Malware may lurk in some third-party app stores, but if you’re smart about where you shop, you do have safe choices, writes Noah Gamer
You’re an Android person because Apple’s App Store is far too uptight. Even Google Play doesn’t give you every Android app you could want, so you head elsewhere to download those not-authorized-by-Google gems.
Unfortunately, many third-party Android apps come with a lot more than you bargained for: malware. For instance, earlier this year, security analysts discovered a piece of malware they’ve named Gunpoder, which evades Android device security protections by masking itself as adware. It comes bundled with a free Nintendo NES emulator available at many third-party app stores, and it’s seeded with a malicious ad library called Airpush. Your Android device perceives it as adware and doesn’t stop it from collecting data and communicating with a remote server.
In light of malware like Gunpoder, most security articles warn you to steer clear of third-party app stores. Truthfully, not all of them are bad, and Google Play could use some competition. With some smart Android security precautions, you can use some third-party Android app stores with minimal fear of malware. Let’s weigh Google Play against the alternatives and see which choices are right for you.
Is Google Play Really Safest?
In its early days, Google Play was no superstar when it came to Android app quality and security. It was a haven for developers sick of dealing with Apple’s nitpicky standards and a great way to speed up time-to-market for apps. Unfortunately, its openness also allowed unscrupulous developers to post questionable apps for sale. Reviews, which are easy to pad, were Android users’ only way to gauge app quality.
In spring, Google Play announced that it was tightening security, forming an expert team to screen apps for malware and sexually explicit material. Apps still get into the store quickly, unlike iOS apps, but they’re carefully screened to make sure they contain no surprise content. Also, Android developers no longer self-determine the age-appropriateness of their apps. Google Play sets its own standards for rating its apps.
The biggest protection offered by Google Play, however, is the way it downloads its apps onto your Android device. For example, a recently discovered PackageInstaller vulnerability, affecting an estimated 49% of Android users, allows unauthorized apps to gain unlimited access to permissions within a user device. Apps downloaded from Google Play bypass this vulnerability because they’re sent into a protected device space and can’t be overwritten by remote attackers.
Google Play Alternatives
If you’re smart about where you shop, you do have safe choices beyond Google Play. Although the below alternatives are safe overall, never shop a third-party app store until you install a good Android security app. It’s also a good idea to use a secure password manager on your phone instead of letting your phone store passwords that could be stolen.
Manufacturer App Stores: Catered to Your Devices
If you own a Kindle tablet, you’ve downloaded apps from Amazon’s Android Appstore. Owners of Samsung Galaxy devices have shopped the Galaxy App store. These stores have smaller selections than Google Play, but their apps are optimized for your device and have the manufacturer’s stamp of approval.
F-Droid: for Freebies
For a storehouse of free Android apps, visit the F-Droid store. Each app promises no tracking, no ads, and no interdependencies with other apps. Download the F-Droid client onto your Android device, and then shop directly from the catalog. It’s not much to look at, but the free options make up for the lack of glitz and glamour.
Mobogenie: Approved Apps and More
Mobogenie offers approved apps with a good compensation structure for its developers. Based in India, Mobogenie offers not only Android apps but also items like wallpaper, books, YouTube videos, and ring tones. You can even install Mobogenie’s PC client to easily transfer files between devices and back up your content.
Itch.io: for Experimental Types
Itch.io is primarily a website for desktop computer games, but it also has a section for Android apps that you can download onto your device. Most of the games are created by community game jams (think hackathons for gamers) so they’re innovative and experimental, not necessarily your mother’s Android games.
You Do Have Options
If you’ve protected your Android device, feel free to check out some third-party marketplaces. Just don’t stray too far into unauthorized marketplaces that offer no safety assurances, and research them before you download.
About the Author
Noah Gamer directs the global internet marketing optimization and product web reputation strategy at Trend Micro. He specializes in web product strategy development, competitive analysis, targeted content ranking methods and site optimization while influencing online identity and brand for product marketing, public relations, investor relations, technical support and corporate marketing initiatives.