malicious apps per day come closer into our lives than ever.

Now it is up to the user to choose the non-malicious app on the google play store which almost feels like a gamble.

Following are the steps that have been taken by the Google Play store to ensure its ecosystem is secure and safe for its users.

It has introduced google play protect to combat vigorously against malicious apps.

Google play protects scanning tool uses machine learning technology to spot malicious apps instantly. And it boasts for its efficiency as well as its productivity which claims to scan over 50 billion apps per day. Google play protect even scan and identify apps that have been downloaded from third-party app stores.

The major protection walls that it builds, are protection layers for anti-theft, and secure browsing etc.

1. Constant scanning by Google play protect is able to spot unusual behaviour by the app, even after it is installed. It does scan on a daily basis, therefore, the chances of recognising odd behavioural patterns of the app are quite easy. Once it notices any odd patterns, that app will be disabled by the google play protect.

2. Google play protect ensures secure browsing for its users by checking the name of the site which user is about access, in Google’s list of dangerous sites. And if the name of the site is available in the list, the access is denied automatically by Google.

3 The anti-theft feature is the most important with the google play protect. This enables the feature which helps users to lock their phones and wipe out phones’ information until they get their hands on their device back.

Third Party App Stores

Google play store and Apple store are standard app stores which have a humongous collection of apps ready for use and third-party app stores are the wild west of apps.

It is the wild west for apps where you can find apps that are developed by independent developers and reputed developers as well.

Third-party app stores offer the users all around the world with third-party apps, which are mostly the hacked, modified or tweaked versions of standard apps that are available on standard app stores like Google play store and Apple store. Newly built apps by independent developers are available on this platform as well.

Third-party app stores have very lenient vetting and approval process for launching apps on these platforms, in other words, their processes that mentioned above are not up to the standards like official app stores’.

This is a huge loophole on these platforms where many cybercriminals use this as an advantage to wrap their tentacles around millions of users around the world. Therefore the huge risk is involved while downloading apps from third-party app stores.

But these app stores are becoming popular with each passing day as the world tends to focus more on the concept behind the escalation of privileges for free of cost. Third-party app stores provide its customers with all their favourite apps’ premium version for free.

Third-party app stores may not be the safest place to download apps, but it is a platform where everything is for free.

Following are the major competitors in the third party market place.

Aptoide

This tops the list of one of the best third-party app stores. It is extremely user-friendly and has a stylish and simple layout, no signing up is required, a huge collection of third-party apps, most importantly its global localisation is one of the key reasons for its popularity among the users. Aptoid is available in countries like China and Iran where standard app stores are restricted.

Tweaked versions of your favourite app, hacked games and many more for free.

ACMarket

Newbie in the third party market but it provides the best to users, unlike other third-party apps, ACMarket stands out as the unique, safe and secure app store in the market.

Its ecosystem is almost malware free. And promises the customers the most secure and safe apps.ACMarket has an inventory which includes all the tweaked versions of most favourite apps’ premium versions for free and the unlocked version of your favourite game as well.

Amazon app store

This is one of the unique alternatives for the google app store. It is one of the few app stores who has launched a marketing campaign against the google play store. This has been introducing as an app store for Amazon devices like kindle fire tablet and phone etc. It has an attractive yet simple layout, secure and safe inventory of apps. But major cons are its long process of installation, must-required signing up, and limited apps aka a small inventory, compared to other third-party app stores in the market.

Getjar

The pioneer in the third-party app stores which is started as a free beta testing platform for developers in 2004. Now it has more than one million apps in its inventory. They had given the chance to developers all over the world to launch their apps for free via a developer portal and it caused the overflooding number of downloads in the history of Getjar which is over one billion downloads.

It is a platform for apps for all sort of OS and devices. Unlimited source of apps from the pioneer in the third-party app stores. Getjar has collaborated with well-known companies like Rovio, eptoLabs etc.

From WhatsApp, YTD, Facebook to apps from independent developers are available on this platform. It is a safe secure and inherits an abundance of apps.

How to keep your device safe??

Naturally, Sandboxing of application is used by Android OS to limit the app’s access to resources outside the application. Therefore when the app needs to access the resources that are not attached to the app, it should ask for permission from the device. This helps to keep apps from accessing important data in your device.

There are two types of permission on the Android platform, dangerous permissions and normal permissions.

Normal permission is harmless when granting but dangerous permissions have the tendency to access the vital information of your device.

Therefore protecting your device is all about giving the right and the most suitable permission while granting access to apps.

In order to prevent any malware attacks, we can take the following steps.

1.install an anti-malware app to protect your device.

2. Put a screen locker, This may sound irritating at times as you have to unlock your phone every time you want to use it, but it is worth the effort.

3. Use your SD card to store your app

4. Root your device and take the control of your device. Rooting can be disadvantageous at times.

5. Keep your apps updated. Always update your apps as update versions always bring you a more secure environment while using it.

6. If your android is 3.0 below, then your device is hundred folds more vulnerable than other Android devices which have updated OS Therefore make sure that your devices have the latest OS

7. Sideloading is another way to make your device vulnerable to malware and other malicious cyber attacks. .Do not download apps from third-party app stores.

8.UnCheck the unknown sources in your settings in order to restrict download apps from unknown sources.

How to identify a malware app

There are many ways to identify whether the app is malware or not

Loopholes on the Google play store platform, make it easy for cybercriminals to steal the credentials of the renowned developers. But if you pay attention to the following information about apps that is available on the Google play store, it may become an easy task to identify malware apps.

First and foremost thing that should be done is to check the developer’s name in the app description. If the developer is an independent developer, that app carries more risk than app from a renowned developer. Find out more details about the developer to make sure that it is a trustworthy app to install onto your device. Second information you should focus on is the date of the launch of the app. If the app is officially launched just a few weeks back then better do your own research and decide before installing it onto your device. A number of downloads are another vital information which helps to identify a malware app on Google play store. Naturally, if it has a promising number of downloads then it is more likely to be a legit app. Next one is a bit more tricky but very useful, read reviews.

These days reviews by bots are common therefore pay attention to the accuracy of the review, check for the similarities between reviews if you sense all the comments are curt and simple, and no mistakes are made then those reviews are more likely to be bot made comments. Humans tend to write long and very descriptive reviews. At last, don’t forget to check the full list of permission details. If you pay attention to this information that is available under the app, it is an easy task to identify the malware app.

HackerNoon.com

how hackers start their afternoons.

John Brandon

Written by

Tech Writer Specific about AI and Software Development

HackerNoon.com

how hackers start their afternoons.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade